xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 增强管理员权限管理,添加 RBAC 支持,更新 AdminUser 模型以处理角色和权限,更新登录接口返回权限信息,扩展数据库填充器以同步角色权限

Browse Source
This commit is contained in:
kang
2026-05-11 16:21:13 +08:00
parent 19003f5041
commit fc023242ce
39 changed files with 1587 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
app/Http/Controllers/Api/V1/Admin/Audit/AuditLogIndexController.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Audit;
use App\Http\Controllers\Controller;
use App\Models\AuditLog;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
/**
* GET /api/v1/admin/audit-logs 运营/客服查询审计留痕。
*/
final class AuditLogIndexController extends Controller
{
public function __invoke(Request $request): JsonResponse
{
$perPage = min(max((int) $request->integer('per_page', 25), 1), 100);
$page = max((int) $request->integer('page', 1), 1);
$module = trim((string) $request->query('module_code', ''));
$action = trim((string) $request->query('action_code', ''));
$operatorType = trim((string) $request->query('operator_type', ''));
$q = AuditLog::query()->orderByDesc('id');
if ($module !== '') {
$q->where('module_code', $module);
}
if ($action !== '') {
$q->where('action_code', $action);
}
if ($operatorType !== '') {
$q->where('operator_type', $operatorType);
}
$paginator = $q->paginate($perPage, ['*'], 'page', $page);
return ApiResponse::success([
'items' => collect($paginator->items())->map(fn (AuditLog $r) => $this->row($r))->all(),
'meta' => [
'current_page' => $paginator->currentPage(),
'per_page' => $paginator->perPage(),
'total' => $paginator->total(),
'last_page' => $paginator->lastPage(),
],
]);
}
/** @return array<string, mixed> */
private function row(AuditLog $r): array
{
return [
'id' => (int) $r->id,
'operator_type' => $r->operator_type,
'operator_id' => (int) $r->operator_id,
'module_code' => $r->module_code,
'action_code' => $r->action_code,
'target_type' => $r->target_type,
'target_id' => $r->target_id,
'before_json' => $r->before_json,
'after_json' => $r->after_json,
'ip' => $r->ip,
'user_agent' => $r->user_agent,
'created_at' => $r->created_at?->toIso8601String(),
];
}
}

1
app/Http/Controllers/Api/V1/Admin/Auth/LoginController.php
View File

@@ -87,6 +87,7 @@ final class LoginController
'username' => $admin->username, 'username' => $admin->username,
'nickname' => $admin->name, 'nickname' => $admin->name,
'email' => $admin->email, 'email' => $admin->email,
'permissions' => $admin->fresh()->adminPermissionSlugs(),
], ],
]); ]);
} }

70
app/Http/Controllers/Api/V1/Admin/Draw/AdminDrawFinanceSummaryController.php Normal file
View File

@@ -0,0 +1,70 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Draw;
use App\Http\Controllers\Controller;
use App\Models\Draw;
use App\Models\SettlementBatch;
use App\Models\TicketItem;
use App\Models\TicketOrder;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
/**
* GET /api/v1/admin/draws/{draw}/finance-summary 单期投注/派彩汇总(客服/财务视角PRD §15.4)。
*
* 口径:以订单实扣汇总为「当期投注」;以注项中奖+Jackpot 为「当期派彩」;差额为近似毛损益(不含回水等细项)。
*/
final class AdminDrawFinanceSummaryController extends Controller
{
public function __invoke(Draw $draw): JsonResponse
{
$drawId = (int) $draw->id;
$totalBetMinor = (int) TicketOrder::query()->where('draw_id', $drawId)->sum('total_actual_deduct');
$orderCount = (int) TicketOrder::query()->where('draw_id', $drawId)->count();
$itemCount = (int) TicketItem::query()->where('draw_id', $drawId)->count();
$currencyCode = (string) (TicketOrder::query()
->where('draw_id', $drawId)
->value('currency_code') ?? '');
$totalWinMinor = (int) TicketItem::query()->where('draw_id', $drawId)->sum('win_amount');
$totalJackpotWinMinor = (int) TicketItem::query()->where('draw_id', $drawId)->sum('jackpot_win_amount');
$totalPayoutMinor = $totalWinMinor + $totalJackpotWinMinor;
$approxHouseGrossMinor = $totalBetMinor - $totalPayoutMinor;
$batches = SettlementBatch::query()
->where('draw_id', $drawId)
->orderByDesc('id')
->limit(30)
->get(['id', 'status', 'total_ticket_count', 'total_win_count', 'total_payout_amount', 'total_jackpot_payout_amount', 'finished_at']);
$batchRows = $batches->map(static function (SettlementBatch $b): array {
return [
'id' => (int) $b->id,
'status' => $b->status,
'total_ticket_count' => (int) $b->total_ticket_count,
'total_win_count' => (int) $b->total_win_count,
'total_payout_amount' => (int) $b->total_payout_amount,
'total_jackpot_payout_amount' => (int) $b->total_jackpot_payout_amount,
'finished_at' => $b->finished_at?->toIso8601String(),
];
})->values()->all();
return ApiResponse::success([
'draw_id' => $drawId,
'draw_no' => $draw->draw_no,
'draw_status' => $draw->status,
'currency_code' => $currencyCode !== '' ? $currencyCode : null,
'order_count' => $orderCount,
'ticket_item_count' => $itemCount,
'total_bet_minor' => $totalBetMinor,
'total_win_payout_minor' => $totalWinMinor,
'total_jackpot_win_minor' => $totalJackpotWinMinor,
'total_payout_minor' => $totalPayoutMinor,
'approx_house_gross_minor' => $approxHouseGrossMinor,
'settlement_batches' => $batchRows,
]);
}
}

74
app/Http/Controllers/Api/V1/Admin/Player/AdminPlayerTicketItemsIndexController.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Player;
use App\Http\Controllers\Controller;
use App\Models\Player;
use App\Models\TicketItem;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
/**
* GET /api/v1/admin/players/{player}/ticket-items 客服/财务按玩家查注单PRD §15.4)。
*
* Query`page``per_page`(最大 50)、`draw_no`(可选,精确期号)。
*/
final class AdminPlayerTicketItemsIndexController extends Controller
{
public function __invoke(Request $request, Player $player): JsonResponse
{
$validated = validator($request->query(), [
'page' => ['sometimes', 'integer', 'min:1'],
'per_page' => ['sometimes', 'integer', 'min:1', 'max:50'],
'draw_no' => ['sometimes', 'nullable', 'string', 'max:32'],
])->validate();
$perPage = max(1, min(50, (int) ($validated['per_page'] ?? 20)));
$page = max(1, (int) ($validated['page'] ?? 1));
$drawNo = isset($validated['draw_no']) ? trim((string) $validated['draw_no']) : '';
$query = TicketItem::query()
->where('ticket_items.player_id', $player->id)
->with([
'draw:id,draw_no,business_date',
'order:id,order_no,currency_code,created_at',
])
->orderByDesc('ticket_items.id');
if ($drawNo !== '') {
$query->whereHas('draw', fn ($q) => $q->where('draw_no', $drawNo));
}
$paginator = $query->paginate(perPage: $perPage, page: $page, columns: ['*']);
$items = collect($paginator->items())->map(function (TicketItem $row): array {
return [
'ticket_no' => $row->ticket_no,
'order_no' => $row->order?->order_no,
'draw_no' => $row->draw?->draw_no,
'currency_code' => $row->order?->currency_code,
'play_code' => $row->play_code,
'original_number' => $row->original_number,
'total_bet_amount' => (int) $row->total_bet_amount,
'actual_deduct_amount' => (int) $row->actual_deduct_amount,
'status' => $row->status,
'fail_reason_code' => $row->fail_reason_code,
'fail_reason_text' => $row->fail_reason_text,
'win_amount' => (int) $row->win_amount,
'jackpot_win_amount' => (int) $row->jackpot_win_amount,
'placed_at' => $row->order?->created_at?->toIso8601String(),
'updated_at' => $row->updated_at?->toIso8601String(),
];
})->values()->all();
return ApiResponse::success([
'player_id' => (int) $player->id,
'items' => $items,
'total' => $paginator->total(),
'page' => $paginator->currentPage(),
'per_page' => $paginator->perPage(),
'last_page' => $paginator->lastPage(),
]);
}
}

44
app/Http/Controllers/Api/V1/Admin/Reconcile/ReconcileItemIndexController.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Reconcile;
use App\Http\Controllers\Controller;
use App\Models\ReconcileItem;
use App\Models\ReconcileJob;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
/** GET /api/v1/admin/reconcile-jobs/{reconcile_job}/items */
final class ReconcileItemIndexController extends Controller
{
public function __invoke(Request $request, ReconcileJob $reconcile_job): JsonResponse
{
$perPage = min(max((int) $request->integer('per_page', 50), 1), 200);
$page = max((int) $request->integer('page', 1), 1);
$paginator = $reconcile_job->items()
->orderBy('id')
->paginate($perPage, ['*'], 'page', $page);
return ApiResponse::success([
'job_id' => (int) $reconcile_job->id,
'job_no' => $reconcile_job->job_no,
'items' => collect($paginator->items())->map(fn (ReconcileItem $r) => [
'id' => (int) $r->id,
'side_a_ref' => $r->side_a_ref,
'side_b_ref' => $r->side_b_ref,
'difference_amount' => (int) $r->difference_amount,
'status' => $r->status,
'resolved_at' => $r->resolved_at?->toIso8601String(),
'created_at' => $r->created_at?->toIso8601String(),
])->all(),
'meta' => [
'current_page' => $paginator->currentPage(),
'per_page' => $paginator->perPage(),
'total' => $paginator->total(),
'last_page' => $paginator->lastPage(),
],
]);
}
}

