feat: 增强代理和玩家管理功能
- 在 SyncAdminAuthorizationCommand 中新增对代理线路和结算菜单操作的同步功能,确保缺失的菜单操作行能够被创建。 - 更新多个控制器中的权限检查逻辑,使用 hasPermissionCode 替代原有的权限验证方式,提升权限管理的灵活性。 - 在 AdminPlayerStoreController 中引入对玩家创建能力的验证,确保只有具备相应权限的管理员能够创建玩家。 - 更新请求验证逻辑,新增 credit_limit、rebate_rate 和 extra_rebate_rate 字段,以支持更细粒度的玩家管理。 - 在 AdminUser 和 AgentNode 模型中增强角色与用户的权限管理功能,支持更细粒度的权限控制。
This commit is contained in:
@@ -58,6 +58,7 @@ final class AdminPermissionCatalogController extends Controller
|
||||
}
|
||||
|
||||
$roles = AdminRole::query()
|
||||
->where('scope_type', AdminRole::SCOPE_SYSTEM)
|
||||
->orderBy('slug')
|
||||
->get(['id', 'slug', 'name']);
|
||||
|
||||
|
||||
@@ -10,12 +10,15 @@ use Illuminate\Http\Request;
|
||||
use App\Services\AuditLogger;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
|
||||
final class AdminRoleDestroyController extends Controller
|
||||
{
|
||||
public function __invoke(Request $request, AdminRole $admin_role): JsonResponse
|
||||
{
|
||||
AdminAccountScopeGuard::assertSystemRole($admin_role);
|
||||
|
||||
if ($admin_role->slug === AdminRole::ROLE_SUPER_ADMIN) {
|
||||
return ApiMessage::errorResponse($request, 'admin.role_cannot_delete_super_admin', ErrorCode::ValidationFailed->value, null, 422);
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminPermissionInheritance;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
use App\Http\Requests\Admin\AdminRolePermissionSyncRequest;
|
||||
|
||||
@@ -16,6 +17,8 @@ final class AdminRolePermissionSyncController extends Controller
|
||||
{
|
||||
public function __invoke(AdminRolePermissionSyncRequest $request, AdminRole $admin_role): JsonResponse
|
||||
{
|
||||
AdminAccountScopeGuard::assertSystemRole($admin_role);
|
||||
|
||||
$slugs = AdminPermissionInheritance::expand(
|
||||
array_values(array_unique($request->validated('permission_slugs', []))),
|
||||
);
|
||||
|
||||
@@ -7,6 +7,7 @@ use App\Support\ApiResponse;
|
||||
use App\Services\AuditLogger;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminRoleApiPresenter;
|
||||
use App\Http\Requests\Admin\AdminRoleUpdateRequest;
|
||||
|
||||
@@ -14,6 +15,8 @@ final class AdminRoleUpdateController extends Controller
|
||||
{
|
||||
public function __invoke(AdminRoleUpdateRequest $request, AdminRole $admin_role): JsonResponse
|
||||
{
|
||||
AdminAccountScopeGuard::assertSystemRole($admin_role);
|
||||
|
||||
$before = AdminRoleApiPresenter::item($admin_role);
|
||||
|
||||
$payload = [];
|
||||
|
||||
@@ -10,6 +10,7 @@ use Illuminate\Http\Request;
|
||||
use App\Services\AuditLogger;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminUserApiPresenter;
|
||||
|
||||
/** DELETE /api/v1/admin/admin-users/{admin_user} */
|
||||
@@ -19,6 +20,7 @@ final class AdminUserDestroyController extends Controller
|
||||
{
|
||||
/** @var AdminUser $actor */
|
||||
$actor = $request->lotteryAdmin();
|
||||
AdminAccountScopeGuard::assertPlatformAccount($admin_user);
|
||||
|
||||
if ((int) $actor->getKey() === (int) $admin_user->getKey()) {
|
||||
return ApiMessage::errorResponse($request, 'admin.user_cannot_delete_self', ErrorCode::ValidationFailed->value, null, 422);
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Models\AdminUser;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Http\Request;
|
||||
use App\Support\AdminApiList;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
@@ -19,6 +20,11 @@ final class AdminUserIndexController extends Controller
|
||||
|
||||
$q = AdminUser::query()
|
||||
->with(['roles'])
|
||||
->whereNotExists(static function ($sub): void {
|
||||
$sub->select(DB::raw(1))
|
||||
->from('admin_user_agents as uag')
|
||||
->whereColumn('uag.admin_user_id', 'admin_users.id');
|
||||
})
|
||||
->orderByDesc('id');
|
||||
|
||||
if ($keyword !== '') {
|
||||
|
||||
@@ -9,6 +9,8 @@ use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminPermissionBridge;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminUserApiPresenter;
|
||||
use App\Http\Requests\Admin\AdminUserPermissionSyncRequest;
|
||||
|
||||
