feat: 增强管理员权限与角色管理功能
- 在 SyncAdminAuthorizationCommand 中新增对代理和抽奖菜单操作的同步功能,确保缺失的菜单操作行能够被创建。 - 更新多个控制器中的权限检查逻辑,使用 hasPermissionCode 替代原有的权限验证方式,提升权限管理的灵活性。 - 引入 ApiMessage 统一错误响应格式,确保在权限不足时返回一致的错误信息。 - 更新 AdminRole 和 AdminUser 模型,增强角色与用户的权限管理功能,支持更细粒度的权限控制。
This commit is contained in:
85
app/Support/AdminAgentPermissionMenuActionSync.php
Normal file
85
app/Support/AdminAgentPermissionMenuActionSync.php
Normal file
@@ -0,0 +1,85 @@
|
||||
<?php
|
||||
|
||||
namespace App\Support;
|
||||
|
||||
use Illuminate\Support\Carbon;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
/**
|
||||
* 确保代理「角色 / 账号」拆分后的 menu_action 行存在(migrate 未跑或漏跑时 auth-sync 可补救)。
|
||||
*/
|
||||
final class AdminAgentPermissionMenuActionSync
|
||||
{
|
||||
public static function syncMissing(): int
|
||||
{
|
||||
$now = Carbon::now();
|
||||
$viewActionId = DB::table('admin_action_catalog')->where('code', 'view')->value('id');
|
||||
$manageActionId = DB::table('admin_action_catalog')->where('code', 'manage')->value('id');
|
||||
if ($viewActionId === null || $manageActionId === null) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
$agentMenuId = (int) DB::table('admin_menus')->where('code', 'system.agents')->value('id');
|
||||
if ($agentMenuId === 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
$rolesMenuId = self::ensureChildMenu($agentMenuId, 'system.agents.roles', '代理角色', $now);
|
||||
$usersMenuId = self::ensureChildMenu($agentMenuId, 'system.agents.users', '代理账号', $now);
|
||||
|
||||
$created = 0;
|
||||
$created += self::ensureMenuAction((int) $rolesMenuId, (int) $viewActionId, 'agent.role.view', '代理角色查看', $now) ? 1 : 0;
|
||||
$created += self::ensureMenuAction((int) $rolesMenuId, (int) $manageActionId, 'agent.role.manage', '代理角色管理', $now) ? 1 : 0;
|
||||
$created += self::ensureMenuAction((int) $usersMenuId, (int) $viewActionId, 'agent.user.view', '代理账号查看', $now) ? 1 : 0;
|
||||
$created += self::ensureMenuAction((int) $usersMenuId, (int) $manageActionId, 'agent.user.manage', '代理账号管理', $now) ? 1 : 0;
|
||||
|
||||
return $created;
|
||||
}
|
||||
|
||||
private static function ensureChildMenu(int $parentId, string $code, string $name, Carbon $now): int
|
||||
{
|
||||
$existing = DB::table('admin_menus')->where('code', $code)->value('id');
|
||||
if ($existing !== null) {
|
||||
return (int) $existing;
|
||||
}
|
||||
|
||||
return (int) DB::table('admin_menus')->insertGetId([
|
||||
'parent_id' => $parentId,
|
||||
'menu_type' => 'button',
|
||||
'code' => $code,
|
||||
'name' => $name,
|
||||
'path' => null,
|
||||
'route_name' => null,
|
||||
'component' => null,
|
||||
'icon' => null,
|
||||
'active_menu_code' => 'system.agents',
|
||||
'sort_order' => 0,
|
||||
'is_visible' => false,
|
||||
'is_cache' => false,
|
||||
'is_external' => false,
|
||||
'status' => 1,
|
||||
'meta_json' => null,
|
||||
'created_at' => $now,
|
||||
'updated_at' => $now,
|
||||
]);
|
||||
}
|
||||
|
||||
private static function ensureMenuAction(int $menuId, int $actionId, string $permissionCode, string $name, Carbon $now): bool
|
||||
{
|
||||
if (DB::table('admin_menu_actions')->where('permission_code', $permissionCode)->exists()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
DB::table('admin_menu_actions')->insert([
|
||||
'menu_id' => $menuId,
|
||||
'action_id' => $actionId,
|
||||
'permission_code' => $permissionCode,
|
||||
'name' => $name,
|
||||
'status' => 1,
|
||||
'created_at' => $now,
|
||||
'updated_at' => $now,
|
||||
]);
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -29,10 +29,10 @@ final class AdminAuthorizationRegistry
|
||||
|
||||