54
app/Http/Controllers/Api/V1/Admin/Reconcile/ReconcileJobIndexController.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Reconcile;
use App\Http\Controllers\Controller;
use App\Models\ReconcileJob;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
/** GET /api/v1/admin/reconcile-jobs */
final class ReconcileJobIndexController extends Controller
{
public function __invoke(Request $request): JsonResponse
{
$perPage = min(max((int) $request->integer('per_page', 25), 1), 100);
$page = max((int) $request->integer('page', 1), 1);
$type = trim((string) $request->query('reconcile_type', ''));
$q = ReconcileJob::query()->orderByDesc('id');
if ($type !== '') {
$q->where('reconcile_type', $type);
}
$paginator = $q->paginate($perPage, ['*'], 'page', $page);
return ApiResponse::success([
'items' => collect($paginator->items())->map(fn (ReconcileJob $j) => $this->row($j))->all(),
'meta' => [
'current_page' => $paginator->currentPage(),
'per_page' => $paginator->perPage(),
'total' => $paginator->total(),
'last_page' => $paginator->lastPage(),
],
]);
}
/** @return array<string, mixed> */
private function row(ReconcileJob $j): array
{
return [
'id' => (int) $j->id,
'job_no' => $j->job_no,
'admin_user_id' => $j->admin_user_id !== null ? (int) $j->admin_user_id : null,
'reconcile_type' => $j->reconcile_type,
'status' => $j->status,
'period_start' => $j->period_start?->toIso8601String(),
'period_end' => $j->period_end?->toIso8601String(),
'summary_json' => $j->summary_json,
'finished_at' => $j->finished_at?->toIso8601String(),
'created_at' => $j->created_at?->toIso8601String(),
];
}
}

28
app/Http/Controllers/Api/V1/Admin/Reconcile/ReconcileJobShowController.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Reconcile;
use App\Http\Controllers\Controller;
use App\Models\ReconcileJob;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
/** GET /api/v1/admin/reconcile-jobs/{reconcile_job} */
final class ReconcileJobShowController extends Controller
{
public function __invoke(ReconcileJob $reconcile_job): JsonResponse
{
return ApiResponse::success([
'id' => (int) $reconcile_job->id,
'job_no' => $reconcile_job->job_no,
'admin_user_id' => $reconcile_job->admin_user_id !== null ? (int) $reconcile_job->admin_user_id : null,
'reconcile_type' => $reconcile_job->reconcile_type,
'status' => $reconcile_job->status,
'period_start' => $reconcile_job->period_start?->toIso8601String(),
'period_end' => $reconcile_job->period_end?->toIso8601String(),
'summary_json' => $reconcile_job->summary_json,
'finished_at' => $reconcile_job->finished_at?->toIso8601String(),
'created_at' => $reconcile_job->created_at?->toIso8601String(),
]);
}
}

49
app/Http/Controllers/Api/V1/Admin/Reconcile/ReconcileJobStoreController.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Reconcile;
use App\Http\Controllers\Controller;
use App\Models\AdminUser;
use App\Services\Admin\AdminReconcileJobService;
use App\Support\ApiResponse;
use Carbon\Carbon;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
/** POST /api/v1/admin/reconcile-jobs */
final class ReconcileJobStoreController extends Controller
{
public function __invoke(Request $request, AdminReconcileJobService $service): JsonResponse
{
/** @var AdminUser $admin */
$admin = $request->lotteryAdmin();
$data = validator($request->all(), [
'reconcile_type' => ['required', 'string', 'max:32'],
'period_start' => ['nullable', 'date'],
'period_end' => ['nullable', 'date', 'after_or_equal:period_start'],
'items' => ['nullable', 'array', 'max:5000'],
'items.*.side_a_ref' => ['nullable', 'string', 'max:128'],
'items.*.side_b_ref' => ['nullable', 'string', 'max:128'],
'items.*.difference_amount' => ['nullable', 'integer'],
'items.*.status' => ['nullable', 'string', 'max:32'],
])->validate();
$job = $service->createJob(
$admin,
$request,
(string) $data['reconcile_type'],
isset($data['period_start']) ? Carbon::parse((string) $data['period_start']) : null,
isset($data['period_end']) ? Carbon::parse((string) $data['period_end']) : null,
isset($data['items']) ? (array) $data['items'] : null,
);
return ApiResponse::success([
'id' => (int) $job->id,
'job_no' => $job->job_no,
'status' => $job->status,
'summary_json' => $job->summary_json,
'item_count' => $job->items()->count(),
]);
}
}

51
app/Http/Controllers/Api/V1/Admin/Reports/ReportJobIndexController.php Normal file
View File

@@ -0,0 +1,51 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Reports;
use App\Http\Controllers\Controller;
use App\Models\ReportJob;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
/** GET /api/v1/admin/report-jobs */
final class ReportJobIndexController extends Controller
{
public function __invoke(Request $request): JsonResponse
{
$perPage = min(max((int) $request->integer('per_page', 25), 1), 100);
$page = max((int) $request->integer('page', 1), 1);
$paginator = ReportJob::query()
->orderByDesc('id')
->paginate($perPage, ['*'], 'page', $page);
return ApiResponse::success([
'items' => collect($paginator->items())->map(fn (ReportJob $j) => $this->row($j))->all(),
'meta' => [
'current_page' => $paginator->currentPage(),
'per_page' => $paginator->perPage(),
'total' => $paginator->total(),
'last_page' => $paginator->lastPage(),
],
]);
}
/** @return array<string, mixed> */
private function row(ReportJob $j): array
{
return [
'id' => (int) $j->id,
'job_no' => $j->job_no,
'admin_user_id' => $j->admin_user_id !== null ? (int) $j->admin_user_id : null,
'report_type' => $j->report_type,
'export_format' => $j->export_format,
'filter_json' => $j->filter_json,
'status' => $j->status,
'output_path' => $j->output_path,
'error_message' => $j->error_message,
'finished_at' => $j->finished_at?->toIso8601String(),
'created_at' => $j->created_at?->toIso8601String(),
];
}
}

29
app/Http/Controllers/Api/V1/Admin/Reports/ReportJobShowController.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Reports;
use App\Http\Controllers\Controller;
use App\Models\ReportJob;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
/** GET /api/v1/admin/report-jobs/{report_job} */
final class ReportJobShowController extends Controller
{
public function __invoke(ReportJob $report_job): JsonResponse
{
return ApiResponse::success([
'id' => (int) $report_job->id,
'job_no' => $report_job->job_no,
'admin_user_id' => $report_job->admin_user_id !== null ? (int) $report_job->admin_user_id : null,
'report_type' => $report_job->report_type,
'export_format' => $report_job->export_format,
'filter_json' => $report_job->filter_json,
'status' => $report_job->status,
'output_path' => $report_job->output_path,
'error_message' => $report_job->error_message,
'finished_at' => $report_job->finished_at?->toIso8601String(),
'created_at' => $report_job->created_at?->toIso8601String(),
]);
}
}

41
app/Http/Controllers/Api/V1/Admin/Reports/ReportJobStoreController.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Reports;
use App\Http\Controllers\Controller;
use App\Models\AdminUser;
use App\Services\Admin\AdminReportJobService;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
/** POST /api/v1/admin/report-jobs */
final class ReportJobStoreController extends Controller
{
public function __invoke(Request $request, AdminReportJobService $service): JsonResponse
{
/** @var AdminUser $admin */
$admin = $request->lotteryAdmin();
$data = validator($request->all(), [
'report_type' => ['required', 'string', 'max:64'],
'export_format' => ['sometimes', 'string', 'in:csv,xlsx'],
'filter_json' => ['nullable', 'array'],
])->validate();
$job = $service->enqueue(
$admin,
$request,
(string) $data['report_type'],
(string) ($data['export_format'] ?? 'csv'),
isset($data['filter_json']) ? (array) $data['filter_json'] : null,
);
return ApiResponse::success([
'id' => (int) $job->id,
'job_no' => $job->job_no,
'status' => $job->status,
'output_path' => $job->output_path,
]);
}
}

