feat: 增强后台设置校验、代理权限控制与财务审计能力

2026-06-09 13:44:08 +08:00
parent 8d5d7f5b17
commit 41b964a606
25 changed files with 894 additions and 49 deletions
--- a/app/Http/Requests/Admin/AdminSettingUpdateRequest.php
+++ b/app/Http/Requests/Admin/AdminSettingUpdateRequest.php
@@ -4,6 +4,7 @@ namespace App\Http\Requests\Admin;

 use App\Models\AdminUser;
 use App\Http\Requests\ApiFormRequest;
+use App\Support\AdminSettingPolicy;

 final class AdminSettingUpdateRequest extends ApiFormRequest
 {
@@ -15,11 +16,7 @@ final class AdminSettingUpdateRequest extends ApiFormRequest
        }

        $key = (string) $this->route('key', '');
-        if (str_starts_with($key, 'settlement.')) {
-            return $admin->hasAdminPermission('prd.payout.manage');
-        }
-
-        return true;
+        return AdminSettingPolicy::canUpdate($admin, $key);
    }

    public function rules(): array
@@ -28,4 +25,17 @@ final class AdminSettingUpdateRequest extends ApiFormRequest
            'value' => ['present'],
        ];
    }
+
+    public function after(): array
+    {
+        return [
+            function (): void {
+                $key = (string) $this->route('key', '');
+                AdminSettingPolicy::validateItems([[
+                    'key' => $key,
+                    'value' => $this->validated('value'),
+                ]]);
+            },
+        ];
+    }
 }