From b0f269d5eaf373c9589c280c56abc8cd63978cff Mon Sep 17 00:00:00 2001
From: vguanyiwgd <v-guanyiw.gd@chinatelecom.cn>
Date: Tue, 30 Jul 2024 11:18:14 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E7=94=A8=E6=88=B7=E7=9A=84?=
 =?UTF-8?q?=E6=97=B6=E5=80=99=E5=88=A4=E6=96=AD=E6=98=AF=E5=90=A6=E5=92=8C?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=91=98=E5=90=8C=E4=B8=80=E4=B8=AAcompany?=
 =?UTF-8?q?=5Fid?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: Iad8058b765a69bf365b78e1b2ee954b16d1b8d5d
---
 .../backstage/controllers/User.php            | 19 +++++++++++++++++++
 .../backstage/helpers/common_helper.php       | 13 +++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/backstage/application/backstage/controllers/User.php b/backstage/application/backstage/controllers/User.php
index 4eca6d2..f9b7577 100644
--- a/backstage/application/backstage/controllers/User.php
+++ b/backstage/application/backstage/controllers/User.php
@@ -86,6 +86,12 @@ class User extends CI_Controller
 
     public function delUser($id)
     {
+        // 判断这个学生的company_id 和 当前管理员的company_id 是否一致
+        if(!checkCompanyId($id)){
+            $data = array('success' => false, 'msg' => '不能修改其他公司的用户');
+            echo json_encode($data);
+            exit;
+        }
         $rs = $this->user_model->user_delete($id);
         lwReturn($rs);
     }
@@ -97,6 +103,11 @@ class User extends CI_Controller
             foreach ($info as $k => $v){
                 $info[$k] = cleanInput($v);
             }
+            // 判断这个学生的company_id 和 当前管理员的company_id 是否一致
+            if(!checkCompanyId($userId)){
+                lwReturn(false, array('msg' => '不能修改其他公司的用户'));
+            }
+
             $rs = $this->user_model->user_edit($userId, $info);
             lwReturn($rs);
         } else {
@@ -205,6 +216,14 @@ class User extends CI_Controller
     public function deleteUser()
     {
         $userId = $this->input->post('userId');
+
+        // 判断这个学生的company_id 和 当前管理员的company_id 是否一致
+        if(!checkCompanyId($userId)){
+            $data = array('success' => false, 'msg' => '不能修改其他公司的用户');
+            echo json_encode($data);
+            exit;
+        }
+
         $this->tb_user->update(array('enabled' => -99), array('id' => $userId));
         $data = array('success' => true, 'msg' => '已经删除用户');
         echo json_encode($data);
diff --git a/backstage/application/backstage/helpers/common_helper.php b/backstage/application/backstage/helpers/common_helper.php
index 1afaa75..e305ff8 100644
--- a/backstage/application/backstage/helpers/common_helper.php
+++ b/backstage/application/backstage/helpers/common_helper.php
@@ -162,3 +162,16 @@ if(!function_exists('cleanInput')) {
         return $data;
     }
 }
+
+
+// 判断当前管理员的company_id 和 参数的user_id的company_id 是否一致
+function checkCompanyId($userId){
+    $CI =& get_instance();
+    $CI->load->library('lw_db',array('tb_name'=>'tb_user'),'tb_user');
+    $userInfo = $CI->tb_user->get_one(array('id'=>$userId));
+    if($userInfo['company_id'] == $CI->session->companyId){
+        return true;
+    }else{
+        return false;
+    }
+}