feat: 增强管理员权限与角色管理功能

- 在 SyncAdminAuthorizationCommand 中新增对代理和抽奖菜单操作的同步功能，确保缺失的菜单操作行能够被创建。 - 更新多个控制器中的权限检查逻辑，使用 hasPermissionCode 替代原有的权限验证方式，提升权限管理的灵活性。 - 引入 ApiMessage 统一错误响应格式，确保在权限不足时返回一致的错误信息。 - 更新 AdminRole 和 AdminUser 模型，增强角色与用户的权限管理功能，支持更细粒度的权限控制。
2026-06-03 10:56:36 +08:00
parent 1dcd4716c5
commit 0527c7c392
96 changed files with 2215 additions and 139 deletions
--- a/tests/Feature/AdminAgentAccountRoleDestroyTest.php
+++ b/tests/Feature/AdminAgentAccountRoleDestroyTest.php
@@ -0,0 +1,126 @@
+<?php
+
+use App\Models\AdminRole;
+use App\Models\AdminUser;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+uses(RefreshDatabase::class);
+
+beforeEach(function (): void {
+    $this->artisan('lottery:admin-auth-sync')->assertExitCode(0);
+});
+
+test('agent role can be deleted when no users assigned', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+
+    $super = AdminUser::query()->create([
+        'username' => 'destroy_role_super',
+        'name' => 'Super',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+    grantSuperAdminRole($super);
+    $token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
+
+    $branch = app(\App\Services\Agent\AgentNodeService::class)->createChild($super, [
+        'parent_id' => $rootId,
+        'code' => 'destroy-role-branch',
+        'name' => 'Destroy Role Branch',
+    ]);
+
+    $role = AdminRole::query()->create([
+        'slug' => 'deletable_role',
+        'name' => 'Deletable',
+        'scope_type' => AdminRole::SCOPE_AGENT,
+        'owner_agent_id' => $branch->id,
+    ]);
+    $role->syncLegacyPermissionSlugs(['prd.agent.role.view']);
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->deleteJson('/api/v1/admin/agent-roles/'.$role->id)
+        ->assertOk();
+
+    expect(AdminRole::query()->find($role->id))->toBeNull();
+});
+
+test('agent role cannot be deleted while assigned to a user', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+
+    $super = AdminUser::query()->create([
+        'username' => 'destroy_role_blocked_super',
+        'name' => 'Super',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+    grantSuperAdminRole($super);
+    $token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
+
+    $branch = app(\App\Services\Agent\AgentNodeService::class)->createChild($super, [
+        'parent_id' => $rootId,
+        'code' => 'destroy-role-blocked',
+        'name' => 'Blocked Branch',
+    ]);
+
+    $role = AdminRole::query()->create([
+        'slug' => 'blocked_role',
+        'name' => 'Blocked',
+        'scope_type' => AdminRole::SCOPE_AGENT,
+        'owner_agent_id' => $branch->id,
+    ]);
+    $role->syncLegacyPermissionSlugs(['prd.agent.role.view']);
+
+    $user = app(\App\Services\Agent\AgentAdminUserService::class)->createUnderAgent($branch, [
+        'username' => 'blocked_user',
+        'nickname' => 'Blocked User',
+        'password' => 'secret-strong-2',
+        'role_ids' => [(int) $role->id],
+    ]);
+
+    expect($user->id)->toBeGreaterThan(0);
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->deleteJson('/api/v1/admin/agent-roles/'.$role->id)
+        ->assertStatus(422);
+});
+
+test('agent admin user can be deleted under agent node', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+
+    $super = AdminUser::query()->create([
+        'username' => 'destroy_user_super',
+        'name' => 'Super',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+    grantSuperAdminRole($super);
+    $token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
+
+    $branch = app(\App\Services\Agent\AgentNodeService::class)->createChild($super, [
+        'parent_id' => $rootId,
+        'code' => 'destroy-user-branch',
+        'name' => 'Destroy User Branch',
+    ]);
+
+    $user = app(\App\Services\Agent\AgentAdminUserService::class)->createUnderAgent($branch, [
+        'username' => 'agent_delete_me',
+        'nickname' => 'Delete Me',
+        'password' => 'secret-strong-3',
+        'role_ids' => [],
+    ]);
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->deleteJson('/api/v1/admin/agent-admin-users/'.$user->id)
+        ->assertOk()
+        ->assertJsonPath('data.deleted', true);
+
+    expect(AdminUser::query()->find($user->id))->toBeNull();
+    expect(DB::table('admin_user_agents')->where('admin_user_id', $user->id)->exists())->toBeFalse();
+});