feat: 实现挂机修仙、排行榜、大厅重构与全站留言板系统

- (Phase 8) 后台各维度管理与配置 - (Phase 9) 全自动静默挂机修仙升级 - (Phase 9) 四大维度风云排行榜页面 - (Phase 10) 全站留言板与悄悄话私信功能 - 运行 Pint 代码格式化
2026-02-26 13:35:38 +08:00
parent 7d6423902d
commit 50fc804402
85 changed files with 5776 additions and 30 deletions
--- a/app/Http/Controllers/Admin/UserManagerController.php
+++ b/app/Http/Controllers/Admin/UserManagerController.php
@@ -0,0 +1,114 @@
+<?php
+
+/**
+ * 文件功能：后台用户大盘管理控制器
+ * (替代原版 gl/ 下的各种管理面)
+ *
+ * @author   ChatRoom Laravel
+ *
+ * @version  1.0.0
+ */
+
+namespace App\Http\Controllers\Admin;
+
+use App\Http\Controllers\Controller;
+use App\Models\User;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\View\View;
+
+class UserManagerController extends Controller
+{
+    /**
+     * 显示拥护列表及搜索
+     */
+    public function index(Request $request): View
+    {
+        $query = User::query();
+
+        if ($request->filled('username')) {
+            $query->where('username', 'like', '%'.$request->input('username').'%');
+        }
+
+        // 分页获取用户
+        $users = $query->orderBy('id', 'desc')->paginate(20);
+
+        return view('admin.users.index', compact('users'));
+    }
+
+    /**
+     * 修改用户资料、等级或密码 (AJAX 或表单)
+     */
+    public function update(Request $request, int $id): JsonResponse|RedirectResponse
+    {
+        $targetUser = User::findOrFail($id);
+        $currentUser = Auth::user();
+
+        // 越权防护：不能修改 等级大于或等于自己 的目标（除非修改自己）
+        if ($targetUser->id !== $currentUser->id && $targetUser->user_level >= $currentUser->user_level) {
+            return response()->json(['status' => 'error', 'message' => '权限不足：您无法修改同级或高级管理人员资料。'], 403);
+        }
+
+        $validated = $request->validate([
+            'sex' => 'sometimes|in:男,女,保密',
+            'user_level' => 'sometimes|integer|min:0',
+            'headface' => 'sometimes|string|max:50',
+            'sign' => 'sometimes|string|max:255',
+            'password' => 'nullable|string|min:6',
+        ]);
+
+        // 如果传了且没超权，直接赋予
+        if (isset($validated['user_level'])) {
+            // 不能把自己或别人提权到超过自己的等级
+            if ($validated['user_level'] > $currentUser->user_level && $currentUser->id !== $targetUser->id) {
+                return response()->json(['status' => 'error', 'message' => '您不能将别人提升至超过您的等级！'], 403);
+            }
+            $targetUser->user_level = $validated['user_level'];
+        }
+
+        if (isset($validated['sex'])) {
+            $targetUser->sex = $validated['sex'];
+        }
+        if (isset($validated['headface'])) {
+            $targetUser->headface = $validated['headface'];
+        }
+        if (isset($validated['sign'])) {
+            $targetUser->sign = $validated['sign'];
+        }
+
+        if (! empty($validated['password'])) {
+            $targetUser->password = Hash::make($validated['password']);
+        }
+
+        $targetUser->save();
+
+        if ($request->wantsJson()) {
+            return response()->json(['status' => 'success', 'message' => '用户资料已强行更新完毕！']);
+        }
+
+        return back()->with('success', '用户资料已更新！');
+    }
+
+    /**
+     * 物理删除杀封用户
+     */
+    public function destroy(Request $request, int $id): RedirectResponse
+    {
+        $targetUser = User::findOrFail($id);
+        $currentUser = Auth::user();
+
+        // 越权防护
+        if ($targetUser->id !== $currentUser->id && $targetUser->user_level >= $currentUser->user_level) {
+            abort(403, '权限不足：无法删除同级或高级账号！');
+        }
+
+        $targetUser->delete();
+
+        // 可选：触发解散名下房间等
+
+        return back()->with('success', '目标已被物理删除。');
+    }
+}