diff --git a/app/Console/Commands/SyncAdminAuthorizationCommand.php b/app/Console/Commands/SyncAdminAuthorizationCommand.php new file mode 100644 index 0000000..633c884 --- /dev/null +++ b/app/Console/Commands/SyncAdminAuthorizationCommand.php @@ -0,0 +1,93 @@ +pluck('id', 'permission_code'); + + foreach (AdminAuthorizationRegistry::resources() as $resource) { + $resourceId = DB::table('admin_api_resources') + ->where('code', $resource['code']) + ->value('id'); + + $payload = [ + 'module_code' => $resource['module_code'], + 'name' => $resource['name'], + 'http_method' => $resource['http_method'], + 'uri_pattern' => $resource['uri_pattern'], + 'route_name' => $resource['route_name'], + 'auth_mode' => $resource['auth_mode'], + 'is_audit_required' => $resource['is_audit_required'], + 'status' => 1, + 'meta_json' => null, + 'updated_at' => $now, + ]; + + if ($resourceId === null) { + $resourceId = DB::table('admin_api_resources')->insertGetId($payload + [ + 'code' => $resource['code'], + 'created_at' => $now, + ]); + } else { + DB::table('admin_api_resources') + ->where('id', (int) $resourceId) + ->update($payload); + } + + DB::table('admin_api_resource_bindings') + ->where('api_resource_id', (int) $resourceId) + ->delete(); + + foreach ($resource['permission_codes'] as $permissionCode) { + $menuActionId = $menuActionIds[$permissionCode] ?? null; + if ($menuActionId === null) { + $this->warn(sprintf('跳过未找到的 permission_code: %s', $permissionCode)); + continue; + } + + DB::table('admin_api_resource_bindings')->insert([ + 'api_resource_id' => (int) $resourceId, + 'menu_action_id' => (int) $menuActionId, + 'created_at' => $now, + 'updated_at' => $now, + ]); + } + } + + DB::table('admin_role_api_resources')->delete(); + + $roleResourceRows = DB::table('admin_role_menu_actions as rma') + ->join('admin_api_resource_bindings as arb', 'arb.menu_action_id', '=', 'rma.menu_action_id') + ->select('rma.role_id', 'arb.api_resource_id') + ->distinct() + ->get(); + + foreach ($roleResourceRows as $row) { + DB::table('admin_role_api_resources')->insert([ + 'role_id' => (int) $row->role_id, + 'api_resource_id' => (int) $row->api_resource_id, + ]); + } + + $this->info(sprintf( + 'Admin authorization synced: %d resources, %d role-resource rows.', + count(AdminAuthorizationRegistry::resources()), + $roleResourceRows->count(), + )); + + return self::SUCCESS; + } +} diff --git a/app/Http/Controllers/Api/V1/Admin/Auth/LoginController.php b/app/Http/Controllers/Api/V1/Admin/Auth/LoginController.php index 580184d..4ebd245 100644 --- a/app/Http/Controllers/Api/V1/Admin/Auth/LoginController.php +++ b/app/Http/Controllers/Api/V1/Admin/Auth/LoginController.php @@ -6,6 +6,7 @@ use App\Models\AdminUser; use App\Lottery\ErrorCode; use Illuminate\Support\Str; use App\Support\ApiResponse; +use App\Support\AdminAuthorizationRegistry; use Illuminate\Http\JsonResponse; use App\Http\Controllers\Controller; use Illuminate\Support\Facades\Hash; @@ -68,6 +69,7 @@ final class LoginController extends Controller )->plainTextToken; $admin->forceFill(['last_login_at' => now()])->save(); + $permissionSlugs = $admin->fresh()->adminPermissionSlugs(); return ApiResponse::success([ 'token' => $plainToken, @@ -77,7 +79,8 @@ final class LoginController extends Controller 'username' => $admin->username, 'nickname' => $admin->name, 'email' => $admin->email, - 'permissions' => $admin->fresh()->adminPermissionSlugs(), + 'permissions' => $permissionSlugs, + 'navigation' => AdminAuthorizationRegistry::visibleNavigationItems($permissionSlugs), ], ]); } diff --git a/app/Http/Controllers/Api/V1/Admin/User/AdminPermissionCatalogController.php b/app/Http/Controllers/Api/V1/Admin/User/AdminPermissionCatalogController.php index 7e15369..9fa14fe 100644 --- a/app/Http/Controllers/Api/V1/Admin/User/AdminPermissionCatalogController.php +++ b/app/Http/Controllers/Api/V1/Admin/User/AdminPermissionCatalogController.php @@ -4,6 +4,7 @@ namespace App\Http\Controllers\Api\V1\Admin\User; use App\Models\AdminRole; use App\Support\ApiResponse; +use App\Support\AdminAuthorizationRegistry; use Illuminate\Http\JsonResponse; use Illuminate\Support\Facades\DB; use App\Http\Controllers\Controller; @@ -62,6 +63,7 @@ final class AdminPermissionCatalogController extends Controller return ApiResponse::success([ 'permissions' => $permissions, 'permission_menu_groups' => $permissionMenuGroups, + 'navigation' => AdminAuthorizationRegistry::navigationItems(), 'roles' => $roles->map(static function (AdminRole $role): array { $userCount = (int) DB::table('admin_user_site_roles') ->where('role_id', $role->id) diff --git a/app/Http/Middleware/EnsureAdminPermission.php b/app/Http/Middleware/EnsureAdminPermission.php deleted file mode 100644 index edd93ec..0000000 --- a/app/Http/Middleware/EnsureAdminPermission.php +++ /dev/null @@ -1,48 +0,0 @@ -lotteryAdmin(); - if (! $admin instanceof AdminUser) { - return ApiResponse::error( - trans('admin.unauthenticated', [], $request->lotteryLocale()), - ErrorCode::AdminUnauthenticated->value, - null, - 401, - ); - } - - $slugs = array_values(array_filter(array_map('trim', explode('|', $permissionSlugs)))); - if ($slugs === []) { - return $next($request); - } - - foreach ($slugs as $slug) { - if ($admin->hasAdminPermission($slug)) { - return $next($request); - } - } - - return ApiResponse::error( - trans('admin.permission_denied', [], $request->lotteryLocale()), - ErrorCode::AdminForbidden->value, - ['required_any' => $slugs], - 403, - ); - } -} diff --git a/app/Models/AdminUser.php b/app/Models/AdminUser.php index 5ada0a2..b818d87 100644 --- a/app/Models/AdminUser.php +++ b/app/Models/AdminUser.php @@ -214,7 +214,7 @@ final class AdminUser extends Authenticatable } /** - * @return list 与 Next 侧栏、`admin.permission` 中间件一致的 `prd.*` slug 列表 + * @return list 与 Next 侧栏兼容的 `prd.*` slug 列表 */ public function adminPermissionSlugs(): array { diff --git a/app/Support/AdminApiResourceCatalog.php b/app/Support/AdminApiResourceCatalog.php index 5f1a2da..ead9bb6 100644 --- a/app/Support/AdminApiResourceCatalog.php +++ b/app/Support/AdminApiResourceCatalog.php @@ -5,6 +5,8 @@ namespace App\Support; final class AdminApiResourceCatalog { /** + * 兼容壳:资源目录已收口至 {@see AdminAuthorizationRegistry}。 + * * @return list [ - 'code' => $resource['code'], - 'module_code' => $resource['module_code'], - 'name' => $resource['name'], - 'http_method' => $resource['http_method'], - 'uri_pattern' => $resource['uri_pattern'], - 'route_name' => $resource['route_name'], - 'auth_mode' => $resource['auth_mode'], - 'is_audit_required' => $resource['is_audit_required'], - 'permission_codes' => self::permissionCodesForLegacySlugs($resource['legacy_permission_slugs'] ?? []), - ], - self::definitions(), - ); - } - - /** - * @param list $legacySlugs - * @return list - */ - private static function permissionCodesForLegacySlugs(array $legacySlugs): array - { - /** @var array> $legacyMap */ - $legacyMap = config('admin_permissions.legacy_map', []); - $codes = []; - foreach ($legacySlugs as $legacySlug) { - foreach (($legacyMap[$legacySlug] ?? []) as $permissionCode) { - if (is_string($permissionCode) && $permissionCode !== '') { - $codes[$permissionCode] = true; - } - } - } - - return array_keys($codes); - } - - /** - * @return list - * }> - */ - private static function definitions(): array - { - return [ - ['code' => 'admin.ping', 'module_code' => 'system', 'name' => '后台连通性探测', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/ping', 'route_name' => 'api.v1.admin.ping', 'auth_mode' => 'login_only', 'is_audit_required' => false], - ['code' => 'admin.dashboard', 'module_code' => 'dashboard', 'name' => '后台仪表盘', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/dashboard', 'route_name' => 'api.v1.admin.dashboard', 'auth_mode' => 'login_only', 'is_audit_required' => false], - ['code' => 'admin.audit.index', 'module_code' => 'audit', 'name' => '审计日志查询', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/audit-logs', 'route_name' => 'api.v1.admin.audit-logs.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.audit.all', 'prd.audit.self', 'prd.audit.finance']], - - ['code' => 'admin.admin-users.index', 'module_code' => 'system', 'name' => '管理员列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/admin-users', 'route_name' => 'api.v1.admin.admin-users.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.admin_user.manage']], - ['code' => 'admin.admin-users.store', 'module_code' => 'system', 'name' => '创建管理员', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/admin-users', 'route_name' => 'api.v1.admin.admin-users.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_user.manage']], - ['code' => 'admin.admin-users.show', 'module_code' => 'system', 'name' => '管理员详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/admin-users/{admin_user}', 'route_name' => 'api.v1.admin.admin-users.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.admin_user.manage']], - ['code' => 'admin.admin-users.update', 'module_code' => 'system', 'name' => '更新管理员', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/admin-users/{admin_user}', 'route_name' => 'api.v1.admin.admin-users.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_user.manage']], - ['code' => 'admin.admin-users.destroy', 'module_code' => 'system', 'name' => '删除管理员', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/admin-users/{admin_user}', 'route_name' => 'api.v1.admin.admin-users.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_user.manage']], - ['code' => 'admin.admin-users.permission-catalog', 'module_code' => 'system', 'name' => '管理员权限目录', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/admin-user-permission-catalog', 'route_name' => 'api.v1.admin.admin-users.permission-catalog', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.admin_user.manage']], - ['code' => 'admin.admin-users.permissions.sync', 'module_code' => 'system', 'name' => '管理员权限同步', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/admin-users/{admin_user}/permissions', 'route_name' => 'api.v1.admin.admin-users.permissions.sync', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_user.manage']], - ['code' => 'admin.admin-users.roles.sync', 'module_code' => 'system', 'name' => '管理员角色同步', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/admin-users/{admin_user}/roles', 'route_name' => 'api.v1.admin.admin-users.roles.sync', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_user.manage']], - - ['code' => 'admin.play-types.index', 'module_code' => 'config', 'name' => '玩法类型列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/play-types', 'route_name' => 'api.v1.admin.play-types.