feat: refactor super admin to use is_super_admin flag and enhance site deletion logic

- Changed super admin detection from role-based to `is_super_admin` flag in AdminUser model - Added `requireDefaultAdminSiteId()` method to throw validation error when no integration site exists - Enhanced site deletion to migrate platform role bindings to fallback site and auto-delete site-specific admin accounts - Made agent line code optional with auto-generation fallback using `{site_code}-agent-{counter}` format
2026-06-12 20:47:40 +08:00
parent 980f3c9593
commit 395e1c7400
36 changed files with 1193 additions and 153 deletions
--- a/app/Support/SuperAdminAccount.php
+++ b/app/Support/SuperAdminAccount.php
@@ -0,0 +1,63 @@
+<?php
+
+namespace App\Support;
+
+use App\Models\AdminUser;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Validation\ValidationException;
+
+/** 平台唯一超级管理员账号（不绑定站点）。 */
+final class SuperAdminAccount
+{
+    public static function assign(AdminUser $user): AdminUser
+    {
+        return DB::transaction(function () use ($user): AdminUser {
+            DB::table('admin_users')
+                ->where('id', '!=', $user->id)
+                ->update(['is_super_admin' => false]);
+
+            $user->forceFill(['is_super_admin' => true])->save();
+
+            self::removeLegacySiteRoleBinding((int) $user->id);
+
+            return $user->fresh() ?? $user;
+        });
+    }
+
+    public static function revoke(AdminUser $user): AdminUser
+    {
+        $user->forceFill(['is_super_admin' => false])->save();
+
+        return $user->fresh() ?? $user;
+    }
+
+    public static function count(): int
+    {
+        return (int) AdminUser::query()->where('is_super_admin', true)->count();
+    }
+
+    public static function assertNotSiteRoleAssignment(array $roleSlugs): void
+    {
+        if (in_array(AdminUser::ROLE_SUPER_ADMIN, $roleSlugs, true)) {
+            throw ValidationException::withMessages([
+                'role_slugs' => [__('admin.super_admin_not_site_role')],
+            ]);
+        }
+    }
+
+    private static function removeLegacySiteRoleBinding(int $userId): void
+    {
+        $superRoleId = DB::table('admin_roles')
+            ->where('slug', AdminUser::ROLE_SUPER_ADMIN)
+            ->value('id');
+
+        if ($superRoleId === null) {
+            return;
+        }
+
+        DB::table('admin_user_site_roles')
+            ->where('admin_user_id', $userId)
+            ->where('role_id', $superRoleId)
+            ->delete();
+    }
+}