feat: 增强后台设置校验、代理权限控制与财务审计能力

2026-06-09 13:44:08 +08:00
parent 8d5d7f5b17
commit 41b964a606
25 changed files with 894 additions and 49 deletions
--- a/app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeAdminUserStoreController.php
+++ b/app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeAdminUserStoreController.php
@@ -10,6 +10,7 @@ use App\Http\Controllers\Controller;
 use App\Services\Agent\AgentAdminUserService;
 use App\Lottery\ErrorCode;
 use App\Support\AdminAgentNodeAccess;
+use App\Support\AdminAgentScope;
 use App\Support\AdminUserApiPresenter;
 use App\Support\ApiMessage;
 use App\Http\Requests\Admin\AgentAdminUserStoreRequest;
@@ -39,6 +40,17 @@ final class AgentNodeAdminUserStoreController extends Controller
            );
        }

+        if (! AdminAgentScope::nodeManageableBy($admin, $agent_node)) {
+            return AdminAgentNodeAccess::denyUnlessCanManageParent($admin, $agent_node)
+                ?? ApiMessage::errorResponse(
+                    $request,
+                    'admin.agent_user_manage_denied',
+                    ErrorCode::AdminForbidden->value,
+                    null,
+                    403,
+                );
+        }
+
        $user = $service->createUnderAgent($agent_node, $request->validated());

        AuditLogger::recordForAdmin(
--- a/app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeDestroyController.php
+++ b/app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeDestroyController.php
@@ -47,6 +47,14 @@ final class AgentNodeDestroyController extends Controller
            return ApiMessage::errorResponse($request, 'admin.agent_node_has_players_cannot_delete', ErrorCode::ValidationFailed->value, null, 422);
        }

+        if (DB::table('admin_user_agents')->where('agent_node_id', $agent_node->id)->exists()) {
+            return ApiMessage::errorResponse($request, 'admin.agent_node_has_admin_users_cannot_delete', ErrorCode::ValidationFailed->value, null, 422);
+        }
+
+        if ($service->hasBlockingCustomRoles($agent_node)) {
+            return ApiMessage::errorResponse($request, 'admin.agent_node_has_roles_cannot_delete', ErrorCode::ValidationFailed->value, null, 422);
+        }
+
        $before = AgentNodePresenter::item($agent_node);
        $service->destroy($agent_node);

--- a/app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeRoleStoreController.php
+++ b/app/Http/Controllers/Api/V1/Admin/Agent/AgentNodeRoleStoreController.php
@@ -10,6 +10,7 @@ use App\Http\Controllers\Controller;
 use App\Services\Agent\AgentRoleService;
 use App\Lottery\ErrorCode;
 use App\Support\AdminAgentNodeAccess;
+use App\Support\AdminAgentScope;
 use App\Support\AdminRoleApiPresenter;
 use App\Support\ApiMessage;
 use App\Http\Requests\Admin\AgentRoleStoreRequest;
@@ -39,6 +40,17 @@ final class AgentNodeRoleStoreController extends Controller
            );
        }

+        if (! AdminAgentScope::nodeManageableBy($admin, $agent_node)) {
+            return AdminAgentNodeAccess::denyUnlessCanManageParent($admin, $agent_node)
+                ?? ApiMessage::errorResponse(
+                    $request,
+                    'admin.agent_role_manage_denied',
+                    ErrorCode::AdminForbidden->value,
+                    null,
+                    403,
+                );
+        }
+
        $role = $service->createForAgent($admin, $agent_node, $request->validated());

        AuditLogger::recordForAdmin(