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage']], - ['code' => 'admin.play-types.patch', 'module_code' => 'config', 'name' => '玩法类型切换', 'http_method' => 'PATCH', 'uri_pattern' => '/api/v1/admin/play-types/{play_code}', 'route_name' => 'api.v1.admin.play-types.patch', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.play-versions.index', 'module_code' => 'config', 'name' => '玩法版本列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/play-versions', 'route_name' => 'api.v1.admin.config.play-versions.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage']], - ['code' => 'admin.config.play-versions.show', 'module_code' => 'config', 'name' => '玩法版本详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/play-versions/{id}', 'route_name' => 'api.v1.admin.config.play-versions.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage']], - ['code' => 'admin.config.play-versions.store', 'module_code' => 'config', 'name' => '创建玩法版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/play-versions', 'route_name' => 'api.v1.admin.config.play-versions.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.play-versions.items.replace', 'module_code' => 'config', 'name' => '替换玩法版本条目', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/config/play-versions/{id}/items', 'route_name' => 'api.v1.admin.config.play-versions.items.replace', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.play-versions.publish', 'module_code' => 'config', 'name' => '发布玩法版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/play-versions/{id}/publish', 'route_name' => 'api.v1.admin.config.play-versions.publish', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.play-versions.destroy', 'module_code' => 'config', 'name' => '删除玩法版本', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/config/play-versions/{id}', 'route_name' => 'api.v1.admin.config.play-versions.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.odds-versions.index', 'module_code' => 'config', 'name' => '赔率版本列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/odds-versions', 'route_name' => 'api.v1.admin.config.odds-versions.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.odds.manage', 'prd.rebate.manage', 'prd.rebate.view']], - ['code' => 'admin.config.odds-versions.show', 'module_code' => 'config', 'name' => '赔率版本详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/odds-versions/{id}', 'route_name' => 'api.v1.admin.config.odds-versions.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.odds.manage', 'prd.rebate.manage', 'prd.rebate.view']], - ['code' => 'admin.config.odds-versions.store', 'module_code' => 'config', 'name' => '创建赔率版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/odds-versions', 'route_name' => 'api.v1.admin.config.odds-versions.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.odds-versions.items.replace', 'module_code' => 'config', 'name' => '替换赔率版本条目', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/config/odds-versions/{id}/items', 'route_name' => 'api.v1.admin.config.odds-versions.items.replace', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.odds-versions.publish', 'module_code' => 'config', 'name' => '发布赔率版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/odds-versions/{id}/publish', 'route_name' => 'api.v1.admin.config.odds-versions.publish', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.odds-versions.destroy', 'module_code' => 'config', 'name' => '删除赔率版本', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/config/odds-versions/{id}', 'route_name' => 'api.v1.admin.config.odds-versions.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.risk-cap-versions.index', 'module_code' => 'config', 'name' => '封顶版本列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions', 'route_name' => 'api.v1.admin.config.risk-cap-versions.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.risk_cap.manage', 'prd.risk_cap.view']], - ['code' => 'admin.config.risk-cap-versions.show', 'module_code' => 'config', 'name' => '封顶版本详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions/{id}', 'route_name' => 'api.v1.admin.config.risk-cap-versions.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.risk_cap.manage', 'prd.risk_cap.view']], - ['code' => 'admin.config.risk-cap-versions.store', 'module_code' => 'config', 'name' => '创建封顶版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions', 'route_name' => 'api.v1.admin.config.risk-cap-versions.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.risk-cap-versions.items.replace', 'module_code' => 'config', 'name' => '替换封顶版本条目', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions/{id}/items', 'route_name' => 'api.v1.admin.config.risk-cap-versions.items.replace', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.risk-cap-versions.publish', 'module_code' => 'config', 'name' => '发布封顶版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions/{id}/publish', 'route_name' => 'api.v1.admin.config.risk-cap-versions.publish', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.config.risk-cap-versions.destroy', 'module_code' => 'config', 'name' => '删除封顶版本', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions/{id}', 'route_name' => 'api.v1.admin.config.risk-cap-versions.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], - ['code' => 'admin.settings.index', 'module_code' => 'settings', 'name' => '系统设置列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/settings', 'route_name' => 'api.v1.admin.settings.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage']], - ['code' => 'admin.settings.update', 'module_code' => 'settings', 'name' => '系统设置更新', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/settings/{key}', 'route_name' => 'api.v1.admin.settings.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage']], - - ['code' => 'admin.draws.index', 'module_code' => 'draw', 'name' => '期开奖列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws', 'route_name' => 'api.v1.admin.draws.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], - ['code' => 'admin.draws.show', 'module_code' => 'draw', 'name' => '期开奖详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}', 'route_name' => 'api.v1.admin.draws.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], - ['code' => 'admin.draws.finance-summary', 'module_code' => 'draw', 'name' => '期开奖资金摘要', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}/finance-summary', 'route_name' => 'api.v1.admin.draws.finance-summary', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], - ['code' => 'admin.draws.result-batches.index', 'module_code' => 'draw', 'name' => '开奖结果批次列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}/result-batches', 'route_name' => 'api.v1.admin.draws.result-batches.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], - ['code' => 'admin.draws.risk-pool-lock-logs.index', 'module_code' => 'risk', 'name' => '风控锁池日志列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}/risk-pool-lock-logs', 'route_name' => 'api.v1.admin.draws.risk-pool-lock-logs.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], - ['code' => 'admin.draws.risk-pools.index', 'module_code' => 'risk', 'name' => '风控池列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}/risk-pools', 'route_name' => 'api.v1.admin.draws.risk-pools.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], - ['code' => 'admin.draws.risk-pools.show', 'module_code' => 'risk', 'name' => '风控池详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}/risk-pools/{number_4d}', 'route_name' => 'api.v1.admin.draws.risk-pools.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], - ['code' => 'admin.draws.result-batches.store', 'module_code' => 'draw', 'name' => '创建开奖结果批次', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/result-batches', 'route_name' => 'api.v1.admin.draws.result-batches.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], - ['code' => 'admin.draws.result-batches.publish', 'module_code' => 'draw', 'name' => '发布开奖结果批次', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/result-batches/{batch}/publish', 'route_name' => 'api.v1.admin.draws.result-batches.publish', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], - ['code' => 'admin.draws.reopen', 'module_code' => 'draw', 'name' => '重开开奖', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/reopen', 'route_name' => 'api.v1.admin.draws.reopen', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], - ['code' => 'admin.draws.generate-plan', 'module_code' => 'draw', 'name' => '生成开奖计划', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/generate-plan', 'route_name' => 'api.v1.admin.draws.generate-plan', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], - ['code' => 'admin.draws.manual-close', 'module_code' => 'draw', 'name' => '人工封盘', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/manual-close', 'route_name' => 'api.v1.admin.draws.manual-close', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], - ['code' => 'admin.draws.risk-pools.manual-close', 'module_code' => 'risk', 'name' => '人工关闭风控池', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/risk-pools/{number_4d}/manual-close', 'route_name' => 'api.v1.admin.draws.risk-pools.manual-close', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], - ['code' => 'admin.draws.risk-pools.recover', 'module_code' => 'risk', 'name' => '恢复风控池', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/risk-pools/{number_4d}/recover', 'route_name' => 'api.v1.admin.draws.risk-pools.recover', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], - ['code' => 'admin.draws.cancel', 'module_code' => 'draw', 'name' => '取消开奖', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/cancel', 'route_name' => 'api.v1.admin.draws.cancel', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], - ['code' => 'admin.draws.rng', 'module_code' => 'draw', 'name' => '执行开奖 RNG', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/rng', 'route_name' => 'api.v1.admin.draws.rng', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], - ['code' => 'admin.draws.settlement.run', 'module_code' => 'settlement', 'name' => '执行结算', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/settlement/run', 'route_name' => 'api.v1.admin.draws.settlement.run', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.payout.manage', 'prd.payout.review']], - - ['code' => 'admin.settlement-batches.index', 'module_code' => 'settlement', 'name' => '结算批次列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/settlement-batches', 'route_name' => 'api.v1.admin.settlement-batches.