feat: refactor super admin to use is_super_admin flag and enhance site deletion logic

- Changed super admin detection from role-based to `is_super_admin` flag in AdminUser model - Added `requireDefaultAdminSiteId()` method to throw validation error when no integration site exists - Enhanced site deletion to migrate platform role bindings to fallback site and auto-delete site-specific admin accounts - Made agent line code optional with auto-generation fallback using `{site_code}-agent-{counter}` format
2026-06-12 20:47:40 +08:00
parent 980f3c9593
commit 395e1c7400
36 changed files with 1193 additions and 153 deletions
--- a/app/Http/Controllers/Api/V1/Admin/Integration/AdminIntegrationSiteDestroyController.php
+++ b/app/Http/Controllers/Api/V1/Admin/Integration/AdminIntegrationSiteDestroyController.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Http\Controllers\Api\V1\Admin\Integration;
+
+use App\Models\AdminSite;
+use App\Support\ApiMessage;
+use App\Support\ApiResponse;
+use App\Lottery\ErrorCode;
+use Illuminate\Http\Request;
+use Illuminate\Http\JsonResponse;
+use App\Http\Controllers\Controller;
+use App\Services\AuditLogger;
+use App\Services\Integration\IntegrationSiteService;
+use App\Support\AdminIntegrationSiteAccess;
+use App\Support\AdminIntegrationSitePresenter;
+use App\Http\Middleware\RecordAdminApiAudit;
+
+final class AdminIntegrationSiteDestroyController extends Controller
+{
+    public function __invoke(
+        Request $request,
+        AdminSite $admin_site,
+        IntegrationSiteService $service,
+    ): JsonResponse {
+        $admin = $request->lotteryAdmin();
+        abort_if($admin === null, 401);
+
+        if (! AdminIntegrationSiteAccess::canAccess($admin, $admin_site)) {
+            return ApiMessage::errorResponse($request, 'admin.site_delete_denied', ErrorCode::AdminForbidden->value, null, 403);
+        }
+
+        $before = AdminIntegrationSitePresenter::detail($admin_site);
+        $service->destroy($admin_site);
+
+        AuditLogger::recordForAdmin(
+            $admin,
+            $request,
+            moduleCode: 'integration',
+            actionCode: 'destroy',
+            targetType: 'admin_site',
+            targetId: (string) $before['id'],
+            beforeJson: $before,
+            afterJson: null,
+        );
+        $request->attributes->set(RecordAdminApiAudit::ATTRIBUTE_AUDIT_RECORDED, true);
+
+        return ApiResponse::success(null);
+    }
+}
--- a/app/Http/Controllers/Api/V1/Admin/User/AdminUserDestroyController.php
+++ b/app/Http/Controllers/Api/V1/Admin/User/AdminUserDestroyController.php
@@ -26,11 +26,10 @@ final class AdminUserDestroyController extends Controller
            return ApiMessage::errorResponse($request, 'admin.user_cannot_delete_self', ErrorCode::ValidationFailed->value, null, 422);
        }

-        $admin_user->load('roles');
        if ($admin_user->isSuperAdmin()) {
            $hasOther = AdminUser::query()
                ->whereKeyNot($admin_user->getKey())
-                ->whereHas('roles', static fn ($q) => $q->where('admin_roles.slug', AdminUser::ROLE_SUPER_ADMIN))
+                ->where('is_super_admin', true)
                ->exists();
            if (! $hasOther) {
                return ApiMessage::errorResponse($request, 'admin.user_cannot_delete_last_super_admin', ErrorCode::ValidationFailed->value, null, 422);
--- a/app/Http/Controllers/Api/V1/Admin/User/AdminUserPermissionSyncController.php
+++ b/app/Http/Controllers/Api/V1/Admin/User/AdminUserPermissionSyncController.php
@@ -25,7 +25,7 @@ final class AdminUserPermissionSyncController extends Controller
            (array) ($input['permissions'] ?? $input['permission_slugs'] ?? []),
            static fn ($v) => is_string($v) && $v !== '',
        )));
-        $siteId = AdminUser::defaultAdminSiteId();
+        $siteId = AdminUser::requireDefaultAdminSiteId();

        $codes = [];
        foreach ($slugs as $slug) {
--- a/app/Http/Requests/Admin/AdminAgentLineStoreRequest.php
+++ b/app/Http/Requests/Admin/AdminAgentLineStoreRequest.php
@@ -40,7 +40,7 @@ final class AdminAgentLineStoreRequest extends ApiFormRequest
    {
        return [
            'site_code' => ['required', 'string', 'max:64', 'regex:/^[a-z0-9][a-z0-9_-]*$/', Rule::exists('admin_sites', 'code')],
-            'code' => ['required', 'string', 'max:64', 'regex:/^[a-z0-9][a-z0-9_-]*$/', Rule::unique('agent_nodes', 'code')],
+            'code' => ['sometimes', 'nullable', 'string', 'max:64', 'regex:/^[a-z0-9][a-z0-9_-]*$/', Rule::unique('agent_nodes', 'code')],
            'name' => ['required', 'string', 'max:128'],
            'username' => ['required', 'string', 'max:64', Rule::unique('admin_users', 'username')],
            'password' => ['required', 'string', 'min:8', 'max:128'],