feat: 增强玩家管理功能，集成接入站点权限控制

在多个玩家相关控制器中引入 AdminSiteScope，确保管理员在执行操作前具备相应的接入站点权限。更新 Player 相关请求以支持 site_code 参数，增强权限验证逻辑，确保系统安全性与灵活性。同时，新增 AdminUser 模型方法以获取可访问的站点 ID 列表，优化权限管理。
2026-05-27 13:36:23 +08:00
parent b649c862ef
commit a10135d6ee
47 changed files with 2265 additions and 38 deletions
--- a/app/Http/Controllers/Api/V1/Admin/Player/AdminPlayerStoreController.php
+++ b/app/Http/Controllers/Api/V1/Admin/Player/AdminPlayerStoreController.php
@@ -6,6 +6,7 @@ use App\Models\Player;
 use App\Lottery\ErrorCode;
 use App\Support\ApiResponse;
 use Illuminate\Http\JsonResponse;
+use App\Support\AdminSiteScope;
 use App\Support\PlayerApiPresenter;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\Admin\AdminPlayerStoreRequest;
@@ -15,6 +16,19 @@ final class AdminPlayerStoreController extends Controller
 {
    public function __invoke(AdminPlayerStoreRequest $request): JsonResponse
    {
+        $admin = $request->lotteryAdmin();
+        abort_if($admin === null, 401);
+
+        $siteCode = (string) $request->validated('site_code');
+        if (! AdminSiteScope::siteCodeAllowed($admin, $siteCode)) {
+            return ApiResponse::error(
+                '无权在该站点下创建玩家',
+                ErrorCode::AdminForbidden->value,
+                null,
+                403,
+            );
+        }
+
        $exists = Player::query()
            ->where('site_code', $request->validated('site_code'))
            ->where('site_player_id', $request->validated('site_player_id'))