['slug' => 'prd.agent.view', 'name' => '代理管理·查看', 'nav_segment' => 'agents', 'permission_codes' => ['agent.node.view']],
|
||||
['slug' => 'prd.agent.manage', 'name' => '代理管理·可管理', 'nav_segment' => 'agents', 'permission_codes' => ['agent.node.manage']],
|
||||
['slug' => 'prd.agent.role.view', 'name' => '代理角色·查看', 'nav_segment' => 'agents', 'permission_codes' => ['agent.node.view']],
|
||||
['slug' => 'prd.agent.role.manage', 'name' => '代理角色·可管理', 'nav_segment' => 'agents', 'permission_codes' => ['agent.node.manage']],
|
||||
['slug' => 'prd.agent.user.view', 'name' => '代理账号·查看', 'nav_segment' => 'agents', 'permission_codes' => ['agent.node.view']],
|
||||
['slug' => 'prd.agent.user.manage', 'name' => '代理账号·可管理', 'nav_segment' => 'agents', 'permission_codes' => ['agent.node.manage']],
|
||||
['slug' => 'prd.agent.role.view', 'name' => '代理角色·查看', 'nav_segment' => 'agents', 'permission_codes' => ['agent.role.view', 'agent.node.view']],
|
||||
['slug' => 'prd.agent.role.manage', 'name' => '代理角色·可管理', 'nav_segment' => 'agents', 'permission_codes' => ['agent.role.manage']],
|
||||
['slug' => 'prd.agent.user.view', 'name' => '代理账号·查看', 'nav_segment' => 'agents', 'permission_codes' => ['agent.user.view', 'agent.node.view']],
|
||||
['slug' => 'prd.agent.user.manage', 'name' => '代理账号·可管理', 'nav_segment' => 'agents', 'permission_codes' => ['agent.user.manage']],
|
||||
|
||||
['slug' => 'prd.users.manage', 'name' => '用户管理·可管理', 'nav_segment' => 'players', 'permission_codes' => ['service.players.manage']],
|
||||
['slug' => 'prd.users.view_finance', 'name' => '用户管理·财务查看', 'nav_segment' => 'players', 'permission_codes' => ['service.players.view', 'service.wallet.view']],
|
||||
@@ -49,9 +49,9 @@ final class AdminAuthorizationRegistry
|
||||
['slug' => 'prd.wallet_reconcile.view_cs', 'name' => '钱包对账·客服单用户', 'nav_segment' => 'wallet', 'permission_codes' => ['service.wallet.view', 'service.reconcile.view']],
|
||||
['slug' => 'prd.wallet_adjust.manage', 'name' => '补单/冲正·可管理', 'nav_segment' => 'wallet', 'permission_codes' => ['service.wallet.adjust']],
|
||||
|
||||
['slug' => 'prd.draw_result.manage', 'name' => '开奖结果录入·可管理', 'nav_segment' => 'draws', 'permission_codes' => ['draw.results.view', 'draw.review.review', 'draw.review.publish']],
|
||||
['slug' => 'prd.draw_result.manage', 'name' => '开奖结果录入·可管理', 'nav_segment' => 'draws', 'permission_codes' => ['draw.review.review', 'draw.review.publish']],
|
||||
['slug' => 'prd.draw_result.view', 'name' => '开奖结果·查看', 'nav_segment' => 'draws', 'permission_codes' => ['draw.results.view']],
|
||||
['slug' => 'prd.draw_reopen.manage', 'name' => '开奖结果重开·可管理', 'nav_segment' => 'draws', 'permission_codes' => ['draw.review.publish']],
|
||||
['slug' => 'prd.draw_reopen.manage', 'name' => '开奖结果重开·可管理', 'nav_segment' => 'draws', 'permission_codes' => ['draw.reopen.manage']],
|
||||
|
||||
['slug' => 'prd.risk.view', 'name' => '风控中心·查看', 'nav_segment' => 'risk', 'permission_codes' => ['risk.monitor.view']],
|
||||
['slug' => 'prd.risk.manage', 'name' => '风控中心·可管理', 'nav_segment' => 'risk', 'permission_codes' => ['risk.monitor.manage']],
|
||||
@@ -386,22 +386,23 @@ final class AdminAuthorizationRegistry
|
||||
['code' => 'admin.admin-roles.destroy', 'module_code' => 'system', 'name' => '删除角色', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/admin-roles/{admin_role}', 'route_name' => 'api.v1.admin.admin-roles.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_role.manage']],
|
||||
['code' => 'admin.admin-roles.permissions.sync', 'module_code' => 'system', 'name' => '角色权限同步', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/admin-roles/{admin_role}/permissions', 'route_name' => 'api.v1.admin.admin-roles.permissions.sync', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_role.manage']],