48
app/Http/Middleware/EnsureAdminPermission.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
namespace App\Http\Middleware;
use App\Lottery\ErrorCode;
use App\Models\AdminUser;
use App\Support\ApiResponse;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
/**
* 后台 RBAC {@see EnsureAdminApi} 之后校验 `admin_permissions.slug`
* 路由参数支持 `slug` `slug1|slug2`(满足其一即可)。
*/
class EnsureAdminPermission
{
public function handle(Request $request, Closure $next, string $permissionSlugs): Response
{
$admin = $request->lotteryAdmin();
if (! $admin instanceof AdminUser) {
return ApiResponse::error(
trans('admin.unauthenticated', [], $request->lotteryLocale()),
ErrorCode::AdminUnauthenticated->value,
null,
401,
);
}
$slugs = array_values(array_filter(array_map('trim', explode('|', $permissionSlugs))));
if ($slugs === []) {
return $next($request);
}
foreach ($slugs as $slug) {
if ($admin->hasAdminPermission($slug)) {
return $next($request);
}
}
return ApiResponse::error(
trans('admin.permission_denied', [], $request->lotteryLocale()),
ErrorCode::AdminForbidden->value,
['required_any' => $slugs],
403,
);
}
}

3
app/Lottery/ErrorCode.php
View File

@@ -120,6 +120,9 @@ enum ErrorCode: int
/** 登录:账号已禁用 */ /** 登录:账号已禁用 */
case AdminAccountDisabled = 8113; case AdminAccountDisabled = 8113;
/** 已登录但无 RBAC 权限 */
case AdminForbidden = 8114;
/* ========== 90009999 系统 / 框架 ========== */ /* ========== 90009999 系统 / 框架 ========== */
/** 表单或 Query 校验失败ValidationException → 422 */ /** 表单或 Query 校验失败ValidationException → 422 */

27
app/Models/AdminPermission.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
class AdminPermission extends Model
{
protected $table = 'admin_permissions';
protected $fillable = [
'slug',
'name',
];
/** @return BelongsToMany<AdminRole, AdminPermission> */
public function roles(): BelongsToMany
{
return $this->belongsToMany(
AdminRole::class,
'admin_role_permissions',
'permission_id',
'role_id',
);
}
}

38
app/Models/AdminRole.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
class AdminRole extends Model
{
protected $table = 'admin_roles';
protected $fillable = [
'slug',
'name',
];
/** @return BelongsToMany<AdminPermission, AdminRole> */
public function permissions(): BelongsToMany
{
return $this->belongsToMany(
AdminPermission::class,
'admin_role_permissions',
'role_id',
'permission_id',
);
}
/** @return BelongsToMany<AdminUser, AdminRole> */
public function users(): BelongsToMany
{
return $this->belongsToMany(
AdminUser::class,
'admin_user_roles',
'role_id',
'admin_user_id',
);
}
}

53
app/Models/AdminUser.php
View File

@@ -2,6 +2,7 @@
namespace App\Models; namespace App\Models;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
use Illuminate\Foundation\Auth\User as Authenticatable; use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable; use Illuminate\Notifications\Notifiable;
use Laravel\Sanctum\HasApiTokens; use Laravel\Sanctum\HasApiTokens;
@@ -11,6 +12,8 @@ class AdminUser extends Authenticatable
use HasApiTokens; use HasApiTokens;
use Notifiable; use Notifiable;
public const ROLE_SUPER_ADMIN = 'super_admin';
protected $table = 'admin_users'; protected $table = 'admin_users';
protected $fillable = [ protected $fillable = [
@@ -34,4 +37,54 @@ class AdminUser extends Authenticatable
'password' => 'hashed', 'password' => 'hashed',
]; ];
} }
/** @return BelongsToMany<AdminRole, AdminUser> */
public function roles(): BelongsToMany
{
return $this->belongsToMany(
AdminRole::class,
'admin_user_roles',
'admin_user_id',
'role_id',
);
}
/** 是否具备指定权限(含 `super_admin` 角色全放行)。 */
public function hasAdminPermission(string $slug): bool
{
$this->loadMissing(['roles.permissions']);
foreach ($this->roles as $role) {
if ($role->slug === self::ROLE_SUPER_ADMIN) {
return true;
}
foreach ($role->permissions as $permission) {
if ($permission->slug === $slug) {
return true;
}
}
}
return false;
}
/**
* @return list<string>
*/
public function adminPermissionSlugs(): array
{
$this->loadMissing(['roles.permissions']);
if ($this->roles->contains('slug', self::ROLE_SUPER_ADMIN)) {
return AdminPermission::query()->orderBy('slug')->pluck('slug')->all();
}
$out = [];
foreach ($this->roles as $role) {
foreach ($role->permissions as $permission) {
$out[$permission->slug] = true;
}
}
return array_keys($out);
}
} }

34
app/Models/ReconcileItem.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
class ReconcileItem extends Model
{
protected $table = 'reconcile_items';
protected $fillable = [
'reconcile_job_id',
'side_a_ref',
'side_b_ref',
'difference_amount',
'status',
'resolved_at',
];
protected function casts(): array
{
return [
'difference_amount' => 'integer',
'resolved_at' => 'datetime',
];
}
/** @return BelongsTo<ReconcileJob, ReconcileItem> */
public function reconcileJob(): BelongsTo
{
return $this->belongsTo(ReconcileJob::class, 'reconcile_job_id');
}
}

45
app/Models/ReconcileJob.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
class ReconcileJob extends Model
{
protected $table = 'reconcile_jobs';
protected $fillable = [
'job_no',
'admin_user_id',
'reconcile_type',
'status',
'period_start',
'period_end',
'summary_json',
'finished_at',
];
protected function casts(): array
{
return [
'period_start' => 'datetime',
'period_end' => 'datetime',
'summary_json' => 'array',
'finished_at' => 'datetime',
];
}
/** @return BelongsTo<AdminUser, ReconcileJob> */
public function adminUser(): BelongsTo
{
return $this->belongsTo(AdminUser::class, 'admin_user_id');
}
/** @return HasMany<ReconcileItem, ReconcileJob> */
public function items(): HasMany
{
return $this->hasMany(ReconcileItem::class, 'reconcile_job_id');
}
}

37
app/Models/ReportJob.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
class ReportJob extends Model
{
protected $table = 'report_jobs';
protected $fillable = [
'job_no',
'admin_user_id',
'report_type',
'export_format',
'filter_json',
'status',
'output_path',
'error_message',
'finished_at',
];
protected function casts(): array
{
return [
'filter_json' => 'array',
'finished_at' => 'datetime',
];
}
/** @return BelongsTo<AdminUser, ReportJob> */
public function adminUser(): BelongsTo
{
return $this->belongsTo(AdminUser::class, 'admin_user_id');
}
}

84
app/Services/Admin/AdminReconcileJobService.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
namespace App\Services\Admin;
use App\Models\AdminUser;
use App\Models\ReconcileItem;
use App\Models\ReconcileJob;
use App\Services\AuditLogger;
use Carbon\Carbon;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Str;
/**
* 对账任务:落库 `reconcile_jobs` / `reconcile_items`(阶段 7;差异引擎可后续替换)。
*/
final class AdminReconcileJobService
{
/**
* @param list<array{side_a_ref?: ?string, side_b_ref?: ?string, difference_amount?: int, status?: string}>|null $items
*/
public function createJob(
AdminUser $admin,
Request $request,
string $reconcileType,
?Carbon $periodStart,
?Carbon $periodEnd,
?array $items,
): ReconcileJob {
return DB::transaction(function () use ($admin, $request, $reconcileType, $periodStart, $periodEnd, $items): ReconcileJob {
$jobNo = 'REC'.now()->format('YmdHis').strtoupper(Str::random(4));
$job = ReconcileJob::query()->create([
'job_no' => $jobNo,
'admin_user_id' => (int) $admin->getKey(),
'reconcile_type' => $reconcileType,
'status' => 'completed',
'period_start' => $periodStart,
'period_end' => $periodEnd,
'summary_json' => null,
'finished_at' => now(),
]);
$mismatch = 0;
foreach ($items ?? [] as $row) {
ReconcileItem::query()->create([
'reconcile_job_id' => (int) $job->getKey(),
'side_a_ref' => $row['side_a_ref'] ?? null,
'side_b_ref' => $row['side_b_ref'] ?? null,
'difference_amount' => (int) ($row['difference_amount'] ?? 0),
'status' => (string) ($row['status'] ?? 'mismatch'),
'resolved_at' => null,
]);
if (($row['status'] ?? 'mismatch') === 'mismatch') {
$mismatch++;
}
}
$job->forceFill([
'summary_json' => [
'item_count' => count($items ?? []),
'mismatch_count' => $mismatch,
],
])->save();
AuditLogger::recordForAdmin(
$admin,
$request,
'reconcile_jobs',
'create',
'reconcile_job',
(string) $job->getKey(),
null,
[
'job_no' => $jobNo,
'reconcile_type' => $reconcileType,
'item_count' => count($items ?? []),
],
);
return $job->fresh();
});
}
}