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.payout.manage', 'prd.payout.review', 'prd.payout.view']], - ['code' => 'admin.settlement-batches.show', 'module_code' => 'settlement', 'name' => '结算批次详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}', 'route_name' => 'api.v1.admin.settlement-batches.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.payout.manage', 'prd.payout.review', 'prd.payout.view']], - ['code' => 'admin.settlement-batches.details', 'module_code' => 'settlement', 'name' => '结算批次明细', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}/details', 'route_name' => 'api.v1.admin.settlement-batches.details', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.payout.manage', 'prd.payout.review', 'prd.payout.view']], - ['code' => 'admin.settlement-batches.export', 'module_code' => 'settlement', 'name' => '导出结算批次', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}/export', 'route_name' => 'api.v1.admin.settlement-batches.export', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.payout.manage', 'prd.payout.review', 'prd.payout.view']], - ['code' => 'admin.settlement-batches.approve', 'module_code' => 'settlement', 'name' => '审核结算批次', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}/approve', 'route_name' => 'api.v1.admin.settlement-batches.approve', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.payout.review']], - ['code' => 'admin.settlement-batches.reject', 'module_code' => 'settlement', 'name' => '驳回结算批次', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}/reject', 'route_name' => 'api.v1.admin.settlement-batches.reject', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.payout.review']], - ['code' => 'admin.settlement-batches.payout', 'module_code' => 'settlement', 'name' => '执行派彩', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}/payout', 'route_name' => 'api.v1.admin.settlement-batches.payout', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.payout.manage']], - - ['code' => 'admin.jackpot.pools.index', 'module_code' => 'jackpot', 'name' => '奖池列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/jackpot/pools', 'route_name' => 'api.v1.admin.jackpot.pools.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.jackpot.manage', 'prd.jackpot.view']], - ['code' => 'admin.jackpot.payout-logs.index', 'module_code' => 'jackpot', 'name' => '奖池派彩日志', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/jackpot/payout-logs', 'route_name' => 'api.v1.admin.jackpot.payout-logs.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.jackpot.manage', 'prd.jackpot.view']], - ['code' => 'admin.jackpot.contributions.index', 'module_code' => 'jackpot', 'name' => '奖池注入记录', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/jackpot/contributions', 'route_name' => 'api.v1.admin.jackpot.contributions.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.jackpot.manage', 'prd.jackpot.view']], - ['code' => 'admin.jackpot.pools.update', 'module_code' => 'jackpot', 'name' => '更新奖池', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/jackpot/pools/{pool}', 'route_name' => 'api.v1.admin.jackpot.pools.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.jackpot.manage']], - ['code' => 'admin.jackpot.pools.manual-burst', 'module_code' => 'jackpot', 'name' => '手动爆池', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/jackpot/pools/{pool}/manual-burst', 'route_name' => 'api.v1.admin.jackpot.pools.manual-burst', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.jackpot.manage']], - - ['code' => 'admin.players.index', 'module_code' => 'player_service', 'name' => '玩家列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/players', 'route_name' => 'api.v1.admin.players.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], - ['code' => 'admin.players.store', 'module_code' => 'player_service', 'name' => '创建玩家', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/players', 'route_name' => 'api.v1.admin.players.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], - ['code' => 'admin.players.show', 'module_code' => 'player_service', 'name' => '玩家详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/players/{player}', 'route_name' => 'api.v1.admin.players.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], - ['code' => 'admin.players.update', 'module_code' => 'player_service', 'name' => '更新玩家', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/players/{player}', 'route_name' => 'api.v1.admin.players.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], - ['code' => 'admin.players.destroy', 'module_code' => 'player_service', 'name' => '删除玩家', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/players/{player}', 'route_name' => 'api.v1.admin.players.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], - ['code' => 'admin.players.freeze', 'module_code' => 'player_service', 'name' => '冻结玩家', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/players/{player}/freeze', 'route_name' => 'api.v1.admin.players.freeze', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], - ['code' => 'admin.players.unfreeze', 'module_code' => 'player_service', 'name' => '解冻玩家', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/players/{player}/unfreeze', 'route_name' => 'api.v1.admin.players.unfreeze', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], - ['code' => 'admin.players.wallets', 'module_code' => 'player_service', 'name' => '玩家钱包查看', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/players/{player}/wallets', 'route_name' => 'api.v1.admin.players.wallets', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], - ['code' => 'admin.players.ticket-items', 'module_code' => 'player_service', 'name' => '玩家注单查看', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/players/{player}/ticket-items', 'route_name' => 'api.v1.admin.players.ticket-items.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], - - ['code' => 'admin.wallet.transfer-orders', 'module_code' => 'wallet', 'name' => '转账单查询', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/wallet/transfer-orders', 'route_name' => 'api.v1.admin.wallet.transfer-orders', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], - ['code' => 'admin.wallet.transactions', 'module_code' => 'wallet', 'name' => '钱包流水查询', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/wallet/transactions', 'route_name' => 'api.v1.admin.wallet.transactions', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], - ['code' => 'admin.wallet.transfer-orders.reverse', 'module_code' => 'wallet', 'name' => '冲正转账单', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/wallet/transfer-orders/{transfer_no}/reverse', 'route_name' => 'api.v1.admin.wallet.transfer-orders.reverse', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage']], - ['code' => 'admin.wallet.transfer-orders.manually-process', 'module_code' => 'wallet', 'name' => '手工处理转账单', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/wallet/transfer-orders/{transfer_no}/manually-process', 'route_name' => 'api.v1.admin.wallet.transfer-orders.manually-process', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage']], - ['code' => 'admin.reconcile-jobs.index', 'module_code' => 'reconcile', 'name' => '对账任务列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/reconcile-jobs', 'route_name' => 'api.v1.admin.reconcile-jobs.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], - ['code' => 'admin.reconcile-jobs.show', 'module_code' => 'reconcile', 'name' => '对账任务详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/reconcile-jobs/{reconcile_job}', 'route_name' => 'api.v1.admin.reconcile-jobs.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], - ['code' => 'admin.reconcile-jobs.items.index', 'module_code' => 'reconcile', 'name' => '对账任务明细', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/reconcile-jobs/{reconcile_job}/items', 'route_name' => 'api.v1.admin.reconcile-jobs.items.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], - ['code' => 'admin.reconcile-jobs.store', 'module_code' => 'reconcile', 'name' => '创建对账任务', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/reconcile-jobs', 'route_name' => 'api.v1.admin.reconcile-jobs.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage']], - - ['code' => 'admin.report-jobs.index', 'module_code' => 'report', 'name' => '报表任务列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/report-jobs', 'route_name' => 'api.v1.admin.report-jobs.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.report.all', 'prd.report.risk', 'prd.report.finance', 'prd.report.player']], - ['code' => 'admin.report-jobs.store', 'module_code' => 'report', 'name' => '创建报表任务', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/report-jobs', 'route_name' => 'api.v1.admin.report-jobs.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.report.all', 'prd.report.risk', 'prd.report.finance', 'prd.report.player']], - ['code' => 'admin.report-jobs.show', 'module_code' => 'report', 'name' => '报表任务详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/report-jobs/{report_job}', 'route_name' => 'api.v1.admin.report-jobs.