feat: EK-856: 管理员增加“Country”属性.

backendApi/modules/v1/controllers/ShopController.php

@@ -438,7 +438,11 @@ class ShopController extends BaseController {
         $adminId = Yii::$app->getUser()->getUserInfo()['id'];
         $adminCountry = AdminCountry::getCountry($adminId);
 
-        $condition = ' 1=1 ' . $filter['condition'] . ' AND O.COUNTRY_ID IN (' . implode(',', $adminCountry) . ')';
+        $quotedAdminCountry = array_map(function($item) {
+            return "'" . addslashes($item) . "'";
+        }, $adminCountry);
+
+        $condition = ' 1=1 ' . $filter['condition'] . " AND O.COUNTRY_ID IN (" . implode(',', $quotedAdminCountry) . ")";
         $params = $filter['params'];
         $condition .= $condition ? ' AND O.IS_DELETE=0' : ' O.IS_DELETE=0';
         $listObj = new OrderList();
@@ -468,7 +472,12 @@ class ShopController extends BaseController {
         $adminId = Yii::$app->getUser()->getUserInfo()['id'];
         $adminCountry = AdminCountry::getCountry($adminId);
 
-        $filter['condition'] = !$filter['condition'] ? '1=1 AND O.IS_DELETE=0' : ('O.IS_DELETE=0 ' . $filter['condition']) . ' AND O.COUNTRY_ID IN (' . implode(',', $adminCountry) . ')';
+        $quotedAdminCountry = array_map(function($item) {
+            return "'" . addslashes($item) . "'";
+        }, $adminCountry);
+
+
+        $filter['condition'] = !$filter['condition'] ? '1=1 AND O.IS_DELETE=0' : ('O.IS_DELETE=0 ' . $filter['condition']) . " AND O.COUNTRY_ID IN (" . implode(',', $quotedAdminCountry) . ")";
         $form = new ShopExportForm();
         $result = $form->run($filter, \Yii::t('ctx', 'shopOrderListExport')); // 订单列表
         if (!$result) {

backendApi/modules/v1/controllers/UserController.php

@@ -148,10 +148,16 @@ class UserController extends BaseController
 
         $adminId = Yii::$app->getUser()->getUserInfo()['id'];
         $adminCountry = AdminCountry::getCountry($adminId);
+        $quotedAdminCountry = array_map(function($item) {
+            return "'" . addslashes($item) . "'";
+        }, $adminCountry);
+
+        $condition = $filter['condition'] ?? '';
+        $filter['condition'] = $condition . " AND U.COUNTRY_ID IN (" . implode(',', $quotedAdminCountry) . ")";
 
         $condition = $filter['condition'];
         $params = $filter['params'];
-        $condition .= ' AND UI.DELETED=0 AND U.COUNTRY_ID IN (' . implode(',', $adminCountry) . ')';
+        $condition .= " AND UI.DELETED=0 AND U.COUNTRY_ID IN (" . implode(',', $quotedAdminCountry) . ")";
 
         $listObj = new IndexList();
         $data = $listObj->getList(['condition' => $condition, 'params' => $params]);
@@ -210,12 +216,12 @@ class UserController extends BaseController
 
         $adminId = Yii::$app->getUser()->getUserInfo()['id'];
         $adminCountry = AdminCountry::getCountry($adminId);
+        $quotedAdminCountry = array_map(function($item) {
+            return "'" . addslashes($item) . "'";
+        }, $adminCountry);
 
         $condition = $filter['condition'] ?? '';
-        $filter['condition'] = $condition . ' AND O.COUNTRY_ID IN (' . implode(',', $adminCountry) . ')';
-
-        $adminId = Yii::$app->getUser()->getUserInfo()['id'];
-        $adminCountry = AdminCountry::getCountry($adminId);
+        $filter['condition'] = $condition . " AND U.COUNTRY_ID IN (" . implode(',', $quotedAdminCountry) . ")";
 
         $form = new UserExportForm();
         $result = $form->run($filter, 'Member_List');