xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 增强管理员权限与角色管理功能

Browse Source 
- 在 SyncAdminAuthorizationCommand 中新增对代理和抽奖菜单操作的同步功能,确保缺失的菜单操作行能够被创建。
- 更新多个控制器中的权限检查逻辑,使用 hasPermissionCode 替代原有的权限验证方式,提升权限管理的灵活性。
- 引入 ApiMessage 统一错误响应格式,确保在权限不足时返回一致的错误信息。
- 更新 AdminRole 和 AdminUser 模型,增强角色与用户的权限管理功能,支持更细粒度的权限控制。
This commit is contained in:
kang
2026-06-03 10:56:36 +08:00
parent 1dcd4716c5
commit 0527c7c392
96 changed files with 2215 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
app/Http/Controllers/Api/V1/Admin/Agent/AgentAdminUserDestroyController.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Agent;
use App\Lottery\ErrorCode;
use App\Models\AdminUser;
use App\Support\ApiMessage;
use App\Support\ApiResponse;
use App\Services\AuditLogger;
use Illuminate\Http\JsonResponse;
use App\Http\Controllers\Controller;
use App\Services\Agent\AgentAdminUserService;
use App\Support\AdminUserApiPresenter;
use App\Support\AgentAdminUserAuthorization;
final class AgentAdminUserDestroyController extends Controller
{
public function __invoke(
\Illuminate\Http\Request $request,
AdminUser $admin_user,
AgentAdminUserService $service,
): JsonResponse {
$admin = $request->lotteryAdmin();
abort_if($admin === null, 401);
$agent = $admin_user->primaryAgentNode();
if ($agent === null) {
abort(404);
}
$denied = AgentAdminUserAuthorization::denyUnlessUserManageable($admin, $admin_user);
if ($denied !== null) {
return $denied;
}
if ((int) $admin->id === (int) $admin_user->id) {
return ApiMessage::errorResponse(
$request,
'admin.user_cannot_delete_self',
ErrorCode::ValidationFailed->value,
null,
422,
);
}
$before = AdminUserApiPresenter::listItem($admin_user);
$id = (int) $admin_user->id;
$service->destroyUnderAgent($agent, $admin_user);
AuditLogger::recordForAdmin(
$admin,
$request,
'agent',
'agent_admin_user.destroy',
'admin_user',
(string) $id,
$before,
null,
);
return ApiResponse::success(['deleted' => true, 'id' => $id]);
}
}

12
app/Http/Controllers/Api/V1/Admin/Agent/AgentAdminUserRoleSyncController.php
View File

@@ -8,8 +8,10 @@ use App\Services\AuditLogger;
use Illuminate\Http\JsonResponse;
use App\Http\Controllers\Controller;
use App\Services\Agent\AgentAdminUserService;
use App\Lottery\ErrorCode;
use App\Support\AdminAgentNodeAccess;
use App\Support\AdminUserApiPresenter;
use App\Support\ApiMessage;
use App\Http\Requests\Admin\AgentAdminUserRoleSyncRequest;
final class AgentAdminUserRoleSyncController extends Controller
@@ -32,8 +34,14 @@ final class AgentAdminUserRoleSyncController extends Controller
return $denied;
}
if (! $admin->isSuperAdmin() && ! $admin->hasPermissionCode('agent.node.manage')) {
return AdminAgentNodeAccess::denyUnlessCanManageParent($admin, $agent);
if (! $admin->isSuperAdmin() && ! $admin->hasPermissionCode('agent.user.manage')) {
return ApiMessage::errorResponse(
$request,
'admin.agent_user_manage_denied',
ErrorCode::AdminForbidden->value,
null,
403,
);
}
$before = AdminUserApiPresenter::listItem($admin_user);

12
app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeAdminUserStoreController.php
View File

@@ -8,8 +8,10 @@ use App\Services\AuditLogger;
use Illuminate\Http\JsonResponse;
use App\Http\Controllers\Controller;
use App\Services\Agent\AgentAdminUserService;
use App\Lottery\ErrorCode;
use App\Support\AdminAgentNodeAccess;
use App\Support\AdminUserApiPresenter;
use App\Support\ApiMessage;
use App\Http\Requests\Admin\AgentAdminUserStoreRequest;
final class AgentNodeAdminUserStoreController extends Controller
@@ -27,8 +29,14 @@ final class AgentNodeAdminUserStoreController extends Controller
return $denied;
}
if (! $admin->isSuperAdmin() && ! $admin->hasPermissionCode('agent.node.manage')) {
return AdminAgentNodeAccess::denyUnlessCanManageParent($admin, $agent_node);
if (! $admin->isSuperAdmin() && ! $admin->hasPermissionCode('agent.user.manage')) {
return ApiMessage::errorResponse(
$request,
'admin.agent_user_manage_denied',
ErrorCode::AdminForbidden->value,
null,
403,
);
}
$user = $service->createUnderAgent($agent_node, $request->validated());

2
app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeDestroyController.php
View File

@@ -47,7 +47,7 @@ final class AgentNodeDestroyController extends Controller
return ApiMessage::errorResponse($request, 'admin.agent_node_has_users_cannot_delete', ErrorCode::ValidationFailed->value, null, 422);
}
if (DB::table('admin_roles')->where('owner_agent_id', (int) $agent_node->id)->exists()) {
if ($service->hasBlockingCustomRoles($agent_node)) {
return ApiMessage::errorResponse($request, 'admin.agent_node_has_roles_cannot_delete', ErrorCode::ValidationFailed->value, null, 422);
}

12
app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeRoleStoreController.php
View File

@@ -8,8 +8,10 @@ use App\Services\AuditLogger;
use Illuminate\Http\JsonResponse;
use App\Http\Controllers\Controller;
use App\Services\Agent\AgentRoleService;
use App\Lottery\ErrorCode;
use App\Support\AdminAgentNodeAccess;
use App\Support\AdminRoleApiPresenter;
use App\Support\ApiMessage;
use App\Http\Requests\Admin\AgentRoleStoreRequest;
final class AgentNodeRoleStoreController extends Controller
@@ -27,8 +29,14 @@ final class AgentNodeRoleStoreController extends Controller
return $denied;
}
if (! $admin->isSuperAdmin() && ! $admin->hasPermissionCode('agent.node.manage')) {
return AdminAgentNodeAccess::denyUnlessCanManageParent($admin, $agent_node);
if (! $admin->isSuperAdmin() && ! $admin->hasPermissionCode('agent.role.manage')) {
return ApiMessage::errorResponse(
$request,
'admin.agent_role_manage_denied',
ErrorCode::AdminForbidden->value,
null,
403,
);
}
$role = $service->createForAgent($admin, $agent_node, $request->validated());