/** PUT /api/v1/admin/admin-users/{admin_user}/permissions */
|
||||
@@ -16,6 +18,8 @@ final class AdminUserPermissionSyncController extends Controller
|
||||
{
|
||||
public function __invoke(AdminUserPermissionSyncRequest $request, AdminUser $admin_user): JsonResponse
|
||||
{
|
||||
AdminAccountScopeGuard::assertPlatformAccount($admin_user);
|
||||
|
||||
$input = $request->validated();
|
||||
$slugs = AdminPermissionBridge::normalizeCanonicalLegacySlugs(array_values(array_filter(
|
||||
(array) ($input['permissions'] ?? $input['permission_slugs'] ?? []),
|
||||
@@ -69,13 +73,6 @@ final class AdminUserPermissionSyncController extends Controller
|
||||
],
|
||||
);
|
||||
|
||||
return ApiResponse::success([
|
||||
'id' => (int) $admin_user->id,
|
||||
'username' => $admin_user->username,
|
||||
'nickname' => $admin_user->name,
|
||||
'roles' => $admin_user->adminRoleSlugs(),
|
||||
'direct_permissions' => $admin_user->directLegacyPermissionSlugs(),
|
||||
'effective_permissions' => $admin_user->adminPermissionSlugs(),
|
||||
]);
|
||||
return ApiResponse::success(AdminUserApiPresenter::listItem($admin_user));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,6 +6,8 @@ use App\Models\AdminUser;
|
||||
use App\Support\ApiResponse;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminUserApiPresenter;
|
||||
use App\Http\Requests\Admin\AdminUserRoleSyncRequest;
|
||||
|
||||
/** PUT /api/v1/admin/admin-users/{admin_user}/roles */
|
||||
@@ -13,18 +15,13 @@ final class AdminUserRoleSyncController extends Controller
|
||||
{
|
||||
public function __invoke(AdminUserRoleSyncRequest $request, AdminUser $admin_user): JsonResponse
|
||||
{
|
||||
AdminAccountScopeGuard::assertPlatformAccount($admin_user);
|
||||
|
||||
$slugs = array_values(array_unique($request->validated('role_slugs')));
|
||||
$admin_user->syncRoleSlugsForDefaultSite($slugs);
|
||||
$admin_user->syncSystemRoleSlugs($slugs);
|
||||
|
||||
$admin_user->load('roles');
|
||||
|
||||
return ApiResponse::success([
|
||||
'id' => (int) $admin_user->id,
|
||||
'username' => $admin_user->username,
|
||||
'nickname' => $admin_user->name,
|
||||
'roles' => $admin_user->adminRoleSlugs(),
|
||||
'direct_permissions' => $admin_user->directLegacyPermissionSlugs(),
|
||||
'effective_permissions' => $admin_user->adminPermissionSlugs(),
|
||||
]);
|
||||
return ApiResponse::success(AdminUserApiPresenter::listItem($admin_user));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ use App\Models\AdminUser;
|
||||
use App\Support\ApiResponse;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminUserApiPresenter;
|
||||
|
||||
/** GET /api/v1/admin/admin-users/{admin_user} */
|
||||
@@ -13,6 +14,8 @@ final class AdminUserShowController extends Controller
|
||||
{
|
||||
public function __invoke(AdminUser $admin_user): JsonResponse
|
||||
{
|
||||
AdminAccountScopeGuard::assertPlatformAccount($admin_user);
|
||||
|
||||
$admin_user->load('roles');
|
||||
|
||||
return ApiResponse::success(AdminUserApiPresenter::listItem($admin_user));
|
||||
|
||||
@@ -37,7 +37,7 @@ final class AdminUserStoreController extends Controller
|
||||
'password' => $request->validated('password'),
|
||||
'status' => $request->validated('status', 0),
|
||||
]);
|
||||
$created->syncRoleSlugsForDefaultSite($roleSlugs);
|
||||
$created->syncSystemRoleSlugs($roleSlugs);
|
||||
|
||||
return $created;
|
||||
});
|
||||
|
||||
@@ -7,6 +7,7 @@ use App\Support\ApiResponse;
|
||||
use App\Services\AuditLogger;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Support\AdminAccountScopeGuard;
|
||||
use App\Support\AdminUserApiPresenter;
|
||||
use App\Http\Requests\Admin\AdminUserUpdateRequest;
|
||||
|
||||
@@ -17,6 +18,7 @@ final class AdminUserUpdateController extends Controller
|
||||
{
|
||||
/** @var AdminUser $actor */
|
||||
$actor = $request->lotteryAdmin();
|
||||
AdminAccountScopeGuard::assertPlatformAccount($admin_user);
|
||||
|
||||
$admin_user->load('roles');
|
||||
$before = AdminUserApiPresenter::listItem($admin_user);
|
||||
|
||||
Reference in New Issue
Block a user