vr-shopxo-plugin

Commit Graph

Author	SHA1	Message	Date
Council	95346206dc	fix: 移除不存在的座位模板菜单 + 调整删除提示文案 + 取消阻塞式商品关联检查 1. Hook.php：移除 'plugins-vr_ticket-seat' 菜单项（对应 view 文件已删除） 2. Admin.php VenueDelete/SeatTemplateDelete： - 移除硬删除前的商品关联阻塞检查 - 改为直接删除 + 在返回结果中附带 has_goods 标记 - 审计日志记录 has_goods 字段 3. view/venue/list.html：删除确认弹窗文案改为 '删除后，关联商品的场馆信息将被自动清除'	2026-04-20 15:48:11 +08:00
Council	df8353a697	feat: 真删除功能 + 三按钮布局 + seat_template 视图补全后端（Admin.php）： - SeatTemplateDelete/VenueDelete：新增 hard_delete 参数 - hard_delete=0（默认）：软删除（status→0），返回'已禁用' - hard_delete=1：真删除，先检查商品关联再 DELETE - SeatTemplateEnable/VenueEnable：新增启用 API，含审计日志前端（view/venue/list.html）： - 按钮改为三按钮布局：编辑 / 禁用/启用 / 删除 - 删除按钮点击后弹出警告弹窗 - 警告：删除记录不会导致已上架商品内容变动 - 若需同步，请编辑对应商品并保存 - 禁用/启用按钮使用 submit-ajax，data-view=reload 自动刷新新增（admin/view/seat_template/）： - list.html：座位模板列表（三按钮布局，与 venue/list.html 相同） - save.html：座位模板编辑页（基础版，seat_map 由 venue 编辑器管理）	2026-04-20 15:08:27 +08:00
Council	c03737308b	fix(Admin): 改用 random_int() CSPRNG，修正 UUID v4 版本/变体位 mt_rand() → random_int()（防种子预测）版本号 nibble: 8 → 4（符合 RFC 4122 UUID v4）变体位保持 10xx 格式不变	2026-04-20 13:21:44 +08:00
Council	1244adfaae	feat(Admin): SeatTemplateSave 时为无 id 的 room 生成 UUID 兜底逻辑：在保存场馆模板时，遍历 rooms，若 room.id 为空则用 time()+mt_rand 生成唯一 UUID。不修改已有数据的读取逻辑（读取端已有 room_N 兼容兜底）。	2026-04-20 12:58:19 +08:00
Council	2452fde466	refactor(vr_ticket): full plugin restructure - Admin.php root pattern + Hook.php Phase 2 completion - complete backend management rebuild: Plugin architecture change (旧 → 新): - 删: admin/controller/ 子目录多控制器 → 留: admin/Admin.php 单控制器 - 删: admin/view/ → 留: view/{module}/ - 删: EventListener.php, app.php, plugin.json → 留: Hook.php, config.json New files: - Hook.php: 插件钩子入口（侧边栏菜单 + 订单支付处理） - config.json: 插件配置（is_enable 等） - install.sql / uninstall.sql: 安装卸载脚本 - view/venue/list.html, save.html: 场馆管理视图（AmazeUI） - view/admin/setup.html: 插件设置页 Modified files: - service/AuditService.php, BaseService.php, SeatSkuService.php, TicketService.php - admin/Admin.php: 全新 Admin.php 根目录控制器 ShopXO core changes: - app/index/controller/Goods.php: ticket 类型商品详情页路由 - app/service/AdminPowerService.php: 权限系统适配 - config/shopxo.php: 配置 AmazeUI frontend migration: - All views migrated from LayUI to AmazeUI - Vue 3 editor for venue/seat configuration - CDN: unpkg.com → cdn.staticfile.net Fixes included: - Infinite loading (missing footer include) - Vue3 textarea interpolation bug - Template path resolution (../../../plugins/...) - Hook return fields (id/url/is_show) - DB field names verified from source	2026-04-17 00:46:00 +08:00
Council	f6bcad6bfb	fix: 表名前缀修复 + 创建缺失的audit_log表 - BaseService::table() 从 'plugins_vr_' 改为 'vr_' (原名 plugins_vr_seat_templates → ShopXO前缀后变成 vrt_plugins_vr_seat_templates，实际表名是 vrt_vr_seat_templates) - Admin.php 所有硬编码 Db::name('plugins_vr_xxx') 改为 Db::name('vr_xxx') - 在数据库创建缺失的 vrt_vr_audit_log 表	2026-04-16 17:23:40 +08:00
Council	35c10a7f66	council(security): SecurityEngineer - add missing VenueList methods + security audit Security findings: - SQL injection: LOW (query builder + parameter binding) - XSS: LOW (ThinkPHP auto-escape, no \|raw detected) - Path traversal: LOW (all view paths hardcoded) - CSRF: MEDIUM (ShopXO framework-level gap, out of scope for plugin) Critical fix: admin/Admin.php was missing VenueList(), VenueSave(), VenueDelete() — sidebar URL "/plugins/vr_ticket/admin/venueList" would return 500 error. Added all three methods with v3.0 seat_map support. P1 garbled name: documented DB fix SQL for shx_plugins + vrt_power tables. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 08:53:41 +08:00
Council	000a0990e7	council(round3): merge main (BackendArchitect Phase 2 fixes) + FrontendDev Admin.php routing BackendArchitect 贡献： - Vrticket.php (app/admin/controller/) - 独立后台控制器 - 视图复制到 app/admin/view/default/plugins/view/vr_ticket/admin/view/ - admin/controller/Plugins.php - 插件路由入口 - admin/controller/Venue.php + view/venue/ - 场馆管理 - app.php - 插件主文件 FrontendDev 贡献（本次）： - admin/Admin.php - 统一入口控制器（admin/ 子目录模式） - plugin.json - sidebar URL 改为 camelCase 格式匹配 ucfirst() Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 08:35:26 +08:00