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.report.all', 'prd.report.risk', 'prd.report.finance', 'prd.report.player']], - ['code' => 'admin.report-jobs.download', 'module_code' => 'report', 'name' => '下载报表任务', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/report-jobs/{report_job}/download', 'route_name' => 'api.v1.admin.report-jobs.download', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.report.all', 'prd.report.risk', 'prd.report.finance', 'prd.report.player']], - ]; + return AdminAuthorizationRegistry::resources(); } } diff --git a/app/Support/AdminAuthorizationRegistry.php b/app/Support/AdminAuthorizationRegistry.php new file mode 100644 index 0000000..a49e5c6 --- /dev/null +++ b/app/Support/AdminAuthorizationRegistry.php @@ -0,0 +1,370 @@ + + * }> + */ + public static function permissionDefinitions(): array + { + return [ + ['slug' => 'prd.users.manage', 'name' => '用户管理·可管理', 'group_key' => 'users_players', 'permission_codes' => ['service.players.manage']], + ['slug' => 'prd.users.view_finance', 'name' => '用户管理·财务查看', 'group_key' => 'users_players', 'permission_codes' => ['service.players.view', 'service.wallet.view']], + ['slug' => 'prd.users.view_cs', 'name' => '用户管理·客服单用户', 'group_key' => 'users_players', 'permission_codes' => ['service.players.view', 'service.tickets.view', 'service.wallet.view']], + ['slug' => 'prd.player_freeze.manage', 'name' => '冻结/解冻玩家·可管理', 'group_key' => 'users_players', 'permission_codes' => ['service.players.manage']], + + ['slug' => 'prd.play_switch.manage', 'name' => '玩法开关·可管理', 'group_key' => 'ops_config', 'permission_codes' => ['config.play.manage']], + ['slug' => 'prd.odds.manage', 'name' => '赔率配置·可管理', 'group_key' => 'ops_config', 'permission_codes' => ['config.odds.manage']], + ['slug' => 'prd.risk_cap.manage', 'name' => '封顶配置·可管理', 'group_key' => 'ops_config', 'permission_codes' => ['config.risk_cap.manage']], + ['slug' => 'prd.risk_cap.view', 'name' => '封顶配置·查看', 'group_key' => 'ops_config', 'permission_codes' => ['config.risk_cap.view']], + ['slug' => 'prd.rebate.manage', 'name' => '佣金/回水·可管理', 'group_key' => 'ops_config', 'permission_codes' => ['config.odds.manage']], + ['slug' => 'prd.rebate.view', 'name' => '佣金/回水·查看', 'group_key' => 'ops_config', 'permission_codes' => ['config.odds.manage']], + ['slug' => 'prd.jackpot.manage', 'name' => 'Jackpot 配置·可管理', 'group_key' => 'ops_config', 'permission_codes' => ['config.jackpot.manage']], + ['slug' => 'prd.jackpot.view', 'name' => 'Jackpot 配置·查看', 'group_key' => 'ops_config', 'permission_codes' => ['config.jackpot.view']], + + ['slug' => 'prd.draw_result.manage', 'name' => '开奖结果录入·可管理', 'group_key' => 'draw_risk', 'permission_codes' => ['draw.results.view', 'draw.review.review', 'draw.review.publish', 'risk.monitor.view']], + ['slug' => 'prd.draw_result.view', 'name' => '开奖结果·查看', 'group_key' => 'draw_risk', 'permission_codes' => ['draw.results.view', 'risk.monitor.view']], + ['slug' => 'prd.draw_reopen.manage', 'name' => '开奖结果重开·可管理', 'group_key' => 'draw_risk', 'permission_codes' => ['draw.review.publish']], + + ['slug' => 'prd.payout.manage', 'name' => '派彩确认·可管理', 'group_key' => 'settlement', 'permission_codes' => ['settlement.batch.manage', 'settlement.batch.view']], + ['slug' => 'prd.payout.review', 'name' => '派彩确认·可审核', 'group_key' => 'settlement', 'permission_codes' => ['settlement.batch.review', 'settlement.batch.view']], + ['slug' => 'prd.payout.view', 'name' => '派彩确认·查看', 'group_key' => 'settlement', 'permission_codes' => ['settlement.batch.view']], + + ['slug' => 'prd.wallet_reconcile.manage', 'name' => '钱包对账·可管理', 'group_key' => 'wallet', 'permission_codes' => ['service.wallet.manage', 'service.reconcile.manage']], + ['slug' => 'prd.wallet_reconcile.view', 'name' => '钱包对账·查看', 'group_key' => 'wallet', 'permission_codes' => ['service.wallet.view', 'service.reconcile.view']], + ['slug' => 'prd.wallet_reconcile.view_cs', 'name' => '钱包对账·客服单用户', 'group_key' => 'wallet', 'permission_codes' => ['service.wallet.view', 'service.reconcile.view']], + ['slug' => 'prd.wallet_adjust.manage', 'name' => '补单/冲正·可管理', 'group_key' => 'wallet', 'permission_codes' => ['service.wallet.manage']], + + ['slug' => 'prd.report.all', 'name' => '报表·全部', 'group_key' => 'reports', 'permission_codes' => ['service.reports.view', 'service.reports.export']], + ['slug' => 'prd.report.risk', 'name' => '报表·风控', 'group_key' => 'reports', 'permission_codes' => ['service.reports.view']], + ['slug' => 'prd.report.finance', 'name' => '报表·财务', 'group_key' => 'reports', 'permission_codes' => ['service.reports.view', 'service.reports.export']], + ['slug' => 'prd.report.player', 'name' => '报表·单用户', 'group_key' => 'reports', 'permission_codes' => ['service.reports.view']], + + ['slug' => 'prd.audit.all', 'name' => '审计日志·全部', 'group_key' => 'audit', 'permission_codes' => ['service.audit.view']], + ['slug' => 'prd.audit.self', 'name' => '审计日志·自身相关', 'group_key' => 'audit', 'permission_codes' => ['service.audit.view']], + ['slug' => 'prd.audit.finance', 'name' => '审计日志·资金相关', 'group_key' => 'audit', 'permission_codes' => ['service.audit.view']], + + ['slug' => 'prd.admin_user.manage', 'name' => '后台用户权限管理·可管理', 'group_key' => 'system', 'permission_codes' => ['system.admin_user.manage']], + ]; + } + + /** + * @return list + */ + public static function permissionGroupDefinitions(): array + { + return [ + ['key' => 'users_players', 'label' => '用户与玩家'], + ['key' => 'ops_config', 'label' => '运营配置'], + ['key' => 'draw_risk', 'label' => '开奖与风控'], + ['key' => 'settlement', 'label' => '结算与派彩'], + ['key' => 'wallet', 'label' => '钱包与对账'], + ['key' => 'reports', 'label' => '报表'], + ['key' => 'audit', 'label' => '审计日志'], + ['key' => 'system', 'label' => '系统管理'], + ]; + } + + /** + * 后台菜单注册表。前端侧栏与面包屑都消费这里派生的结果。 + * + * @return list + * }> + */ + public static function navigationDefinitions(): array + { + return [ + ['segment' => 'dashboard', 'label' => 'Dashboard', 'href' => '/admin'], + ['segment' => 'admin_users', 'label' => 'Admin Users', 'href' => '/admin/admin-users', 'requiredAny' => ['prd.admin_user.manage']], + ['segment' => 'players', 'label' => 'Players', 'href' => '/admin/players', 'requiredAny' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + ['segment' => 'wallet', 'label' => 'Wallet', 'href' => '/admin/wallet/transactions', 'activeMatchPrefix' => '/admin/wallet', 'requiredAny' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs', 'prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + ['segment' => 'draws', 'label' => 'Draws', 'href' => '/admin/draws', 'requiredAny' => ['prd.draw_result.manage', 'prd.draw_result.view']], + ['segment' => 'config', 'label' => 'Configuration', 'href' => '/admin/config', 'requiredAny' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.risk_cap.view', 'prd.rebate.manage', 'prd.rebate.view', 'prd.jackpot.manage', 'prd.jackpot.view']], + ['segment' => 'risk', 'label' => 'Risk', 'href' => '/admin/risk', 'requiredAny' => ['prd.draw_result.view', 'prd.draw_result.manage']], + ['segment' => 'settlement', 'label' => 'Settlement', 'href' => '/admin/settlement-batches', 'requiredAny' => ['prd.payout.manage', 'prd.payout.review', 'prd.payout.view']], + ['segment' => 'jackpot', 'label' => 'Jackpot', 'href' => '/admin/jackpot/pools', 'activeMatchPrefix' => '/admin/jackpot', 'requiredAny' => ['prd.jackpot.manage', 'prd.jackpot.view']], + ['segment' => 'reconcile', 'label' => 'Reconcile', 'href' => '/admin/reconcile', 'requiredAny' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], + ['segment' => 'tickets', 'label' => 'Tickets', 'href' => '/admin/tickets', 'requiredAny' => ['prd.users.view_cs', 'prd.users.manage', 'prd.users.view_finance', 'prd.draw_result.view', 'prd.draw_result.manage', 'prd.payout.view', 'prd.payout.review', 'prd.payout.manage', 'prd.report.player']], + ['segment' => 'reports', 'label' => 'Reports', 'href' => '/admin/reports', 'requiredAny' => ['prd.report.all', 'prd.report.risk', 'prd.report.finance', 'prd.report.player']], + ['segment' => 'audit', 'label' => 'Audit Logs', 'href' => '/admin/audit-logs', 'requiredAny' => ['prd.audit.all', 'prd.audit.self', 'prd.audit.finance']], + ['segment' => 'settings', 'label' => 'Settings', 'href' => '/admin/settings'], + ]; + } + + /** @return array> */ + public static function legacyMap(): array + { + $map = []; + foreach (self::permissionDefinitions() as $permission) { + $map[$permission['slug']] = array_values(array_unique($permission['permission_codes'])); + } + + return $map; + } + + /** + * @return list + */ + public static function permissionCatalog(): array + { + return array_map( + static fn (array $permission): array => [ + 'slug' => $permission['slug'], + 'name' => $permission['name'], + ], + self::permissionDefinitions(), + ); + } + + /** + * @return list}> + */ + public static function permissionMenuGroups(): array + { + $permissionsByGroup = []; + foreach (self::permissionDefinitions() as $permission) { + $permissionsByGroup[$permission['group_key']][] = $permission['slug']; + } + + $groups = []; + foreach (self::permissionGroupDefinitions() as $group) { + $slugs = $permissionsByGroup[$group['key']] ?? []; + if ($slugs === []) { + continue; + } + $groups[] = [ + 'key' => $group['key'], + 'label' => $group['label'], + 'slugs' => $slugs, + ]; + } + + return $groups; + } + + /** + * @return list + * }> + */ + public static function navigationItems(): array + { + return self::navigationDefinitions(); + } + + /** + * @param list $permissionSlugs + * @return list + * }> + */ + public static function visibleNavigationItems(array $permissionSlugs): array + { + $granted = array_fill_keys($permissionSlugs, true); + + return array_values(array_filter( + self::navigationItems(), + static function (array $item) use ($granted): bool { + $required = $item['requiredAny'] ?? []; + if ($required === []) { + return true; + } + + foreach ($required as $slug) { + if (isset($granted[$slug])) { + return true; + } + } + + return false; + }, + )); + } + + /** + * @return list + * }> + */ + public static function resources(): array + { + return array_map( + fn (array $resource): array => [ + 'code' => $resource['code'], + 'module_code' => $resource['module_code'], + 'name' => $resource['name'], + 'http_method' => $resource['http_method'], + 'uri_pattern' => $resource['uri_pattern'], + 'route_name' => $resource['route_name'], + 'auth_mode' => $resource['auth_mode'], + 'is_audit_required' => $resource['is_audit_required'], + 'permission_codes' => self::permissionCodesForLegacySlugs($resource['legacy_permission_slugs'] ?? []), + ], + self::resourceDefinitions(), + ); + } + + /** + * @param list $legacySlugs + * @return list + */ + private static function permissionCodesForLegacySlugs(array $legacySlugs): array + { + $codes = []; + foreach ($legacySlugs as $legacySlug) { + foreach ((self::legacyMap()[$legacySlug] ?? []) as $permissionCode) { + if (is_string($permissionCode) && $permissionCode !== '') { + $codes[$permissionCode] = true; + } + } + } + + return array_keys($codes); + } + + /** + * @return list + * }> + */ + public static function resourceDefinitions(): array + { + return [ + ['code' => 'admin.ping', 'module_code' => 'system', 'name' => '后台连通性探测', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/ping', 'route_name' => 'api.v1.admin.ping', 'auth_mode' => 'login_only', 'is_audit_required' => false], + ['code' => 'admin.dashboard', 'module_code' => 'dashboard', 'name' => '后台仪表盘', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/dashboard', 'route_name' => 'api.v1.admin.dashboard', 'auth_mode' => 'login_only', 'is_audit_required' => false], + ['code' => 'admin.audit.index', 'module_code' => 'audit', 'name' => '审计日志查询', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/audit-logs', 'route_name' => 'api.v1.admin.audit-logs.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.audit.all', 'prd.audit.self', 'prd.audit.finance']], + + ['code' => 'admin.admin-users.index', 'module_code' => 'system', 'name' => '管理员列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/admin-users', 'route_name' => 'api.v1.admin.admin-users.