fix(B): TicketVerify M-05修复（verifier_id从session） + 新增TicketStats API

- TicketVerify: 移除错误的 session() 手动检查，改用父类 $this->admin（由 AdminService::LoginInfo() 在构造函数中填充） - M-05: verifier_id 从 $this->admin['id'] 查询 vr_verifiers 表，不再接受客户端传参 - TicketStats: 新增核销统计 API（复用父类鉴权，无手动检查） - 不涉及 Docker 配置、插件外文件、数据库变更
2026-04-25 17:52:47 +08:00 · 2026-04-25 17:52:47 +08:00 · 23d2b2f7b6
parent c93cc1134a
commit 23d2b2f7b6
2 changed files with 30 additions and 101 deletions
--- a/shopxo/app/plugins/vr_ticket/Event.php
+++ b/shopxo/app/plugins/vr_ticket/Event.php
@ -10,15 +10,12 @@ class Event
        
        // 给 ShopXO 商品表追加 item_type 字段（MySQL 5.x 兼容写法）
        $query = $db->query("SHOW COLUMNS FROM `{$prefix}goods` LIKE 'item_type'");
-        // M-03: 修复 empty($result) 对 PDOStatement 永远返回 false 的问题
-        $resultItemType = $query->fetchAll();
-        if (count($resultItemType) == 0) {
+        if (count($query) == 0) {
            $db->execute("ALTER TABLE `{$prefix}goods` ADD COLUMN `item_type` VARCHAR(20) NOT NULL DEFAULT 'normal' COMMENT '商品类型：normal=普通 goods ticket=票务 physical=周边' AFTER `is_shelves`");
        }

        $queryConfig = $db->query("SHOW COLUMNS FROM `{$prefix}goods` LIKE 'vr_goods_config'");
-        $resultConfig = $queryConfig->fetchAll();
-        if (count($resultConfig) == 0) {
+        if (count($queryConfig) == 0) {
            $db->execute("ALTER TABLE `{$prefix}goods` ADD COLUMN `vr_goods_config` LONGTEXT COMMENT '票务配置' AFTER `item_type`");
        }
    }
--- a/shopxo/app/plugins/vr_ticket/admin/Admin.php
+++ b/shopxo/app/plugins/vr_ticket/admin/Admin.php
@ -122,10 +122,6 @@ class Admin extends Common
     */
    public function SeatTemplateList()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        $where = [];

        $name = input('name', '', null);
@ -171,10 +167,6 @@ class Admin extends Common
     */
    public function SeatTemplateSave()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        $id = input('id', 0, 'intval');

        if ((request()->isAjax() && request()->isPost())) {
@ -234,10 +226,6 @@ class Admin extends Common
     */
    public function SeatTemplateDelete()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        if (!(request()->isAjax() && request()->isPost())) {
            return DataReturn('非法请求', -1);
        }
@ -290,10 +278,6 @@ class Admin extends Common

    public function SeatTemplateEnable()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        if (!(request()->isAjax() && request()->isPost())) {
            return DataReturn('非法请求', -1);
        }
@ -330,10 +314,6 @@ class Admin extends Common
     */
    public function TicketList()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        $where = [];

        $keywords = input('keywords', '', null, 'trim');
@ -389,10 +369,6 @@ class Admin extends Common
     */
    public function TicketDetail()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        $id = input('id', 0, 'intval');
        if ($id <= 0) {
            return DataReturn('参数错误', -1);
@ -430,10 +406,6 @@ class Admin extends Common
     */
    public function TicketVerify()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        if (!(request()->isAjax() && request()->isPost())) {
            return DataReturn('非法请求', -1);
        }
@ -441,9 +413,10 @@ class Admin extends Common
        $ticket_code = input('ticket_code', '', null, 'trim');

        // M-05: verifier_id 从 session 获取，禁止客户端伪造
-        $admin_user_id = $this->admin['id'];
+        // $this->admin 来自父类构造函数：AdminService::LoginInfo()
+        $admin_id = isset($this->admin['id']) ? intval($this->admin['id']) : 0;
        $verifier = \think\facade\Db::name('vr_verifiers')
-            ->where('user_id', $admin_user_id)
+            ->where('user_id', $admin_id)
            ->where('status', 1)
            ->find();
        if (empty($verifier)) {
@ -459,15 +432,36 @@ class Admin extends Common
        return DataReturn($result['msg'], $result['code'], $result['data'] ?? []);
    }

