feat: 增强代理和玩家管理功能

- 在 SyncAdminAuthorizationCommand 中新增对代理线路和结算菜单操作的同步功能，确保缺失的菜单操作行能够被创建。 - 更新多个控制器中的权限检查逻辑，使用 hasPermissionCode 替代原有的权限验证方式，提升权限管理的灵活性。 - 在 AdminPlayerStoreController 中引入对玩家创建能力的验证，确保只有具备相应权限的管理员能够创建玩家。 - 更新请求验证逻辑，新增 credit_limit、rebate_rate 和 extra_rebate_rate 字段，以支持更细粒度的玩家管理。 - 在 AdminUser 和 AgentNode 模型中增强角色与用户的权限管理功能，支持更细粒度的权限控制。
2026-06-04 09:17:47 +08:00
parent 240d585f15
commit e3ffffad9c
74 changed files with 3076 additions and 65 deletions
--- a/tests/Feature/AdminPlayerManageApiTest.php
+++ b/tests/Feature/AdminPlayerManageApiTest.php
@@ -63,6 +63,47 @@ function playerPermissionRequest($test, string $token)
    return $test->withHeader('Authorization', 'Bearer '.$token);
 }

+test('super admin can create player under site root agent', function (): void {
+    $siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
+    $siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';
+
+    $token = playerManageAdminToken();
+
+    $sitePlayerId = 'manual-create-'.uniqid('', true);
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->postJson('/api/v1/admin/players', [
+            'site_code' => $siteCode,
+            'site_player_id' => $sitePlayerId,
+            'default_currency' => 'NPR',
+            'status' => 0,
+        ])
+        ->assertCreated()
+        ->assertJsonPath('data.site_code', $siteCode)
+        ->assertJsonPath('data.site_player_id', $sitePlayerId);
+
+    $this->assertDatabaseHas('players', [
+        'site_code' => $siteCode,
+        'site_player_id' => $sitePlayerId,
+    ]);
+});
+
+test('platform user without agent binding cannot create player', function (): void {
+    $siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
+    $siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';
+
+    $token = playerPermissionAdminToken('player_manager_no_agent', ['prd.users.manage']);
+
+    $this->withHeader('Authorization', 'Bearer '.$token)
+        ->postJson('/api/v1/admin/players', [
+            'site_code' => $siteCode,
+            'site_player_id' => 'blocked-create',
+            'default_currency' => 'NPR',
+        ])
+        ->assertStatus(422)
+        ->assertJsonPath('msg', fn (string $msg): bool => str_contains($msg, '代理') || str_contains($msg, 'agent'));
+});
+
 test('admin can freeze and unfreeze player with audit log', function (): void {
    $siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
    $siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';