feat(admin): 完善后台角色管理与权限同步,新增当前管理员信息接口
This commit is contained in:
@@ -6,7 +6,7 @@ use App\Models\AdminUser;
|
||||
use App\Lottery\ErrorCode;
|
||||
use Illuminate\Support\Str;
|
||||
use App\Support\ApiResponse;
|
||||
use App\Support\AdminAuthorizationRegistry;
|
||||
use App\Support\AdminAuthProfile;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
@@ -69,19 +69,10 @@ final class LoginController extends Controller
|
||||
)->plainTextToken;
|
||||
|
||||
$admin->forceFill(['last_login_at' => now()])->save();
|
||||
$permissionSlugs = $admin->fresh()->adminPermissionSlugs();
|
||||
|
||||
return ApiResponse::success([
|
||||
'token' => $plainToken,
|
||||
'token_type' => 'Bearer',
|
||||
'admin' => [
|
||||
'id' => $admin->id,
|
||||
'username' => $admin->username,
|
||||
'nickname' => $admin->name,
|
||||
'email' => $admin->email,
|
||||
'permissions' => $permissionSlugs,
|
||||
'navigation' => AdminAuthorizationRegistry::visibleNavigationItems($permissionSlugs),
|
||||
],
|
||||
'admin' => AdminAuthProfile::fromAdmin($admin),
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
23
app/Http/Controllers/Api/V1/Admin/Auth/MeController.php
Normal file
23
app/Http/Controllers/Api/V1/Admin/Auth/MeController.php
Normal file
@@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api\V1\Admin\Auth;
|
||||
|
||||
use App\Models\AdminUser;
|
||||
use App\Support\ApiResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminAuthProfile;
|
||||
|
||||
final class MeController extends Controller
|
||||
{
|
||||
public function __invoke(Request $request): JsonResponse
|
||||
{
|
||||
/** @var AdminUser $admin */
|
||||
$admin = $request->lotteryAdmin();
|
||||
|
||||
return ApiResponse::success([
|
||||
'admin' => AdminAuthProfile::fromAdmin($admin),
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -8,6 +8,7 @@ use App\Support\AdminAuthorizationRegistry;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
|
||||
/** GET /api/v1/admin/admin-user-permission-catalog */
|
||||
final class AdminPermissionCatalogController extends Controller
|
||||
@@ -64,20 +65,7 @@ final class AdminPermissionCatalogController extends Controller
|
||||
'permissions' => $permissions,
|
||||
'permission_menu_groups' => $permissionMenuGroups,
|
||||
'navigation' => AdminAuthorizationRegistry::navigationItems(),
|
||||
'roles' => $roles->map(static function (AdminRole $role): array {
|
||||
$userCount = (int) DB::table('admin_user_site_roles')
|
||||
->where('role_id', $role->id)
|
||||
->distinct()
|
||||
->count('admin_user_id');
|
||||
|
||||
return [
|
||||
'id' => (int) $role->id,
|
||||
'slug' => $role->slug,
|
||||
'name' => $role->name,
|
||||
'permission_slugs' => $role->legacyPermissionSlugs(),
|
||||
'user_count' => $userCount,
|
||||
];
|
||||
})->values()->all(),
|
||||
'roles' => $roles->map(static fn (AdminRole $role): array => AdminRoleApiPresenter::item($role))->values()->all(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,45 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Models\AdminRole;
|
||||
use App\Lottery\ErrorCode;
|
||||
use App\Support\ApiResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use App\Services\AuditLogger;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
|
||||
final class AdminRoleDestroyController extends Controller
|
||||
{
|
||||
public function __invoke(Request $request, AdminRole $admin_role): JsonResponse
|
||||
{
|
||||
if ($admin_role->slug === AdminRole::ROLE_SUPER_ADMIN) {
|
||||
return ApiResponse::error('不能删除超级管理员角色', ErrorCode::ValidationFailed->value, null, 422);
|
||||
}
|
||||
if ((bool) $admin_role->is_system) {
|
||||
return ApiResponse::error('系统内置角色不允许删除', ErrorCode::ValidationFailed->value, null, 422);
|
||||
}
|
||||
if ($admin_role->assignedUserCount() > 0) {
|
||||
return ApiResponse::error('该角色下仍有关联管理员,不能删除', ErrorCode::ValidationFailed->value, null, 422);
|
||||
}
|
||||
|
||||
$before = AdminRoleApiPresenter::item($admin_role);
|
||||
$id = (int) $admin_role->id;
|
||||
$admin_role->delete();
|
