<?php
|
include_once "/Common/Logging.php";
|
include_once "/Account/User.php";
|
include_once "/db/DBOper.php";
|
include_once "/language/lang.php";
|
|
/**可否编辑管理该账号,主要检查权限方面 */
|
function CanEdit($userData)
|
{
|
global $user;
|
if ($user->IsAdminSuper()) {
|
return true;
|
}
|
|
// 只能管理自己组织内的账号
|
if ($user->GetAttr("Organization") != $userData["Organization"]) {
|
\Logging\LogError("Organization is different. userAccount:" . $user->GetAttr("UserAccount") . " editUserAccount:" . $userData["UserAccount"]);
|
return false;
|
}
|
|
// 只能管理账号等级不超过自己的
|
if ($user->GetAttr("UserLV") < $userData["UserLV"]) {
|
\Logging\LogError("UserLV is less. userAccount:" . $user->GetAttr("UserAccount") . " editUserAccount:" . $userData["UserAccount"]);
|
return false;
|
}
|
|
return true;
|
}
|
|
function UserEdit($opType)
|
{
|
global $alertMsg, $user, $PGroups;
|
|
\Logging\LogInfo("_POST:" . print_r($_POST, true));
|
|
$UserAccount = $_POST["UserAccount"];
|
|
$find = array(
|
"UserAccount" => $UserAccount
|
);
|
|
DBOper\FindOne("GMTUser", $find, $findUser);
|
|
// 添加
|
if ($opType == "add") {
|
if (count($findUser) > 0) {
|
$alertMsg = \Lang\gettext("该账号已存在");
|
return false;
|
}
|
} else {
|
if (!isset($findUser) || count($findUser) == 0) {
|
$alertMsg = \Lang\gettext("该账号不存在");
|
return false;
|
}
|
}
|
|
if ($opType == "del") {
|
if ($user->GetAttr("UserAccount") == $findUser["UserAccount"]) {
|
$alertMsg = \Lang\gettext("无法执行该操作");
|
\Logging\LogError("无法执行该操作" . print_r($find, true));
|
return false;
|
}
|
if (!CanEdit($findUser)) {
|
$alertMsg = \Lang\gettext("您没有该权限");
|
return false;
|
}
|
if (!DBOper\Remove("GMTUser", $find)) {
|
$alertMsg = \Lang\gettext("删除失败");
|
\Logging\LogError("删除失败" . print_r($find, true));
|
return false;
|
}
|
$alertMsg = \Lang\gettext("删除成功");
|
\Logging\LogInfo("删除成功" . print_r($find, true));
|
return true;
|
}
|
|
$PswAdmin = \Commfunc\GetEncodePsw($_POST["PswAdmin"]);
|
if (!$PswAdmin || $PswAdmin != $user->GetAttr("Psw")) {
|
$alertMsg = \Lang\gettext("您的账号密码错误");
|
return false;
|
}
|
|
$UserAccount = $_POST["UserAccount"];
|
$UserLV = intval($_POST["UserLV"]);
|
$Organization = $_POST["Organization"];
|
|
$OrganizationList = \CommFunc\GetAllOrganization();
|
if (!in_array($Organization, $OrganizationList)) {
|
return false;
|
}
|
|
$editArray = array(
|
"UserAccount" => $UserAccount,
|
"UserLV" => $UserLV,
|
"Organization" => $Organization,
|
);
|
|
if ($opType == "add" || $_POST["Psw"] != "") {
|
$Psw = $_POST["Psw"];
|
$PswConfirm = $_POST["PswConfirm"];
|
if (!$Psw || $Psw != $PswConfirm) {
|
$alertMsg = \Lang\gettext("密码不一致");
|
return false;
|
}
|
$editArray["Psw"] = \Commfunc\GetEncodePsw($Psw);
|
}
|
|
// 渠道仅限自己的渠道权限内
|
$SPList = array();
|
foreach ($user->GetSPIDAll() as $value) {
|
if ($_POST["SPID_" . $value] == "on") {
|
array_push($SPList, $value);
|
}
|
}
|
$editArray["SPList"] = $SPList;
|
|
$PermissionGroups = array();
|
foreach ($PGroups as $GroupName) {
|
$checkBoxName = "PGroup_" . urlencode($GroupName);
|
if ($_POST[$checkBoxName] == "on") {
