feat: 重构管理员权限管理,移除 AdminPermission 模型,整合权限与角色管理逻辑,优化 API 接口以支持角色与权限的同步,增强数据库填充器以对齐权限配置
This commit is contained in:
@@ -3,42 +3,79 @@
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\AdminPermission;
|
||||
use App\Models\AdminRole;
|
||||
use App\Support\ApiResponse;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
/** GET /api/v1/admin/admin-user-permission-catalog */
|
||||
final class AdminPermissionCatalogController extends Controller
|
||||
{
|
||||
public function __invoke(): JsonResponse
|
||||
{
|
||||
$permissions = AdminPermission::query()
|
||||
->orderBy('slug')
|
||||
->get(['id', 'slug', 'name']);
|
||||
/** @var list<array{slug: string, name: string}> */
|
||||
$catalog = config('admin_permissions.catalog', []);
|
||||
/** @var list<array{key: string, label: string, slugs: list<string>}> $groupDefs */
|
||||
$groupDefs = config('admin_permissions.catalog_menu_groups', []);
|
||||
|
||||
$catalogBySlug = collect($catalog)->keyBy('slug');
|
||||
|
||||
$permissions = collect($catalog)->values()->map(static fn (array $row, int $index): array => [
|
||||
'id' => $index + 1,
|
||||
'slug' => $row['slug'],
|
||||
'name' => $row['name'],
|
||||
])->all();
|
||||
|
||||
$permissionIdBySlug = collect($permissions)->keyBy('slug')->map(static fn (array $row): int => $row['id'])->all();
|
||||
|
||||
$permissionMenuGroups = [];
|
||||
foreach ($groupDefs as $g) {
|
||||
$rows = [];
|
||||
foreach ($g['slugs'] as $slug) {
|
||||
$meta = $catalogBySlug->get($slug);
|
||||
if ($meta === null) {
|
||||
continue;
|
||||
}
|
||||
$id = $permissionIdBySlug[$slug] ?? null;
|
||||
if ($id === null) {
|
||||
continue;
|
||||
}
|
||||
$rows[] = [
|
||||
'id' => (int) $id,
|
||||
'slug' => $slug,
|
||||
'name' => $meta['name'],
|
||||
];
|
||||
}
|
||||
if ($rows !== []) {
|
||||
$permissionMenuGroups[] = [
|
||||
'key' => $g['key'],
|
||||
'label' => $g['label'],
|
||||
'permissions' => $rows,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
$roles = AdminRole::query()
|
||||
->with(['permissions:id,slug', 'users:id'])
|
||||
->orderBy('slug')
|
||||
->get(['id', 'slug', 'name']);
|
||||
|
||||
return ApiResponse::success([
|
||||
'permissions' => $permissions->map(static fn (AdminPermission $permission): array => [
|
||||
'id' => (int) $permission->id,
|
||||
'slug' => $permission->slug,
|
||||
'name' => $permission->name,
|
||||
])->values()->all(),
|
||||
'roles' => $roles->map(static fn (AdminRole $role): array => [
|
||||
'id' => (int) $role->id,
|
||||
'slug' => $role->slug,
|
||||
'name' => $role->name,
|
||||
'permission_slugs' => $role->permissions
|
||||
->pluck('slug')
|
||||
->filter(static fn ($slug): bool => is_string($slug) && $slug !== '')
|
||||
->values()
|
||||
->all(),
|
||||
'user_count' => $role->users->count(),
|
||||
])->values()->all(),
|
||||
'permissions' => $permissions,
|
||||
'permission_menu_groups' => $permissionMenuGroups,
|
||||
'roles' => $roles->map(static function (AdminRole $role): array {
|
||||
$userCount = (int) DB::table('admin_user_site_roles')
|
||||
->where('role_id', $role->id)
|
||||
->distinct()
|
||||
->count('admin_user_id');
|
||||
|
||||
return [
|
||||
'id' => (int) $role->id,
|
||||
'slug' => $role->slug,
|
||||
'name' => $role->name,
|
||||
'permission_slugs' => $role->legacyPermissionSlugs(),
|
||||
'user_count' => $userCount,
|
||||
];
|
||||
})->values()->all(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,7 +18,7 @@ final class AdminUserIndexController extends Controller
|
||||
$keyword = trim((string) $request->query('keyword', ''));
|
||||
|
||||
$q = AdminUser::query()
|
||||
->with(['roles.permissions', 'permissions'])
|
||||
->with(['roles'])
|
||||
->orderByDesc('id');
|
||||
|
||||
if ($keyword !== '') {
|
||||
@@ -54,11 +54,7 @@ final class AdminUserIndexController extends Controller
|
||||
'email' => $user->email,
|
||||
'status' => (int) $user->status,
|
||||
'roles' => $user->adminRoleSlugs(),
|
||||
'direct_permissions' => $user->permissions
|
||||
->pluck('slug')
|
||||
->filter(static fn ($slug): bool => is_string($slug) && $slug !== '')
|
||||
->values()
|
||||
->all(),
|
||||
'direct_permissions' => $user->directLegacyPermissionSlugs(),
|
||||
'effective_permissions' => $user->adminPermissionSlugs(),
|
||||
];
|
||||
}
|
||||
|
||||
@@ -3,11 +3,13 @@
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\AdminPermission;
|
||||
use App\Models\AdminUser;
|
||||
use App\Support\AdminPermissionBridge;
|
||||
use App\Support\ApiResponse;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
/** PUT /api/v1/admin/admin-users/{admin_user}/permissions */
|
||||
final class AdminUserPermissionSyncController extends Controller
|
||||
@@ -17,28 +19,51 @@ final class AdminUserPermissionSyncController extends Controller
