feat: 增强代理和玩家管理功能
- 在多个控制器中更新权限检查逻辑,确保管理员能够更灵活地管理代理和玩家。 - 在 AdminPlayerStoreController 中引入对玩家创建能力的验证,确保只有具备相应权限的管理员能够创建玩家。 - 更新请求验证逻辑,新增 credit_limit、rebate_rate 和 extra_rebate_rate 字段,以支持更细粒度的玩家管理。 - 在 AgentNodeProfileController 中添加对父代理能力授予的验证,确保子代理的权限在父代理范围内。 - 引入 AgentProfileFieldRules 以简化代理资料更新请求的规则定义,提升代码复用性。
This commit is contained in:
@@ -12,6 +12,7 @@ use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
use App\Support\PlatformSystemRoles;
|
||||
|
||||
final class AdminRoleDestroyController extends Controller
|
||||
{
|
||||
@@ -19,8 +20,8 @@ final class AdminRoleDestroyController extends Controller
|
||||
{
|
||||
AdminAccountScopeGuard::assertSystemRole($admin_role);
|
||||
|
||||
if ($admin_role->slug === AdminRole::ROLE_SUPER_ADMIN) {
|
||||
return ApiMessage::errorResponse($request, 'admin.role_cannot_delete_super_admin', ErrorCode::ValidationFailed->value, null, 422);
|
||||
if (PlatformSystemRoles::isFixedSlug((string) $admin_role->slug)) {
|
||||
return ApiMessage::errorResponse($request, 'admin.role_builtin_cannot_delete', ErrorCode::ValidationFailed->value, null, 422);
|
||||
}
|
||||
if ((bool) $admin_role->is_system) {
|
||||
return ApiMessage::errorResponse($request, 'admin.role_builtin_cannot_delete', ErrorCode::ValidationFailed->value, null, 422);
|
||||
|
||||
@@ -7,6 +7,7 @@ use App\Support\ApiResponse;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
use App\Support\PlatformSystemRoles;
|
||||
|
||||
final class AdminRoleIndexController extends Controller
|
||||
{
|
||||
@@ -14,6 +15,7 @@ final class AdminRoleIndexController extends Controller
|
||||
{
|
||||
$roles = AdminRole::query()
|
||||
->where('scope_type', AdminRole::SCOPE_SYSTEM)
|
||||
->whereIn('slug', PlatformSystemRoles::fixedSlugs())
|
||||
->orderBy('sort_order')
|
||||
->orderBy('id')
|
||||
->get();
|
||||
|
||||
@@ -9,8 +9,11 @@ use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminPermissionInheritance;
|
||||
use App\Lottery\ErrorCode;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
use App\Support\ApiMessage;
|
||||
use App\Support\PlatformSystemRoles;
|
||||
use App\Http\Requests\Admin\AdminRolePermissionSyncRequest;
|
||||
|
||||
final class AdminRolePermissionSyncController extends Controller
|
||||
@@ -19,6 +22,16 @@ final class AdminRolePermissionSyncController extends Controller
|
||||
{
|
||||
AdminAccountScopeGuard::assertSystemRole($admin_role);
|
||||
|
||||
if ($admin_role->slug === PlatformSystemRoles::SLUG_SUPER_ADMIN) {
|
||||
return ApiMessage::errorResponse(
|
||||
$request,
|
||||
'admin.role_super_admin_permissions_fixed',
|
||||
ErrorCode::ValidationFailed->value,
|
||||
null,
|
||||
422,
|
||||
);
|
||||
}
|
||||
|
||||
$slugs = AdminPermissionInheritance::expand(
|
||||
array_values(array_unique($request->validated('permission_slugs', []))),
|
||||
);
|
||||
|
||||
@@ -2,53 +2,22 @@
|
||||
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Models\AdminRole;
|
||||
use App\Support\ApiResponse;
|
||||
use App\Services\AuditLogger;
|
||||
use App\Lottery\ErrorCode;
|
||||
use App\Support\ApiMessage;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminPermissionInheritance;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
use App\Http\Requests\Admin\AdminRoleStoreRequest;
|
||||
|
||||
final class AdminRoleStoreController extends Controller
|
||||
{
|
||||
public function __invoke(AdminRoleStoreRequest $request): JsonResponse
|
||||
{
|
||||
$permissionSlugs = AdminPermissionInheritance::expand(
|
||||
array_values(array_unique($request->validated('permission_slugs', []))),
|
||||
);
|
||||
|
||||
$role = DB::transaction(function () use ($request, $permissionSlugs): AdminRole {
|
||||
$role = AdminRole::query()->create([
|
||||
'slug' => $request->validated('slug'),
|
||||
'code' => $request->validated('slug'),
|
||||
'name' => $request->validated('name'),
|
||||
'description' => $request->validated('description'),
|
||||
'status' => $request->validated('status', 1),
|
||||
'is_system' => false,
|
||||
'sort_order' => 0,
|
||||
