chatroom/app/Http/Controllers/Admin/UserManagerController.php

<?php

/**
 * 文件功能：后台用户大盘管理控制器
 * (替代原版 gl/ 下的各种管理面)
 *
 * @author   ChatRoom Laravel
 *
 * @version  1.0.0
 */

namespace App\Http\Controllers\Admin;

use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\View\View;

class UserManagerController extends Controller
{
    /**
     * 显示拥护列表及搜索
     */
    public function index(Request $request): View
    {
        $query = User::query();

        if ($request->filled('username')) {
            $query->where('username', 'like', '%'.$request->input('username').'%');
        }

        // 分页获取用户
        $users = $query->orderBy('id', 'desc')->paginate(20);

        return view('admin.users.index', compact('users'));
    }

    /**
     * 修改用户资料、等级或密码 (AJAX 或表单)
     */
    public function update(Request $request, int $id): JsonResponse|RedirectResponse
    {
        $targetUser = User::findOrFail($id);
        $currentUser = Auth::user();

        // 越权防护：不能修改 等级大于或等于自己 的目标（除非修改自己）
        if ($targetUser->id !== $currentUser->id && $targetUser->user_level >= $currentUser->user_level) {
            return response()->json(['status' => 'error', 'message' => '权限不足：您无法修改同级或高级管理人员资料。'], 403);
        }

        // 管理员级别 = 最高等级 + 1，后台编辑最高可设到管理员级别
        $adminLevel = (int) \App\Models\Sysparam::getValue('maxlevel', '15') + 1;

        $validated = $request->validate([
            'sex' => 'sometimes|integer|in:0,1,2',
            'user_level' => "sometimes|integer|min:0|max:{$adminLevel}",
            'exp_num' => 'sometimes|integer|min:0',
            'jjb' => 'sometimes|integer|min:0',
            'meili' => 'sometimes|integer|min:0',
            'qianming' => 'sometimes|nullable|string|max:255',
            'headface' => 'sometimes|string|max:50',
            'password' => 'nullable|string|min:6',
        ]);

        // 如果传了且没超权，直接赋予
        if (isset($validated['user_level'])) {
            // 不能把别人提权到超过自己的等级
            if ($validated['user_level'] > $currentUser->user_level && $currentUser->id !== $targetUser->id) {
                return response()->json(['status' => 'error', 'message' => '您不能将别人提升至超过您的等级！'], 403);
            }
            $targetUser->user_level = $validated['user_level'];
        }

        if (isset($validated['sex'])) {
            $targetUser->sex = $validated['sex'];
        }
        if (isset($validated['exp_num'])) {
            $targetUser->exp_num = $validated['exp_num'];
        }
        if (isset($validated['jjb'])) {
            $targetUser->jjb = $validated['jjb'];
        }
        if (isset($validated['meili'])) {
            $targetUser->meili = $validated['meili'];
        }
        if (array_key_exists('qianming', $validated)) {
            $targetUser->qianming = $validated['qianming'];
        }
        if (isset($validated['headface'])) {
            $targetUser->headface = $validated['headface'];
        }

        if (! empty($validated['password'])) {
            $targetUser->password = Hash::make($validated['password']);
        }

        $targetUser->save();

        if ($request->wantsJson()) {
            return response()->json(['status' => 'success', 'message' => '用户资料已强行更新完毕！']);
        }

        return back()->with('success', '用户资料已更新！');
    }

    /**
     * 物理删除杀封用户
     */
    public function destroy(Request $request, int $id): RedirectResponse
    {
        $targetUser = User::findOrFail($id);
        $currentUser = Auth::user();

        // 越权防护
        if ($targetUser->id !== $currentUser->id && $targetUser->user_level >= $currentUser->user_level) {
            abort(403, '权限不足：无法删除同级或高级账号！');
        }

        $targetUser->delete();

        // 可选：触发解散名下房间等

        return back()->with('success', '目标已被物理删除。');
    }
}