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.admin_user.manage']], + ['code' => 'admin.admin-users.store', 'module_code' => 'system', 'name' => '创建管理员', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/admin-users', 'route_name' => 'api.v1.admin.admin-users.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_user.manage']], + ['code' => 'admin.admin-users.show', 'module_code' => 'system', 'name' => '管理员详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/admin-users/{admin_user}', 'route_name' => 'api.v1.admin.admin-users.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.admin_user.manage']], + ['code' => 'admin.admin-users.update', 'module_code' => 'system', 'name' => '更新管理员', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/admin-users/{admin_user}', 'route_name' => 'api.v1.admin.admin-users.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_user.manage']], + ['code' => 'admin.admin-users.destroy', 'module_code' => 'system', 'name' => '删除管理员', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/admin-users/{admin_user}', 'route_name' => 'api.v1.admin.admin-users.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_user.manage']], + ['code' => 'admin.admin-users.permission-catalog', 'module_code' => 'system', 'name' => '管理员权限目录', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/admin-user-permission-catalog', 'route_name' => 'api.v1.admin.admin-users.permission-catalog', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.admin_user.manage']], + ['code' => 'admin.admin-users.permissions.sync', 'module_code' => 'system', 'name' => '管理员权限同步', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/admin-users/{admin_user}/permissions', 'route_name' => 'api.v1.admin.admin-users.permissions.sync', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_user.manage']], + ['code' => 'admin.admin-users.roles.sync', 'module_code' => 'system', 'name' => '管理员角色同步', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/admin-users/{admin_user}/roles', 'route_name' => 'api.v1.admin.admin-users.roles.sync', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.admin_user.manage']], + + ['code' => 'admin.play-types.index', 'module_code' => 'config', 'name' => '玩法类型列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/play-types', 'route_name' => 'api.v1.admin.play-types.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage']], + ['code' => 'admin.play-types.patch', 'module_code' => 'config', 'name' => '玩法类型切换', 'http_method' => 'PATCH', 'uri_pattern' => '/api/v1/admin/play-types/{play_code}', 'route_name' => 'api.v1.admin.play-types.patch', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.play-versions.index', 'module_code' => 'config', 'name' => '玩法版本列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/play-versions', 'route_name' => 'api.v1.admin.config.play-versions.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage']], + ['code' => 'admin.config.play-versions.show', 'module_code' => 'config', 'name' => '玩法版本详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/play-versions/{id}', 'route_name' => 'api.v1.admin.config.play-versions.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage']], + ['code' => 'admin.config.play-versions.store', 'module_code' => 'config', 'name' => '创建玩法版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/play-versions', 'route_name' => 'api.v1.admin.config.play-versions.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.play-versions.items.replace', 'module_code' => 'config', 'name' => '替换玩法版本条目', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/config/play-versions/{id}/items', 'route_name' => 'api.v1.admin.config.play-versions.items.replace', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.play-versions.publish', 'module_code' => 'config', 'name' => '发布玩法版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/play-versions/{id}/publish', 'route_name' => 'api.v1.admin.config.play-versions.publish', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.play-versions.destroy', 'module_code' => 'config', 'name' => '删除玩法版本', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/config/play-versions/{id}', 'route_name' => 'api.v1.admin.config.play-versions.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.odds-versions.index', 'module_code' => 'config', 'name' => '赔率版本列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/odds-versions', 'route_name' => 'api.v1.admin.config.odds-versions.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.odds.manage', 'prd.rebate.manage', 'prd.rebate.view']], + ['code' => 'admin.config.odds-versions.show', 'module_code' => 'config', 'name' => '赔率版本详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/odds-versions/{id}', 'route_name' => 'api.v1.admin.config.odds-versions.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.odds.manage', 'prd.rebate.manage', 'prd.rebate.view']], + ['code' => 'admin.config.odds-versions.store', 'module_code' => 'config', 'name' => '创建赔率版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/odds-versions', 'route_name' => 'api.v1.admin.config.odds-versions.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.odds-versions.items.replace', 'module_code' => 'config', 'name' => '替换赔率版本条目', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/config/odds-versions/{id}/items', 'route_name' => 'api.v1.admin.config.odds-versions.items.replace', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.odds-versions.publish', 'module_code' => 'config', 'name' => '发布赔率版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/odds-versions/{id}/publish', 'route_name' => 'api.v1.admin.config.odds-versions.publish', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.odds-versions.destroy', 'module_code' => 'config', 'name' => '删除赔率版本', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/config/odds-versions/{id}', 'route_name' => 'api.v1.admin.config.odds-versions.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.risk-cap-versions.index', 'module_code' => 'config', 'name' => '封顶版本列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions', 'route_name' => 'api.v1.admin.config.risk-cap-versions.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.risk_cap.manage', 'prd.risk_cap.view']], + ['code' => 'admin.config.risk-cap-versions.show', 'module_code' => 'config', 'name' => '封顶版本详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions/{id}', 'route_name' => 'api.v1.admin.config.risk-cap-versions.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.risk_cap.manage', 'prd.risk_cap.view']], + ['code' => 'admin.config.risk-cap-versions.store', 'module_code' => 'config', 'name' => '创建封顶版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions', 'route_name' => 'api.v1.admin.config.risk-cap-versions.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.risk-cap-versions.items.replace', 'module_code' => 'config', 'name' => '替换封顶版本条目', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions/{id}/items', 'route_name' => 'api.v1.admin.config.risk-cap-versions.items.replace', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.risk-cap-versions.publish', 'module_code' => 'config', 'name' => '发布封顶版本', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions/{id}/publish', 'route_name' => 'api.v1.admin.config.risk-cap-versions.publish', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.config.risk-cap-versions.destroy', 'module_code' => 'config', 'name' => '删除封顶版本', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/config/risk-cap-versions/{id}', 'route_name' => 'api.v1.admin.config.risk-cap-versions.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.play_switch.manage', 'prd.odds.manage', 'prd.risk_cap.manage', 'prd.rebate.manage', 'prd.jackpot.manage']], + ['code' => 'admin.settings.index', 'module_code' => 'settings', 'name' => '系统设置列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/settings', 'route_name' => 'api.v1.admin.settings.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage']], + ['code' => 'admin.settings.update', 'module_code' => 'settings', 'name' => '系统设置更新', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/settings/{key}', 'route_name' => 'api.v1.admin.settings.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage']], + + ['code' => 'admin.draws.index', 'module_code' => 'draw', 'name' => '期开奖列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws', 'route_name' => 'api.v1.admin.draws.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], + ['code' => 'admin.draws.show', 'module_code' => 'draw', 'name' => '期开奖详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}', 'route_name' => 'api.v1.admin.draws.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], + ['code' => 'admin.draws.finance-summary', 'module_code' => 'draw', 'name' => '期开奖资金摘要', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}/finance-summary', 'route_name' => 'api.v1.admin.draws.finance-summary', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], + ['code' => 'admin.draws.result-batches.index', 'module_code' => 'draw', 'name' => '开奖结果批次列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}/result-batches', 'route_name' => 'api.v1.admin.draws.result-batches.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], + ['code' => 'admin.draws.risk-pool-lock-logs.index', 'module_code' => 'risk', 'name' => '风控锁池日志列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}/risk-pool-lock-logs', 'route_name' => 'api.v1.admin.draws.risk-pool-lock-logs.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], + ['code' => 'admin.draws.risk-pools.index', 'module_code' => 'risk', 'name' => '风控池列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}/risk-pools', 'route_name' => 'api.v1.admin.draws.risk-pools.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], + ['code' => 'admin.draws.risk-pools.show', 'module_code' => 'risk', 'name' => '风控池详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/draws/{draw}/risk-pools/{number_4d}', 'route_name' => 'api.v1.admin.draws.risk-pools.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.draw_result.manage', 'prd.draw_result.view']], + ['code' => 'admin.draws.result-batches.store', 'module_code' => 'draw', 'name' => '创建开奖结果批次', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/result-batches', 'route_name' => 'api.v1.admin.draws.result-batches.