xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: 更新权限管理与请求验证逻辑

Browse Source 
- 在多个控制器中将权限检查从 hasAdminPermission 更新为 hasPermissionCode,以增强权限管理的灵活性。
- 引入 AdminScopePolicy,优化基于代理节点的权限和数据过滤逻辑,确保管理员能够更精确地控制访问权限。
- 在请求验证中添加 agent_node_id 字段,确保 API 接口支持代理节点的相关操作。
- 更新 AdminUser 模型,新增 hasPermissionCode 方法,以支持更细粒度的权限检查。
- 优化审计日志记录逻辑,确保在处理请求时能够准确记录管理员的操作。
This commit is contained in:
kang
2026-06-03 10:07:38 +08:00
parent 0841fbed32
commit 1dcd4716c5
64 changed files with 2054 additions and 344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/Api/V1/Admin/Agent/AgentAdminUserRoleSyncController.php
View File

@@ -32,7 +32,7 @@ final class AgentAdminUserRoleSyncController extends Controller
return $denied;
}
if (! $admin->isSuperAdmin() && ! $admin->hasAdminPermission('prd.agent.user.manage')) {
if (! $admin->isSuperAdmin() && ! $admin->hasPermissionCode('agent.node.manage')) {
return AdminAgentNodeAccess::denyUnlessCanManageParent($admin, $agent);
}

2
app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeAdminUserStoreController.php
View File

@@ -27,7 +27,7 @@ final class AgentNodeAdminUserStoreController extends Controller
return $denied;
}
if (! $admin->isSuperAdmin() && ! $admin->hasAdminPermission('prd.agent.user.manage')) {
if (! $admin->isSuperAdmin() && ! $admin->hasPermissionCode('agent.node.manage')) {
return AdminAgentNodeAccess::denyUnlessCanManageParent($admin, $agent_node);
}

2
app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeRoleStoreController.php
View File

@@ -27,7 +27,7 @@ final class AgentNodeRoleStoreController extends Controller
return $denied;
}
if (! $admin->isSuperAdmin() && ! $admin->hasAdminPermission('prd.agent.role.manage')) {
if (! $admin->isSuperAdmin() && ! $admin->hasPermissionCode('agent.node.manage')) {
return AdminAgentNodeAccess::denyUnlessCanManageParent($admin, $agent_node);
}

5
app/Http/Controllers/Api/V1/Admin/Agent/AgentRolePermissionSyncController.php
View File

@@ -8,6 +8,7 @@ use App\Services\AuditLogger;
use Illuminate\Http\JsonResponse;
use App\Http\Controllers\Controller;
use App\Services\Agent\AgentRoleService;
use App\Support\AdminPermissionInheritance;
use App\Support\AgentRoleAuthorization;
use App\Support\AdminRoleApiPresenter;
use App\Http\Requests\Admin\AgentRolePermissionSyncRequest;
@@ -35,7 +36,9 @@ final class AgentRolePermissionSyncController extends Controller
return AgentRoleAuthorization::denyUnlessRoleManageable($admin, $admin_role);
}
$slugs = array_values(array_unique($request->validated('permission_slugs')));
$slugs = AdminPermissionInheritance::expand(
array_values(array_unique($request->validated('permission_slugs'))),
);
$before = AdminRoleApiPresenter::item($admin_role);
$role = $service->syncPermissions($admin, $admin_role, $slugs);