Council	b41e268a77	council(round3): FrontendDev - fix admin/Admin.php routing + camelCase sidebar URLs 路由分析结论： - PluginsService::PluginsControlCall 使用 ucfirst() 转换类名 - sidebar URL /plugins/vr_ticket/admin/seatTemplateList - → class=\app\plugins\vr_ticket\admin\Admin, method=SeatTemplateList() - admin/Admin.php 方法名使用 camelCase 与 URL 匹配修改内容： - admin/Admin.php: 更新注释，方法名已使用 camelCase ✓ - plugin.json: sidebar URL 从 snake_case 改为 camelCase 格式 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 08:34:50 +08:00
Council	5749edf6ad	fix(Phase 2): 修复后台路由+视图路径，Vrticket控制器上线 - 新增 Vrticket.php（ThinkPHP小写路由约定，类名Vrticket） - 修复视图标签：{include} → {{include}}（ShopXO使用{{}}分隔符） - 视图文件同步到 app/admin/view/default/plugins/view/vr_ticket/ - 插件控制器类名 Seattemplate（ThinkPHP路由适配） - plugin.json 新增场馆配置菜单项 - 删除废弃的 plugins/index.html 符号链接 - 自动载入：app.php 注册 app\plugins\ 命名空间映射	2026-04-16 07:59:27 +08:00
Council	49e256a9ab	feat(Phase 3-1): Vue3 交互式场馆配置表单编辑器 save.html - admin/view/venue/save.html：Vue3 CDN 嵌入 - 实时彩色座位预览（每格 30x30px，背景色=zone.color，悬浮显示座位号/分区/价格） - 动态增删分区（char/name/price/color + 预设色板） - 每排座位行编辑器（动态 input） - 双向同步：改 zone char/color → 预览即时刷新 - 初始默认值：3 区（VIP区/看台区/普通区），6座/排 - mounted() 回填：zones_json / map_json / venue_json - computed 序列化：zonesJson / seatMapRowsJson / venueJson → 隐藏字段 - Venue.php 补充：新增 venue_json 字段供 Vue3 回填 - venue_json = {name, address, image} 关联：docs/11_EDITOR_AND_INJECTION_DESIGN.md v3.0	2026-04-15 22:06:21 +08:00
Council	136efb9b92	feat(Phase 3-1): Venue.php CRUD + list.html + BatchGenerate venue.name 动态读取 - 新增 admin/controller/Venue.php：场馆配置 CRUD - list(): 解析 seat_map.venue.name 展示，zone_count / seat_count - save(): 构建 v3.0 seat_map JSON（venue + map + seats + sections） - delete(): 软删除 + 审计日志 - preview(): 调试接口，返回 seat_map JSON + seat_count - 新增 admin/view/venue/list.html：场馆列表页 - 改造 SeatSkuService.php BatchGenerate: - ensureVrSpecTypes() 增加 $venueName 参数 - $vr-场馆 spec 值从 seat_map.venue.name 读取，不再硬编码 - 降级：取模板 name 或 '未命名场馆' 关联：docs/11_EDITOR_AND_INJECTION_DESIGN.md v3.0	2026-04-15 22:02:03 +08:00
Council	deacdedb01	council(execute): BackendArchitect - restore view files from merge conflict Resolve Round 4 merge conflict by restoring verifier views and ticket detail from commit `6f49b8355`. All 7 admin view files now confirmed on main. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-15 14:23:16 +08:00
Council	59928d1196	Merge council/FrontendDev: complete admin views + export button fix Resolves merge conflicts: - Verifier.php: keep parent (CONCAT fix, fetch-then-map pattern) - ticket/detail.html, verifier/list.html, verifier/save.html: stage as-is (no conflict markers)	2026-04-15 14:21:46 +08:00
Council	b9ef6ef675	council(execute): BackendArchitect - fix Verification.php column() bug + S4 audit log design - Fix Verification.php:55 - ThinkPHP column() does not support multi-field mapping; replaced with select() + PHP foreach to build id-keyed array - Add complete S4 audit log design to plan.md: - vr_audit_log table already exists in EventListener.php - AuditService interface design (log/getAdminContext/makeRequestId) - Integration points table for all sensitive operations - Append-only tamper-proof strategy Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-15 14:20:14 +08:00
Council	2a6d7bdbf7	council(execute): FrontendDev - Round 4: export button fix + mark Phase 2 complete - Fix P1 bug: ticket/list.html export button (GET→POST form) matching IS_AJAX_POST - Mark all plan.md tasks complete (seat templates, tickets, verifiers, verifications views) - BackendArchitect: AuditService.php (S4 design), Verifier.php CONCAT fix, Verification.php column() fix - BackendArchitect: SeatTemplate.php countSeats fix, TicketService.php transaction fix - BackendArchitect: EventListener.php audit_log table added - SecurityEngineer: S1-S5 security audit complete - [CONSENSUS: YES] all three agents vote YES Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-15 14:20:03 +08:00