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], + ['code' => 'admin.draws.result-batches.publish', 'module_code' => 'draw', 'name' => '发布开奖结果批次', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/result-batches/{batch}/publish', 'route_name' => 'api.v1.admin.draws.result-batches.publish', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], + ['code' => 'admin.draws.reopen', 'module_code' => 'draw', 'name' => '重开开奖', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/reopen', 'route_name' => 'api.v1.admin.draws.reopen', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], + ['code' => 'admin.draws.generate-plan', 'module_code' => 'draw', 'name' => '生成开奖计划', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/generate-plan', 'route_name' => 'api.v1.admin.draws.generate-plan', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], + ['code' => 'admin.draws.manual-close', 'module_code' => 'draw', 'name' => '人工封盘', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/manual-close', 'route_name' => 'api.v1.admin.draws.manual-close', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], + ['code' => 'admin.draws.risk-pools.manual-close', 'module_code' => 'risk', 'name' => '人工关闭风控池', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/risk-pools/{number_4d}/manual-close', 'route_name' => 'api.v1.admin.draws.risk-pools.manual-close', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], + ['code' => 'admin.draws.risk-pools.recover', 'module_code' => 'risk', 'name' => '恢复风控池', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/risk-pools/{number_4d}/recover', 'route_name' => 'api.v1.admin.draws.risk-pools.recover', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], + ['code' => 'admin.draws.cancel', 'module_code' => 'draw', 'name' => '取消开奖', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/cancel', 'route_name' => 'api.v1.admin.draws.cancel', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], + ['code' => 'admin.draws.rng', 'module_code' => 'draw', 'name' => '执行开奖 RNG', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/rng', 'route_name' => 'api.v1.admin.draws.rng', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.draw_result.manage']], + ['code' => 'admin.draws.settlement.run', 'module_code' => 'settlement', 'name' => '执行结算', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/draws/{draw}/settlement/run', 'route_name' => 'api.v1.admin.draws.settlement.run', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.payout.manage', 'prd.payout.review']], + + ['code' => 'admin.settlement-batches.index', 'module_code' => 'settlement', 'name' => '结算批次列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/settlement-batches', 'route_name' => 'api.v1.admin.settlement-batches.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.payout.manage', 'prd.payout.review', 'prd.payout.view']], + ['code' => 'admin.settlement-batches.show', 'module_code' => 'settlement', 'name' => '结算批次详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}', 'route_name' => 'api.v1.admin.settlement-batches.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.payout.manage', 'prd.payout.review', 'prd.payout.view']], + ['code' => 'admin.settlement-batches.details', 'module_code' => 'settlement', 'name' => '结算批次明细', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}/details', 'route_name' => 'api.v1.admin.settlement-batches.details', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.payout.manage', 'prd.payout.review', 'prd.payout.view']], + ['code' => 'admin.settlement-batches.export', 'module_code' => 'settlement', 'name' => '导出结算批次', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}/export', 'route_name' => 'api.v1.admin.settlement-batches.export', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.payout.manage', 'prd.payout.review', 'prd.payout.view']], + ['code' => 'admin.settlement-batches.approve', 'module_code' => 'settlement', 'name' => '审核结算批次', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}/approve', 'route_name' => 'api.v1.admin.settlement-batches.approve', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.payout.review']], + ['code' => 'admin.settlement-batches.reject', 'module_code' => 'settlement', 'name' => '驳回结算批次', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}/reject', 'route_name' => 'api.v1.admin.settlement-batches.reject', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.payout.review']], + ['code' => 'admin.settlement-batches.payout', 'module_code' => 'settlement', 'name' => '执行派彩', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/settlement-batches/{batch}/payout', 'route_name' => 'api.v1.admin.settlement-batches.payout', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.payout.manage']], + + ['code' => 'admin.jackpot.pools.index', 'module_code' => 'jackpot', 'name' => '奖池列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/jackpot/pools', 'route_name' => 'api.v1.admin.jackpot.pools.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.jackpot.manage', 'prd.jackpot.view']], + ['code' => 'admin.jackpot.payout-logs.index', 'module_code' => 'jackpot', 'name' => '奖池派彩日志', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/jackpot/payout-logs', 'route_name' => 'api.v1.admin.jackpot.payout-logs.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.jackpot.manage', 'prd.jackpot.view']], + ['code' => 'admin.jackpot.contributions.index', 'module_code' => 'jackpot', 'name' => '奖池注入记录', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/jackpot/contributions', 'route_name' => 'api.v1.admin.jackpot.contributions.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.jackpot.manage', 'prd.jackpot.view']], + ['code' => 'admin.jackpot.pools.update', 'module_code' => 'jackpot', 'name' => '更新奖池', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/jackpot/pools/{pool}', 'route_name' => 'api.v1.admin.jackpot.pools.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.jackpot.manage']], + ['code' => 'admin.jackpot.pools.manual-burst', 'module_code' => 'jackpot', 'name' => '手动爆池', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/jackpot/pools/{pool}/manual-burst', 'route_name' => 'api.v1.admin.jackpot.pools.manual-burst', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.jackpot.manage']], + + ['code' => 'admin.players.index', 'module_code' => 'player_service', 'name' => '玩家列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/players', 'route_name' => 'api.v1.admin.players.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + ['code' => 'admin.players.store', 'module_code' => 'player_service', 'name' => '创建玩家', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/players', 'route_name' => 'api.v1.admin.players.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + ['code' => 'admin.players.show', 'module_code' => 'player_service', 'name' => '玩家详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/players/{player}', 'route_name' => 'api.v1.admin.players.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + ['code' => 'admin.players.update', 'module_code' => 'player_service', 'name' => '更新玩家', 'http_method' => 'PUT', 'uri_pattern' => '/api/v1/admin/players/{player}', 'route_name' => 'api.v1.admin.players.update', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + ['code' => 'admin.players.destroy', 'module_code' => 'player_service', 'name' => '删除玩家', 'http_method' => 'DELETE', 'uri_pattern' => '/api/v1/admin/players/{player}', 'route_name' => 'api.v1.admin.players.destroy', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + ['code' => 'admin.players.freeze', 'module_code' => 'player_service', 'name' => '冻结玩家', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/players/{player}/freeze', 'route_name' => 'api.v1.admin.players.freeze', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + ['code' => 'admin.players.unfreeze', 'module_code' => 'player_service', 'name' => '解冻玩家', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/players/{player}/unfreeze', 'route_name' => 'api.v1.admin.players.unfreeze', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + ['code' => 'admin.players.wallets', 'module_code' => 'player_service', 'name' => '玩家钱包查看', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/players/{player}/wallets', 'route_name' => 'api.v1.admin.players.wallets', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + ['code' => 'admin.players.ticket-items', 'module_code' => 'player_service', 'name' => '玩家注单查看', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/players/{player}/ticket-items', 'route_name' => 'api.v1.admin.players.ticket-items.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.users.manage', 'prd.users.view_finance', 'prd.users.view_cs']], + + ['code' => 'admin.wallet.transfer-orders', 'module_code' => 'wallet', 'name' => '转账单查询', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/wallet/transfer-orders', 'route_name' => 'api.v1.admin.wallet.transfer-orders', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], + ['code' => 'admin.wallet.transactions', 'module_code' => 'wallet', 'name' => '钱包流水查询', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/wallet/transactions', 'route_name' => 'api.v1.admin.wallet.transactions', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], + ['code' => 'admin.wallet.transfer-orders.reverse', 'module_code' => 'wallet', 'name' => '冲正转账单', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/wallet/transfer-orders/{transfer_no}/reverse', 'route_name' => 'api.v1.admin.wallet.transfer-orders.reverse', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage']], + ['code' => 'admin.wallet.transfer-orders.manually-process', 'module_code' => 'wallet', 'name' => '手工处理转账单', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/wallet/transfer-orders/{transfer_no}/manually-process', 'route_name' => 'api.v1.admin.wallet.transfer-orders.manually-process', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage']], + ['code' => 'admin.reconcile-jobs.index', 'module_code' => 'reconcile', 'name' => '对账任务列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/reconcile-jobs', 'route_name' => 'api.v1.admin.reconcile-jobs.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], + ['code' => 'admin.reconcile-jobs.show', 'module_code' => 'reconcile', 'name' => '对账任务详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/reconcile-jobs/{reconcile_job}', 'route_name' => 'api.v1.admin.reconcile-jobs.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], + ['code' => 'admin.reconcile-jobs.items.index', 'module_code' => 'reconcile', 'name' => '对账任务明细', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/reconcile-jobs/{reconcile_job}/items', 'route_name' => 'api.v1.admin.reconcile-jobs.items.