|
||||
|
||||
['code' => 'admin.agent-nodes.tree', 'module_code' => 'agent', 'name' => '代理树', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/agent-nodes/tree', 'route_name' => 'api.v1.admin.agent-nodes.tree', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'permission_codes' => ['agent.node.view', 'agent.node.manage']],
|
||||
['code' => 'admin.agent-nodes.tree', 'module_code' => 'agent', 'name' => '代理树', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/agent-nodes/tree', 'route_name' => 'api.v1.admin.agent-nodes.tree', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'permission_codes' => ['agent.node.view', 'agent.node.manage', 'agent.role.view', 'agent.role.manage', 'agent.user.view', 'agent.user.manage']],
|
||||
['code' => 'admin.agent-nodes.store', 'module_code' => 'agent', 'name' => '创建下级代理', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/agent-nodes', 'route_name' => 'api.v1.admin.agent-nodes.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.node.manage']],
|
||||
['code' => 'admin.agent-nodes.show', 'module_code' => 'agent', 'name' => '代理节点详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}', 'route_name' => 'api.v1.admin.agent-nodes.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'permission_codes' => ['agent.node.view', 'agent.node.manage']],
|
||||
['code' => 'admin.agent-nodes.update', 'module_code' => 'agent', 'name' => '更新代理节点', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}', 'route_name' => 'api.v1.admin.agent-nodes.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.node.manage']],
|
||||
['code' => 'admin.agent-nodes.destroy', 'module_code' => 'agent', 'name' => '删除代理节点', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}', 'route_name' => 'api.v1.admin.agent-nodes.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.node.manage']],
|
||||
['code' => 'admin.agent-nodes.children', 'module_code' => 'agent', 'name' => '代理直属下级', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/children', 'route_name' => 'api.v1.admin.agent-nodes.children', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'permission_codes' => ['agent.node.view', 'agent.node.manage']],
|
||||
|
||||
['code' => 'admin.agent-roles.index', 'module_code' => 'agent', 'name' => '代理角色列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/roles', 'route_name' => 'api.v1.admin.agent-roles.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'permission_codes' => ['agent.node.view', 'agent.node.manage']],
|
||||
['code' => 'admin.agent-roles.store', 'module_code' => 'agent', 'name' => '创建代理角色', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/roles', 'route_name' => 'api.v1.admin.agent-roles.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.node.manage']],
|
||||
['code' => 'admin.agent-roles.update', 'module_code' => 'agent', 'name' => '更新代理角色', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/agent-roles/{admin_role}', 'route_name' => 'api.v1.admin.agent-roles.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.node.manage']],
|
||||
['code' => 'admin.agent-roles.permissions.sync', 'module_code' => 'agent', 'name' => '代理角色权限同步', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/agent-roles/{admin_role}/permissions', 'route_name' => 'api.v1.admin.agent-roles.permissions.sync', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.node.manage']],
|
||||