||||
|
||||
AuditLogger::recordForAdmin(
|
||||
$request->lotteryAdmin(),
|
||||
$request,
|
||||
'system',
|
||||
'admin_role.delete',
|
||||
'admin_role',
|
||||
(string) $id,
|
||||
$before,
|
||||
null,
|
||||
);
|
||||
|
||||
return ApiResponse::success(['deleted' => true, 'id' => $id]);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Models\AdminRole;
|
||||
use App\Support\ApiResponse;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
|
||||
final class AdminRoleIndexController extends Controller
|
||||
{
|
||||
public function __invoke(): JsonResponse
|
||||
{
|
||||
$roles = AdminRole::query()->orderBy('sort_order')->orderBy('id')->get();
|
||||
|
||||
return ApiResponse::success([
|
||||
'items' => $roles->map(static fn (AdminRole $role): array => AdminRoleApiPresenter::item($role))->values()->all(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Models\AdminRole;
|
||||
use App\Support\ApiResponse;
|
||||
use App\Services\AuditLogger;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
use App\Http\Requests\Admin\AdminRolePermissionSyncRequest;
|
||||
|
||||
final class AdminRolePermissionSyncController extends Controller
|
||||
{
|
||||
public function __invoke(AdminRolePermissionSyncRequest $request, AdminRole $admin_role): JsonResponse
|
||||
{
|
||||
$slugs = array_values(array_unique($request->validated('permission_slugs', [])));
|
||||
$before = AdminRoleApiPresenter::item($admin_role);
|
||||
|
||||
DB::transaction(function () use ($admin_role, $slugs): void {
|
||||
$admin_role->syncLegacyPermissionSlugs($slugs);
|
||||
});
|
||||
$admin_role->refresh();
|
||||
|
||||
AuditLogger::recordForAdmin(
|
||||
$request->lotteryAdmin(),
|
||||
$request,
|
||||
'system',
|
||||
'admin_role.sync_permissions',
|
||||
'admin_role',
|
||||
(string) $admin_role->id,
|
||||
$before,
|
||||
AdminRoleApiPresenter::item($admin_role),
|
||||
);
|
||||
|
||||
return ApiResponse::success(AdminRoleApiPresenter::item($admin_role));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,48 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Models\AdminRole;
|
||||
use App\Support\ApiResponse;
|
||||
use App\Services\AuditLogger;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
use App\Http\Requests\Admin\AdminRoleStoreRequest;
|
||||
|
||||
final class AdminRoleStoreController extends Controller
|
||||
{
|
||||
public function __invoke(AdminRoleStoreRequest $request): JsonResponse
|
||||
{
|
||||
$permissionSlugs = array_values(array_unique($request->validated('permission_slugs', [])));
|
||||
|
||||
$role = DB::transaction(function () use ($request, $permissionSlugs): AdminRole {
|
||||
$role = AdminRole::query()->create([
|
||||
'slug' => $request->validated('slug'),
|
||||
'code' => $request->validated('slug'),
|
||||
'name' => $request->validated('name'),
|
||||
'description' => $request->validated('description'),
|
||||
'status' => $request->validated('status', 1),
|
||||
'is_system' => false,
|
||||
'sort_order' => 0,
|
||||
]);
|
||||
$role->syncLegacyPermissionSlugs($permissionSlugs);
|
||||
|
||||
return $role->fresh();
|
||||
});
|
||||
|
||||
AuditLogger::recordForAdmin(
|
||||
$request->lotteryAdmin(),
|
||||
$request,
|
||||
'system',
|
||||
'admin_role.create',
|
||||
'admin_role',
|
||||
(string) $role->id,
|
||||
null,
|
||||
AdminRoleApiPresenter::item($role),
|
||||
);
|
||||
|
||||
return ApiResponse::success(AdminRoleApiPresenter::item($role));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,46 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Models\AdminRole;
|
||||
use App\Support\ApiResponse;
|
||||
use App\Services\AuditLogger;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
use App\Http\Requests\Admin\AdminRoleUpdateRequest;
|
||||
|
||||
final class AdminRoleUpdateController extends Controller
|
||||
{
|
||||
public function __invoke(AdminRoleUpdateRequest $request, AdminRole $admin_role): JsonResponse
|
||||
{
|
||||
$before = AdminRoleApiPresenter::item($admin_role);
|
||||
|
||||
$payload = [];
|
||||