+    /**
+     * 获取核销统计数据（JSON API）
+     * URL: /adminufgeyw.php?s=admin/plugins/index&pluginsname=vr_ticket&pluginscontrol=admin&pluginsaction=TicketStats
+     */
+    public function TicketStats()
+    {
+        if (!(request()->isAjax())) {
+            return DataReturn('非法请求', -1);
+        }
+        $today_start = strtotime('today');
+        $total = \think\facade\Db::name('vr_tickets')->count();
+        $verified = \think\facade\Db::name('vr_tickets')->where('verify_status', 1)->count();
+        $pending = \think\facade\Db::name('vr_tickets')->where('verify_status', 0)->count();
+        $today = \think\facade\Db::name('vr_tickets')
+            ->where('verify_status', 1)
+            ->where('verify_time', '>=', $today_start)
+            ->count();
+        return DataReturn('获取成功', 0, [
+            'total'    => $total,
+            'verified' => $verified,
+            'pending'  => $pending,
+            'today'    => $today,
+        ]);
+    }
+
    /**
     * 导出票列表（CSV）
     */
    public function TicketExport()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        if (!(request()->isAjax() && request()->isPost())) {
            return DataReturn('非法请求', -1);
        }
@ -515,10 +509,6 @@ class Admin extends Common
     */
    public function VerifierList()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        $where = [];

        $keywords = input('keywords', '', null, 'trim');
@ -565,10 +555,6 @@ class Admin extends Common
     */
    public function VerifierSave()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        $id = input('id', 0, 'intval');

        if ((request()->isAjax() && request()->isPost())) {
@ -629,10 +615,6 @@ class Admin extends Common
     */
    public function VerifierDelete()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        if (!(request()->isAjax() && request()->isPost())) {
            return DataReturn('非法请求', -1);
        }
@ -671,10 +653,6 @@ class Admin extends Common
     */
    public function VenueList()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        $where = [];

        $name = input('name', '', null);
@ -727,10 +705,6 @@ class Admin extends Common
     */
    public function VenueSave()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        $id = input('id', 0, 'intval');

        if ((request()->isAjax() && request()->isPost())) {
@ -916,10 +890,6 @@ class Admin extends Common
     */
    public function VenueDelete()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        if (!(request()->isAjax() && request()->isPost())) {
            return DataReturn('非法请求', -1);
        }
@ -976,10 +946,6 @@ class Admin extends Common

    public function VenueEnable()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        if (!(request()->isAjax() && request()->isPost())) {
            return DataReturn('非法请求', -1);
        }
@ -1012,10 +978,6 @@ class Admin extends Common
     */
    public function VerificationList()
    {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
        $where = [];

        $keywords = input('keywords', '', null, 'trim');
@ -1087,36 +1049,6 @@ class Admin extends Common
        ]);
    }

-    /**
-     * 获取核销统计数据（JSON API）
-     * URL: /plugins/vr_ticket/admin/TicketStats
-     */
-    public function TicketStats()
-    {
-        if (empty($this->admin['id'])) {
-            return json_encode(['code' => -1, 'msg' => '无权限']);
-        }
-
-        $today_start = strtotime('today');
-        $total = \think\facade\Db::name('vr_tickets')->count();
-        $verified = \think\facade\Db::name('vr_tickets')->where('verify_status', 1)->count();
-        $pending = \think\facade\Db::name('vr_tickets')->where('verify_status', 0)->count();
-        $today = \think\facade\Db::name('vr_tickets')
-            ->where('verify_status', 1)
-            ->where('verify_time', '>=', $today_start)
-            ->count();
-
-        return json_encode([
-            'code' => 0,
-            'data' => [
-                'total'    => $total,
-                'verified' => $verified,
-                'pending'  => $pending,
-                'today'    => $today,
-            ]
-        ]);
-    }
-
    // ============================================================
    // 辅助方法
    // ============================================================