liaoyk
/
yzms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修改用户的时候判断是否和管理员同一个company_id 

Change-Id: Iad8058b765a69bf365b78e1b2ee954b16d1b8d5d
This commit is contained in:
vguanyiwgd 2024-07-30 11:18:14 +08:00
parent 3b180e029a
commit b0f269d5ea
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
backstage/application/backstage/controllers/User.php
View File

@ -86,6 +86,12 @@ class User extends CI_Controller
public function delUser($id)
{
// 判断这个学生的company_id 和 当前管理员的company_id 是否一致
if(!checkCompanyId($id)){
$data = array('success' => false, 'msg' => '不能修改其他公司的用户');
echo json_encode($data);
exit;
}
$rs = $this->user_model->user_delete($id);
lwReturn($rs);
}
@ -97,6 +103,11 @@ class User extends CI_Controller
foreach ($info as $k => $v){
$info[$k] = cleanInput($v);
}
// 判断这个学生的company_id 和 当前管理员的company_id 是否一致
if(!checkCompanyId($userId)){
lwReturn(false, array('msg' => '不能修改其他公司的用户'));
}
$rs = $this->user_model->user_edit($userId, $info);
lwReturn($rs);
} else {
@ -205,6 +216,14 @@ class User extends CI_Controller
public function deleteUser()
{
$userId = $this->input->post('userId');
// 判断这个学生的company_id 和 当前管理员的company_id 是否一致
if(!checkCompanyId($userId)){
$data = array('success' => false, 'msg' => '不能修改其他公司的用户');
echo json_encode($data);
exit;
}
$this->tb_user->update(array('enabled' => -99), array('id' => $userId));
$data = array('success' => true, 'msg' => '已经删除用户');
echo json_encode($data);

13
backstage/application/backstage/helpers/common_helper.php
View File

@ -162,3 +162,16 @@ if(!function_exists('cleanInput')) {
return $data;
}
}
// 判断当前管理员的company_id 和 参数的user_id的company_id 是否一致
function checkCompanyId($userId){
$CI =& get_instance();
$CI->load->library('lw_db',array('tb_name'=>'tb_user'),'tb_user');
$userInfo = $CI->tb_user->get_one(array('id'=>$userId));
if($userInfo['company_id'] == $CI->session->companyId){
return true;
}else{
return false;
}
}