foreach (['slug', 'name', 'description', 'status'] as $field) {
|
||||
if ($request->has($field)) {
|
||||
$payload[$field] = $request->validated($field);
|
||||
}
|
||||
}
|
||||
if (isset($payload['slug'])) {
|
||||
$payload['code'] = $payload['slug'];
|
||||
}
|
||||
|
||||
$admin_role->fill($payload);
|
||||
$admin_role->save();
|
||||
$admin_role->refresh();
|
||||
|
||||
AuditLogger::recordForAdmin(
|
||||
$request->lotteryAdmin(),
|
||||
$request,
|
||||
'system',
|
||||
'admin_role.update',
|
||||
'admin_role',
|
||||
(string) $admin_role->id,
|
||||
$before,
|
||||
AdminRoleApiPresenter::item($admin_role),
|
||||
);
|
||||
|
||||
return ApiResponse::success(AdminRoleApiPresenter::item($admin_role));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User\Concerns;
|
||||
|
||||
use App\Models\AdminUser;
|
||||
use App\Lottery\ErrorCode;
|
||||
use App\Support\ApiResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
|
||||
trait EnsuresSuperAdminActor
|
||||
{
|
||||
protected function ensureSuperAdmin(Request $request): ?JsonResponse
|
||||
{
|
||||
/** @var AdminUser $actor */
|
||||
$actor = $request->lotteryAdmin();
|
||||
if (! $actor->isSuperAdmin()) {
|
||||
return ApiResponse::error(
|
||||
'仅超级管理员可管理角色',
|
||||
ErrorCode::AdminForbidden->value,
|
||||
null,
|
||||
403,
|
||||
);
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
@@ -113,6 +113,8 @@ final class TransferOrderListController extends Controller
|
||||
'amount_formatted' => CurrencyFormatter::fromMinor($amount),
|
||||
'idempotent_key' => $o->idempotent_key,
|
||||
'status' => $o->status,
|
||||
'can_reverse' => $o->status === 'pending_reconcile',
|
||||
'can_manually_process' => in_array($o->status, ['processing', 'failed', 'pending_reconcile'], true),
|
||||
'external_ref_no' => $o->external_ref_no,
|
||||
'external_request_payload' => $o->external_request_payload,
|
||||
'external_response_payload' => $o->external_response_payload,
|
||||
|
||||
21
app/Http/Requests/Admin/AdminRolePermissionSyncRequest.php
Normal file
21
app/Http/Requests/Admin/AdminRolePermissionSyncRequest.php
Normal file
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests\Admin;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
|
||||
final class AdminRolePermissionSyncRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'permission_slugs' => ['required', 'array'],
|
||||
'permission_slugs.*' => ['string', 'max:128'],
|
||||
];
|
||||
}
|
||||
}
|
||||
25
app/Http/Requests/Admin/AdminRoleStoreRequest.php
Normal file
25
app/Http/Requests/Admin/AdminRoleStoreRequest.php
Normal file
@@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests\Admin;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
|
||||
final class AdminRoleStoreRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'slug' => ['required', 'string', 'max:64', 'regex:/^[a-z0-9_\\-]+$/', 'unique:admin_roles,slug'],
|
||||
'name' => ['required', 'string', 'max:128'],
|
||||
'description' => ['nullable', 'string', 'max:65535'],
|
||||
'status' => ['sometimes', 'integer', 'in:0,1'],
|
||||
'permission_slugs' => ['sometimes', 'array'],
|
||||
'permission_slugs.*' => ['string', 'max:128'],
|
||||
];
|
||||
}
|
||||
}
|
||||
26
app/Http/Requests/Admin/AdminRoleUpdateRequest.php
Normal file
26
app/Http/Requests/Admin/AdminRoleUpdateRequest.php
Normal file
@@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests\Admin;
|
||||
|
||||
use Illuminate\Validation\Rule;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
|
||||
final class AdminRoleUpdateRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
$roleId = $this->route('admin_role')?->id;
|
||||
|
||||
return [
|
||||
'slug' => ['sometimes', 'string', 'max:64', 'regex:/^[a-z0-9_\\-]+$/', Rule::unique('admin_roles', 'slug')->ignore($roleId)],
|
||||
'name' => ['sometimes', 'string', 'max:128'],
|
||||
'description' => ['nullable', 'string', 'max:65535'],
|
||||
'status' => ['sometimes', 'integer', 'in:0,1'],
|
||||
];
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user