fix admin setting authorization + cleanup trans

2026-04-03 14:10:57 +08:00 · 2022-07-18 17:50:05 +08:00
parent 1759f4abfc
commit e5d996cb75
10 changed files with 48 additions and 19 deletions
--- a/README.md
+++ b/README.md
@@ -26,8 +26,8 @@

 ## 系统要求
 - PHP: 8.0，必须扩展：bcmath, ctype, curl, fileinfo, json, mbstring, openssl, pdo_mysql, tokenizer, xml, mysqli, gd, redis, pcntl, sockets, posix
- Mysql: 5.7最新版或以上版本
- Redis：2.0.0或以上版本
+- Mysql: 5.7 最新版或以上版本
+- Redis：2.0.0 或以上版本

 ## 快速开始
 安装 docker。  
--- a/app/Filament/Resources/System/AgentAllowResource.php
+++ b/app/Filament/Resources/System/AgentAllowResource.php
@@ -36,11 +36,6 @@ class AgentAllowResource extends Resource
        return self::getNavigationLabel();
    }

-//    public static function getModelLabel(): string
-//    {
-//
-//    }
-

    public static function form(Form $form): Form
    {
--- a/app/Filament/Resources/System/AgentAllowResource/Pages/ListAgentAllows.php
+++ b/app/Filament/Resources/System/AgentAllowResource/Pages/ListAgentAllows.php
@@ -36,4 +36,5 @@ class ListAgentAllows extends PageList

        ];
    }
+
 }
--- a/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
+++ b/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
@@ -30,6 +30,8 @@ class EditSetting extends Page implements Forms\Contracts\HasForms

    public function mount()
    {
+        static::authorizeResourceAccess();
+
        $settings = Setting::get();
        $this->form->fill($settings);

@@ -67,6 +69,8 @@ class EditSetting extends Page implements Forms\Contracts\HasForms

    public function submit()
    {
+        static::authorizeResourceAccess();
+
        $formData = $this->form->getState();
        $notAutoloadNames = ['donation_custom'];
        $data = [];
--- a/app/Policies/SettingPolicy.php
+++ b/app/Policies/SettingPolicy.php
@@ -18,7 +18,7 @@ class SettingPolicy extends BasePolicy
     */
    public function viewAny(User $user)
    {
-        //
+        return $this->can($user);
    }

    /**
@@ -30,7 +30,7 @@ class SettingPolicy extends BasePolicy
     */
    public function view(User $user, Setting $setting)
    {
-        //
+        return $this->can($user);
    }

    /**
@@ -53,7 +53,7 @@ class SettingPolicy extends BasePolicy
     */
    public function update(User $user, Setting $setting)
    {
-        //
+        return $this->can($user);
    }

    /**
@@ -65,7 +65,7 @@ class SettingPolicy extends BasePolicy
     */
    public function delete(User $user, Setting $setting)
    {
-        //
+
    }

    /**
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -162,7 +162,7 @@ class UserRepository extends BaseRepository
        if ($targetUser->enabled == User::ENABLED_NO) {
            throw new NexusException('Already disabled !');
        }
-        if ($targetUser->class >= $operator->class) {
+        if ($operator->class <= $targetUser->class) {
            throw new NexusException('No Permission !');
        }
        $banLog = [
@@ -186,7 +186,7 @@ class UserRepository extends BaseRepository
        if ($targetUser->enabled == User::ENABLED_YES) {
            throw new NexusException('Already enabled !');
        }
-        if ($targetUser->class >= $operator->class) {
+        if ($operator->class <= $targetUser->class) {
            throw new NexusException('No Permission !');
        }
        $update = [
@@ -303,7 +303,7 @@ class UserRepository extends BaseRepository
    {
        $operator = $this->getOperator($operator);
        $classRequire = Setting::get('authority.prfmanage');
-        if ($operator->class < $classRequire) {
+        if ($operator->class <= $classRequire) {
            throw new \RuntimeException("No permission.");
        }
        $user = User::query()->findOrFail($uid, User::$commonFields);
--- a/lang/chs/lang_docleanup.php
+++ b/lang/chs/lang_docleanup.php
@@ -0,0 +1,9 @@
+<?php
+
+$lang_docleanup = [
+    'title' => '执行清理',
+    'running' => '清理进行中，请稍候...',
+    'force' => '如需要强制彻底清理，点击<a href="docleanup.php?forceall=1">这里</a>',
+    'time_consumed' => '耗时：%f 秒',
+    'done' => '完成',
+];
--- a/lang/cht/lang_docleanup.php
+++ b/lang/cht/lang_docleanup.php
@@ -0,0 +1,9 @@
+<?php
+
+$lang_docleanup = [
+    'title' => '執行清理',
+    'running' => '清理進行中，請稍候...',
+    'force' => '如需要強製徹底清理，點擊<a href="docleanup.php?forceall=1">這裏</a>',
+    'time_consumed' => '耗時：%f 秒',
+    'done' => '完成',
+];
--- a/lang/en/lang_docleanup.php
+++ b/lang/en/lang_docleanup.php
@@ -0,0 +1,9 @@
+<?php
+
+$lang_docleanup = [
+    'title' => 'Do Clean-up',
+    'running' => 'clean-up in progress...please wait',
+    'force' => 'If you need to force a complete cleaning, click<a href="docleanup.php?forceall=1">here</a>',
+    'time_consumed' => 'Time consumed：%f sec',
+    'done' => 'Done',
+];
--- a/public/docleanup.php
+++ b/public/docleanup.php
@@ -6,16 +6,18 @@ dbconn();
 if (get_user_class() < UC_SYSOP) {
 die('forbidden');
 }
-echo "<html><head><title>Do Clean-up</title></head><body>";
+require get_langfile_path();
+
+echo "<html><head><title>".$lang_docleanup['title']."</title></head><body>";
 echo "<p>";
-echo "clean-up in progress...please wait<br />";
+echo $lang_docleanup['running'] . "<br />";
 ob_flush();
 flush();
 if (isset($_GET['forceall']) && $_GET['forceall']) {
 	$forceall = 1;
 } else {
 	$forceall = 0;
-echo "you may force full clean-up by adding the parameter 'forceall=1' to URL<br />";
+    echo $lang_docleanup['force'] . '<br />';
 }
 echo "</p>";
 $tstart = getmicrotime();
@@ -23,6 +25,6 @@ require_once("include/cleanup.php");
 print("<p>".docleanup($forceall, 1)."</p>");
 $tend = getmicrotime();
 $totaltime = ($tend - $tstart);
-printf ("Time consumed:  %f sec<br />", $totaltime);
-echo "Done<br />";
+printf ($lang_docleanup['time_consumed']."<br />", $totaltime);
+echo $lang_docleanup['done']."<br />";
 echo "</body></html>";