55
app/Services/Admin/AdminReportJobService.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
namespace App\Services\Admin;
use App\Models\AdminUser;
use App\Models\ReportJob;
use App\Services\AuditLogger;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Str;
/**
* 报表导出任务:落库 `report_jobs`(阶段 7;异步生成可后续接队列)。
*/
final class AdminReportJobService
{
/**
* @param array<string, mixed>|null $filterJson
*/
public function enqueue(AdminUser $admin, Request $request, string $reportType, string $exportFormat, ?array $filterJson): ReportJob
{
return DB::transaction(function () use ($admin, $request, $reportType, $exportFormat, $filterJson): ReportJob {
$jobNo = 'RPT'.now()->format('YmdHis').strtoupper(Str::random(4));
$job = ReportJob::query()->create([
'job_no' => $jobNo,
'admin_user_id' => (int) $admin->getKey(),
'report_type' => $reportType,
'export_format' => $exportFormat,
'filter_json' => $filterJson,
'status' => 'completed',
'output_path' => 'reports/'.$jobNo.'.'.$exportFormat,
'error_message' => null,
'finished_at' => now(),
]);
AuditLogger::recordForAdmin(
$admin,
$request,
'report_jobs',
'enqueue',
'report_job',
(string) $job->getKey(),
null,
[
'job_no' => $jobNo,
'report_type' => $reportType,
'export_format' => $exportFormat,
],
);
return $job;
});
}
}

2
bootstrap/app.php
View File

@@ -10,6 +10,7 @@
*/ */
use App\Http\Middleware\EnsureAdminApi; use App\Http\Middleware\EnsureAdminApi;
use App\Http\Middleware\EnsureAdminPermission;
use App\Http\Middleware\EnsurePlayerApi; use App\Http\Middleware\EnsurePlayerApi;
use App\Http\Middleware\NegotiateLotteryLocale; use App\Http\Middleware\NegotiateLotteryLocale;
use App\Lottery\ErrorCode; use App\Lottery\ErrorCode;
@@ -46,6 +47,7 @@ return Application::configure(basePath: dirname(__DIR__))
'lottery.player' => EnsurePlayerApi::class, 'lottery.player' => EnsurePlayerApi::class,
// 后台 API 预留Sanctum / RBAC // 后台 API 预留Sanctum / RBAC
'lottery.admin' => EnsureAdminApi::class, 'lottery.admin' => EnsureAdminApi::class,
'admin.permission' => EnsureAdminPermission::class,
]); ]);
}) })
->withExceptions(function (Exceptions $exceptions): void { ->withExceptions(function (Exceptions $exceptions): void {

25
database/migrations/2026_05_11_120000_add_admin_user_id_to_reconcile_jobs_table.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
public function up(): void
{
Schema::table('reconcile_jobs', function (Blueprint $table): void {
$table->foreignId('admin_user_id')
->nullable()
->constrained('admin_users')
->nullOnDelete();
});
}
public function down(): void
{
Schema::table('reconcile_jobs', function (Blueprint $table): void {
$table->dropConstrainedForeignId('admin_user_id');
});
}
};

170
database/seeders/AdminRbacAndUserSeeder.php
View File

@@ -2,53 +2,141 @@
namespace Database\Seeders; namespace Database\Seeders;
use App\Models\AdminPermission;
use App\Models\AdminRole;
use App\Models\AdminUser; use App\Models\AdminUser;
use Illuminate\Database\Seeder; use Illuminate\Database\Seeder;
use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\DB;
/** /**
* 后台角色super_admin、若干权限占位本地演示账号 **admin** / **123456**(仅限非 production * 后台 RBAC {@see AdminUser::ROLE_SUPER_ADMIN} PRD 对齐
*
* - 角色 slug`01-产品文档.md` §3 + `04-领域字典与编码规范.md` §11
* - 权限点 slug`01-产品文档.md` §8「功能」行 `prd.{功能键}.{动作}`,路由中间件引用同表
*
* 演示账号 **admin** / **123456**(仅限非 production
*/ */
class AdminRbacAndUserSeeder extends Seeder class AdminRbacAndUserSeeder extends Seeder
{ {
/** @return list<array{slug: string, name: string}> */
private function permissionDefinitions(): array
{
return [
['slug' => 'prd.users.manage', 'name' => '§8 用户管理·可管理'],
['slug' => 'prd.users.view_finance', 'name' => '§8 用户管理·财务查看'],
['slug' => 'prd.users.view_cs', 'name' => '§8 用户管理·客服单用户'],
['slug' => 'prd.play_switch.manage', 'name' => '§8 玩法开关·可管理'],
['slug' => 'prd.odds.manage', 'name' => '§8 赔率配置·可管理'],
['slug' => 'prd.risk_cap.manage', 'name' => '§8 封顶配置·可管理'],
['slug' => 'prd.risk_cap.view', 'name' => '§8 封顶配置·查看'],
['slug' => 'prd.rebate.manage', 'name' => '§8 佣金/回水·可管理'],
['slug' => 'prd.rebate.view', 'name' => '§8 佣金/回水·查看'],
['slug' => 'prd.jackpot.manage', 'name' => '§8 Jackpot 配置·可管理'],
['slug' => 'prd.jackpot.view', 'name' => '§8 Jackpot 配置·查看'],
['slug' => 'prd.draw_result.manage', 'name' => '§8 开奖结果录入·可管理'],
['slug' => 'prd.draw_result.view', 'name' => '§8 开奖结果·查看'],
['slug' => 'prd.draw_reopen.manage', 'name' => '§8 开奖结果重开·可管理'],
['slug' => 'prd.payout.manage', 'name' => '§8 派彩确认·可管理'],
['slug' => 'prd.payout.review', 'name' => '§8 派彩确认·可审核'],
['slug' => 'prd.payout.view', 'name' => '§8 派彩确认·查看'],
['slug' => 'prd.wallet_reconcile.manage', 'name' => '§8 钱包对账·可管理'],
['slug' => 'prd.wallet_reconcile.view', 'name' => '§8 钱包对账·查看'],
['slug' => 'prd.wallet_reconcile.view_cs', 'name' => '§8 钱包对账·客服单用户'],
['slug' => 'prd.wallet_adjust.manage', 'name' => '§8 补单/冲正·可管理'],
['slug' => 'prd.report.all', 'name' => '§8 报表·全部'],
['slug' => 'prd.report.risk', 'name' => '§8 报表·风控'],
['slug' => 'prd.report.finance', 'name' => '§8 报表·财务'],
['slug' => 'prd.report.player', 'name' => '§8 报表·单用户'],
['slug' => 'prd.audit.all', 'name' => '§8 审计日志·全部'],
['slug' => 'prd.audit.self', 'name' => '§8 审计日志·自身相关'],
['slug' => 'prd.audit.finance', 'name' => '§8 审计日志·资金相关'],
['slug' => 'prd.player_freeze.manage', 'name' => '§8 冻结/解冻玩家·可管理'],
];
}
/** @param list<string> $slugs */
private function syncRolePermissions(AdminRole $role, array $slugs): void
{
$ids = AdminPermission::query()->whereIn('slug', $slugs)->pluck('id')->all();
$role->permissions()->sync($ids);
}
public function run(): void public function run(): void
{ {
$now = now(); foreach ($this->permissionDefinitions() as $row) {
AdminPermission::query()->updateOrCreate(
['slug' => $row['slug']],
['name' => $row['name']],
);
}
DB::table('admin_roles')->updateOrInsert( $legacySlugs = [
['slug' => 'super_admin'], 'admin.dashboard', 'admin.players.read', 'admin.wallet.read', 'admin.draws.read',
[ 'admin.draws.publish', 'admin.settlement.run', 'admin.settlement.read', 'admin.jackpot.read',
'name' => 'Super Admin', 'admin.jackpot.write', 'admin.config.read', 'admin.config.write', 'admin.audit.read',
'created_at' => $now, 'admin.reports.manage', 'admin.reconcile.manage',
'updated_at' => $now,
],
);
/** @var int $rid */
$rid = (int) DB::table('admin_roles')->where('slug', 'super_admin')->value('id');
$perms = [
['slug' => 'admin.dashboard', 'name' => 'Dashboard'],
['slug' => 'admin.players.read', 'name' => 'View players'],
['slug' => 'admin.wallet.read', 'name' => 'View wallets'],
]; ];
foreach ($perms as $p) { AdminPermission::query()->whereIn('slug', $legacySlugs)->delete();
DB::table('admin_permissions')->updateOrInsert(
['slug' => $p['slug']],
[
'name' => $p['name'],
'created_at' => $now,
'updated_at' => $now,
],
);
}
$pidRows = DB::table('admin_permissions')->whereIn('slug', array_column($perms, 'slug'))->pluck('id'); $super = AdminRole::query()->updateOrCreate(
foreach ($pidRows as $pid) { ['slug' => AdminUser::ROLE_SUPER_ADMIN],
DB::table('admin_role_permissions')->updateOrInsert( ['name' => '超级管理员'],
['role_id' => $rid, 'permission_id' => $pid], );
[], $this->syncRolePermissions($super, array_column($this->permissionDefinitions(), 'slug'));
);
} $risk = AdminRole::query()->updateOrCreate(
['slug' => 'risk_operator'],
['name' => '风控运营员'],
);
$this->syncRolePermissions($risk, [
'prd.play_switch.manage',
'prd.odds.manage',
'prd.risk_cap.manage',
'prd.rebate.manage',
'prd.jackpot.manage',
'prd.draw_result.manage',
'prd.payout.review',
'prd.wallet_reconcile.view',
'prd.report.risk',
'prd.audit.self',
'prd.player_freeze.manage',
]);
$finance = AdminRole::query()->updateOrCreate(
['slug' => 'finance'],
['name' => '财务/对账员'],
);
$this->syncRolePermissions($finance, [
'prd.users.view_finance',
'prd.risk_cap.view',
'prd.rebate.view',
'prd.jackpot.view',
'prd.draw_result.view',
'prd.payout.view',
'prd.wallet_reconcile.manage',
'prd.wallet_adjust.manage',
'prd.report.finance',
'prd.audit.finance',
]);
$cs = AdminRole::query()->updateOrCreate(
['slug' => 'customer_service'],
['name' => '客服人员'],
);
$this->syncRolePermissions($cs, [
'prd.users.view_cs',
'prd.draw_result.view',
'prd.wallet_reconcile.view_cs',
'prd.report.player',
]);
$username = 'admin'; $username = 'admin';
AdminUser::query()->updateOrCreate( AdminUser::query()->updateOrCreate(
@@ -56,17 +144,17 @@ class AdminRbacAndUserSeeder extends Seeder
[ [
'name' => '超级管理员', 'name' => '超级管理员',
'email' => null, 'email' => null,
/** 明文;模型 casts `password => hashed`,勿在生产库使用种子弱口令 */
'password' => '123456', 'password' => '123456',
'status' => 0, 'status' => 0,
], ],
); );
/** @var int $uid */ /** @var AdminUser $admin */
$uid = (int) AdminUser::query()->where('username', $username)->value('id'); $admin = AdminUser::query()->where('username', $username)->firstOrFail();
DB::table('admin_user_roles')->updateOrInsert( $admin->roles()->sync([(int) $super->getKey()]);
['admin_user_id' => $uid, 'role_id' => $rid],
[], DB::table('admin_user_roles')->where('admin_user_id', $admin->id)
); ->whereNotIn('role_id', [(int) $super->getKey()])
->delete();
} }
} }

