refactor: 更新权限管理与请求验证逻辑

- 在多个控制器中将权限检查从 hasAdminPermission 更新为 hasPermissionCode，以增强权限管理的灵活性。
- 引入 AdminScopePolicy，优化基于代理节点的权限和数据过滤逻辑，确保管理员能够更精确地控制访问权限。
- 在请求验证中添加 agent_node_id 字段，确保 API 接口支持代理节点的相关操作。
- 更新 AdminUser 模型，新增 hasPermissionCode 方法，以支持更细粒度的权限检查。
- 优化审计日志记录逻辑，确保在处理请求时能够准确记录管理员的操作。

app/Http/Controllers/Api/V1/Admin/Draw/AdminDrawIndexController.php

@@ -8,8 +8,9 @@ use App\Models\Draw;
 use App\Models\TicketItem;
 use App\Models\TicketOrder;
 use Illuminate\Http\Request;
-use App\Support\AdminSiteScope;
 use App\Support\AdminApiList;
+use App\Support\AdminScopeContext;
+use App\Support\AdminScopePolicy;
 use App\Services\LotterySettings;
 use Illuminate\Http\JsonResponse;
 use App\Http\Controllers\Controller;
@@ -28,7 +29,7 @@ final class AdminDrawIndexController extends Controller
         $p = AdminApiList::readPaging($request);
         $drawNo = trim((string) $request->query('draw_no', ''));
         $status = trim((string) $request->query('status', ''));
-        $agentNodeId = $request->integer('agent_node_id') ?: null;
+        $scope = AdminScopePolicy::resolveContext($request, $admin);
 
         $q = Draw::query()->orderByDesc('draw_time')->orderByDesc('id');
 
@@ -45,8 +46,7 @@ final class AdminDrawIndexController extends Controller
 
         $statsByDrawId = $this->aggregateListStats(
             $paginator->getCollection()->pluck('id')->map(fn ($id) => (int) $id)->all(),
-            $admin,
-            $agentNodeId,
+            $scope,
         );
 
         return AdminApiList::jsonWith($paginator, fn (Draw $row) => $this->row($row, $statsByDrawId), [
@@ -63,21 +63,21 @@ final class AdminDrawIndexController extends Controller
      * @param  list<int>  $drawIds
      * @return array<int, array{total_bet_minor: int, total_payout_minor: int, profit_loss_minor: int}>
      */
-    private function aggregateListStats(array $drawIds, AdminUser $admin, ?int $agentNodeId): array
+    private function aggregateListStats(array $drawIds, AdminScopeContext $scope): array
     {
         if ($drawIds === []) {
             return [];
         }
 
         $betQuery = TicketOrder::query()->whereIn('draw_id', $drawIds);
-        $this->scopeOrdersToVisiblePlayers($betQuery, $admin, $agentNodeId);
+        $this->scopeOrdersToVisiblePlayers($betQuery, $scope);
         $betByDraw = $betQuery
             ->groupBy('draw_id')
             ->selectRaw('draw_id, COALESCE(SUM(total_actual_deduct), 0) AS total_bet')
             ->pluck('total_bet', 'draw_id');
 
         $payoutQuery = TicketItem::query()->whereIn('draw_id', $drawIds);
-        $this->scopeTicketItemsToVisiblePlayers($payoutQuery, $admin, $agentNodeId);
+        $this->scopeTicketItemsToVisiblePlayers($payoutQuery, $scope);
         $payoutRows = $payoutQuery
             ->groupBy('draw_id')
             ->selectRaw(
@@ -104,38 +104,28 @@ final class AdminDrawIndexController extends Controller
     /**
      * @param  \Illuminate\Database\Eloquent\Builder<TicketOrder>  $query
      */
-    private function scopeOrdersToVisiblePlayers($query, AdminUser $admin, ?int $agentNodeId): void
+    private function scopeOrdersToVisiblePlayers($query, AdminScopeContext $scope): void
     {
-        if ($admin->isSuperAdmin() && ($agentNodeId === null || $agentNodeId <= 0)) {
+        if ($scope->isSuperAdmin() && $scope->effectiveRequestedAgentNodeId() === null) {
             return;
         }
 
-        $query->whereHas('player', static function ($playerQuery) use ($admin, $agentNodeId): void {
-            AdminSiteScope::applyPlayerFilters(
-                $playerQuery,
-                $admin,
-                null,
-                $agentNodeId !== null && $agentNodeId > 0 ? $agentNodeId : null,
-            );
+        $query->whereHas('player', function ($playerQuery) use ($scope): void {
+            AdminScopePolicy::applyPlayerFilters($playerQuery, $scope);
         });
     }
 
     /**
      * @param  \Illuminate\Database\Eloquent\Builder<TicketItem>  $query
      */
-    private function scopeTicketItemsToVisiblePlayers($query, AdminUser $admin, ?int $agentNodeId): void
+    private function scopeTicketItemsToVisiblePlayers($query, AdminScopeContext $scope): void
     {
-        if ($admin->isSuperAdmin() && ($agentNodeId === null || $agentNodeId <= 0)) {
+        if ($scope->isSuperAdmin() && $scope->effectiveRequestedAgentNodeId() === null) {
             return;
         }
 
-        $query->whereHas('player', static function ($playerQuery) use ($admin, $agentNodeId): void {
-            AdminSiteScope::applyPlayerFilters(
-                $playerQuery,
-                $admin,
-                null,
-                $agentNodeId !== null && $agentNodeId > 0 ? $agentNodeId : null,
-            );
+        $query->whereHas('player', function ($playerQuery) use ($scope): void {
+            AdminScopePolicy::applyPlayerFilters($playerQuery, $scope);
         });
     }