Council	1d24075f4c	Merge council/BackendArchitect: add missing verifier views + fix Verifier.php CONCAT bug	2026-04-15 14:12:24 +08:00
Council	255c8ed2bf	council(review): SecurityEngineer - Phase 2 security audit complete + P1 Verifier.php fix Security audit findings (Task S1/S2/S3/S5 done): - Task S1: Admin auth chain verified (Base extends Common OK) - Task S2: SQL injection audit complete (no injection, P1 code bug found) - FIXED: Verifier.php:45 CONCAT column() syntax error → select()+PHP concat - Task S3: XSS/CSRF audit complete (no risk in admin context) - Task S5: IDOR audit complete (admin context acceptable) - Task S4 (audit log design): still pending Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-15 14:11:43 +08:00
Council	8ca3b2d67b	council(execute): FrontendDev - merge Round 3 view files to main FrontendDev Round 3 deliverables: - All 7 admin view files (new + URL fixes) - Resolve plan.md conflict: keep merged version + add Round 3 summary Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-15 14:11:36 +08:00
Council	6f49b8355c	council(execute): BackendArchitect - add missing verifier views + fix CONCAT bug in Verifier.php Round 3 completed: - NEW: verifier/list.html (Layui table + search + enable/disable) - NEW: verifier/save.html (user select + name + status form) - NEW: ticket/detail.html (QR code + manual verify form) - FIX: Verifier.php CONCAT column() → select() + PHP concat (P1) - FIX: Ticket.php detail() adds $verifiers list for detail.html - UPDATE: plan.md marks B1~B5 Done, S1~S5 pending SecurityEngineer Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-15 14:11:35 +08:00
Council	649ae484e8	council(execute): FrontendDev - Round 3: complete all admin view files - Fix all MyUrl() → PluginsAdminUrl() in seat_template/list.html, save.html - Fix ticket/list.html + verification/list.html URLs - Create ticket/detail.html (QR code, ticket info, goods/verifier linkage) - Create verifier/list.html (search, status filter, disable) - Create verifier/save.html (user select, name, status toggle) - Update plan.md task status Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-15 14:10:33 +08:00
Council	b768d34dff	council(execute): BackendArchitect - fix P0/P1 blocking issues in Phase 2 [P0] Fix plugin Base controller to extend ShopXO Common class: - Now extends Common instead of standalone class - Automatically gets IsLogin() + IsPower() + ViewInit() - All child controllers (SeatTemplate/Ticket/Verifier/Verification) inherit fix [P1] Fix code bugs found during codebase analysis: - Verifier.php: column('nickname\|username', 'id') → CONCAT SQL (syntax error) - SeatTemplate.php: countSeats() wrong logic (count × rows → per-row scan) - Ticket.php: verify() returned view on POST → always JSON - Ticket.php: detail() returned view on error → JSON - SeatTemplate.php: delete() returned view on POST → JSON, plus soft-delete [P1] Fix verifyTicket() in TicketService: - Wrap in Db::transaction() for atomicity - Add SELECT ... FOR UPDATE pessimistic lock to prevent double-verify - Add try/catch with error logging [P2] Fix export() memory issue: - Replace select() with cursor() to avoid OOM on large datasets Also: update plan.md with Round 2 findings, claim Task B1/B2/B3/B5 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-15 14:03:00 +08:00
Council	1afd547444	feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded) - ShopXO core + plugins/vr_ticket - Goods.php item_type=ticket routing (Phase 1) - vr_ticket plugin skeleton (Phase 0/1) - Admin auth Base controller (Phase 2) - All Phase 0/1/2 code included Closes: tracks all ShopXO core modifications in monorepo	2026-04-15 13:09:44 +08:00

23 Commits (95346206dc35bd0cf1b10bae5c67b51ecbbacf29)