feat: 增强代理和玩家管理功能

- 在多个控制器中更新权限检查逻辑，确保管理员能够更灵活地管理代理和玩家。
- 在 AdminPlayerStoreController 中引入对玩家创建能力的验证，确保只有具备相应权限的管理员能够创建玩家。
- 更新请求验证逻辑，新增 credit_limit、rebate_rate 和 extra_rebate_rate 字段，以支持更细粒度的玩家管理。
- 在 AgentNodeProfileController 中添加对父代理能力授予的验证，确保子代理的权限在父代理范围内。
- 引入 AgentProfileFieldRules 以简化代理资料更新请求的规则定义，提升代码复用性。

app/Http/Controllers/Api/V1/Admin/Player/AdminPlayerUpdateController.php

@@ -2,20 +2,31 @@
 
 namespace App\Http\Controllers\Api\V1\Admin\Player;
 
-use App\Models\Player;
-use App\Lottery\ErrorCode;
-use App\Support\ApiResponse;
-use Illuminate\Http\JsonResponse;
 use App\Http\Controllers\Controller;
-use App\Support\AdminSiteScope;
-use App\Support\PlayerApiPresenter;
 use App\Http\Requests\Admin\AdminPlayerUpdateRequest;
+use App\Models\AgentNode;
+use App\Models\Player;
+use App\Services\Agent\AgentProfileService;
+use App\Services\Agent\RebateLimitValidator;
+use App\Services\Player\PlayerCreditService;
+use App\Services\Player\PlayerRebateProfileService;
+use App\Support\AdminSiteScope;
+use App\Support\ApiResponse;
+use App\Support\PlayerApiPresenter;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\DB;
 
 /** PUT /api/v1/admin/players/{player} */
 final class AdminPlayerUpdateController extends Controller
 {
-    public function __invoke(AdminPlayerUpdateRequest $request, Player $player): JsonResponse
-    {
+    public function __invoke(
+        AdminPlayerUpdateRequest $request,
+        Player $player,
+        AgentProfileService $agentProfileService,
+        PlayerCreditService $playerCreditService,
+        RebateLimitValidator $rebateLimitValidator,
+        PlayerRebateProfileService $rebateProfileService,
+    ): JsonResponse {
         $admin = $request->lotteryAdmin();
         abort_if($admin === null, 401);
 
@@ -29,7 +40,57 @@ final class AdminPlayerUpdateController extends Controller
             $data['status'] = (int) $data['status'];
         }
 
-        $player->fill(array_filter($data, static fn ($v) => $v !== ''));
+        $agent = $player->agent_node_id !== null
+            ? AgentNode::query()->find((int) $player->agent_node_id)
+            : null;
+
+        if ($agent !== null && $request->has('rebate_rate')) {
+            $rebateLimitValidator->assertPlayerRebateWithinAgent(
+                $agent,
+                (float) $request->input('rebate_rate', 0),
+                (float) $request->input('extra_rebate_rate', 0),
+            );
+        }
+
+        if ($request->has('credit_limit') && $agent !== null) {
+            $newLimit = (int) $request->input('credit_limit', 0);
+            $creditRow = DB::table('player_credit_accounts')->where('player_id', $player->id)->first();
+            $previous = (int) ($creditRow->credit_limit ?? 0);
+            $usedCredit = (int) ($creditRow->used_credit ?? 0) + (int) ($creditRow->frozen_credit ?? 0);
+            $agentProfileService->adjustPlayerCreditAllocation($agent, $previous, $newLimit, $usedCredit);
+            $playerCreditService->upsertAccount($player, ['credit_limit' => $newLimit]);
+            $agentProfileService->refreshAllocatedCredit($agent);
+            unset($data['credit_limit']);
+        }
+
+        if ($request->has('rebate_rate')) {
+            DB::table('player_rebate_profiles')->updateOrInsert(
+                ['player_id' => $player->id, 'game_type' => '*'],
+                [
+                    'inherit_from_agent' => false,
+                    'rebate_rate' => (float) $request->input('rebate_rate', 0),
+                    'extra_rebate_rate' => (float) $request->input('extra_rebate_rate', 0),
+                    'updated_at' => now(),
+                    'created_at' => now(),
+                ],
+            );
+            unset($data['rebate_rate'], $data['extra_rebate_rate']);
+        }
+
+        if ($request->has('rebate_profiles') && $agent !== null) {
+            $rebateProfileService->syncProfiles($player->id, $agent, $request->input('rebate_profiles', []));
+            unset($data['rebate_profiles']);
+        }
+
+        if ($request->has('risk_tags')) {
+            $player->risk_tags = array_values(array_unique(array_filter(
+                array_map('strval', $request->input('risk_tags', [])),
+            )));
+            unset($data['risk_tags']);
+        }
+
+        unset($data['rebate_profiles']);
+        $player->fill(array_filter($data, static fn ($v) => $v !== '' && ! is_array($v)));
         $player->save();
 
         return ApiResponse::success(PlayerApiPresenter::listItem($player));