From 86732deaca092924df68c1940d7e3820428166ca Mon Sep 17 00:00:00 2001
From: lkddi <lkddi@163.com>
Date: Thu, 26 Feb 2026 22:41:42 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=89=E5=85=A8=EF=BC=9A=E5=90=8E=E5=8F=B0?=
 =?UTF-8?q?=E5=BC=BA=E6=9D=80=E5=8A=9F=E8=83=BD=E5=A2=9E=E5=8A=A0=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86=E5=91=98=E4=BF=9D=E6=8A=A4=EF=BC=8C=E4=B8=8D=E5=85=81?=
 =?UTF-8?q?=E8=AE=B8=E5=88=A0=E9=99=A4=E7=AE=A1=E7=90=86=E5=91=98=E8=B4=A6?=
 =?UTF-8?q?=E5=8F=B7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Controllers/Admin/UserManagerController.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/Admin/UserManagerController.php b/app/Http/Controllers/Admin/UserManagerController.php
index cc6680c..272d98d 100644
--- a/app/Http/Controllers/Admin/UserManagerController.php
+++ b/app/Http/Controllers/Admin/UserManagerController.php
@@ -128,14 +128,18 @@ class UserManagerController extends Controller
         $targetUser = User::findOrFail($id);
         $currentUser = Auth::user();
 
-        // 越权防护
+        // 越权防护：不允许删除同级或更高等级的账号
         if ($targetUser->id !== $currentUser->id && $targetUser->user_level >= $currentUser->user_level) {
             abort(403, '权限不足：无法删除同级或高级账号！');
         }
 
-        $targetUser->delete();
+        // 管理员保护：达到踢人等级(level_kick)的用户视为管理员，不可被强杀
+        $levelKick = (int) \App\Models\Sysparam::getValue('level_kick', '10');
+        if ($targetUser->user_level >= $levelKick) {
+            abort(403, '该用户为管理员，不允许强杀！请先在用户编辑中降低其等级。');
+        }
 
-        // 可选：触发解散名下房间等
+        $targetUser->delete();
 
         return back()->with('success', '目标已被物理删除。');
     }