|
array_push($PermissionGroups, $GroupName);
|
}
|
}
|
$editArray["PermissionGroups"] = $PermissionGroups;
|
|
if (!CanEdit($editArray)) {
|
$alertMsg = \Lang\gettext("您没有该权限");
|
return false;
|
}
|
|
// 添加
|
if ($opType == "add") {
|
$editArray["CreateTime"] = date("Y-m-d H:i:s");
|
if (!DBOper\Insert("GMTUser", $editArray, $find)) {
|
$alertMsg = \Lang\gettext("添加失败");
|
\Logging\LogError("添加失败" . print_r($editArray, true));
|
return false;
|
}
|
$alertMsg = \Lang\gettext("添加成功");
|
\Logging\LogInfo("添加成功" . print_r($editArray, true));
|
}
|
// 更新
|
elseif ($opType == "upd") {
|
if (!DBOper\Update("GMTUser", $find, $editArray, true)) {
|
$alertMsg = \Lang\gettext("更新失败");
|
\Logging\LogError("更新失败" . print_r($editArray, true));
|
return false;
|
}
|
$alertMsg = \Lang\gettext("更新成功");
|
\Logging\LogInfo("更新成功" . print_r($editArray, true));
|
}
|
return true;
|
}
|
|
\Logging\CreateLogging("account.userlist.php");
|
$Permission = \User\Permission::P_UserMgr;
|
|
$alertMsg = "";
|
$channel = $_SESSION['spid'];
|
$UserAccount = $_SESSION['UserAccount'];
|
$user = new \User\User($UserAccount);
|
if (!$user->HavePermission($Permission)) {
|
exit;
|
}
|
|
// echo print_r($_POST, true), "<br/>";
|
$Organization = array_key_exists("Organization", $_POST) ? $_POST["Organization"] : $user->GetAttr("Organization");
|
|
\DBOper\Find("GMTPermissionGroup", array("Organization" => $Organization), $OrganizationPGroups);
|
$PGroups = array();
|
foreach ($OrganizationPGroups as $value) {
|
array_push($PGroups, $value["GroupName"]);
|
}
|
|
if ($_POST["opType"]) {
|
UserEdit($_POST["opType"]);
|
}
|
|
\DBOper\Find("GMTUser", array("Organization" => $Organization), $userArray, null, array("UserLV" => -1));
|
|
//显示表格字段配置 key-参数名,value-说明
|
$tableArray = array(
|
"UserAccount" => array(\Lang\gettext("账号"), "10%", "center"),
|
"UserLV" => array(\Lang\gettext("账号等级"), "8%", "center"),
|
"SPList" => array(\Lang\gettext("可管理AppID列表"), "20%", "center"),
|
"PermissionGroups" => array(\Lang\gettext("拥有权限"), "35%", "center"),
|
// "CreateTime" => array(\Lang\gettext("创建时间"), "11%", "center"),
|
"LoginTime" => array(\Lang\gettext("最近登录"), "11%", "center"),
|
"IP" => array("IP", "9%", "center"),
|
"" => array(\Lang\gettext("操作"), "", "center"),
|
);
|
|
if ($alertMsg) {
|
echo "<script>alert('" . $alertMsg . "')</script>";
|
}
|
|
?>
|
|
<html>
|
|
<head>
|
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
<title><?php echo \Lang\gettext("账号管理"); ?></title>
|
<link rel="stylesheet" type="text/css" href="/css/table.css">
|
</head>
|
|
<body>
|
<center>
|
<p><b><?php echo \Lang\gettext("账号管理"); ?></b></P>
|
</center>
|
|
<?php
|
// 超级管理员可管理所有组织
|
if ($user->IsAdminSuper()) {
|
echo "切换组织: ";
|
echo "<select name=\"Organization\" onchange=\"changeOrganization(this.value)\">";
|
foreach (\CommFunc\GetAllOrganization() as $value) {
|
echo "<option value=\"" . $value . "\"";
|
if ($Organization == $value) {
|
echo " selected";
|
}
|
echo ">" . $value . "</option>";
|
}
|
echo "</select>";
|
}
|
?>
|