1
lang/en/admin.php
View File

@@ -5,4 +5,5 @@ return [
'invalid_captcha' => 'Invalid or expired captcha.', 'invalid_captcha' => 'Invalid or expired captcha.',
'invalid_credentials' => 'Invalid account or password.', 'invalid_credentials' => 'Invalid account or password.',
'account_disabled' => 'This account has been disabled.', 'account_disabled' => 'This account has been disabled.',
'permission_denied' => 'You do not have permission to perform this action.',
]; ];

1
lang/ne/admin.php
View File

@@ -5,4 +5,5 @@ return [
'invalid_captcha' => 'क्याप्चा गलत वा समय सकियो।', 'invalid_captcha' => 'क्याप्चा गलत वा समय सकियो।',
'invalid_credentials' => 'खाता वा पासवर्ड गलत।', 'invalid_credentials' => 'खाता वा पासवर्ड गलत।',
'account_disabled' => 'यो खाता निष्क्रिय गरिएको छ।', 'account_disabled' => 'यो खाता निष्क्रिय गरिएको छ।',
'permission_denied' => 'यो कार्य गर्न अनुमति छैन।',
]; ];

1
lang/zh/admin.php
View File

@@ -5,4 +5,5 @@ return [
'invalid_captcha' => '验证码错误或已过期,请重试。', 'invalid_captcha' => '验证码错误或已过期,请重试。',
'invalid_credentials' => '账号或密码错误。', 'invalid_credentials' => '账号或密码错误。',
'account_disabled' => '该账号已被禁用。', 'account_disabled' => '该账号已被禁用。',
'permission_denied' => '当前账号无此操作权限。',
]; ];

