feat: 增强代理节点和代理资料管理功能

- 在 AgentNodeProfileController 中添加对父代理能力授予的验证，确保子代理的权限在父代理范围内。
- 更新多个请求类，统一代理资料字段的验证逻辑，提升代码复用性。
- 引入 AgentProfileFieldRules 以简化代理资料更新请求的规则定义。
- 在 AgentProfile 模型中设置主键为 agent_node_id，确保与代理节点的关联性。
- 更新错误信息，增加对授信额度和占成比例的验证，确保数据一致性。

tests/Feature/AdminAgentProfileApiTest.php

@@ -0,0 +1,194 @@
+<?php
+
+use App\Models\AdminUser;
+use App\Lottery\ErrorCode;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+uses(RefreshDatabase::class);
+
+beforeEach(function (): void {
+    $this->artisan('lottery:admin-auth-sync')->assertExitCode(0);
+});
+
+test('super admin can update agent profile with capability flags', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+    $service = app(\App\Services\Agent\AgentNodeService::class);
+
+    $super = AdminUser::query()->create([
+        'username' => 'profile_super',
+        'name' => 'Profile Super',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+    grantSuperAdminRole($super);
+
+    $child = $service->createChild($super, agentChildPayload([
+        'parent_id' => $rootId,
+        'code' => 'profile-child',
+        'name' => 'Profile Child',
+        'username' => 'profile_child',
+        'total_share_rate' => 10,
+        'credit_limit' => 1000,
+    ]));
+
+    $token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->putJson('/api/v1/admin/agent-nodes/'.$child->id.'/profile', [
+            'total_share_rate' => 12,
+            'credit_limit' => 1200,
+            'rebate_limit' => 0.01,
+            'default_player_rebate' => 0.005,
+            'settlement_cycle' => 'weekly',
+            'can_grant_extra_rebate' => false,
+            'can_create_child_agent' => true,
+            'can_create_player' => true,
+        ])
+        ->assertOk()
+        ->assertJsonPath('data.total_share_rate', 12)
+        ->assertJsonPath('data.can_create_child_agent', true);
+});
+
+test('super admin can update agent login username and tree reflects it', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+    $service = app(\App\Services\Agent\AgentNodeService::class);
+
+    $super = AdminUser::query()->create([
+        'username' => 'username_super',
+        'name' => 'Username Super',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+    grantSuperAdminRole($super);
+
+    $child = $service->createChild($super, agentChildPayload([
+        'parent_id' => $rootId,
+        'code' => 'username-child',
+        'name' => 'Username Child',
+        'username' => 'old_login',
+    ]));
+
+    $token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->putJson('/api/v1/admin/agent-nodes/'.$child->id, [
+            'username' => 'new_login',
+        ])
+        ->assertOk()
+        ->assertJsonPath('data.username', 'new_login');
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->getJson('/api/v1/admin/agent-nodes/tree?admin_site_id='.$siteId)
+        ->assertOk()
+        ->assertJsonPath('data.tree.0.children.0.username', 'new_login');
+});
+
+test('update can provision primary login when agent node had no bound account', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+    $service = app(\App\Services\Agent\AgentNodeService::class);
+
+    $super = AdminUser::query()->create([
+        'username' => 'provision_super',
+        'name' => 'Provision Super',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+    grantSuperAdminRole($super);
+
+    $child = $service->createChild($super, agentChildPayload([
+        'parent_id' => $rootId,
+        'code' => 'provision-child',
+        'name' => 'Provision Child',
+        'username' => 'old_bound_login',
+    ]));
+
+    $userId = (int) DB::table('admin_user_agents')->where('agent_node_id', $child->id)->value('admin_user_id');
+    DB::table('admin_user_agent_roles')->where('agent_node_id', $child->id)->delete();
+    DB::table('admin_user_agents')->where('agent_node_id', $child->id)->delete();
+    AdminUser::query()->where('id', $userId)->delete();
+
+    $token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->putJson('/api/v1/admin/agent-nodes/'.$child->id, [
+            'username' => 'fresh_login',
+            'password' => agentNodeTestPassword(),
+        ])
+        ->assertOk()
+        ->assertJsonPath('data.username', 'fresh_login');
+
+    expect(
+        DB::table('admin_user_agents')->where('agent_node_id', $child->id)->where('is_primary', true)->count()
+    )->toBe(1);
+});
+
+test('agent profile update normalizes empty settlement cycle', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+    $service = app(\App\Services\Agent\AgentNodeService::class);
+
+    $super = AdminUser::query()->create([
+        'username' => 'profile_super3',
+        'name' => 'Profile Super',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+    grantSuperAdminRole($super);
+
+    $child = $service->createChild($super, agentChildPayload([
+        'parent_id' => $rootId,
+        'code' => 'profile-child3',
+        'name' => 'Profile Child 3',
+        'username' => 'profile_child3',
+    ]));
+
+    $token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->putJson('/api/v1/admin/agent-nodes/'.$child->id.'/profile', [
+            'settlement_cycle' => '',
+        ])
+        ->assertOk()
+        ->assertJsonPath('data.settlement_cycle', 'weekly');
+});
+
+test('agent profile update rejects default rebate above limit', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+    $service = app(\App\Services\Agent\AgentNodeService::class);
+
+    $super = AdminUser::query()->create([
+        'username' => 'profile_super2',
+        'name' => 'Profile Super',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+    grantSuperAdminRole($super);
+
+    $child = $service->createChild($super, agentChildPayload([
+        'parent_id' => $rootId,
+        'code' => 'profile-child2',
+        'name' => 'Profile Child 2',
+        'username' => 'profile_child2',
+    ]));
+
+    $token = $super->createToken('test', ['*'], now()->addDay())->plainTextToken;
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->putJson('/api/v1/admin/agent-nodes/'.$child->id.'/profile', [
+            'rebate_limit' => 0.005,
+            'default_player_rebate' => 0.01,
+        ])
+        ->assertStatus(422)
+        ->assertJsonPath('code', ErrorCode::ValidationFailed->value);
+});