diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php index 3738f7b6..6a3befc3 100644 --- a/app/Exceptions/Handler.php +++ b/app/Exceptions/Handler.php @@ -13,6 +13,7 @@ use Illuminate\Validation\ValidationException; use Log; use ReflectionException; use Response; +use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; use Throwable; @@ -77,6 +78,12 @@ class Handler extends ExceptionHandler return Response::json(['status' => 'fail', 'message' => trans('http-statuses.401')], 401); } + return Response::view('auth.error', ['message' => trans('http-statuses.401')], 401); + case $exception instanceof AccessDeniedHttpException: // 捕获权限拒绝异常 + if ($request->ajax() || $request->wantsJson()) { + return Response::json(['status' => 'fail', 'message' => trans('http-statuses.401')], 401); + } + return Response::view('auth.error', ['message' => trans('http-statuses.401')], 401); case $exception instanceof TokenMismatchException: // 捕获CSRF异常 if ($request->ajax() || $request->wantsJson()) { @@ -114,6 +121,12 @@ class Handler extends ExceptionHandler } return Response::view('auth.error', ['message' => $exception->getMessage()], 408); + default: + if ($request->ajax() || $request->wantsJson()) { + return Response::json(['status' => 'fail', 'message' => $exception->getMessage()], 400); + } + + return Response::view('auth.error', ['message' => $exception->getMessage()], 400); } } diff --git a/app/Http/Controllers/PaymentController.php b/app/Http/Controllers/PaymentController.php index ba186c02..6fcc74de 100644 --- a/app/Http/Controllers/PaymentController.php +++ b/app/Http/Controllers/PaymentController.php @@ -185,6 +185,10 @@ class PaymentController extends Controller public function close(Order $order): JsonResponse { + if ($order->user_id !== auth()->id()) { + return response()->json(['status' => 'fail', 'message' => trans('http-statuses.401')]); + } + if (! $order->close()) { return response()->json(['status' => 'fail', 'message' => trans('common.failed_action_item', ['action' => trans('common.close'), 'attribute' => trans('model.order.attribute')])]); } diff --git a/app/Http/Controllers/User/TicketController.php b/app/Http/Controllers/User/TicketController.php index a468960b..5213afe2 100644 --- a/app/Http/Controllers/User/TicketController.php +++ b/app/Http/Controllers/User/TicketController.php @@ -47,6 +47,10 @@ class TicketController extends Controller public function edit(Ticket $ticket): View { // 回复工单 + if ($ticket->user_id !== auth()->id()) { + abort(404, trans('http-statuses.404')); + } + $replyList = $ticket->reply() ->with('ticket:id,status', 'admin:id,username,qq', 'user:id,username,qq') ->oldest() @@ -57,6 +61,10 @@ class TicketController extends Controller public function reply(Request $request, Ticket $ticket): JsonResponse { + if ($ticket->user_id !== auth()->id()) { + return response()->json(['status' => 'fail', 'message' => trans('http-statuses.401')]); + } + $validatedData = $request->validate([ 'content' => 'required|string|max:300', ]); @@ -84,6 +92,10 @@ class TicketController extends Controller public function close(Ticket $ticket): JsonResponse { // 关闭工单 + if ($ticket->user_id !== auth()->id()) { + return response()->json(['status' => 'fail', 'message' => trans('http-statuses.401')]); + } + if ($ticket->close()) { return response()->json([ 'status' => 'success', diff --git a/public/assets/js/config/common.js b/public/assets/js/config/common.js index 0f0ae783..57afef44 100644 --- a/public/assets/js/config/common.js +++ b/public/assets/js/config/common.js @@ -246,7 +246,7 @@ function handleErrors(xhr, options = {}) { } // 其它错误 - const errorMessage = xhr.responseJSON?.message || xhr.statusText; + const errorMessage = xhr.responseJSON?.message || xhr?.message || xhr.statusText; // 提取公共的 showMessage 调用 const showMessageOptions = {title: errorMessage, icon: "error"};