xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: refactor super admin to use is_super_admin flag and enhance site deletion logic

Browse Source 
- Changed super admin detection from role-based to `is_super_admin` flag in AdminUser model
- Added `requireDefaultAdminSiteId()` method to throw validation error when no integration site exists
- Enhanced site deletion to migrate platform role bindings to fallback site and auto-delete site-specific admin accounts
- Made agent line code optional with auto-generation fallback using `{site_code}-agent-{counter}` format
This commit is contained in:
kang
2026-06-12 20:47:40 +08:00
parent 980f3c9593
commit 395e1c7400
36 changed files with 1193 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tests/Feature/AdminAuthLoginTest.php
View File

@@ -21,33 +21,7 @@ test('admin auth me returns current admin profile', function () {
'email' => null,
'password' => 'secret-strong',
'status' => 0,
]);
$roleId = DB::table('admin_roles')->insertGetId([
'code' => 'super_admin',
'slug' => 'super_admin',
'name' => '超级管理员',
'description' => null,
'status' => 1,
'is_system' => true,
'sort_order' => 0,
'created_at' => now(),
'updated_at' => now(),
]);
$siteId = DB::table('admin_sites')->insertGetId([
'code' => 'default',
'name' => '默认站点',
'is_default' => true,
'status' => 1,
'created_at' => now(),
'updated_at' => now(),
]);
DB::table('admin_user_site_roles')->insert([
'admin_user_id' => $admin->id,
'site_id' => $siteId,
'role_id' => $roleId,
'granted_at' => now(),
'is_super_admin' => true,
]);
$token = $admin->createToken('admin-api', ['*'], now()->addDay())->plainTextToken;

94
tests/Feature/AdminIntegrationSiteApiTest.php
View File

@@ -447,3 +447,97 @@ test('wallet_api_url rejects private ip with path', function (): void {
->assertStatus(422)
->assertJsonPath('data.errors.wallet_api_url.0', 'wallet_api_url 必须是 https 的公开域名根地址,并拒绝 localhost/内网 IP 与带路径/查询的地址。');
});
test('super admin can delete integration site and cleanup related data', function (): void {
$token = integrationAdminToken();
$create = $this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/integration-sites', [
'code' => 'partner-del',
'name' => 'Partner Delete Me',
'admin_account' => [
'username' => 'partner_del_admin',
'nickname' => 'Partner Del Admin',
'password' => 'secret-strong',
],
])
->assertCreated();
$id = (int) $create->json('data.id');
Player::query()->create([
'site_code' => 'partner-del',
'site_player_id' => '90001',
'username' => 'partner_del_player',
'nickname' => 'Partner Del Player',
'default_currency' => 'NPR',
'status' => 1,
]);
$this->withHeader('Authorization', 'Bearer '.$token)
->deleteJson('/api/v1/admin/integration-sites/'.$id)
->assertOk()
->assertJsonPath('code', 0);
expect(AdminSite::query()->where('code', 'partner-del')->exists())->toBeFalse();
expect(Player::query()->where('site_code', 'partner-del')->exists())->toBeFalse();
expect(AdminUser::query()->where('username', 'partner_del_admin')->exists())->toBeFalse();
expect(DB::table('admin_roles')->where('slug', 'site_admin')->exists())->toBeTrue();
expect(DB::table('admin_roles')->where('slug', 'site_admin_partner-del')->exists())->toBeFalse();
expect(
AuditLog::query()
->where('module_code', 'integration')
->where('action_code', 'destroy')
->where('target_id', (string) $id)
->exists()
)->toBeTrue();
});
test('super admin can delete default integration site when another site exists', function (): void {
$token = integrationAdminToken();
$this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/integration-sites', [
'code' => 'partner-keep',
'name' => 'Partner Keep',
'admin_account' => [
'username' => 'partner_keep_admin',
'nickname' => 'Partner Keep Admin',
'password' => 'secret-strong',
],
])
->assertCreated();
$defaultSite = AdminSite::query()->where('is_default', true)->firstOrFail();
$defaultSiteId = (int) $defaultSite->id;
$superAdminId = (int) AdminUser::query()->where('username', 'integration_admin')->value('id');
$this->withHeader('Authorization', 'Bearer '.$token)
->deleteJson('/api/v1/admin/integration-sites/'.$defaultSiteId)
->assertOk()
->assertJsonPath('code', 0);
expect(AdminSite::query()->where('id', $defaultSiteId)->exists())->toBeFalse();
expect(AdminUser::query()->where('id', $superAdminId)->exists())->toBeTrue();
expect(AdminUser::query()->where('id', $superAdminId)->value('is_super_admin'))->toBeTruthy();
});
test('super admin can delete last integration site and remain authenticated', function (): void {
$token = integrationAdminToken();
foreach (AdminSite::query()->orderBy('id')->pluck('id') as $siteId) {
$this->withHeader('Authorization', 'Bearer '.$token)
->deleteJson('/api/v1/admin/integration-sites/'.$siteId)
->assertOk()
->assertJsonPath('code', 0);
}
expect(AdminSite::query()->count())->toBe(0);
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/auth/me')
->assertOk()
->assertJsonPath('data.admin.is_super_admin', true)
->assertJsonPath('data.admin.accessible_sites', []);
});

