后台用户密码修改
This commit is contained in:
@@ -168,7 +168,7 @@ class Admin extends adminApi
|
|||||||
{
|
{
|
||||||
if ($this->request->isPost()) {
|
if ($this->request->isPost()) {
|
||||||
$params = $this->request->post();
|
$params = $this->request->post();
|
||||||
$group = $params['group'];
|
$group = $params['group']?? [];
|
||||||
unset($params['group']);
|
unset($params['group']);
|
||||||
unset($params['__token__']);
|
unset($params['__token__']);
|
||||||
if ($params) {
|
if ($params) {
|
||||||
@@ -199,18 +199,19 @@ class Admin extends adminApi
|
|||||||
// 先移除所有权限
|
// 先移除所有权限
|
||||||
model('admin/AuthGroupAccess')->where('uid', $params['id'])->delete();
|
model('admin/AuthGroupAccess')->where('uid', $params['id'])->delete();
|
||||||
|
|
||||||
|
if(!empty($group)){
|
||||||
|
// 过滤不允许的组别,避免越权
|
||||||
|
$group = array_intersect($this->childrenGroupIds, $group);
|
||||||
|
if (!$group) {
|
||||||
|
return V(0,"失败", []);
|
||||||
|
}
|
||||||
|
|
||||||
// 过滤不允许的组别,避免越权
|
$dataset = [];
|
||||||
$group = array_intersect($this->childrenGroupIds, $group);
|
foreach ($group as $value) {
|
||||||
if (!$group) {
|
$dataset[] = ['uid' => $params['id'], 'group_id' => $value];
|
||||||
return V(0,"失败", []);
|
}
|
||||||
|
model('admin/AuthGroupAccess')->saveAll($dataset);
|
||||||
}
|
}
|
||||||
|
|
||||||
$dataset = [];
|
|
||||||
foreach ($group as $value) {
|
|
||||||
$dataset[] = ['uid' => $params['id'], 'group_id' => $value];
|
|
||||||
}
|
|
||||||
model('admin/AuthGroupAccess')->saveAll($dataset);
|
|
||||||
Db::commit();
|
Db::commit();
|
||||||
return V(1,"成功", []);
|
return V(1,"成功", []);
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
|
|||||||
Reference in New Issue
Block a user