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage', 'prd.wallet_reconcile.view', 'prd.wallet_reconcile.view_cs']], + ['code' => 'admin.reconcile-jobs.store', 'module_code' => 'reconcile', 'name' => '创建对账任务', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/reconcile-jobs', 'route_name' => 'api.v1.admin.reconcile-jobs.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.wallet_reconcile.manage']], + + ['code' => 'admin.report-jobs.index', 'module_code' => 'report', 'name' => '报表任务列表', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/report-jobs', 'route_name' => 'api.v1.admin.report-jobs.index', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.report.all', 'prd.report.risk', 'prd.report.finance', 'prd.report.player']], + ['code' => 'admin.report-jobs.store', 'module_code' => 'report', 'name' => '创建报表任务', 'http_method' => 'POST', 'uri_pattern' => '/api/v1/admin/report-jobs', 'route_name' => 'api.v1.admin.report-jobs.store', 'auth_mode' => 'permission_required', 'is_audit_required' => true, 'legacy_permission_slugs' => ['prd.report.all', 'prd.report.risk', 'prd.report.finance', 'prd.report.player']], + ['code' => 'admin.report-jobs.show', 'module_code' => 'report', 'name' => '报表任务详情', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/report-jobs/{report_job}', 'route_name' => 'api.v1.admin.report-jobs.show', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.report.all', 'prd.report.risk', 'prd.report.finance', 'prd.report.player']], + ['code' => 'admin.report-jobs.download', 'module_code' => 'report', 'name' => '下载报表任务', 'http_method' => 'GET', 'uri_pattern' => '/api/v1/admin/report-jobs/{report_job}/download', 'route_name' => 'api.v1.admin.report-jobs.download', 'auth_mode' => 'permission_required', 'is_audit_required' => false, 'legacy_permission_slugs' => ['prd.report.all', 'prd.report.risk', 'prd.report.finance', 'prd.report.player']], + ]; + } +} diff --git a/bootstrap/app.php b/bootstrap/app.php index bdbe01e..a31e532 100644 --- a/bootstrap/app.php +++ b/bootstrap/app.php @@ -19,7 +19,6 @@ use App\Http\Middleware\EnsurePlayerApi; use Illuminate\Console\Scheduling\Schedule; use Illuminate\Auth\AuthenticationException; use App\Http\Middleware\EnsureAdminApiResourcePermission; -use App\Http\Middleware\EnsureAdminPermission; use Illuminate\Validation\ValidationException; use App\Http\Middleware\NegotiateLotteryLocale; use Illuminate\Foundation\Configuration\Exceptions; @@ -48,7 +47,6 @@ return Application::configure(basePath: dirname(__DIR__)) 'lottery.player' => EnsurePlayerApi::class, // 后台 API 预留:Sanctum / RBAC 'lottery.admin' => EnsureAdminApi::class, - 'admin.permission' => EnsureAdminPermission::class, 'admin.api-resource' => EnsureAdminApiResourcePermission::class, ]); }) diff --git a/config/admin_permissions.php b/config/admin_permissions.php index 5b5b864..aa7d886 100644 --- a/config/admin_permissions.php +++ b/config/admin_permissions.php @@ -1,165 +1,9 @@ > - */ -$legacyMap = [ - 'prd.users.manage' => ['service.players.manage'], - 'prd.users.view_finance' => ['service.players.view', 'service.wallet.view'], - 'prd.users.view_cs' => ['service.players.view', 'service.tickets.view', 'service.wallet.view'], - 'prd.play_switch.manage' => ['config.play.manage'], - 'prd.odds.manage' => ['config.odds.manage'], - 'prd.risk_cap.manage' => ['config.risk_cap.manage'], - 'prd.risk_cap.view' => ['config.risk_cap.view'], - 'prd.rebate.manage' => ['config.odds.manage'], - 'prd.rebate.view' => ['config.odds.manage'], - 'prd.jackpot.manage' => ['config.jackpot.manage'], - 'prd.jackpot.view' => ['config.jackpot.view'], - 'prd.draw_result.manage' => ['draw.results.view', 'draw.review.review', 'draw.review.publish', 'risk.monitor.view'], - 'prd.draw_result.view' => ['draw.results.view', 'risk.monitor.view'], - 'prd.payout.manage' => ['settlement.batch.manage', 'settlement.batch.view'], - 'prd.payout.review' => ['settlement.batch.review', 'settlement.batch.view'], - 'prd.payout.view' => ['settlement.batch.view'], - 'prd.wallet_reconcile.manage' => ['service.wallet.manage', 'service.reconcile.manage'], - 'prd.wallet_reconcile.view' => ['service.wallet.view', 'service.reconcile.view'], - 'prd.wallet_reconcile.view_cs' => ['service.wallet.view', 'service.reconcile.view'], - 'prd.report.all' => ['service.reports.view', 'service.reports.export'], - 'prd.report.risk' => ['service.reports.view'], - 'prd.report.finance' => ['service.reports.view', 'service.reports.export'], - 'prd.report.player' => ['service.reports.view'], - 'prd.audit.all' => ['service.audit.view'], - 'prd.audit.self' => ['service.audit.view'], - 'prd.audit.finance' => ['service.audit.view'], - 'prd.admin_user.manage' => ['system.admin_user.manage'], - 'prd.player_freeze.manage' => ['service.players.manage'], - 'prd.wallet_adjust.manage' => ['service.wallet.manage'], - 'prd.draw_reopen.manage' => ['draw.review.publish'], -]; - -$catalog = [ - ['slug' => 'prd.users.manage', 'name' => '用户管理·可管理'], - ['slug' => 'prd.users.view_finance', 'name' => '用户管理·财务查看'], - ['slug' => 'prd.users.view_cs', 'name' => '用户管理·客服单用户'], - ['slug' => 'prd.play_switch.manage', 'name' => '玩法开关·可管理'], - ['slug' => 'prd.odds.manage', 'name' => '赔率配置·可管理'], - ['slug' => 'prd.risk_cap.manage', 'name' => '封顶配置·可管理'], - ['slug' => 'prd.risk_cap.view', 'name' => '封顶配置·查看'], - ['slug' => 'prd.rebate.manage', 'name' => '佣金/回水·可管理'], - ['slug' => 'prd.rebate.view', 'name' => '佣金/回水·查看'], - ['slug' => 'prd.jackpot.manage', 'name' => 'Jackpot 配置·可管理'], - ['slug' => 'prd.jackpot.view', 'name' => 'Jackpot 配置·查看'], - ['slug' => 'prd.draw_result.manage', 'name' => '开奖结果录入·可管理'], - ['slug' => 'prd.draw_result.view', 'name' => '开奖结果·查看'], - ['slug' => 'prd.draw_reopen.manage', 'name' => '开奖结果重开·可管理'], - ['slug' => 'prd.payout.manage', 'name' => '派彩确认·可管理'], - ['slug' => 'prd.payout.review', 'name' => '派彩确认·可审核'], - ['slug' => 'prd.payout.view', 'name' => '派彩确认·查看'], - ['slug' => 'prd.wallet_reconcile.manage', 'name' => '钱包对账·可管理'], - ['slug' => 'prd.wallet_reconcile.view', 'name' => '钱包对账·查看'], - ['slug' => 'prd.wallet_reconcile.view_cs', 'name' => '钱包对账·客服单用户'], - ['slug' => 'prd.wallet_adjust.manage', 'name' => '补单/冲正·可管理'], - ['slug' => 'prd.report.all', 'name' => '报表·全部'], - ['slug' => 'prd.report.risk', 'name' => '报表·风控'], - ['slug' => 'prd.report.finance', 'name' => '报表·财务'], - ['slug' => 'prd.report.player', 'name' => '报表·单用户'], - ['slug' => 'prd.audit.all', 'name' => '审计日志·全部'], - ['slug' => 'prd.audit.self', 'name' => '审计日志·自身相关'], - ['slug' => 'prd.audit.finance', 'name' => '审计日志·资金相关'], - ['slug' => 'prd.player_freeze.manage', 'name' => '冻结/解冻玩家·可管理'], - ['slug' => 'prd.admin_user.manage', 'name' => '后台用户权限管理·可管理'], -]; - -/** - * 后台「直接权限」勾选:一级菜单/业务域 → 下属 prd.*(与侧栏模块大致对应,纯展示分组)。 - * - * @var list}> - */ -$catalogMenuGroups = [ - [ - 'key' => 'users_players', - 'label' => '用户与玩家', - 'slugs' => [ - 'prd.users.manage', - 'prd.users.view_finance', - 'prd.users.view_cs', - 'prd.player_freeze.manage', - ], - ], - [ - 'key' => 'ops_config', - 'label' => '运营配置', - 'slugs' => [ - 'prd.play_switch.manage', - 'prd.odds.manage', - 'prd.risk_cap.manage', - 'prd.risk_cap.view', - 'prd.rebate.manage', - 'prd.rebate.view', - 'prd.jackpot.manage', - 'prd.jackpot.view', - ], - ], - [ - 'key' => 'draw_risk', - 'label' => '开奖与风控', - 'slugs' => [ - 'prd.draw_result.manage', - 'prd.draw_result.view', - 'prd.draw_reopen.manage', - ], - ], - [ - 'key' => 'settlement', - 'label' => '结算与派彩', - 'slugs' => [ - 'prd.payout.manage', - 'prd.payout.review', - 'prd.payout.view', - ], - ], - [ - 'key' => 'wallet', - 'label' => '钱包与对账', - 'slugs' => [ - 'prd.wallet_reconcile.manage', - 'prd.wallet_reconcile.view', - 'prd.wallet_reconcile.view_cs', - 'prd.wallet_adjust.manage', - ], - ], - [ - 'key' => 'reports', - 'label' => '报表', - 'slugs' => [ - 'prd.report.all', - 'prd.report.risk', - 'prd.report.finance', - 'prd.report.player', - ], - ], - [ - 'key' => 'audit', - 'label' => '审计日志', - 'slugs' => [ - 'prd.audit.all', - 'prd.audit.self', - 'prd.audit.finance', - ], - ], - [ - 'key' => 'system', - 'label' => '系统管理', - 'slugs' => [ - 'prd.admin_user.manage', - ], - ], -]; +use App\Support\AdminAuthorizationRegistry; return [ - 'legacy_map' => $legacyMap, - 'catalog' => $catalog, - 'catalog_menu_groups' => $catalogMenuGroups, + 'legacy_map' => AdminAuthorizationRegistry::legacyMap(), + 'catalog' => AdminAuthorizationRegistry::permissionCatalog(), + 'catalog_menu_groups' => AdminAuthorizationRegistry::permissionMenuGroups(), ]; diff --git a/database/migrations/2026_05_18_120000_sync_complete_admin_api_resources.php b/database/migrations/2026_05_18_120000_sync_complete_admin_api_resources.php index f0c6679..9966635 100644 --- a/database/migrations/2026_05_18_120000_sync_complete_admin_api_resources.php +++ b/database/migrations/2026_05_18_120000_sync_complete_admin_api_resources.php @@ -3,7 +3,7 @@ use Illuminate\Support\Carbon; use Illuminate\Support\Facades\DB; use Illuminate\Database\Migrations\Migration; -use App\Support\AdminApiResourceCatalog; +use App\Support\AdminAuthorizationRegistry; return new class extends Migration { @@ -12,7 +12,7 @@ return new class extends Migration $now = Carbon::now(); $menuActionIds = DB::table('admin_menu_actions')->pluck('id', 'permission_code'); - foreach (AdminApiResourceCatalog::resources() as $resource) { + foreach (AdminAuthorizationRegistry::resources() as $resource) { $resourceId = DB::table('admin_api_resources') ->where('code', $resource['code']) ->value('id'); diff --git a/routes/api/v1/admin/config.php b/routes/api/v1/admin/config.php index 8503a40..228a54b 100644 --- a/routes/api/v1/admin/config.php +++ b/routes/api/v1/admin/config.php @@ -28,12 +28,12 @@ use App\Http\Controllers\Api\V1\Admin\AdminSettingController; */ // 玩法类型只读 -Route::middleware(['admin.api-resource', 'admin.permission:prd.play_switch.manage|prd.odds.manage']) +Route::middleware('admin.api-resource') ->get('play-types', PlayTypeIndexController::class) ->name('api.v1.admin.play-types.index'); // 玩法版本只读 -Route::middleware(['admin.api-resource', 'admin.permission:prd.play_switch.manage|prd.odds.manage']) +Route::middleware('admin.api-resource') ->prefix('config') ->name('api.v1.admin.config.') ->group(function (): void { @@ -45,7 +45,7 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.play_switch.manag }); // 赔率/回水只读 -Route::middleware(['admin.api-resource', 'admin.permission:prd.odds.manage|prd.rebate.manage|prd.rebate.view']) +Route::middleware('admin.api-resource') ->prefix('config') ->name('api.v1.admin.config.') ->group(function (): void { @@ -57,7 +57,7 