feat: 增强后台设置校验、代理权限控制与财务审计能力

app/Http/Requests/Admin/AdminSettingBatchUpdateRequest.php

@@ -4,6 +4,7 @@ namespace App\Http\Requests\Admin;
 
 use App\Models\AdminUser;
 use App\Http\Requests\ApiFormRequest;
+use App\Support\AdminSettingPolicy;
 
 final class AdminSettingBatchUpdateRequest extends ApiFormRequest
 {
@@ -22,8 +23,8 @@ final class AdminSettingBatchUpdateRequest extends ApiFormRequest
 
         foreach ($items as $item) {
             $key = is_array($item) ? (string) ($item['key'] ?? '') : '';
-            if (str_starts_with($key, 'settlement.')) {
-                return $admin->hasAdminPermission('prd.payout.manage');
+            if (! AdminSettingPolicy::canUpdate($admin, $key)) {
+                return false;
             }
         }
 
@@ -38,4 +39,15 @@ final class AdminSettingBatchUpdateRequest extends ApiFormRequest
             'items.*.value' => ['present'],
         ];
     }
+
+    public function after(): array
+    {
+        return [
+            function (): void {
+                /** @var list<array{key: string, value: mixed}> $items */
+                $items = $this->validated('items', []);
+                AdminSettingPolicy::validateItems($items);
+            },
+        ];
+    }
 }