feat(admin): 更新后台权限管理与同步逻辑，简化权限检查并优化文档

- 新增后台 RBAC 相关文档，提供权限目录与维护命令说明。 - 移除不必要的角色资源同步检查，简化权限审计命令。 - 更新权限描述与同步逻辑，确保一致性与可维护性。 - 统一权限注册表，替换过时的权限别名，增强代码可读性。
2026-05-22 16:11:48 +08:00
parent 2e8ab58970
commit 1d31f9e872
24 changed files with 489 additions and 238 deletions
--- a/app/Models/AdminRole.php
+++ b/app/Models/AdminRole.php
@@ -57,29 +57,12 @@ final class AdminRole extends Model
    }

    /**
+     * 由已授权的 menu_action 反推 `prd.*`（与 Registry 映射一致）。
+     *
     * @return list<string>
     */
    public function legacyPermissionSlugs(): array
    {
-        if (DB::getSchemaBuilder()->hasTable('admin_role_legacy_permissions')) {
-            $slugs = DB::table('admin_role_legacy_permissions')
-                ->where('role_id', $this->id)
-                ->pluck('permission_slug')
-                ->all();
-
-            $out = [];
-            foreach ($slugs as $slug) {
-                if (is_string($slug) && $slug !== '') {
-                    $out[$slug] = true;
-                }
-            }
-
-            $keys = array_keys($out);
-            sort($keys);
-
-            return $keys;
-        }
-
        $codes = DB::table('admin_role_menu_actions as rma')
            ->join('admin_menu_actions as ma', 'ma.id', '=', 'rma.menu_action_id')
            ->where('rma.role_id', $this->id)
@@ -95,10 +78,7 @@ final class AdminRole extends Model
     */
    public function syncLegacyPermissionSlugs(array $slugs): void
    {
-        $legacySlugs = array_values(array_unique(array_filter(
-            $slugs,
-            static fn ($slug): bool => is_string($slug) && $slug !== '',
-        )));
+        $legacySlugs = AdminPermissionBridge::normalizeCanonicalLegacySlugs($slugs);

        $codes = [];
        foreach ($legacySlugs as $slug) {
@@ -119,19 +99,6 @@ final class AdminRole extends Model
                'menu_action_id' => (int) $mid,
            ]);
        }
-
-        if (DB::getSchemaBuilder()->hasTable('admin_role_legacy_permissions')) {
-            DB::table('admin_role_legacy_permissions')->where('role_id', $this->id)->delete();
-            $now = now();
-            foreach ($legacySlugs as $slug) {
-                DB::table('admin_role_legacy_permissions')->insert([
-                    'role_id' => $this->id,
-                    'permission_slug' => $slug,
-                    'created_at' => $now,
-                    'updated_at' => $now,
-                ]);
-            }
-        }
    }

    public function assignedUserCount(): int