From dbc243ded61e9fe76a00fb2737081d21376e3a04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E5=BA=B7?= <zhoukang@antiy.cn>
Date: Mon, 8 Aug 2016 20:04:32 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=A1=B9=E7=9B=AE=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE=EF=BC=8C=E7=AE=A1=E7=90=86=E5=91=98=E5=8F=AF=E4=BB=A5?=
 =?UTF-8?q?=E6=9F=A5=E7=9C=8B=E5=B9=B6=E6=9B=B4=E6=94=B9=E9=A1=B9=E7=9B=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 controllers/ConfController.php | 21 ++++++++++-----------
 views/conf/index.php           |  2 +-
 2 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/controllers/ConfController.php b/controllers/ConfController.php
index 476107ca..3883e960 100644
--- a/controllers/ConfController.php
+++ b/controllers/ConfController.php
@@ -31,8 +31,12 @@ public function beforeAction($action) {
      *
      */
     public function actionIndex() {
+
+        // 显示该用户为管理员的所有项目
         $project = Project::find()
-            ->where(['user_id' => $this->uid]);
+            ->leftJoin(Group::tableName(), '`group`.`project_id`=`project`.`id`')
+            ->where(['`group`.`user_id`' => $this->uid, '`group`.`type`' => Group::TYPE_ADMIN]);
+
         $kw = \Yii::$app->request->post('kw');
         if ($kw) {
             $project->andWhere(['like', "name", $kw]);
@@ -191,10 +195,7 @@ public function actionDeleteRelation($id) {
         if (!$group) {
             throw new \Exception(yii::t('conf', 'relation not exists'));
         }
-        $project = Project::findOne($group->project_id);
-        if ($project->user_id != $this->uid) {
-            throw new \Exception(yii::t('conf', 'you are not master of project'));
-        }
+        $project = $this->findModel($group->project_id);
 
         if (!$group->delete()) throw new \Exception(yii::t('w', 'delete failed'));
         $this->renderJson([]);
@@ -211,10 +212,7 @@ public function actionEditRelation($id, $type = 0) {
         if (!$group) {
             throw new \Exception(yii::t('conf', 'relation not exists'));
         }
-        $project = Project::findOne($group->project_id);
-        if ($project->user_id != $this->uid) {
-            throw new \Exception(yii::t('w', 'you are not master of project'));
-        }
+        $project = $this->findModel($group->project_id);
         if (!in_array($type, [Group::TYPE_ADMIN, Group::TYPE_USER])) {
             throw new \Exception(yii::t('conf', 'unknown relation type'));
         }
@@ -232,8 +230,9 @@ public function actionEditRelation($id, $type = 0) {
      */
     protected function findModel($id) {
         if (($model = Project::getConf($id)) !== null) {
-            if ($model->user_id != $this->uid) {
-                throw new \Exception(yii::t('w', 'you are not master of project'));
+            //判断是否为管理员
+            if(!Group::isAuditAdmin($this->uid, $model->id)){
+                throw new \Exception(yii::t('w', 'you are not admin of project'));
             }
             return $model;
         } else {
diff --git a/views/conf/index.php b/views/conf/index.php
index c8ca6160..c9e48e6f 100644
--- a/views/conf/index.php
+++ b/views/conf/index.php
@@ -7,7 +7,7 @@
 ?>
 <div class="box">
     <div class="box-header">
-        <form action="/conf/" method="POST">
+        <form action="<?= Url::to('@web/conf') ?>" method="POST">
             <input type="hidden" value="<?= \Yii::$app->request->getCsrfToken(); ?>" name="_csrf">
             <div class="col-xs-12 col-sm-8" style="padding-left: 0;margin-bottom: 10px;">
                 <div class="input-group">