['code' => 'admin.agent-roles.destroy', 'module_code' => 'agent', 'name' => '删除代理角色', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/agent-roles/{admin_role}', 'route_name' => 'api.v1.admin.agent-roles.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.node.manage']],
|
||||
['code' => 'admin.agent-roles.index', 'module_code' => 'agent', 'name' => '代理角色列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/roles', 'route_name' => 'api.v1.admin.agent-roles.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'permission_codes' => ['agent.role.view', 'agent.role.manage', 'agent.node.view', 'agent.node.manage']],
|
||||
['code' => 'admin.agent-roles.store', 'module_code' => 'agent', 'name' => '创建代理角色', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/roles', 'route_name' => 'api.v1.admin.agent-roles.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.role.manage']],
|
||||
['code' => 'admin.agent-roles.update', 'module_code' => 'agent', 'name' => '更新代理角色', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/agent-roles/{admin_role}', 'route_name' => 'api.v1.admin.agent-roles.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.role.manage']],
|
||||
['code' => 'admin.agent-roles.permissions.sync', 'module_code' => 'agent', 'name' => '代理角色权限同步', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/agent-roles/{admin_role}/permissions', 'route_name' => 'api.v1.admin.agent-roles.permissions.sync', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.role.manage']],
|
||||
['code' => 'admin.agent-roles.destroy', 'module_code' => 'agent', 'name' => '删除代理角色', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/agent-roles/{admin_role}', 'route_name' => 'api.v1.admin.agent-roles.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.role.manage']],
|
||||
|
||||
['code' => 'admin.agent-admin-users.index', 'module_code' => 'agent', 'name' => '代理账号列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/admin-users', 'route_name' => 'api.v1.admin.agent-admin-users.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'permission_codes' => ['agent.node.view', 'agent.node.manage']],
|
||||
['code' => 'admin.agent-admin-users.store', 'module_code' => 'agent', 'name' => '创建代理账号', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/admin-users', 'route_name' => 'api.v1.admin.agent-admin-users.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.node.manage']],
|
||||
['code' => 'admin.agent-admin-users.roles.sync', 'module_code' => 'agent', 'name' => '代理账号角色同步', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/agent-admin-users/{admin_user}/roles', 'route_name' => 'api.v1.admin.agent-admin-users.roles.sync', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.node.manage']],
|
||||
['code' => 'admin.agent-admin-users.index', 'module_code' => 'agent', 'name' => '代理账号列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/admin-users', 'route_name' => 'api.v1.admin.agent-admin-users.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'permission_codes' => ['agent.user.view', 'agent.user.manage', 'agent.node.view', 'agent.node.manage']],
|
||||
['code' => 'admin.agent-admin-users.store', 'module_code' => 'agent', 'name' => '创建代理账号', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/admin-users', 'route_name' => 'api.v1.admin.agent-admin-users.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.user.manage']],
|
||||
['code' => 'admin.agent-admin-users.roles.sync', 'module_code' => 'agent', 'name' => '代理账号角色同步', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/agent-admin-users/{admin_user}/roles', 'route_name' => 'api.v1.admin.agent-admin-users.roles.sync', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.user.manage']],
|
||||