241
routes/api.php
View File

@@ -1,5 +1,6 @@
<?php <?php
use App\Http\Controllers\Api\V1\Admin\Audit\AuditLogIndexController;
use App\Http\Controllers\Api\V1\Admin\Auth\CaptchaController; use App\Http\Controllers\Api\V1\Admin\Auth\CaptchaController;
use App\Http\Controllers\Api\V1\Admin\Auth\LoginController; use App\Http\Controllers\Api\V1\Admin\Auth\LoginController;
use App\Http\Controllers\Api\V1\Admin\Config\OddsItemsReplaceController; use App\Http\Controllers\Api\V1\Admin\Config\OddsItemsReplaceController;
@@ -17,6 +18,7 @@ use App\Http\Controllers\Api\V1\Admin\Config\RiskCapVersionIndexController;
use App\Http\Controllers\Api\V1\Admin\Config\RiskCapVersionPublishController; use App\Http\Controllers\Api\V1\Admin\Config\RiskCapVersionPublishController;
use App\Http\Controllers\Api\V1\Admin\Config\RiskCapVersionShowController; use App\Http\Controllers\Api\V1\Admin\Config\RiskCapVersionShowController;
use App\Http\Controllers\Api\V1\Admin\Config\RiskCapVersionStoreController; use App\Http\Controllers\Api\V1\Admin\Config\RiskCapVersionStoreController;
use App\Http\Controllers\Api\V1\Admin\Draw\AdminDrawFinanceSummaryController;
use App\Http\Controllers\Api\V1\Admin\Draw\AdminDrawIndexController; use App\Http\Controllers\Api\V1\Admin\Draw\AdminDrawIndexController;
use App\Http\Controllers\Api\V1\Admin\Draw\AdminDrawResultBatchesIndexController; use App\Http\Controllers\Api\V1\Admin\Draw\AdminDrawResultBatchesIndexController;
use App\Http\Controllers\Api\V1\Admin\Draw\AdminDrawShowController; use App\Http\Controllers\Api\V1\Admin\Draw\AdminDrawShowController;
@@ -27,9 +29,17 @@ use App\Http\Controllers\Api\V1\Admin\Jackpot\AdminJackpotPayoutLogIndexControll
use App\Http\Controllers\Api\V1\Admin\Jackpot\AdminJackpotPoolIndexController; use App\Http\Controllers\Api\V1\Admin\Jackpot\AdminJackpotPoolIndexController;
use App\Http\Controllers\Api\V1\Admin\Jackpot\AdminJackpotPoolUpdateController; use App\Http\Controllers\Api\V1\Admin\Jackpot\AdminJackpotPoolUpdateController;
use App\Http\Controllers\Api\V1\Admin\PingController as AdminPingController; use App\Http\Controllers\Api\V1\Admin\PingController as AdminPingController;
use App\Http\Controllers\Api\V1\Admin\Player\AdminPlayerTicketItemsIndexController;
use App\Http\Controllers\Api\V1\Admin\Player\PlayerWalletShowController; use App\Http\Controllers\Api\V1\Admin\Player\PlayerWalletShowController;
use App\Http\Controllers\Api\V1\Admin\PlayTypeIndexController; use App\Http\Controllers\Api\V1\Admin\PlayTypeIndexController;
use App\Http\Controllers\Api\V1\Admin\PlayTypePatchController; use App\Http\Controllers\Api\V1\Admin\PlayTypePatchController;
use App\Http\Controllers\Api\V1\Admin\Reconcile\ReconcileItemIndexController;
use App\Http\Controllers\Api\V1\Admin\Reconcile\ReconcileJobIndexController;
use App\Http\Controllers\Api\V1\Admin\Reconcile\ReconcileJobShowController;
use App\Http\Controllers\Api\V1\Admin\Reconcile\ReconcileJobStoreController;
use App\Http\Controllers\Api\V1\Admin\Reports\ReportJobIndexController;
use App\Http\Controllers\Api\V1\Admin\Reports\ReportJobShowController;
use App\Http\Controllers\Api\V1\Admin\Reports\ReportJobStoreController;
use App\Http\Controllers\Api\V1\Admin\Risk\AdminRiskPoolIndexController; use App\Http\Controllers\Api\V1\Admin\Risk\AdminRiskPoolIndexController;
use App\Http\Controllers\Api\V1\Admin\Risk\AdminRiskPoolLockLogIndexController; use App\Http\Controllers\Api\V1\Admin\Risk\AdminRiskPoolLockLogIndexController;
use App\Http\Controllers\Api\V1\Admin\Risk\AdminRiskPoolShowController; use App\Http\Controllers\Api\V1\Admin\Risk\AdminRiskPoolShowController;
@@ -133,92 +143,165 @@ Route::prefix('v1')->group(function (): void {
->name('auth.login'); ->name('auth.login');
Route::middleware(['auth:sanctum', 'lottery.admin'])->group(function (): void { Route::middleware(['auth:sanctum', 'lottery.admin'])->group(function (): void {
// 名称:后台接口连通性探测(需 Bearer Token // 名称:后台接口连通性探测(需 Bearer Token;不校验细粒度 RBAC
Route::get('ping', AdminPingController::class)->name('ping'); Route::get('ping', AdminPingController::class)->name('ping');
// 资金:转账单 / 流水 / 玩家钱包
Route::get('wallet/transfer-orders', TransferOrderListController::class)
->name('wallet.transfer-orders');
Route::get('wallet/transactions', WalletTransactionListController::class)
->name('wallet.transactions');
Route::get('players/{player}/wallets', PlayerWalletShowController::class)
->name('players.wallets');
// 期号:列表 / 详情 / 批次(开奖结果与审核数据)
Route::get('draws', AdminDrawIndexController::class)->name('draws.index');
Route::get('draws/{draw}', AdminDrawShowController::class)->name('draws.show');
Route::get('draws/{draw}/result-batches', AdminDrawResultBatchesIndexController::class)
->name('draws.result-batches.index');
// 阶段 5风险池 / 占用流水 / 售罄监控(后台 §13.4
Route::get('draws/{draw}/risk-pools/{number_4d}', AdminRiskPoolShowController::class)
->where('number_4d', '[0-9]{4}')
->name('draws.risk-pools.show');
Route::get('draws/{draw}/risk-pool-lock-logs', AdminRiskPoolLockLogIndexController::class)
->name('draws.risk-pool-lock-logs.index');
Route::get('draws/{draw}/risk-pools', AdminRiskPoolIndexController::class)
->name('draws.risk-pools.index');
// 名称:发布待审核开奖批次(人工审核)
Route::post(
'draws/{draw}/result-batches/{batch}/publish',
DrawResultBatchPublishController::class,
)->name('draws.result-batches.publish');
Route::post('draws/{draw}/settlement/run', DrawSettlementRunController::class)
->name('draws.settlement.run');
Route::get('settlement-batches', AdminSettlementBatchIndexController::class) /** §8 钱包对账:超管可管、风控查看、财务可管、客服单用户 */
->name('settlement-batches.index'); Route::middleware('admin.permission:prd.wallet_reconcile.manage|prd.wallet_reconcile.view|prd.wallet_reconcile.view_cs')->group(function (): void {
Route::get('settlement-batches/{batch}', AdminSettlementBatchShowController::class) Route::get('wallet/transfer-orders', TransferOrderListController::class)
->name('settlement-batches.show'); ->name('wallet.transfer-orders');
Route::get('settlement-batches/{batch}/details', AdminSettlementBatchDetailsController::class) Route::get('wallet/transactions', WalletTransactionListController::class)
->name('settlement-batches.details'); ->name('wallet.transactions');
});
Route::get('jackpot/pools', AdminJackpotPoolIndexController::class)->name('jackpot.pools.index'); /** §8 用户管理:财务查看 / 客服单用户 / 超管可管 */
Route::put('jackpot/pools/{pool}', AdminJackpotPoolUpdateController::class)->name('jackpot.pools.update'); Route::middleware('admin.permission:prd.users.manage|prd.users.view_finance|prd.users.view_cs')->group(function (): void {
Route::get('jackpot/payout-logs', AdminJackpotPayoutLogIndexController::class) Route::get('players/{player}/wallets', PlayerWalletShowController::class)
->name('jackpot.payout-logs.index'); ->name('players.wallets');
Route::get('jackpot/contributions', AdminJackpotContributionIndexController::class) /** §15.4 客服/财务:按玩家查注单 */
->name('jackpot.contributions.index'); Route::get('players/{player}/ticket-items', AdminPlayerTicketItemsIndexController::class)
->name('players.ticket-items.index');
});
// 阶段 4玩法目录 + 赔率 + 风控封顶(版本化管理) /** §8 开奖结果·查看 + 风控占用监控(与开奖/风险域一致) */
Route::get('play-types', PlayTypeIndexController::class)->name('play-types.index'); Route::middleware('admin.permission:prd.draw_result.manage|prd.draw_result.view')->group(function (): void {
Route::patch('play-types/{play_code}', PlayTypePatchController::class) Route::get('draws', AdminDrawIndexController::class)->name('draws.index');
->where('play_code', '[a-z0-9_]+') Route::get('draws/{draw}', AdminDrawShowController::class)->name('draws.show');
->name('play-types.patch'); /** §15.4 单期投注/派彩汇总(与结算批次对照) */
Route::get('draws/{draw}/finance-summary', AdminDrawFinanceSummaryController::class)
->name('draws.finance-summary');
Route::get('draws/{draw}/result-batches', AdminDrawResultBatchesIndexController::class)
->name('draws.result-batches.index');
Route::get('draws/{draw}/risk-pools/{number_4d}', AdminRiskPoolShowController::class)
->where('number_4d', '[0-9]{4}')
->name('draws.risk-pools.show');
Route::get('draws/{draw}/risk-pool-lock-logs', AdminRiskPoolLockLogIndexController::class)
->name('draws.risk-pool-lock-logs.index');
Route::get('draws/{draw}/risk-pools', AdminRiskPoolIndexController::class)
->name('draws.risk-pools.index');
});
Route::prefix('config')->name('config.')->group(function (): void { /** §8 开奖结果录入(发布批次) */
Route::get('play-versions', PlayConfigVersionIndexController::class)->name('play-versions.index'); Route::middleware('admin.permission:prd.draw_result.manage')->group(function (): void {
Route::post('play-versions', PlayConfigVersionStoreController::class)->name('play-versions.store'); Route::post(
Route::get('play-versions/{id}', PlayConfigVersionShowController::class) 'draws/{draw}/result-batches/{batch}/publish',
->whereNumber('id') DrawResultBatchPublishController::class,
->name('play-versions.show'); )->name('draws.result-batches.publish');
Route::put('play-versions/{id}/items', PlayConfigItemsReplaceController::class) });
->whereNumber('id')
->name('play-versions.items.replace');
Route::post('play-versions/{id}/publish', PlayConfigVersionPublishController::class)
->whereNumber('id')
->name('play-versions.publish');
Route::get('odds-versions', OddsVersionIndexController::class)->name('odds-versions.index'); /** §8 派彩确认:超管执行 + 风控审核 */
Route::post('odds-versions', OddsVersionStoreController::class)->name('odds-versions.store'); Route::middleware('admin.permission:prd.payout.manage|prd.payout.review')->group(function (): void {
Route::get('odds-versions/{id}', OddsVersionShowController::class) Route::post('draws/{draw}/settlement/run', DrawSettlementRunController::class)
->whereNumber('id') ->name('draws.settlement.run');
->name('odds-versions.show'); });
Route::put('odds-versions/{id}/items', OddsItemsReplaceController::class)
->whereNumber('id')
->name('odds-versions.items.replace');
Route::post('odds-versions/{id}/publish', OddsVersionPublishController::class)
->whereNumber('id')
->name('odds-versions.publish');
Route::get('risk-cap-versions', RiskCapVersionIndexController::class)->name('risk-cap-versions.index'); Route::middleware('admin.permission:prd.payout.manage|prd.payout.review|prd.payout.view')->group(function (): void {
Route::post('risk-cap-versions', RiskCapVersionStoreController::class)->name('risk-cap-versions.store'); Route::get('settlement-batches', AdminSettlementBatchIndexController::class)
Route::get('risk-cap-versions/{id}', RiskCapVersionShowController::class) ->name('settlement-batches.index');
->whereNumber('id') Route::get('settlement-batches/{batch}', AdminSettlementBatchShowController::class)
->name('risk-cap-versions.show'); ->name('settlement-batches.show');
Route::put('risk-cap-versions/{id}/items', RiskCapItemsReplaceController::class) Route::get('settlement-batches/{batch}/details', AdminSettlementBatchDetailsController::class)
->whereNumber('id') ->name('settlement-batches.details');
->name('risk-cap-versions.items.replace'); });
Route::post('risk-cap-versions/{id}/publish', RiskCapVersionPublishController::class)
->whereNumber('id') Route::middleware('admin.permission:prd.jackpot.manage|prd.jackpot.view')->group(function (): void {
->name('risk-cap-versions.publish'); Route::get('jackpot/pools', AdminJackpotPoolIndexController::class)->name('jackpot.pools.index');
Route::get('jackpot/payout-logs', AdminJackpotPayoutLogIndexController::class)
->name('jackpot.payout-logs.index');
Route::get('jackpot/contributions', AdminJackpotContributionIndexController::class)
->name('jackpot.contributions.index');
});
Route::middleware('admin.permission:prd.jackpot.manage')->group(function (): void {
Route::put('jackpot/pools/{pool}', AdminJackpotPoolUpdateController::class)->name('jackpot.pools.update');
});
/** §8 玩法/玩法版本只读:财务不可(不含 rebate.view */
Route::middleware('admin.permission:prd.play_switch.manage|prd.odds.manage')->group(function (): void {
Route::get('play-types', PlayTypeIndexController::class)->name('play-types.index');
Route::prefix('config')->name('config.')->group(function (): void {
Route::get('play-versions', PlayConfigVersionIndexController::class)->name('play-versions.index');
Route::get('play-versions/{id}', PlayConfigVersionShowController::class)
->whereNumber('id')
->name('play-versions.show');
});
});
/** §8 赔率/回水只读:财务仅 rebate.view不可单独看玩法版本 */
Route::middleware('admin.permission:prd.odds.manage|prd.rebate.manage|prd.rebate.view')->group(function (): void {
Route::prefix('config')->name('config.')->group(function (): void {
Route::get('odds-versions', OddsVersionIndexController::class)->name('odds-versions.index');
Route::get('odds-versions/{id}', OddsVersionShowController::class)
->whereNumber('id')
->name('odds-versions.show');
});
});
/** §8 封顶只读 */
Route::middleware('admin.permission:prd.risk_cap.manage|prd.risk_cap.view')->group(function (): void {
Route::prefix('config')->name('config.')->group(function (): void {
Route::get('risk-cap-versions', RiskCapVersionIndexController::class)->name('risk-cap-versions.index');
Route::get('risk-cap-versions/{id}', RiskCapVersionShowController::class)
->whereNumber('id')
->name('risk-cap-versions.show');
});
});
/** §8 玩法/赔率/封顶/回水/Jackpot 配置写 */
Route::middleware('admin.permission:prd.play_switch.manage|prd.odds.manage|prd.risk_cap.manage|prd.rebate.manage|prd.jackpot.manage')->group(function (): void {
Route::patch('play-types/{play_code}', PlayTypePatchController::class)
->where('play_code', '[a-z0-9_]+')
->name('play-types.patch');
Route::prefix('config')->name('config.')->group(function (): void {
Route::post('play-versions', PlayConfigVersionStoreController::class)->name('play-versions.store');
Route::put('play-versions/{id}/items', PlayConfigItemsReplaceController::class)
->whereNumber('id')
->name('play-versions.items.replace');
Route::post('play-versions/{id}/publish', PlayConfigVersionPublishController::class)
->whereNumber('id')
->name('play-versions.publish');
Route::post('odds-versions', OddsVersionStoreController::class)->name('odds-versions.store');
Route::put('odds-versions/{id}/items', OddsItemsReplaceController::class)
->whereNumber('id')
->name('odds-versions.items.replace');
Route::post('odds-versions/{id}/publish', OddsVersionPublishController::class)
->whereNumber('id')
->name('odds-versions.publish');
Route::post('risk-cap-versions', RiskCapVersionStoreController::class)->name('risk-cap-versions.store');
Route::put('risk-cap-versions/{id}/items', RiskCapItemsReplaceController::class)
->whereNumber('id')
->name('risk-cap-versions.items.replace');
Route::post('risk-cap-versions/{id}/publish', RiskCapVersionPublishController::class)
->whereNumber('id')
->name('risk-cap-versions.publish');
});
});
/** §8 审计日志:超管全部 / 风控自身 / 财务资金;客服无 */
Route::middleware('admin.permission:prd.audit.all|prd.audit.self|prd.audit.finance')->group(function (): void {
Route::get('audit-logs', AuditLogIndexController::class)->name('audit-logs.index');
});
/** §8 报表 */
Route::middleware('admin.permission:prd.report.all|prd.report.risk|prd.report.finance|prd.report.player')->group(function (): void {
Route::get('report-jobs', ReportJobIndexController::class)->name('report-jobs.index');
Route::post('report-jobs', ReportJobStoreController::class)->name('report-jobs.store');
Route::get('report-jobs/{report_job}', ReportJobShowController::class)
->name('report-jobs.show');
});
/** §8 钱包对账任务:查看含客服单用户;创建任务仅可管理(超管/财务) */
Route::middleware('admin.permission:prd.wallet_reconcile.manage|prd.wallet_reconcile.view|prd.wallet_reconcile.view_cs')->group(function (): void {
Route::get('reconcile-jobs', ReconcileJobIndexController::class)->name('reconcile-jobs.index');
Route::get('reconcile-jobs/{reconcile_job}', ReconcileJobShowController::class)
->name('reconcile-jobs.show');
Route::get('reconcile-jobs/{reconcile_job}/items', ReconcileItemIndexController::class)
->name('reconcile-jobs.items.index');
});
Route::middleware('admin.permission:prd.wallet_reconcile.manage')->group(function (): void {
Route::post('reconcile-jobs', ReconcileJobStoreController::class)->name('reconcile-jobs.store');
}); });
}); });
}); });

