|
@@ -95,7 +95,7 @@ class Group extends Backend |
|
@@ -95,7 +95,7 @@ class Group extends Backend |
95
|
$params = $this->request->post("row/a", [], 'strip_tags');
|
95
|
$params = $this->request->post("row/a", [], 'strip_tags');
|
96
|
$params['rules'] = explode(',', $params['rules']);
|
96
|
$params['rules'] = explode(',', $params['rules']);
|
97
|
if (!in_array($params['pid'], $this->childrenGroupIds)) {
|
97
|
if (!in_array($params['pid'], $this->childrenGroupIds)) {
|
98
|
- $this->error(__('The parent group can not be its own child'));
|
98
|
+ $this->error(__('The parent group exceeds permission limit'));
|
99
|
}
|
99
|
}
|
100
|
$parentmodel = model("AuthGroup")->get($params['pid']);
|
100
|
$parentmodel = model("AuthGroup")->get($params['pid']);
|
101
|
if (!$parentmodel) {
|
101
|
if (!$parentmodel) {
|
|
@@ -125,6 +125,9 @@ class Group extends Backend |
|
@@ -125,6 +125,9 @@ class Group extends Backend |
125
|
*/
|
125
|
*/
|
126
|
public function edit($ids = null)
|
126
|
public function edit($ids = null)
|
127
|
{
|
127
|
{
|
|
|
128
|
+ if (!in_array($ids, $this->childrenGroupIds)) {
|
|
|
129
|
+ $this->error(__('You have no permission'));
|
|
|
130
|
+ }
|
128
|
$row = $this->model->get(['id' => $ids]);
|
131
|
$row = $this->model->get(['id' => $ids]);
|
129
|
if (!$row) {
|
132
|
if (!$row) {
|
130
|
$this->error(__('No Results were found'));
|
133
|
$this->error(__('No Results were found'));
|
|
@@ -132,9 +135,13 @@ class Group extends Backend |
|
@@ -132,9 +135,13 @@ class Group extends Backend |
132
|
if ($this->request->isPost()) {
|
135
|
if ($this->request->isPost()) {
|
133
|
$this->token();
|
136
|
$this->token();
|
134
|
$params = $this->request->post("row/a", [], 'strip_tags');
|
137
|
$params = $this->request->post("row/a", [], 'strip_tags');
|
135
|
- // 父节点不能是它自身的子节点
|
138
|
+ //父节点不能是非权限内节点
|
136
|
if (!in_array($params['pid'], $this->childrenGroupIds)) {
|
139
|
if (!in_array($params['pid'], $this->childrenGroupIds)) {
|
137
|
- $this->error(__('The parent group can not be its own child'));
|
140
|
+ $this->error(__('The parent group exceeds permission limit'));
|
|
|
141
|
+ }
|
|
|
142
|
+ // 父节点不能是它自身的子节点或自己本身
|
|
|
143
|
+ if (in_array($params['pid'], Tree::instance()->getChildrenIds($row->id,true))){
|
|
|
144
|
+ $this->error(__('The parent group can not be its own child or itself'));
|
138
|
}
|
145
|
}
|
139
|
$params['rules'] = explode(',', $params['rules']);
|
146
|
$params['rules'] = explode(',', $params['rules']);
|
140
|
|
147
|
|