Feature: 权限优化 - 名片弹窗按等级展示资料，高管可查IP及归属地

app/Http/Controllers/UserController.php

@@ -30,6 +30,8 @@ use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Redis;
 
+use Stevebauman\Location\Facades\Location;
+
 class UserController extends Controller
 {
     /**
@@ -37,23 +39,53 @@ class UserController extends Controller
      */
     public function show(string $username): JsonResponse
     {
-        $user = User::where('username', $username)->firstOrFail();
+        $targetUser = User::where('username', $username)->firstOrFail();
+        $operator = Auth::user();
+
+        // 基础公开信息
+        $data = [
+            'username' => $targetUser->username,
+            'sex' => $targetUser->sex,
+            'headface' => $targetUser->headface,
+            'usersf' => $targetUser->usersf,
+            'user_level' => $targetUser->user_level,
+            'qianming' => $targetUser->qianming,
+            'sign' => $targetUser->sign ?? '这个人很懒，什么都没留下。',
+            'created_at' => $targetUser->created_at->format('Y-m-d'),
+        ];
+
+        // 只有等级不低于对方，或者自己看自己时，才能看到详细的财富、经验资产
+        if ($operator && ($operator->user_level >= $targetUser->user_level || $operator->id === $targetUser->id)) {
+            $data['exp_num'] = $targetUser->exp_num ?? 0;
+            $data['jjb'] = $targetUser->jjb ?? 0;
+            $data['meili'] = $targetUser->meili ?? 0;
+        }
+
+        // 拥有封禁IP（level_banip）或踢人以上权限的管理，可以查看IP和归属地
+        $levelBanIp = (int) Sysparam::getValue('level_banip', '15');
+        if ($operator && $operator->user_level >= $levelBanIp) {
+            $data['last_ip'] = $targetUser->last_ip;
+            $data['login_ip'] = $targetUser->login_ip; // 假设表中存在 login_ip 记录本次IP，若无则使用 last_ip 退化
+
+            // 解析归属地
+            $ipToLookup = $targetUser->login_ip ?: $targetUser->last_ip;
+            if ($ipToLookup) {
+                $position = Location::get($ipToLookup);
+                if ($position) {
+                    $data['location'] = ($position->countryName === 'China' || $position->countryName === 'Local') ?
+                        ($position->regionName ?? '').' '.($position->cityName ?? '') :
+                        $position->countryName;
+                } else {
+                    $data['location'] = '未知区域';
+                }
+            } else {
+                $data['location'] = '暂无记录';
+            }
+        }
 
-        // 隐藏关键信息，只返回公开资料
         return response()->json([
             'status' => 'success',
-            'data' => [
-                'username' => $user->username,
-                'sex' => $user->sex,
-                'headface' => $user->headface,
-                'usersf' => $user->usersf,
-                'user_level' => $user->user_level,
-                'exp_num' => $user->exp_num ?? 0,
-                'jjb' => $user->jjb ?? 0,
-                'qianming' => $user->qianming,
-                'sign' => $user->sign ?? '这个人很懒，什么都没留下。',
-                'created_at' => $user->created_at->format('Y-m-d'),
-            ],
+            'data' => $data,
         ]);
     }