<input type="button" value="<?php echo \Lang\gettext("添加用户"); ?>" onclick="window.location.href='useredit.php?opType=add&Organization=<?php echo $Organization; ?>'" />
|
<hr />
|
<table width="100%">
|
<?php
|
if ($userArray) {
|
echo "<thead><tr>";
|
foreach ($tableArray as $value) {
|
echo "<th width=\"" . $value[1] . "\">" . $value[0] . "</td>";
|
}
|
echo "</tr></thead>";
|
$UserLVNameInfo = \User\UserLV::LVNameInfo();
|
foreach ($userArray as $userData) {
|
echo "<tr class='trc'>";
|
$UserAccount = $userData["UserAccount"];
|
$UserLV = $userData["UserLV"];
|
if ($UserLV == \User\UserLV::ADMIN_SUPER && !$user->IsAdminSuper()) {
|
continue;
|
}
|
foreach ($tableArray as $key => $value) {
|
if (!$key) {
|
echo "<td align='center'>";
|
echo " <input type=\"button\" value=\"" . \Lang\gettext("改") . "\" onclick=\"window.location.href='useredit.php?opType=upd&UserAccount=$UserAccount'\" />";
|
echo " <input type=\"button\" value=\"" . \Lang\gettext("删") . "\" onclick=\"return suredel('$Organization','$UserAccount')\"/> ";
|
echo "</td>";
|
continue;
|
}
|
$tdContent = $userData[$key];
|
if ($key == "UserLV") {
|
$tdContent = $UserLVNameInfo[$tdContent];
|
} else if ($key == "SPList") {
|
if ($UserLV == \User\UserLV::ADMIN_SUPER) {
|
$tdContent = "全部";
|
} else {
|
if ($UserLV == \User\UserLV::ADMIN_ORG) {
|
$tdContent = \CommFunc\GetOrganizationChannel($Organization);
|
}
|
$tdc = "";
|
foreach ($tdContent as $value) {
|
if ($tdc != "") {
|
$tdc .= "、";
|
}
|
$tdc .= $value;
|
}
|
$tdContent = $tdc;
|
}
|
} else if ($key == "PermissionGroups") {
|
if ($UserLV == \User\UserLV::ADMIN_SUPER) {
|
$tdContent = "全部";
|
} else if ($UserLV == \User\UserLV::ADMIN_ORG) {
|
$tdContent = \Lang\gettext("组织全部权限");
|
} else {
|
$tdc = "";
|
foreach ($tdContent as $value) {
|
if (!in_array($value, $PGroups)) {
|
continue;
|
}
|
if ($tdc != "") {
|
$tdc .= " ";
|
}
|
$tdc .= $value;
|
}
|
$tdContent = $tdc;
|
}
|
}
|
echo "<td align='" . $value[2] . "'>" . $tdContent . "</td>";
|
}
|
echo "</tr>";
|
}
|
} else {
|
echo "无账号,请添加!<br/>";
|
}
|
?>
|
</table>
|
|
<script type="text/javascript">
|
function doPost(to, p) { // to:提交动作(action),p:参数
|
var myForm = document.createElement("form");
|
myForm.method = "post";
|
myForm.action = to;
|
for (var i in p) {
|
var myInput = document.createElement("input");
|
myInput.setAttribute("name", i); // 为input对象设置name
|
myInput.setAttribute("value", p[i]); // 为input对象设置value
|
myForm.appendChild(myInput);
|
}
|
document.body.appendChild(myForm);
|
myForm.submit();
|
document.body.removeChild(myForm); // 提交后移除创建的form
|
}
|
|
function changeOrganization(Organization) {
|
doPost("userlist.php", {
|
"Organization": Organization
|
});
|
}
|
|
function suredel(Organization, UserAccount) {
|
var confirmstr = "<?php echo \Lang\gettext("确定删除账号? 目标账号:"); ?>";
|
if (!window.confirm(confirmstr + UserAccount)) {
|
return false;
|
}
|
doPost("userlist.php", {
|
"opType": "del",
|
"Organization": Organization,
|
"UserAccount": UserAccount,
|
});
|
return true;
|
}
|
</script>
|
</body>
|
|
</html>
|