['code' => 'admin.agent-admin-users.destroy', 'module_code' => 'agent', 'name' => '删除代理账号', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/agent-admin-users/{admin_user}', 'route_name' => 'api.v1.admin.agent-admin-users.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.user.manage']],
|
||||
|
||||
['code' => 'admin.agent-delegation-grants.index', 'module_code' => 'agent', 'name' => '代理下放上限查看', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/delegation-grants', 'route_name' => 'api.v1.admin.agent-delegation-grants.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'permission_codes' => ['agent.node.view', 'agent.node.manage']],
|
||||
['code' => 'admin.agent-delegation-grants.sync', 'module_code' => 'agent', 'name' => '代理下放上限同步', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/agent-nodes/{agent_node}/delegation-grants', 'route_name' => 'api.v1.admin.agent-delegation-grants.sync', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'permission_codes' => ['agent.node.manage']],
|
||||
|
||||
36
app/Support/AdminDrawPermissionMenuActionSync.php
Normal file
36
app/Support/AdminDrawPermissionMenuActionSync.php
Normal file
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
namespace App\Support;
|
||||
|
||||
use Illuminate\Support\Carbon;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
/** 确保期号「重开」独立 permission_code 存在,避免与「管理」共用 publish 导致勾选无法拆分。 */
|
||||
final class AdminDrawPermissionMenuActionSync
|
||||
{
|
||||
public static function syncMissing(): int
|
||||
{
|
||||
if (DB::table('admin_menu_actions')->where('permission_code', 'draw.reopen.manage')->exists()) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
$menuId = (int) DB::table('admin_menus')->where('code', 'draw.results')->value('id');
|
||||
$actionId = DB::table('admin_action_catalog')->where('code', 'manage')->value('id');
|
||||
if ($menuId === 0 || $actionId === null) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
$now = Carbon::now();
|
||||
DB::table('admin_menu_actions')->insert([
|
||||
'menu_id' => $menuId,
|
||||
'action_id' => (int) $actionId,
|
||||
'permission_code' => 'draw.reopen.manage',
|
||||
'name' => '期号重开',
|
||||
'status' => 1,
|
||||
'created_at' => $now,
|
||||
'updated_at' => $now,
|
||||
]);
|
||||
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
@@ -9,8 +9,8 @@ final class AdminPermissionInheritance
|
||||
*/
|
||||
private const IMPLIED_BY_SLUG = [
|
||||
'prd.agent.manage' => ['prd.agent.view'],
|
||||
'prd.agent.role.manage' => ['prd.agent.role.view'],
|
||||
'prd.agent.user.manage' => ['prd.agent.user.view'],
|
||||
'prd.agent.role.manage' => ['prd.agent.role.view', 'prd.agent.view'],
|
||||
'prd.agent.user.manage' => ['prd.agent.user.view', 'prd.agent.view'],
|
||||
'prd.integration.manage' => ['prd.integration.view'],
|
||||
'prd.wallet_reconcile.manage' => ['prd.wallet_reconcile.view'],
|
||||
'prd.draw_result.manage' => ['prd.draw_result.view'],
|
||||
|
||||
57
app/Support/AgentAdminUserAuthorization.php
Normal file
57
app/Support/AgentAdminUserAuthorization.php
Normal file
@@ -0,0 +1,57 @@
|
||||
<?php
|
||||
|
||||
namespace App\Support;
|
||||
|
||||
use App\Models\AdminUser;
|
||||
use App\Models\AgentNode;
|
||||
|
||||
final class AgentAdminUserAuthorization
|
||||
{
|
||||
public static function userVisibleTo(AdminUser $admin, AdminUser $target): bool
|
||||
{
|
||||
if ($admin->isSuperAdmin()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$agent = $target->primaryAgentNode();
|
||||
if ($agent === null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return AdminAgentScope::nodeVisibleTo($admin, $agent);
|
||||
