feat: 增强管理员权限与角色管理功能

- 在 SyncAdminAuthorizationCommand 中新增对代理和抽奖菜单操作的同步功能，确保缺失的菜单操作行能够被创建。 - 更新多个控制器中的权限检查逻辑，使用 hasPermissionCode 替代原有的权限验证方式，提升权限管理的灵活性。 - 引入 ApiMessage 统一错误响应格式，确保在权限不足时返回一致的错误信息。 - 更新 AdminRole 和 AdminUser 模型，增强角色与用户的权限管理功能，支持更细粒度的权限控制。
2026-06-03 10:56:36 +08:00
parent 1dcd4716c5
commit 0527c7c392
96 changed files with 2215 additions and 139 deletions
--- a/app/Services/Agent/AgentAdminUserService.php
+++ b/app/Services/Agent/AgentAdminUserService.php
@@ -82,4 +82,31 @@ final class AgentAdminUserService
            throw ValidationException::withMessages(['role_ids' => ['invalid_for_agent']]);
        }
    }
+
+    public function destroyUnderAgent(AgentNode $agent, AdminUser $user): void
+    {
+        if ((int) $user->primaryAgentNodeId() !== (int) $agent->id) {
+            throw ValidationException::withMessages(['user' => ['agent_mismatch']]);
+        }
+
+        DB::transaction(static function () use ($agent, $user): void {
+            DB::table('admin_user_agent_roles')
+                ->where('admin_user_id', $user->id)
+                ->where('agent_node_id', $agent->id)
+                ->delete();
+
+            DB::table('admin_user_agents')
+                ->where('admin_user_id', $user->id)
+                ->where('agent_node_id', $agent->id)
+                ->delete();
+
+            $siteId = (int) $agent->admin_site_id;
+            DB::table('admin_user_site_roles')
+                ->where('admin_user_id', $user->id)
+                ->where('site_id', $siteId)
+                ->delete();
+
+            $user->delete();
+        });
+    }
 }
--- a/app/Services/Agent/AgentNodeService.php
+++ b/app/Services/Agent/AgentNodeService.php
@@ -2,6 +2,7 @@

 namespace App\Services\Agent;

+use App\Models\AdminRole;
 use App\Models\AdminUser;
 use App\Models\AgentNode;
 use Illuminate\Support\Facades\DB;
@@ -76,7 +77,20 @@ final class AgentNodeService
    public function destroy(AgentNode $node): void
    {
        DB::transaction(static function () use ($node): void {
+            AdminRole::query()
+                ->where('owner_agent_id', $node->id)
+                ->whereNotNull('delegated_from_role_id')
+                ->each(static fn (AdminRole $role): bool => (bool) $role->delete());
+
            $node->delete();
        });
    }
+
+    public function hasBlockingCustomRoles(AgentNode $node): bool
+    {
+        return AdminRole::query()
+            ->where('owner_agent_id', $node->id)
+            ->whereNull('delegated_from_role_id')
+            ->exists();
+    }
 }
--- a/app/Services/Agent/AgentRoleService.php
+++ b/app/Services/Agent/AgentRoleService.php
@@ -100,7 +100,11 @@ final class AgentRoleService
        }

        if ($role->assignedUserCount() > 0) {
-            throw ValidationException::withMessages(['role' => ['in_use']]);
+            throw ValidationException::withMessages([
+                'role' => [
+                    __('admin.agent_role_in_use', ['count' => $role->assignedUserCount()]),
+                ],
+            ]);
        }

        $role->delete();