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.odds.manage|prd.r }); // 封顶只读 -Route::middleware(['admin.api-resource', 'admin.permission:prd.risk_cap.manage|prd.risk_cap.view']) +Route::middleware('admin.api-resource') ->prefix('config') ->name('api.v1.admin.config.') ->group(function (): void { @@ -69,7 +69,7 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.risk_cap.manage|p }); // 玩法/赔率/封顶/Jackpot 配置写入 -Route::middleware(['admin.api-resource', 'admin.permission:prd.play_switch.manage|prd.odds.manage|prd.risk_cap.manage|prd.rebate.manage|prd.jackpot.manage']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::patch('play-types/{play_code}', PlayTypePatchController::class) ->where('play_code', '[a-z0-9_]+') @@ -120,7 +120,7 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.play_switch.manag }); // 通用 KV 设置(钱包限额等) -Route::middleware(['admin.api-resource', 'admin.permission:prd.wallet_reconcile.manage']) +Route::middleware('admin.api-resource') ->prefix('settings') ->name('api.v1.admin.settings.') ->group(function (): void { diff --git a/routes/api/v1/admin/core.php b/routes/api/v1/admin/core.php index bedaf18..570b733 100644 --- a/routes/api/v1/admin/core.php +++ b/routes/api/v1/admin/core.php @@ -20,6 +20,6 @@ Route::get('dashboard', AdminDashboardController::class) ->name('api.v1.admin.dashboard'); // 审计日志 -Route::middleware(['admin.api-resource', 'admin.permission:prd.audit.all|prd.audit.self|prd.audit.finance']) +Route::middleware('admin.api-resource') ->get('audit-logs', AuditLogIndexController::class) ->name('api.v1.admin.audit-logs.index'); diff --git a/routes/api/v1/admin/draw.php b/routes/api/v1/admin/draw.php index 864ec38..04b9979 100644 --- a/routes/api/v1/admin/draw.php +++ b/routes/api/v1/admin/draw.php @@ -30,7 +30,7 @@ use App\Http\Controllers\Api\V1\Admin\Settlement\AdminSettlementBatchDetailsCont */ // 开奖结果查看 + 风控监控 -Route::middleware(['admin.api-resource', 'admin.permission:prd.draw_result.manage|prd.draw_result.view']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::get('draws', AdminDrawIndexController::class) ->name('api.v1.admin.draws.index'); @@ -50,7 +50,7 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.draw_result.manag }); // 开奖结果录入(发布批次) -Route::middleware(['admin.api-resource', 'admin.permission:prd.draw_result.manage']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::post('draws/{draw}/result-batches', DrawManualResultBatchStoreController::class) ->name('api.v1.admin.draws.result-batches.store'); @@ -75,12 +75,12 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.draw_result.manag }); // 派彩确认 -Route::middleware(['admin.api-resource', 'admin.permission:prd.payout.manage|prd.payout.review']) +Route::middleware('admin.api-resource') ->post('draws/{draw}/settlement/run', DrawSettlementRunController::class) ->name('api.v1.admin.draws.settlement.run'); // 结算批次查看 -Route::middleware(['admin.api-resource', 'admin.permission:prd.payout.manage|prd.payout.review|prd.payout.view']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::get('settlement-batches', AdminSettlementBatchIndexController::class) ->name('api.v1.admin.settlement-batches.index'); @@ -92,7 +92,7 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.payout.manage|prd ->name('api.v1.admin.settlement-batches.export'); }); -Route::middleware(['admin.api-resource', 'admin.permission:prd.payout.review']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::post('settlement-batches/{batch}/approve', AdminSettlementBatchApproveController::class) ->name('api.v1.admin.settlement-batches.approve'); @@ -100,6 +100,6 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.payout.review']) ->name('api.v1.admin.settlement-batches.reject'); }); -Route::middleware(['admin.api-resource', 'admin.permission:prd.payout.manage']) +Route::middleware('admin.api-resource') ->post('settlement-batches/{batch}/payout', AdminSettlementBatchPayoutController::class) ->name('api.v1.admin.settlement-batches.payout'); diff --git a/routes/api/v1/admin/jackpot.php b/routes/api/v1/admin/jackpot.php index da20c28..4f3a52d 100644 --- a/routes/api/v1/admin/jackpot.php +++ b/routes/api/v1/admin/jackpot.php @@ -12,7 +12,7 @@ use App\Http\Controllers\Api\V1\Admin\Jackpot\AdminJackpotContributionIndexContr */ // 奖池查看 -Route::middleware(['admin.api-resource', 'admin.permission:prd.jackpot.manage|prd.jackpot.view']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::get('jackpot/pools', AdminJackpotPoolIndexController::class) ->name('api.v1.admin.jackpot.pools.index'); @@ -23,7 +23,7 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.jackpot.manage|pr }); // 奖池修改(仅管理权限) -Route::middleware(['admin.api-resource', 'admin.permission:prd.jackpot.manage']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::put('jackpot/pools/{pool}', AdminJackpotPoolUpdateController::class) ->name('api.v1.admin.jackpot.pools.update'); diff --git a/routes/api/v1/admin/player.php b/routes/api/v1/admin/player.php index edbf050..2e45115 100644 --- a/routes/api/v1/admin/player.php +++ b/routes/api/v1/admin/player.php @@ -14,7 +14,7 @@ use App\Http\Controllers\Api\V1\Admin\Player\AdminPlayerTicketItemsIndexControll /** * 管理员玩家管理路由。 */ -Route::middleware(['admin.api-resource', 'admin.permission:prd.users.manage|prd.users.view_finance|prd.users.view_cs']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::get('players', AdminPlayerIndexController::class) ->name('api.v1.admin.players.index'); diff --git a/routes/api/v1/admin/report.php b/routes/api/v1/admin/report.php index 86abfc2..56a6e1f 100644 --- a/routes/api/v1/admin/report.php +++ b/routes/api/v1/admin/report.php @@ -9,7 +9,7 @@ use App\Http\Controllers\Api\V1\Admin\Reports\ReportJobStoreController; /** * 管理员报表路由。 */ -Route::middleware(['admin.api-resource', 'admin.permission:prd.report.all|prd.report.risk|prd.report.finance|prd.report.player']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::get('report-jobs', ReportJobIndexController::class) ->name('api.v1.admin.report-jobs.index'); diff --git a/routes/api/v1/admin/user.php b/routes/api/v1/admin/user.php index e70ea45..2a0ad26 100644 --- a/routes/api/v1/admin/user.php +++ b/routes/api/v1/admin/user.php @@ -13,7 +13,7 @@ use App\Http\Controllers\Api\V1\Admin\User\AdminUserPermissionSyncController; /** * 管理员账号与权限管理路由。 */ -Route::middleware(['admin.api-resource', 'admin.permission:prd.admin_user.manage']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::get('admin-users', AdminUserIndexController::class) ->name('api.v1.admin.admin-users.index'); diff --git a/routes/api/v1/admin/wallet.php b/routes/api/v1/admin/wallet.php index 453c215..c90f695 100644 --- a/routes/api/v1/admin/wallet.php +++ b/routes/api/v1/admin/wallet.php @@ -14,7 +14,7 @@ use App\Http\Controllers\Api\V1\Admin\Wallet\WalletTransactionListController; */ // 钱包对账查看 -Route::middleware(['admin.api-resource', 'admin.permission:prd.wallet_reconcile.manage|prd.wallet_reconcile.view|prd.wallet_reconcile.view_cs']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::get('wallet/transfer-orders', TransferOrderListController::class) ->name('api.v1.admin.wallet.transfer-orders'); @@ -30,7 +30,7 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.wallet_reconcile. }); // 对账操作(仅管理权限) -Route::middleware(['admin.api-resource', 'admin.permission:prd.wallet_reconcile.manage']) +Route::middleware('admin.api-resource') ->group(function (): void { Route::post('wallet/transfer-orders/{transfer_no}/reverse', [TransferOrderReconcileController::class, 'reverse']) ->name('api.v1.admin.wallet.transfer-orders.reverse'); @@ -39,6 +39,6 @@ Route::middleware(['admin.api-resource', 'admin.permission:prd.wallet_reconcile. }); // 对账任务创建(仅管理权限) -Route::middleware(['admin.api-resource', 'admin.permission:prd.wallet_reconcile.manage']) +Route::middleware('admin.api-resource') ->post('reconcile-jobs', ReconcileJobStoreController::class) ->name('api.v1.admin.reconcile-jobs.store'); diff --git a/tests/Feature/AdminAuthLoginTest.php b/tests/Feature/AdminAuthLoginTest.php index 49b6fdf..c5a3b55 100644 --- a/tests/Feature/AdminAuthLoginTest.php +++ b/tests/Feature/AdminAuthLoginTest.php @@ -3,7 +3,7 @@ use App\Models\AdminUser; use App\Lottery\ErrorCode; use Illuminate\Support\Str; -use App\Services\AdminCaptchaService; +use Illuminate\Support\Facades\Cache; use Illuminate\Foundation\Testing\RefreshDatabase; uses(RefreshDatabase::class); @@ -22,14 +22,17 @@ test('admin login returns bearer token when captcha passes validation', function 'status' => 0, ]); - $mock = Mockery::mock(AdminCaptchaService::class); - $mock->shouldReceive('verify')->once()->andReturn(true); - $this->instance(AdminCaptchaService::class, $mock); + $captchaKey = (string) Str::uuid(); + Cache::put( + 'admin_captcha:'.$captchaKey, + hash_hmac('sha256', 'xwz2', (string) config('app.key')), + now()->addSeconds(120), + ); $resp = $this->postJson('/api/v1/admin/auth/login', [ 'account' => 'Tester', 'password' => 'secret-strong', - 'captcha_key' => (string) Str::uuid(), + 'captcha_key' => $captchaKey, 'captcha_code' => 'xwz2', ]); @@ -37,7 +40,10 @@ test('admin login returns bearer token when captcha passes validation', function ->assertJsonPath('code', ErrorCode::Success->value) ->assertJsonPath('data.admin.username', 'tester') ->assertJsonPath('data.admin.nickname', '测试昵称') - ->assertJsonStructure(['data' => ['token', 'token_type', 'admin' => ['id', 'username', 'nickname', 'email', 'permissions']]]); + ->assertJsonPath('data.admin.navigation.0.segment', 'dashboard') + ->assertJsonPath('data.admin.navigation.0.href', '/admin') + ->assertJsonPath('data.admin.navigation.1.segment', 'settings') + ->assertJsonStructure(['data' => ['token', 'token_type', 'admin' => ['id', 'username', 'nickname', 'email', 'permissions', 'navigation']]]); $token = $resp->json('data.token'); expect($token)->not->toBeNull(); @@ -69,14 +75,17 @@ test('login rejects wrong password with masked message', function () { 'status' => 0, ]); - $mock = Mockery::mock(AdminCaptchaService::class); - $mock->shouldReceive('verify')->andReturn(true); - $this->instance(AdminCaptchaService::class, $mock); + $captchaKey = (string) Str::uuid(); + Cache::put( + 'admin_captcha:'.$captchaKey, + hash_hmac('sha256', 'aaaa', (string) config('app.key')), + now()->addSeconds(120), + ); $this->postJson('/api/v1/admin/auth/login', [ 'account' => 'bad_tester', 'password' => 'wrong-password', - 'captcha_key' => (string) Str::uuid(), + 'captcha_key' => $captchaKey, 'captcha_code' => 'aaaa', ])->assertUnauthorized() ->assertJsonPath('code', ErrorCode::AdminCredentialsInvalid->value);