refactor: 更新权限管理与请求验证逻辑

- 在多个控制器中将权限检查从 hasAdminPermission 更新为 hasPermissionCode，以增强权限管理的灵活性。 - 引入 AdminScopePolicy，优化基于代理节点的权限和数据过滤逻辑，确保管理员能够更精确地控制访问权限。 - 在请求验证中添加 agent_node_id 字段，确保 API 接口支持代理节点的相关操作。 - 更新 AdminUser 模型，新增 hasPermissionCode 方法，以支持更细粒度的权限检查。 - 优化审计日志记录逻辑，确保在处理请求时能够准确记录管理员的操作。
2026-06-03 10:07:38 +08:00
parent 0841fbed32
commit 1dcd4716c5
64 changed files with 2054 additions and 344 deletions
--- a/app/Http/Middleware/RecordAdminApiAudit.php
+++ b/app/Http/Middleware/RecordAdminApiAudit.php
@@ -60,9 +60,36 @@ final class RecordAdminApiAudit
        return $response;
    }

+    private static function isAuditAlreadyRecorded(Request $request): bool
+    {
+        foreach (self::auditRecordedRequests($request) as $candidate) {
+            if ($candidate->attributes->get(self::ATTRIBUTE_AUDIT_RECORDED) === true) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /** @return list<Request> */
+    private static function auditRecordedRequests(Request $request): array
+    {
+        $requests = [$request];
+
+        try {
+            $resolved = request();
+            if ($resolved !== $request) {
+                $requests[] = $resolved;
+            }
+        } catch (\Throwable) {
+        }
+
+        return $requests;
+    }
+
    private function shouldRecord(Request $request, Response $response): bool
    {
-        if ($request->attributes->get(self::ATTRIBUTE_AUDIT_RECORDED) === true) {
+        if (self::isAuditAlreadyRecorded($request)) {
            return false;
        }