feat(admin): 统一后台权限注册表并移除路由中间件鉴权
This commit is contained in:
@@ -6,6 +6,7 @@ use App\Models\AdminUser;
|
||||
use App\Lottery\ErrorCode;
|
||||
use Illuminate\Support\Str;
|
||||
use App\Support\ApiResponse;
|
||||
use App\Support\AdminAuthorizationRegistry;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
@@ -68,6 +69,7 @@ final class LoginController extends Controller
|
||||
)->plainTextToken;
|
||||
|
||||
$admin->forceFill(['last_login_at' => now()])->save();
|
||||
$permissionSlugs = $admin->fresh()->adminPermissionSlugs();
|
||||
|
||||
return ApiResponse::success([
|
||||
'token' => $plainToken,
|
||||
@@ -77,7 +79,8 @@ final class LoginController extends Controller
|
||||
'username' => $admin->username,
|
||||
'nickname' => $admin->name,
|
||||
'email' => $admin->email,
|
||||
'permissions' => $admin->fresh()->adminPermissionSlugs(),
|
||||
'permissions' => $permissionSlugs,
|
||||
'navigation' => AdminAuthorizationRegistry::visibleNavigationItems($permissionSlugs),
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Models\AdminRole;
|
||||
use App\Support\ApiResponse;
|
||||
use App\Support\AdminAuthorizationRegistry;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use App\Http\Controllers\Controller;
|
||||
@@ -62,6 +63,7 @@ final class AdminPermissionCatalogController extends Controller
|
||||
return ApiResponse::success([
|
||||
'permissions' => $permissions,
|
||||
'permission_menu_groups' => $permissionMenuGroups,
|
||||
'navigation' => AdminAuthorizationRegistry::navigationItems(),
|
||||
'roles' => $roles->map(static function (AdminRole $role): array {
|
||||
$userCount = (int) DB::table('admin_user_site_roles')
|
||||
->where('role_id', $role->id)
|
||||
|
||||
@@ -1,48 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use App\Models\AdminUser;
|
||||
use App\Lottery\ErrorCode;
|
||||
use App\Support\ApiResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
/**
|
||||
* 后台 RBAC:在 {@see EnsureAdminApi} 之后校验 `prd.*` 等功能权限 slug(与 {@see AdminUser::hasAdminPermission} 一致)。
|
||||
* 路由参数支持 `slug` 或 `slug1|slug2`(满足其一即可)。
|
||||
*/
|
||||
final class EnsureAdminPermission
|
||||
{
|
||||
public function handle(Request $request, Closure $next, string $permissionSlugs): Response
|
||||
{
|
||||
$admin = $request->lotteryAdmin();
|
||||
if (! $admin instanceof AdminUser) {
|
||||
return ApiResponse::error(
|
||||
trans('admin.unauthenticated', [], $request->lotteryLocale()),
|
||||
ErrorCode::AdminUnauthenticated->value,
|
||||
null,
|
||||
401,
|
||||
);
|
||||
}
|
||||
|
||||
$slugs = array_values(array_filter(array_map('trim', explode('|', $permissionSlugs))));
|
||||
if ($slugs === []) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
foreach ($slugs as $slug) {
|
||||
if ($admin->hasAdminPermission($slug)) {
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
return ApiResponse::error(
|
||||
trans('admin.permission_denied', [], $request->lotteryLocale()),
|
||||
ErrorCode::AdminForbidden->value,
|
||||
['required_any' => $slugs],
|
||||
403,
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user