70
tests/Feature/AdminSiteDashboardOverviewTest.php Normal file
View File

@@ -0,0 +1,70 @@
<?php
use App\Models\AdminSite;
use App\Models\AdminUser;
use App\Support\AdminAuthProfile;
use App\Support\SitePlatformRole;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
uses(RefreshDatabase::class);
beforeEach(function (): void {
$this->artisan('lottery:admin-auth-sync')->assertExitCode(0);
});
test('site admin dashboard returns site overview for operator with dashboard permission', function (): void {
$super = AdminUser::query()->create([
'username' => 'super_site_dash',
'name' => 'Super',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
grantSuperAdminRole($super);
$token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
$create = $this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/integration-sites', [
'code' => 'site-dash',
'name' => 'Site Dash',
'admin_account' => [
'username' => 'site_dash_admin',
'nickname' => 'Site Dash Admin',
'password' => 'secret-strong',
],
])
->assertCreated();
$siteId = (int) $create->json('data.id');
$operator = AdminUser::query()->where('username', 'site_dash_admin')->firstOrFail();
$roleId = SitePlatformRole::id();
expect((int) DB::table('admin_user_site_roles')
->where('admin_user_id', $operator->id)
->where('site_id', $siteId)
->where('role_id', $roleId)
->count())->toBe(1);
expect(SitePlatformRole::userHasSiteAdminRole($operator))->toBeTrue();
expect(AdminAuthProfile::fromAdmin($operator)['site']['code'] ?? null)->toBe('site-dash');
$operatorToken = $operator->createToken('test', ['*'], now()->addDay())->plainTextToken;
app('auth')->forgetGuards();
$this->withHeader('Authorization', 'Bearer '.$operatorToken)
->getJson('/api/v1/admin/auth/me')
->assertOk()
->assertJsonPath('data.admin.id', $operator->id)
->assertJsonPath('data.admin.site.code', 'site-dash')
->assertJsonPath('data.admin.agent', null);
$this->withHeader('Authorization', 'Bearer '.$operatorToken)
->getJson('/api/v1/admin/dashboard')
->assertOk()
->assertJsonPath('data.site_overview.admin_site_id', $siteId)
->assertJsonPath('data.site_overview.site_code', 'site-dash')
->assertJsonPath('data.agent_overview', null);
});