|
||||
/** @var array{permission_slugs:list<string>} $data */
|
||||
$data = validator($request->all(), [
|
||||
'permission_slugs' => ['required', 'array'],
|
||||
'permission_slugs.*' => ['string', 'max:128', 'distinct', 'exists:admin_permissions,slug'],
|
||||
'permission_slugs.*' => ['string', 'max:128', 'distinct', Rule::in(AdminPermissionBridge::allLegacySlugs())],
|
||||
])->validate();
|
||||
|
||||
$slugs = array_values(array_unique($data['permission_slugs']));
|
||||
$permissionIds = AdminPermission::query()
|
||||
->whereIn('slug', $slugs)
|
||||
$siteId = AdminUser::defaultAdminSiteId();
|
||||
|
||||
$codes = [];
|
||||
foreach ($slugs as $slug) {
|
||||
$codes = array_merge($codes, AdminPermissionBridge::menuActionCodesForLegacy($slug));
|
||||
}
|
||||
$codes = array_values(array_unique($codes));
|
||||
|
||||
$menuActionIds = DB::table('admin_menu_actions')
|
||||
->whereIn('permission_code', $codes)
|
||||
->where('status', 1)
|
||||
->pluck('id')
|
||||
->all();
|
||||
|
||||
$admin_user->permissions()->sync($permissionIds);
|
||||
$admin_user->load(['roles.permissions', 'permissions']);
|
||||
DB::transaction(function () use ($admin_user, $siteId, $menuActionIds): void {
|
||||
DB::table('admin_user_menu_actions')
|
||||
->where('admin_user_id', $admin_user->id)
|
||||
->where(function ($q) use ($siteId): void {
|
||||
$q->where('site_id', $siteId)->orWhereNull('site_id');
|
||||
})
|
||||
->delete();
|
||||
|
||||
$now = now();
|
||||
foreach ($menuActionIds as $mid) {
|
||||
DB::table('admin_user_menu_actions')->insert([
|
||||
'admin_user_id' => $admin_user->id,
|
||||
'site_id' => $siteId,
|
||||
'menu_action_id' => (int) $mid,
|
||||
'granted_at' => $now,
|
||||
]);
|
||||
}
|
||||
});
|
||||
|
||||
$admin_user->load('roles');
|
||||
|
||||
return ApiResponse::success([
|
||||
'id' => (int) $admin_user->id,
|
||||
'username' => $admin_user->username,
|
||||
'nickname' => $admin_user->name,
|
||||
'roles' => $admin_user->adminRoleSlugs(),
|
||||
'direct_permissions' => $admin_user->permissions
|
||||
->pluck('slug')
|
||||
->filter(static fn ($slug): bool => is_string($slug) && $slug !== '')
|
||||
->values()
|
||||
->all(),
|
||||
'direct_permissions' => $admin_user->directLegacyPermissionSlugs(),
|
||||
'effective_permissions' => $admin_user->adminPermissionSlugs(),
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,60 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api\V1\Admin\User;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\AdminUser;
|
||||
use App\Support\ApiResponse;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
/** PUT /api/v1/admin/admin-users/{admin_user}/roles */
|
||||
final class AdminUserRoleSyncController extends Controller
|
||||
{
|
||||
public function __invoke(Request $request, AdminUser $admin_user): JsonResponse
|
||||
{
|
||||
/** @var array{role_slugs:list<string>} $data */
|
||||
$data = validator($request->all(), [
|
||||
'role_slugs' => ['required', 'array'],
|
||||
'role_slugs.*' => ['string', 'max:64', 'distinct', Rule::exists('admin_roles', 'slug')],
|
||||
])->validate();
|
||||
|
||||
$slugs = array_values(array_unique($data['role_slugs']));
|
||||
$siteId = AdminUser::defaultAdminSiteId();
|
||||
|
||||
$roleIds = DB::table('admin_roles')
|
||||
->whereIn('slug', $slugs)
|
||||
->pluck('id')
|
||||
->all();
|
||||
|
||||
DB::transaction(function () use ($admin_user, $siteId, $roleIds): void {
|
||||
DB::table('admin_user_site_roles')
|
||||
->where('admin_user_id', $admin_user->id)
|
||||
->where('site_id', $siteId)
|
||||
->delete();
|
||||
|
||||
$now = now();
|
||||
foreach ($roleIds as $rid) {
|
||||
DB::table('admin_user_site_roles')->insert([
|
||||
'admin_user_id' => $admin_user->id,
|
||||
'site_id' => $siteId,
|
||||
'role_id' => (int) $rid,
|
||||
'granted_at' => $now,
|
||||
]);
|
||||
}
|
||||
});
|
||||
|
||||
$admin_user->load('roles');
|
||||
|
||||
return ApiResponse::success([
|
||||
'id' => (int) $admin_user->id,
|
||||
'username' => $admin_user->username,
|
||||
'nickname' => $admin_user->name,
|
||||
'roles' => $admin_user->adminRoleSlugs(),
|
||||
'direct_permissions' => $admin_user->directLegacyPermissionSlugs(),
|
||||
'effective_permissions' => $admin_user->adminPermissionSlugs(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -10,7 +10,7 @@ use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
/**
|
||||
* 后台 RBAC:在 {@see EnsureAdminApi} 之后校验 `admin_permissions.slug`。
|
||||
* 后台 RBAC:在 {@see EnsureAdminApi} 之后校验 `prd.*` 等功能权限 slug(与 {@see AdminUser::hasAdminPermission} 一致)。
|
||||
* 路由参数支持 `slug` 或 `slug1|slug2`(满足其一即可)。
|
||||
*/
|
||||
class EnsureAdminPermission
|
||||
|
||||
Reference in New Issue
Block a user