feat: 增强管理员权限管理，添加 RBAC 支持，更新 AdminUser 模型以处理角色和权限，更新登录接口返回权限信息，扩展数据库填充器以同步角色权限

app/Http/Middleware/EnsureAdminPermission.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Lottery\ErrorCode;
+use App\Models\AdminUser;
+use App\Support\ApiResponse;
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+/**
+ * 后台 RBAC：在 {@see EnsureAdminApi} 之后校验 `admin_permissions.slug`。
+ * 路由参数支持 `slug` 或 `slug1|slug2`（满足其一即可）。
+ */
+class EnsureAdminPermission
+{
+    public function handle(Request $request, Closure $next, string $permissionSlugs): Response
+    {
+        $admin = $request->lotteryAdmin();
+        if (! $admin instanceof AdminUser) {
+            return ApiResponse::error(
+                trans('admin.unauthenticated', [], $request->lotteryLocale()),
+                ErrorCode::AdminUnauthenticated->value,
+                null,
+                401,
+            );
+        }
+
+        $slugs = array_values(array_filter(array_map('trim', explode('|', $permissionSlugs))));
+        if ($slugs === []) {
+            return $next($request);
+        }
+
+        foreach ($slugs as $slug) {
+            if ($admin->hasAdminPermission($slug)) {
+                return $next($request);
+            }
+        }
+
+        return ApiResponse::error(
+            trans('admin.permission_denied', [], $request->lotteryLocale()),
+            ErrorCode::AdminForbidden->value,
+            ['required_any' => $slugs],
+            403,
+        );
+    }
+}