77
tests/Feature/CreditWalletLogsTest.php
View File

@@ -57,3 +57,80 @@ test('credit player wallet logs reads credit_ledger not wallet_txns', function (
->assertJsonPath('data.items.0.biz_type', 'bet_hold')
->assertJsonPath('data.items.0.ledger_source', 'credit_ledger');
});
test('credit player wallet logs distinguish win credit from bill settlement', function (): void {
$player = Player::query()->create([
'site_code' => 'default_site',
'site_player_id' => 'native:logs-2',
'auth_source' => PlayerAuthSource::LOTTERY_NATIVE,
'funding_mode' => PlayerFundingMode::CREDIT,
'username' => 'credit_logs_2',
'default_currency' => 'NPR',
'status' => 0,
]);
DB::table('player_credit_accounts')->insert([
'player_id' => $player->id,
'credit_limit' => 500,
'used_credit' => 0,
'frozen_credit' => 0,
'created_at' => now(),
'updated_at' => now(),
]);
DB::table('credit_ledger')->insert([
[
'owner_type' => 'player',
'owner_id' => $player->id,
'amount' => 3600,
'reason' => 'settlement_payout',
'ref_type' => 'settlement_bill',
'ref_id' => 25,
'created_at' => now()->subMinute(),
'updated_at' => now()->subMinute(),
],
[
'owner_type' => 'player',
'owner_id' => $player->id,
'amount' => 1200,
'reason' => 'game_settlement_win',
'ref_type' => 'ticket_item',
'ref_id' => 99,
'created_at' => now(),
'updated_at' => now(),
],
]);
$response = $this->withHeader('Authorization', 'Bearer dev:'.$player->id)
->getJson('/api/v1/wallet/logs?page=1&size=10');
$response->assertOk()
->assertJsonPath('data.total', 2)
->assertJsonPath('data.items.0.type', 'win_credit')
->assertJsonPath('data.items.0.biz_type', 'game_settlement_win')
->assertJsonPath('data.items.0.affects_available_credit', true)
->assertJsonPath('data.items.1.type', 'bill_settlement')
->assertJsonPath('data.items.1.biz_type', 'settlement_payout')
->assertJsonPath('data.items.1.affects_available_credit', false)
->assertJsonPath('data.items.1.balance_after', null);
expect($response->json('data.items.0.balance_after'))->not->toBeNull();
$this->withHeader('Authorization', 'Bearer dev:'.$player->id)
->getJson('/api/v1/wallet/logs?type=bill_settlement')
->assertOk()
->assertJsonPath('data.total', 1)
->assertJsonPath('data.items.0.type', 'bill_settlement');
$this->withHeader('Authorization', 'Bearer dev:'.$player->id)
->getJson('/api/v1/wallet/logs?type=win_credit')
->assertOk()
->assertJsonPath('data.total', 1)
->assertJsonPath('data.items.0.type', 'win_credit');
$this->withHeader('Authorization', 'Bearer dev:'.$player->id)
->getJson('/api/v1/wallet/logs?type=credit_release')
->assertOk()
->assertJsonPath('data.total', 1)
->assertJsonPath('data.items.0.type', 'win_credit');
});

2
tests/Feature/PlatformSystemRolesTest.php
View File

@@ -49,7 +49,7 @@ test('platform role index only lists fixed super_admin and agent roles', functio
->pluck('slug')
->all();
expect($slugs)->toBe(['super_admin', 'agent']);
expect($slugs)->toBe(['super_admin', 'site_admin', 'agent']);
});
test('platform roles cannot be created and super_admin permissions are full catalog', function (): void {

25
tests/Pest.php
View File

@@ -50,30 +50,11 @@ expect()->extend('toBeOne', function () {
|
*/
/** 为后台测试账号挂上 `super_admin` 角色(细粒度权限校验全放行)。 */
/** 为后台测试账号挂上唯一超级管理员(不绑定站点)。 */
function grantSuperAdminRole(AdminUser $admin): void
{
$now = now();
DB::table('admin_roles')->updateOrInsert(
['slug' => AdminUser::ROLE_SUPER_ADMIN],
[
'name' => 'Super Admin',
'code' => AdminUser::ROLE_SUPER_ADMIN,
'created_at' => $now,
'updated_at' => $now,
],
);
$rid = (int) DB::table('admin_roles')->where('slug', AdminUser::ROLE_SUPER_ADMIN)->value('id');
$siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
DB::table('admin_user_site_roles')->updateOrInsert(
[
'admin_user_id' => $admin->id,
'site_id' => $siteId,
'role_id' => $rid,
],
['granted_at' => $now],
);
\App\Support\PlatformSystemRoles::ensureSuperAdminRole();
\App\Support\SuperAdminAccount::assign($admin);
}
/** 为后台测试账号挂上代理节点(需已存在 agent_nodes / admin_user_agents 表)。 */

13
tests/Unit/SiteAdminDefaultRolePermissionsTest.php Normal file
View File

@@ -0,0 +1,13 @@
<?php
use App\Support\SiteAdminDefaultRolePermissions;
test('site admin template includes dashboard and settlement manage', function (): void {
$slugs = SiteAdminDefaultRolePermissions::templateSlugs();
expect($slugs)
->toContain('prd.dashboard.view')
->toContain('prd.agent.manage')
->toContain('prd.settlement.agent.manage')
->toContain('prd.report.view');
});