后台用户密码修改

application/adminapi/controller/Admin.php

@@ -168,7 +168,7 @@ class Admin extends adminApi
     {
         if ($this->request->isPost()) {
             $params = $this->request->post();
-            $group = $params['group'];
+            $group = $params['group']?? [];
             unset($params['group']);
             unset($params['__token__']);
             if ($params) {
@@ -199,18 +199,19 @@ class Admin extends adminApi
                     // 先移除所有权限
                     model('admin/AuthGroupAccess')->where('uid', $params['id'])->delete();
 
+                    if(!empty($group)){
+                        // 过滤不允许的组别,避免越权
+                        $group = array_intersect($this->childrenGroupIds, $group);
+                        if (!$group) {
+                            return  V(0,"失败", []);
+                        }
 
-                    // 过滤不允许的组别,避免越权
-                    $group = array_intersect($this->childrenGroupIds, $group);
-                    if (!$group) {
-                        return  V(0,"失败", []);
+                        $dataset = [];
+                        foreach ($group as $value) {
+                            $dataset[] = ['uid' => $params['id'], 'group_id' => $value];
+                        }
+                        model('admin/AuthGroupAccess')->saveAll($dataset);
                     }
-
-                    $dataset = [];
-                    foreach ($group as $value) {
-                        $dataset[] = ['uid' => $params['id'], 'group_id' => $value];
-                    }
-                    model('admin/AuthGroupAccess')->saveAll($dataset);
                     Db::commit();
                     return  V(1,"成功", []);
                 } catch (\Exception $e) {