feat: 重构管理员权限管理，移除 AdminPermission 模型，整合权限与角色管理逻辑，优化 API 接口以支持角色与权限的同步，增强数据库填充器以对齐权限配置

2026-05-13 10:40:07 +08:00
parent 3c92bef774
commit edd863764b
18 changed files with 1486 additions and 224 deletions
--- a/app/Http/Controllers/Api/V1/Admin/User/AdminUserRoleSyncController.php
+++ b/app/Http/Controllers/Api/V1/Admin/User/AdminUserRoleSyncController.php
@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Http\Controllers\Api\V1\Admin\User;
+
+use App\Http\Controllers\Controller;
+use App\Models\AdminUser;
+use App\Support\ApiResponse;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Validation\Rule;
+
+/** PUT /api/v1/admin/admin-users/{admin_user}/roles */
+final class AdminUserRoleSyncController extends Controller
+{
+    public function __invoke(Request $request, AdminUser $admin_user): JsonResponse
+    {
+        /** @var array{role_slugs:list<string>} $data */
+        $data = validator($request->all(), [
+            'role_slugs' => ['required', 'array'],
+            'role_slugs.*' => ['string', 'max:64', 'distinct', Rule::exists('admin_roles', 'slug')],
+        ])->validate();
+
+        $slugs = array_values(array_unique($data['role_slugs']));
+        $siteId = AdminUser::defaultAdminSiteId();
+
+        $roleIds = DB::table('admin_roles')
+            ->whereIn('slug', $slugs)
+            ->pluck('id')
+            ->all();
+
+        DB::transaction(function () use ($admin_user, $siteId, $roleIds): void {
+            DB::table('admin_user_site_roles')
+                ->where('admin_user_id', $admin_user->id)
+                ->where('site_id', $siteId)
+                ->delete();
+
+            $now = now();
+            foreach ($roleIds as $rid) {
+                DB::table('admin_user_site_roles')->insert([
+                    'admin_user_id' => $admin_user->id,
+                    'site_id' => $siteId,
+                    'role_id' => (int) $rid,
+                    'granted_at' => $now,
+                ]);
+            }
+        });
+
+        $admin_user->load('roles');
+
+        return ApiResponse::success([
+            'id' => (int) $admin_user->id,
+            'username' => $admin_user->username,
+            'nickname' => $admin_user->name,
+            'roles' => $admin_user->adminRoleSlugs(),
+            'direct_permissions' => $admin_user->directLegacyPermissionSlugs(),
+            'effective_permissions' => $admin_user->adminPermissionSlugs(),
+        ]);
+    }
+}