}
|
||||
|
||||
public static function userManageableBy(AdminUser $admin, AdminUser $target): bool
|
||||
{
|
||||
if (! self::userVisibleTo($admin, $target)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($admin->isSuperAdmin()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (! $admin->hasPermissionCode('agent.user.manage')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$agent = $target->primaryAgentNode();
|
||||
|
||||
return $agent !== null && AdminAgentScope::nodeManageableBy($admin, $agent);
|
||||
}
|
||||
|
||||
public static function denyUnlessUserManageable(AdminUser $admin, AdminUser $target): ?\Illuminate\Http\JsonResponse
|
||||
{
|
||||
if (self::userManageableBy($admin, $target)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return ApiMessage::errorResponse(
|
||||
request(),
|
||||
'admin.agent_user_manage_denied',
|
||||
\App\Lottery\ErrorCode::AdminForbidden->value,
|
||||
null,
|
||||
403,
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -37,7 +37,7 @@ final class AgentRoleAuthorization
|
||||
return false;
|
||||
}
|
||||
|
||||
return $admin->isSuperAdmin() || $admin->hasPermissionCode('agent.node.manage');
|
||||
return $admin->isSuperAdmin() || $admin->hasPermissionCode('agent.role.manage');
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
286
app/Support/ApiValidationErrors.php
Normal file
286
app/Support/ApiValidationErrors.php
Normal file
@@ -0,0 +1,286 @@
|
||||
<?php
|
||||
|
||||
namespace App\Support;
|
||||
|
||||
/**
|
||||
* 将校验错误转为当前请求语言下可读文案,并生成适合 toast 的摘要 msg。
|
||||
*/
|
||||
final class ApiValidationErrors
|
||||
{
|
||||
/**
|
||||
* @param array<string, array<int, string>|string> $errors
|
||||
* @return array<string, list<string>>
|
||||
*/
|
||||
public static function normalize(array $errors, string $locale): array
|
||||
{
|
||||
$out = [];
|
||||
|
||||
foreach ($errors as $field => $messages) {
|
||||
$fieldKey = (string) $field;
|
||||
$normalized = [];
|
||||
foreach ((array) $messages as $message) {
|
||||
$normalized[] = self::present($fieldKey, (string) $message, $locale);
|
||||
}
|
||||
$out[$fieldKey] = $normalized;
|
||||
}
|
||||
|
||||
return $out;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, list<string>> $normalized
|
||||
*/
|
||||
public static function summary(array $normalized, int $maxParts = 3): ?string
|
||||
{
|
||||
$parts = [];
|
||||
|
||||
foreach ($normalized as $messages) {
|
||||
foreach ($messages as $message) {
|
||||
$parts[] = $message;
|
||||
if (count($parts) >= $maxParts) {
|
||||
return implode(';', $parts).'…';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $parts === [] ? null : implode(';', $parts);
|
||||
}
|
||||
|
||||
private static function present(string $field, string $message, string $locale): string
|
||||
{
|
||||
$trimmed = trim($message);
|
||||
if ($trimmed === '') {
|
||||
return $message;
|
||||
}
|
||||
|
||||
if (preg_match('/\p{Han}/u', $trimmed) === 1) {
|
||||
return $trimmed;
|
||||
}
|
||||
|
||||
$exact = self::exactMessage($trimmed, $locale);
|
||||
if ($exact !== null) {
|
||||
return $exact;
|
||||
}
|
||||
|
||||
if (preg_match(
|
||||
'/^(exceeds_actor|exceeds_parent_ceiling|exceeds_delegation_ceiling|permission_exceeds_actor|permission_catalog_incomplete)\s*:\s*(.+)$/u',
|
||||
$trimmed,
|
||||
$matches,
|
||||
) === 1) {
|
||||
$detail = trim(preg_replace('/\s*\(run:.*$/i', '', $matches[2]) ?? $matches[2]);
|
||||
$line = trans('validation.business.'.$matches[1], ['detail' => $detail], $locale);
|
||||
if ($line !== 'validation.business.'.$matches[1]) {
|
||||
return $line;
|
||||
}
|
||||
}
|
||||