2
tests/Feature/AdminAuthLoginTest.php
View File

@@ -37,7 +37,7 @@ test('admin login returns bearer token when captcha passes validation', function
->assertJsonPath('code', ErrorCode::Success->value) ->assertJsonPath('code', ErrorCode::Success->value)
->assertJsonPath('data.admin.username', 'tester') ->assertJsonPath('data.admin.username', 'tester')
->assertJsonPath('data.admin.nickname', '测试昵称') ->assertJsonPath('data.admin.nickname', '测试昵称')
->assertJsonStructure(['data' => ['token', 'token_type', 'admin' => ['id', 'username', 'nickname', 'email']]]); ->assertJsonStructure(['data' => ['token', 'token_type', 'admin' => ['id', 'username', 'nickname', 'email', 'permissions']]]);
$token = $resp->json('data.token'); $token = $resp->json('data.token');
expect($token)->not->toBeNull(); expect($token)->not->toBeNull();

195
tests/Feature/AdminCsFinanceApisTest.php Normal file
View File

@@ -0,0 +1,195 @@
<?php
use App\Models\AdminUser;
use App\Models\Draw;
use App\Models\Player;
use App\Models\TicketItem;
use App\Models\TicketOrder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
uses(RefreshDatabase::class);
function mintCsFinanceAdminToken(): string
{
$admin = AdminUser::query()->create([
'username' => 'cs_finance_admin',
'name' => 'CS Finance QA',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
grantSuperAdminRole($admin);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
}
test('admin lists ticket items for a player', function (): void {
$token = mintCsFinanceAdminToken();
$player = Player::query()->create([
'site_code' => 'main',
'site_player_id' => 'csf-p1',
'username' => 'csf_u1',
'nickname' => null,
'default_currency' => 'NPR',
'status' => 0,
]);
$draw = Draw::query()->create([
'draw_no' => '20260520-001',
'business_date' => '2026-05-20',
'sequence_no' => 1,
'status' => 'settled',
'start_time' => now()->subDay(),
'close_time' => now()->subDay(),
'draw_time' => now()->subDay(),
'cooling_end_time' => null,
'result_source' => null,
'current_result_version' => 1,
'settle_version' => 1,
'is_reopened' => false,
]);
$order = TicketOrder::query()->create([
'order_no' => 'ORD-CSF-1',
'player_id' => $player->id,
'draw_id' => $draw->id,
'currency_code' => 'NPR',
'total_bet_amount' => 1000,
'total_rebate_amount' => 0,
'total_actual_deduct' => 1000,
'total_estimated_payout' => 0,
'status' => 'settled',
'submit_source' => 'h5',
'client_trace_id' => null,
]);
TicketItem::query()->create([
'ticket_no' => 'TKCSF0001',
'order_id' => $order->id,
'player_id' => $player->id,
'draw_id' => $draw->id,
'original_number' => '1234',
'normalized_number' => '1234',
'play_code' => 'big',
'dimension' => 4,
'digit_slot' => null,
'bet_mode' => null,
'unit_bet_amount' => 1000,
'total_bet_amount' => 1000,
'rebate_rate_snapshot' => 0,
'commission_rate_snapshot' => 0,
'actual_deduct_amount' => 1000,
'odds_snapshot_json' => null,
'rule_snapshot_json' => null,
'combination_count' => 1,
'estimated_max_payout' => 0,
'risk_locked_amount' => 0,
'status' => 'settled',
'fail_reason_code' => null,
'fail_reason_text' => null,
'win_amount' => 0,
'jackpot_win_amount' => 0,
'settled_at' => now(),
]);
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/players/'.$player->id.'/ticket-items?per_page=10')
->assertOk()
->assertJsonPath('data.player_id', $player->id)
->assertJsonPath('data.total', 1)
->assertJsonPath('data.items.0.ticket_no', 'TKCSF0001')
->assertJsonPath('data.items.0.draw_no', '20260520-001');
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/players/'.$player->id.'/ticket-items?draw_no=20260520-001')
->assertOk()
->assertJsonPath('data.total', 1);
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/players/'.$player->id.'/ticket-items?draw_no=20991231-999')
->assertOk()
->assertJsonPath('data.total', 0);
});
test('admin draw finance summary aggregates bet and payout', function (): void {
$token = mintCsFinanceAdminToken();
$player = Player::query()->create([
'site_code' => 'main',
'site_player_id' => 'csf-p2',
'username' => 'csf_u2',
'nickname' => null,
'default_currency' => 'NPR',
'status' => 0,
]);
$draw = Draw::query()->create([
'draw_no' => '20260520-002',
'business_date' => '2026-05-20',
'sequence_no' => 2,
'status' => 'settled',
'start_time' => now()->subDay(),
'close_time' => now()->subDay(),
'draw_time' => now()->subDay(),
'cooling_end_time' => null,
'result_source' => null,
'current_result_version' => 1,
'settle_version' => 1,
'is_reopened' => false,
]);
$order = TicketOrder::query()->create([
'order_no' => 'ORD-CSF-2',
'player_id' => $player->id,
'draw_id' => $draw->id,
'currency_code' => 'NPR',
'total_bet_amount' => 5000,
'total_rebate_amount' => 0,
'total_actual_deduct' => 5000,
'total_estimated_payout' => 0,
'status' => 'settled',
'submit_source' => 'h5',
'client_trace_id' => null,
]);
TicketItem::query()->create([
'ticket_no' => 'TKCSF0002',
'order_id' => $order->id,
'player_id' => $player->id,
'draw_id' => $draw->id,
'original_number' => '5678',
'normalized_number' => '5678',
'play_code' => 'big',
'dimension' => 4,
'digit_slot' => null,
'bet_mode' => null,
'unit_bet_amount' => 5000,
'total_bet_amount' => 5000,
'rebate_rate_snapshot' => 0,
'commission_rate_snapshot' => 0,
'actual_deduct_amount' => 5000,
'odds_snapshot_json' => null,
'rule_snapshot_json' => null,
'combination_count' => 1,
'estimated_max_payout' => 0,
'risk_locked_amount' => 0,
'status' => 'settled',
'fail_reason_code' => null,
'fail_reason_text' => null,
'win_amount' => 2000,
'jackpot_win_amount' => 500,
'settled_at' => now(),
]);
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/draws/'.$draw->id.'/finance-summary')
->assertOk()
->assertJsonPath('data.draw_no', '20260520-002')
->assertJsonPath('data.total_bet_minor', 5000)
->assertJsonPath('data.total_win_payout_minor', 2000)
->assertJsonPath('data.total_jackpot_win_minor', 500)
->assertJsonPath('data.total_payout_minor', 2500)
->assertJsonPath('data.approx_house_gross_minor', 2500);
});

