feat: 增强代理和玩家管理功能

- 在多个控制器中更新权限检查逻辑，确保管理员能够更灵活地管理代理和玩家。
- 在 AdminPlayerStoreController 中引入对玩家创建能力的验证，确保只有具备相应权限的管理员能够创建玩家。
- 更新请求验证逻辑，新增 credit_limit、rebate_rate 和 extra_rebate_rate 字段，以支持更细粒度的玩家管理。
- 在 AgentNodeProfileController 中添加对父代理能力授予的验证，确保子代理的权限在父代理范围内。
- 引入 AgentProfileFieldRules 以简化代理资料更新请求的规则定义，提升代码复用性。

tests/Feature/AdminAgentProfileCapabilityPermissionTest.php

@@ -0,0 +1,129 @@
+<?php
+
+use App\Models\AdminUser;
+use App\Models\AgentNode;
+use App\Models\AgentProfile;
+use App\Support\AdminAuthProfile;
+use App\Support\AgentPlatformRole;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+uses(RefreshDatabase::class);
+
+beforeEach(function (): void {
+    $this->artisan('lottery:agent-roles-sync')->assertExitCode(0);
+});
+
+test('agent profile switches strip create player and child manage from effective permissions', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+
+    $child = AgentNode::query()->create([
+        'admin_site_id' => $siteId,
+        'parent_id' => $rootId,
+        'path' => '/',
+        'depth' => 1,
+        'code' => 'cap-child',
+        'name' => 'Cap Child',
+        'status' => 1,
+    ]);
+    $child->path = "/{$rootId}/{$child->id}/";
+    $child->save();
+
+    AgentProfile::query()->create([
+        'agent_node_id' => $child->id,
+        'total_share_rate' => 10,
+        'credit_limit' => 0,
+        'allocated_credit' => 0,
+        'used_credit' => 0,
+        'rebate_limit' => 0,
+        'default_player_rebate' => 0,
+        'settlement_cycle' => 'weekly',
+        'can_grant_extra_rebate' => false,
+        'can_create_child_agent' => false,
+        'can_create_player' => false,
+    ]);
+
+    $admin = AdminUser::query()->create([
+        'username' => 'cap_child_agent',
+        'name' => 'Cap Child Agent',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+
+    DB::table('admin_user_agents')->insert([
+        'admin_user_id' => $admin->id,
+        'agent_node_id' => $child->id,
+        'is_primary' => true,
+        'granted_at' => now(),
+    ]);
+    $admin->syncPrimaryPlatformAgentRole($child->id);
+
+    $fresh = $admin->fresh();
+    $profile = AdminAuthProfile::fromAdmin($fresh);
+    $perms = $profile['permissions'];
+
+    expect($perms)->toContain('prd.agent.view')
+        ->not->toContain('prd.agent.manage')
+        ->not->toContain('prd.users.manage');
+
+    expect($fresh->hasPermissionCode('agent.node.manage'))->toBeFalse();
+    expect($fresh->hasPermissionCode('service.players.manage'))->toBeFalse();
+    expect($profile['agent']['can_create_child_agent'])->toBeFalse();
+    expect($profile['agent']['can_create_player'])->toBeFalse();
+});
+
+test('agent profile switches on grant create capabilities even when platform agent role omits manage', function (): void {
+    $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id');
+    $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id');
+
+    $child = AgentNode::query()->create([
+        'admin_site_id' => $siteId,
+        'parent_id' => $rootId,
+        'path' => '/',
+        'depth' => 1,
+        'code' => 'cap-child-on',
+        'name' => 'Cap Child On',
+        'status' => 1,
+    ]);
+    $child->path = "/{$rootId}/{$child->id}/";
+    $child->save();
+
+    AgentProfile::query()->create([
+        'agent_node_id' => $child->id,
+        'total_share_rate' => 10,
+        'credit_limit' => 0,
+        'allocated_credit' => 0,
+        'used_credit' => 0,
+        'rebate_limit' => 0,
+        'default_player_rebate' => 0,
+        'settlement_cycle' => 'weekly',
+        'can_grant_extra_rebate' => false,
+        'can_create_child_agent' => true,
+        'can_create_player' => true,
+    ]);
+
+    $admin = AdminUser::query()->create([
+        'username' => 'cap_child_on_agent',
+        'name' => 'Cap Child On Agent',
+        'email' => null,
+        'password' => Hash::make('secret-strong'),
+        'status' => 0,
+    ]);
+
+    DB::table('admin_user_agents')->insert([
+        'admin_user_id' => $admin->id,
+        'agent_node_id' => $child->id,
+        'is_primary' => true,
+        'granted_at' => now(),
+    ]);
+    $admin->syncPrimaryPlatformAgentRole($child->id);
+
+    $fresh = $admin->fresh();
+
+    expect($fresh->hasPermissionCode('agent.node.manage'))->toBeTrue();
+    expect($fresh->hasPermissionCode('service.players.manage'))->toBeTrue();
+    expect($fresh->adminPermissionSlugs())->toContain('prd.agent.manage')
+        ->and($fresh->adminPermissionSlugs())->toContain('prd.users.manage');
+});