/** * 检查用户是否有修改用户密码权限 * * @param ORM_Admin_Member_Data $member * @throws Exception * * @return boolean */ protected function check_auth_for_edit_password(ORM_Admin_Member_Data $member) { # 超管 if ($this->session()->member()->perm()->is_super_perm()) { return true; } if ($member->perm()->is_super_perm()) { # 非超管操作超管 throw new Exception('您不具备修改超管密码的权限', -1); } if ($member->id && $member->id == $this->session()->member()->id) { if ($this->session()->member()->perm()->is_own('administrator.edit_self_password')) { # 修改自己的密码 return true; } } if (!$this->session()->member()->perm()->is_own('administrator.change_user_password')) { # 拥有所在组管理权限 if (array_diff($member->groups()->ids(), $this->session()->member()->groups()->ids())) { # 没有相同的组 $this->message('您操作的用户拥有你不具备的权限组,所有你无法修改此用户密码', -1); } foreach ($member->groups()->ids() as $group_id) { # 不具备组管理权限 if (!$this->session()->member()->is_own_group_perm($group_id, 'edit_users_password')) { throw new Exception('您不具备修改此管理员密码的权限', -1); } } } if (!$this->check_is_over_perm($member)) { throw new Exception('此管理员拥有您不具备的权限,所以您不可修改此管理员密码', -1); } return true; }
<tr> <th width="40">ID</th> <th>用户名(昵称)</th> <th>所属管理组</th> <th width="30">组长</th> <th width="30">超管</th> <th width="30">屏蔽</th> <th width="40">登录数</th> <th width="190">操作</th> </tr> <?php $member_id = Session::instance()->member()->id; if ($list) { foreach ($list as $item) { if (false) { $item = new ORM_Admin_Member_Data(); } ?> <tr align="center"> <td class="td1"><?php echo $item->id; ?> </td> <td class="td2"><?php echo $item->username; if ($item->nickname) { echo ' (' . $item->nickname . ')'; } ?> </td> <td class="td2">
/** * 根据管理员对象获取所在全部组 * * @param \ORM_Admin_Member_Data $member * @return \ORM_Admin_Member_Data */ public function get_all_groups_setting_by_member(\ORM_Admin_Member_Data $member) { if ($member->is_super_admin) { $rsArr = array(); # 当前用户为超管,直接返回所有组 foreach ($member->groups() as $group) { $rsArr[$group->id] = array('view_users' => 1, 'edit_users' => 1, 'edit_users_password' => 1, 'add_user' => 1, 'del_user' => 1, 'remove_user' => 1, 'shield_user' => 1, 'liftshield_user' => 1, 'edit_group' => 1); } return $rsArr; } $all_members = $member->get_group_data(); $this->db()->from($this->tablename . ' as gp')->select('ids.*')->join($this->ids_tablename . ' as ids')->on('ids.group_id', 'gp.id'); $ids = array(); foreach ($all_members as $item) { $ids[] = $item->id; } $rs = $this->db()->in('ids.admin_id', $ids)->get()->as_array(); $rsArr = array(); # 将获取的数据整理到数组中 foreach ($rs as $item) { $admin_id = $item['admin_id']; $group_id = $item['group_id']; unset($item['admin_id']); unset($item['group_id']); $rsArr[$admin_id][$group_id] = $item; } foreach ($all_members as $item) { $item->set_groups_setting((array) $rsArr[$item->id]); if ($item === $member) { $all_groups_setting = (array) $rsArr[$item->id]; } } return $all_groups_setting; }
<?php if (false) { $member = new ORM_Admin_Member_Data(); } ?> <script type="text/javascript"> var _is_run_ajax = false; var now_groups_form = '_'; function do_next_step() { if (_is_run_ajax)return; if (!MyQEE.$('checked_perm_div'))return; var checkboxs = MyQEE.$('checked_perm_div').getElementsByTagName('input'); var group_ids = []; for ( var i=0;i<checkboxs.length;i++ ) { if ( checkboxs[i].checked ) { group_ids.push(checkboxs[i].value); } } var groups_form = group_ids.join(','); if ( now_groups_form==groups_form ) { //直接切换显示 MyQEE.$('mytag_main_1').style.display='none'; MyQEE.$('mytag_main_2').style.display=''; MyQEE.$('step_tag_1').className=''; MyQEE.$('step_tag_2').className='hover';