1
tests/Feature/AdminDrawApiTest.php
View File

@@ -20,6 +20,7 @@ function mintAdminBearer(): string
'password' => Hash::make('secret-strong'), 'password' => Hash::make('secret-strong'),
'status' => 0, 'status' => 0,
]); ]);
grantSuperAdminRole($admin);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken; return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
} }

115
tests/Feature/AdminPhase15OperationsTest.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
use App\Lottery\ErrorCode;
use App\Models\AdminPermission;
use App\Models\AdminRole;
use App\Models\AdminUser;
use App\Models\AuditLog;
use App\Models\ReconcileJob;
use App\Models\ReportJob;
use App\Services\AuditLogger;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
uses(RefreshDatabase::class);
function phase15SuperToken(): string
{
$admin = AdminUser::query()->create([
'username' => 'phase15_super',
'name' => 'Phase15',
'email' => null,
'password' => Hash::make('secret-strong'),
'status' => 0,
]);
grantSuperAdminRole($admin);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
}
test('report job create list show and audit log index work for super admin', function (): void {
AuditLogger::record('system', 0, 'bootstrap', 'test', null, null, null, null);
$token = phase15SuperToken();
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/audit-logs?per_page=5')
->assertOk()
->assertJsonPath('code', ErrorCode::Success->value);
$create = $this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/report-jobs', [
'report_type' => 'wallet_txns_daily',
'export_format' => 'csv',
'filter_json' => ['currency_code' => 'NPR'],
]);
$create->assertOk()->assertJsonPath('code', ErrorCode::Success->value);
$id = (int) $create->json('data.id');
expect($id)->toBeGreaterThan(0);
expect(ReportJob::query()->whereKey($id)->exists())->toBeTrue();
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/report-jobs/'.$id)
->assertOk()
->assertJsonPath('data.report_type', 'wallet_txns_daily');
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/report-jobs?per_page=10')
->assertOk()
->assertJsonPath('code', ErrorCode::Success->value);
expect(AuditLog::query()->where('module_code', 'report_jobs')->exists())->toBeTrue();
});
test('reconcile job create with items and nested items index', function (): void {
$token = phase15SuperToken();
$resp = $this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/reconcile-jobs', [
'reconcile_type' => 'wallet_transfer',
'period_start' => '2026-05-01T00:00:00Z',
'period_end' => '2026-05-02T00:00:00Z',
'items' => [
['side_a_ref' => 'TO-1', 'side_b_ref' => 'MAIN-1', 'difference_amount' => 100, 'status' => 'mismatch'],
['side_a_ref' => 'TO-2', 'side_b_ref' => 'MAIN-2', 'difference_amount' => 0, 'status' => 'matched'],
],
]);
$resp->assertOk();
$id = (int) $resp->json('data.id');
expect($id)->toBeGreaterThan(0);
$job = ReconcileJob::query()->whereKey($id)->firstOrFail();
expect((int) $job->admin_user_id)->toBeGreaterThan(0);
expect($job->items()->count())->toBe(2);
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/reconcile-jobs/'.$id.'/items')
->assertOk()
->assertJsonPath('data.meta.total', 2);
});
test('admin without report permission receives 403 on report-jobs', function (): void {
$role = AdminRole::query()->create(['slug' => 'auditor_test', 'name' => 'Auditor Test']);
$perm = AdminPermission::query()->create(['slug' => 'prd.audit.finance', 'name' => '§8 审计日志·资金相关']);
$role->permissions()->sync([(int) $perm->getKey()]);
$user = AdminUser::query()->create([
'username' => 'auditor_only',
'name' => 'Auditor',
'email' => null,
'password' => Hash::make('pw-audit'),
'status' => 0,
]);
$user->roles()->sync([(int) $role->getKey()]);
$token = $user->createToken('test', ['*'], now()->addDay())->plainTextToken;
$this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/admin/audit-logs')
->assertOk();
$this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/admin/report-jobs', ['report_type' => 'x'])
->assertStatus(403)
->assertJsonPath('code', ErrorCode::AdminForbidden->value);
});

1
tests/Feature/AdminRiskPoolApiTest.php
View File

@@ -18,6 +18,7 @@ function mintRiskAdminToken(): string
'password' => Hash::make('secret-strong'), 'password' => Hash::make('secret-strong'),
'status' => 0, 'status' => 0,
]); ]);
grantSuperAdminRole($admin);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken; return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
} }

1
tests/Feature/AdminSettlementJackpotApiTest.php
View File

@@ -16,6 +16,7 @@ function mintSettlementAdminToken(): string
'password' => Hash::make('secret-strong'), 'password' => Hash::make('secret-strong'),
'status' => 0, 'status' => 0,
]); ]);
grantSuperAdminRole($admin);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken; return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
} }

1
tests/Feature/AdminWalletApiTest.php
View File

@@ -20,6 +20,7 @@ function makeAdminToken(): string
'password' => Hash::make('secret-strong'), 'password' => Hash::make('secret-strong'),
'status' => 0, 'status' => 0,
]); ]);
grantSuperAdminRole($admin);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken; return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
} }

1
tests/Feature/DrawPipelineTest.php
View File

@@ -150,6 +150,7 @@ test('draw tick rng awaits manual publish when review enabled', function (): voi
'password' => Hash::make('secret-strong'), 'password' => Hash::make('secret-strong'),
'status' => 0, 'status' => 0,
]); ]);
grantSuperAdminRole($admin);
$token = $admin->createToken('test', ['*'], now()->addDay())->plainTextToken; $token = $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
$this->withHeader('Authorization', 'Bearer '.$token) $this->withHeader('Authorization', 'Bearer '.$token)

1
tests/Feature/OperationalConfigAcceptanceTest.php
View File

@@ -43,6 +43,7 @@ function acceptanceMintAdminToken(): string
'password' => Hash::make('secret-strong'), 'password' => Hash::make('secret-strong'),
'status' => 0, 'status' => 0,
]); ]);
grantSuperAdminRole($admin);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken; return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
} }

1
tests/Feature/OperationalConfigApiTest.php
View File

@@ -27,6 +27,7 @@ function mintConfigAdminToken(): string
'password' => Hash::make('secret-strong'), 'password' => Hash::make('secret-strong'),
'status' => 0, 'status' => 0,
]); ]);
grantSuperAdminRole($admin);
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken; return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
} }

18
tests/Pest.php
View File

@@ -1,6 +1,8 @@
<?php <?php
use App\Models\AdminUser;
use Illuminate\Foundation\Testing\RefreshDatabase; use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
use Tests\TestCase; use Tests\TestCase;
/* /*
@@ -44,7 +46,19 @@ expect()->extend('toBeOne', function () {
| |
*/ */
function something() /** 为后台测试账号挂上 `super_admin` 角色(细粒度权限校验全放行)。 */
function grantSuperAdminRole(AdminUser $admin): void
{ {
// .. $now = now();
DB::table('admin_roles')->updateOrInsert(
['slug' => AdminUser::ROLE_SUPER_ADMIN],
['name' => 'Super Admin', 'created_at' => $now, 'updated_at' => $now],
);
$rid = (int) DB::table('admin_roles')->where('slug', AdminUser::ROLE_SUPER_ADMIN)->value('id');
if (! DB::table('admin_user_roles')->where('admin_user_id', $admin->id)->where('role_id', $rid)->exists()) {
DB::table('admin_user_roles')->insert([
'admin_user_id' => $admin->id,
'role_id' => $rid,
]);
}
} }