From e216bd77510397e621c0b7340300aae5a636ba7d Mon Sep 17 00:00:00 2001
From: cxb <1151671293@qq.com>
Date: Thu, 28 Nov 2019 18:17:18 +0800
Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3=E8=A7=92=E8=89=B2=E7=BB=84?=
 =?UTF-8?q?=E8=B7=A8=E6=9D=83=E9=99=90=E6=9F=A5=E7=9C=8B=E7=BC=96=E8=BE=91?=
 =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=8C=E4=BF=AE=E6=AD=A3=E8=A7=92?=
 =?UTF-8?q?=E8=89=B2=E7=BB=84=E7=A7=BB=E5=8A=A8=E6=97=B6=E4=B8=8D=E8=83=BD?=
 =?UTF-8?q?=E4=B8=BA=E8=8A=82=E7=82=B9=E7=9A=84=E5=AD=90=E8=8A=82=E7=82=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/admin/controller/auth/Group.php | 13 ++++++++++---
 application/admin/lang/zh-cn/auth/group.php |  2 ++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/application/admin/controller/auth/Group.php b/application/admin/controller/auth/Group.php
index 8fa5d1c8d..0e82c8d89 100644
--- a/application/admin/controller/auth/Group.php
+++ b/application/admin/controller/auth/Group.php
@@ -95,7 +95,7 @@ class Group extends Backend
             $params = $this->request->post("row/a", [], 'strip_tags');
             $params['rules'] = explode(',', $params['rules']);
             if (!in_array($params['pid'], $this->childrenGroupIds)) {
-                $this->error(__('The parent group can not be its own child'));
+                $this->error(__('The parent group exceeds permission limit'));
             }
             $parentmodel = model("AuthGroup")->get($params['pid']);
             if (!$parentmodel) {
@@ -125,6 +125,9 @@ class Group extends Backend
      */
     public function edit($ids = null)
     {
+        if (!in_array($ids, $this->childrenGroupIds)) {
+            $this->error(__('You have no permission'));
+        }
         $row = $this->model->get(['id' => $ids]);
         if (!$row) {
             $this->error(__('No Results were found'));
@@ -132,9 +135,13 @@ class Group extends Backend
         if ($this->request->isPost()) {
             $this->token();
             $params = $this->request->post("row/a", [], 'strip_tags');
-            // 父节点不能是它自身的子节点
+            //父节点不能是非权限内节点
             if (!in_array($params['pid'], $this->childrenGroupIds)) {
-                $this->error(__('The parent group can not be its own child'));
+                $this->error(__('The parent group exceeds permission limit'));
+            }
+            // 父节点不能是它自身的子节点或自己本身
+            if (in_array($params['pid'], Tree::instance()->getChildrenIds($row->id,true))){
+                $this->error(__('The parent group can not be its own child or itself'));
             }
             $params['rules'] = explode(',', $params['rules']);
 
diff --git a/application/admin/lang/zh-cn/auth/group.php b/application/admin/lang/zh-cn/auth/group.php
index 4c25c859f..3a63f5860 100644
--- a/application/admin/lang/zh-cn/auth/group.php
+++ b/application/admin/lang/zh-cn/auth/group.php
@@ -7,4 +7,6 @@ return [
     'Can not change the parent to child'                                   => '父组别不能是它的子组别',
     'Can not change the parent to self'                                    => '父组别不能是它的子组别',
     'You can not delete group that contain child group and administrators' => '你不能删除含有子组和管理员的组',
+    'The parent group exceeds permission limit'                            => '父组别超出权限范围',
+    'The parent group can not be its own child or itself'                  => '父组别不能是它的子组别及本身',
 ];
-- 
Gitee