'scope_type' => AdminRole::SCOPE_SYSTEM,
|
||||
'owner_agent_id' => null,
|
||||
'delegated_from_role_id' => null,
|
||||
]);
|
||||
$role->syncLegacyPermissionSlugs($permissionSlugs);
|
||||
|
||||
return $role->fresh();
|
||||
});
|
||||
|
||||
AuditLogger::recordForAdmin(
|
||||
$request->lotteryAdmin(),
|
||||
return ApiMessage::errorResponse(
|
||||
$request,
|
||||
'system',
|
||||
'admin_role.create',
|
||||
'admin_role',
|
||||
(string) $role->id,
|
||||
'admin.platform_roles_fixed',
|
||||
ErrorCode::ValidationFailed->value,
|
||||
null,
|
||||
AdminRoleApiPresenter::item($role),
|
||||
422,
|
||||
);
|
||||
|
||||
return ApiResponse::success(AdminRoleApiPresenter::item($role));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,12 +3,15 @@
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Models\AdminRole;
|
||||
use App\Lottery\ErrorCode;
|
||||
use App\Support\ApiMessage;
|
||||
use App\Support\ApiResponse;
|
||||
use App\Services\AuditLogger;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
use App\Support\PlatformSystemRoles;
|
||||
use App\Http\Requests\Admin\AdminRoleUpdateRequest;
|
||||
|
||||
final class AdminRoleUpdateController extends Controller
|
||||
@@ -17,6 +20,16 @@ final class AdminRoleUpdateController extends Controller
|
||||
{
|
||||
AdminAccountScopeGuard::assertSystemRole($admin_role);
|
||||
|
||||
if ($admin_role->slug === PlatformSystemRoles::SLUG_SUPER_ADMIN) {
|
||||
return ApiMessage::errorResponse(
|
||||
$request,
|
||||
'admin.role_super_admin_metadata_fixed',
|
||||
ErrorCode::ValidationFailed->value,
|
||||
null,
|
||||
422,
|
||||
);
|
||||
}
|
||||
|
||||
$before = AdminRoleApiPresenter::item($admin_role);
|
||||
|
||||
$payload = [];
|
||||
|
||||
@@ -8,6 +8,7 @@ use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminUserApiPresenter;
|
||||
use App\Support\AdminPlatformUserSiteGuard;
|
||||
use App\Http\Requests\Admin\AdminUserRoleSyncRequest;
|
||||
|
||||
/** PUT /api/v1/admin/admin-users/{admin_user}/roles */
|
||||
@@ -15,10 +16,16 @@ final class AdminUserRoleSyncController extends Controller
|
||||
{
|
||||
public function __invoke(AdminUserRoleSyncRequest $request, AdminUser $admin_user): JsonResponse
|
||||
{
|
||||
/** @var AdminUser $actor */
|
||||
$actor = $request->lotteryAdmin();
|
||||
|
||||
AdminAccountScopeGuard::assertPlatformAccount($admin_user);
|
||||
|
||||
$siteId = (int) $request->validated('admin_site_id');
|
||||
AdminPlatformUserSiteGuard::assertActorCanAssignSite($actor, $siteId);
|
||||
|
||||
$slugs = array_values(array_unique($request->validated('role_slugs')));
|
||||
$admin_user->syncSystemRoleSlugs($slugs);
|
||||
$admin_user->syncSystemRoleSlugsForSite($siteId, $slugs);
|
||||
|
||||
$admin_user->load('roles');
|
||||
|
||||
|
||||
@@ -9,6 +9,7 @@ use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminUserApiPresenter;
|
||||
use App\Support\AdminPlatformUserSiteGuard;
|
||||
use App\Http\Requests\Admin\AdminUserStoreRequest;
|
||||
|
||||
/**
|
||||
@@ -28,8 +29,10 @@ final class AdminUserStoreController extends Controller
|
||||
: null;
|
||||
|
||||
$roleSlugs = array_values(array_unique($request->validated('role_slugs')));
|
||||
$siteId = (int) $request->validated('admin_site_id');
|
||||
AdminPlatformUserSiteGuard::assertActorCanAssignSite($actor, $siteId);
|
||||
|
||||
$user = DB::transaction(function () use ($request, $email, $roleSlugs): AdminUser {
|
||||
$user = DB::transaction(function () use ($request, $email, $roleSlugs, $siteId): AdminUser {
|
||||
$created = AdminUser::query()->create([
|
||||
'username' => $request->validated('username'),
|
||||
'name' => $request->validated('nickname'),
|
||||
@@ -37,7 +40,7 @@ final class AdminUserStoreController extends Controller
|
||||
'password' => $request->validated('password'),
|
||||
'status' => $request->validated('status', 0),
|
||||
]);
|
||||
$created->syncSystemRoleSlugs($roleSlugs);
|
||||
$created->syncSystemRoleSlugsForSite($siteId, $roleSlugs);
|
||||
|
||||
return $created;
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user