feat: refactor super admin to use is_super_admin flag and enhance site deletion logic

- Changed super admin detection from role-based to `is_super_admin` flag in AdminUser model - Added `requireDefaultAdminSiteId()` method to throw validation error when no integration site exists - Enhanced site deletion to migrate platform role bindings to fallback site and auto-delete site-specific admin accounts - Made agent line code optional with auto-generation fallback using `{site_code}-agent-{counter}` format
2026-06-12 20:47:40 +08:00
parent 980f3c9593
commit 395e1c7400
36 changed files with 1193 additions and 153 deletions
--- a/app/Support/SiteAdminDefaultRolePermissions.php
+++ b/app/Support/SiteAdminDefaultRolePermissions.php
@@ -0,0 +1,64 @@
+<?php
+
+namespace App\Support;
+
+use App\Models\AdminRole;
+
+/**
+ * 平台「站点管理员」系统角色（slug=site_admin）的默认 prd.* 模板。
+ * 接入站点创建时自动绑定；权限可在「平台角色管理」调整。
+ */
+final class SiteAdminDefaultRolePermissions
+{
+    /** @var list<string> */
+    private const TEMPLATE_SLUGS = [
+        'prd.dashboard.view',
+        'prd.agent.view',
+        'prd.agent.manage',
+        'prd.agent.role.view',
+        'prd.agent.role.manage',
+        'prd.agent.user.view',
+        'prd.agent.user.manage',
+        'prd.agent.profile.manage',
+        'prd.users.manage',
+        'prd.tickets.view',
+        'prd.report.view',
+        'prd.settlement.agent.view',
+        'prd.settlement.agent.manage',
+        'prd.integration.view',
+    ];
+
+    /**
+     * @return list<string>
+     */
+    public static function templateSlugs(): array
+    {
+        return self::TEMPLATE_SLUGS;
+    }
+
+    public static function ensurePlatformSiteAdminRole(): AdminRole
+    {
+        $role = AdminRole::query()->updateOrCreate(
+            [
+                'slug' => SitePlatformRole::SLUG,
+                'scope_type' => AdminRole::SCOPE_SYSTEM,
+            ],
+            [
+                'code' => SitePlatformRole::SLUG,
+                'name' => '站点管理员',
+                'description' => '接入站点后台默认权限（代理/玩家/结算运营 + 站点仪表盘）',
+                'status' => 1,
+                'is_system' => true,
+                'sort_order' => 40,
+                'owner_agent_id' => null,
+                'delegated_from_role_id' => null,
+            ],
+        );
+
+        $role->syncLegacyPermissionSlugs(
+            AdminPermissionInheritance::expand(self::TEMPLATE_SLUGS),
+        );
+
+        return $role->fresh() ?? $role;
+    }
+}