|
||||
$attribute = self::attributeLabel($field, $locale);
|
||||
|
||||
$businessKey = 'validation.business.'.$trimmed;
|
||||
$businessLine = trans($businessKey, ['attribute' => $attribute], $locale);
|
||||
if ($businessLine !== $businessKey) {
|
||||
return $businessLine;
|
||||
}
|
||||
|
||||
$customLine = self::customRuleLine($field, $trimmed, $attribute, $locale);
|
||||
if ($customLine !== null) {
|
||||
return $customLine;
|
||||
}
|
||||
|
||||
$ruleLine = self::standardRuleLine($trimmed, $attribute, $locale);
|
||||
if ($ruleLine !== null) {
|
||||
return $ruleLine;
|
||||
}
|
||||
|
||||
$humanized = self::humanizeLaravelEnglish($field, $trimmed, $locale, $attribute);
|
||||
if ($humanized !== null) {
|
||||
return $humanized;
|
||||
}
|
||||
|
||||
return $trimmed;
|
||||
}
|
||||
|
||||
private static function exactMessage(string $message, string $locale): ?string
|
||||
{
|
||||
$map = trans('validation.exact', [], $locale);
|
||||
if (! is_array($map)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $map[$message] ?? null;
|
||||
}
|
||||
|
||||
private static function customRuleLine(
|
||||
string $field,
|
||||
string $rule,
|
||||
string $attribute,
|
||||
string $locale,
|
||||
): ?string {
|
||||
$candidates = array_values(array_unique([
|
||||
'validation.custom.'.$field.'.'.$rule,
|
||||
'validation.custom.'.self::flatFieldName($field).'.'.$rule,
|
||||
]));
|
||||
|
||||
foreach ($candidates as $key) {
|
||||
$line = trans($key, ['attribute' => $attribute], $locale);
|
||||
if ($line !== $key) {
|
||||
return $line;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
private static function standardRuleLine(string $rule, string $attribute, string $locale): ?string
|
||||
{
|
||||
if (! preg_match('/^[a-z0-9_.]+$/i', $rule)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$key = 'validation.'.$rule;
|
||||
$line = trans($key, ['attribute' => $attribute], $locale);
|
||||
|
||||
return $line !== $key ? $line : null;
|
||||
}
|
||||
|
||||
private static function humanizeLaravelEnglish(
|
||||
string $field,
|
||||
string $message,
|
||||
string $locale,
|
||||
string $attribute,
|
||||
): ?string {
|
||||
if (preg_match('/^The (.+?) field (.+)$/i', $message, $matches) !== 1) {
|
||||
if (preg_match('/^The (.+?) has already been taken\.?$/i', $message, $taken) === 1) {
|
||||
$attribute = self::attributeLabelFromEnglish($taken[1], $field, $locale);
|
||||
|
||||
return trans('validation.unique', ['attribute' => $attribute], $locale);
|
||||
}
|
||||
|
||||
if (preg_match('/^The selected (.+?) is invalid\.?$/i', $message, $selected) === 1) {
|
||||
$attribute = self::attributeLabelFromEnglish($selected[1], $field, $locale);
|
||||
|
||||
return trans('validation.exists', ['attribute' => $attribute], $locale);
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
$englishName = $matches[1];
|
||||
$tail = $matches[2];
|
||||
$attribute = self::attributeLabelFromEnglish($englishName, $field, $locale);
|
||||
|
||||
$tailMap = [
|
||||
'is required' => 'validation.required',
|
||||
'must be a valid email address' => 'validation.email',
|
||||
'must be a valid UUID' => 'validation.uuid',
|
||||
'must be an integer' => 'validation.integer',
|
||||
'must be a string' => 'validation.string',
|
||||
'must be a number' => 'validation.numeric',
|
||||
'must be a valid JSON string' => 'validation.json',
|
||||
'must be true or false' => 'validation.boolean',
|
||||
'must be an array' => 'validation.array',
|
||||
'format is invalid' => null,
|
||||
'is not allowed' => 'validation.prohibited',
|
||||
'must be present' => 'validation.present',
|
||||
];
|
||||
|
||||
foreach ($tailMap as $suffix => $ruleKey) {
|
||||
if (stripos($tail, $suffix) === false) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if ($ruleKey === null) {
|
||||
return self::customRuleLine($field, 'regex', $attribute, $locale)
|
||||
?? trans('validation.regex', ['attribute' => $attribute], $locale);
|
||||
}
|
||||
|
||||
$line = trans($ruleKey, ['attribute' => $attribute], $locale);
|
||||
|
||||
return $line !== $ruleKey ? $line : null;
|
||||
}
|
||||
|
||||
if (preg_match('/must be at least (\d+) characters/i', $tail, $min)) {
|
||||
$customKey = 'validation.custom.'.self::flatFieldName($field).'.min';
|
||||
$customLine = trans($customKey, ['attribute' => $attribute, 'min' => $min[1]], $locale);
|
||||
if ($customLine !== $customKey) {
|
||||
return $customLine;
|
||||
}
|
||||
|
||||
return trans('validation.min.string', ['attribute' => $attribute, 'min' => $min[1]], $locale);
|
||||
}
|
||||
|
||||
if (preg_match('/must not be greater than (\d+) characters/i', $tail, $max)) {
|
||||
return trans('validation.max.string', ['attribute' => $attribute, 'max' => $max[1]], $locale);
|
||||
}
|
||||
|
||||
if (preg_match('/must contain (\d+) items/i', $tail, $size)) {
|
||||
return trans('validation.size.array', ['attribute' => $attribute, 'size' => $size[1]], $locale);
|
||||
}
|
||||
|
||||
if (preg_match('/must have at least (\d+) items/i', $tail, $minItems)) {
|
||||
return trans('validation.min.array', ['attribute' => $attribute, 'min' => $minItems[1]], $locale);
|
||||
}
|
||||
|
||||
if (preg_match('/must not have more than (\d+) items/i', $tail, $maxItems)) {
|
||||
return trans('validation.max.array', ['attribute' => $attribute, 'max' => $maxItems[1]], $locale);
|
||||
}
|
||||
|
||||
if (preg_match('/must be between ([\d.]+) and ([\d.]+)/i', $tail, $between)) {
|
||||
return trans('validation.between.numeric', [
|
||||
'attribute' => $attribute,
|
||||
'min' => $between[1],
|
||||
'max' => $between[2],
|
||||
], $locale);
|
||||
}
|
||||
|
||||
if (preg_match('/must match the format (.+)$/i', $tail, $format)) {
|
||||
return trans('validation.date_format', [
|
||||
'attribute' => $attribute,
|
||||
'format' => trim($format[1]),
|
||||
], $locale);
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
private static function attributeLabelFromEnglish(string $englishName, string $field, string $locale): string
|
||||
{
|
||||
$normalized = strtolower(trim($englishName));
|
||||
if (preg_match('/^selected (.+)$/i', $normalized, $selected) === 1) {
|
||||
$normalized = $selected[1];
|
||||
}
|
||||
|
||||
$guess = str_replace(' ', '_', $normalized);
|
||||
|
||||
return self::attributeLabel($guess !== '' ? $guess : $field, $locale);
|
||||
}
|
||||
|
||||
private static function attributeLabel(string $field, string $locale): string
|
||||
{
|
||||
$candidates = array_values(array_unique([
|
||||
$field,
|
||||
self::flatFieldName($field),
|
||||
preg_replace('/\.\d+\./', '.*.', $field) ?? $field,
|
||||
preg_replace('/\.\d+\./', '.', $field) ?? $field,
|
||||
]));
|
||||
|
||||
foreach ($candidates as $candidate) {
|
||||
$key = 'validation.attributes.'.$candidate;
|
||||
$label = trans($key, [], $locale);
|
||||
if ($label !== $key) {
|
||||
return $label;
|
||||
}
|
||||
}
|
||||
|
||||
return self::flatFieldName($field);
|
||||
}
|
||||
|
||||
private static function flatFieldName(string $field): string
|
||||
{
|
||||
if (preg_match('/\.([a-zA-Z0-9_]+)$/', $field, $matches) === 1) {
|
||||
return $matches[1];
|
||||
}
|
||||
|
||||
return $field;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user