* } $payload */ public function createUnderAgent(AgentNode $agent, array $payload): AdminUser { $roleIds = array_values(array_unique(array_map('intval', $payload['role_ids'] ?? []))); $this->assertRolesAssignable($agent, $roleIds); return DB::transaction(function () use ($agent, $payload, $roleIds): AdminUser { $user = AdminUser::query()->create([ 'username' => $payload['username'], 'name' => $payload['nickname'], 'email' => isset($payload['email']) ? trim((string) $payload['email']) : null, 'password' => $payload['password'], 'status' => (int) ($payload['status'] ?? 0), ]); DB::table('admin_user_agents')->insert([ 'admin_user_id' => $user->id, 'agent_node_id' => $agent->id, 'is_primary' => true, 'granted_at' => now(), ]); $user->syncAgentRoleIds($agent->id, $roleIds); return $user->fresh(); }); } /** * @param list $roleIds */ public function syncRoles(AgentNode $agent, AdminUser $user, array $roleIds): AdminUser { if ((int) $user->primaryAgentNodeId() !== (int) $agent->id) { throw ValidationException::withMessages(['user' => ['agent_mismatch']]); } $roleIds = array_values(array_unique(array_map('intval', $roleIds))); $this->assertRolesAssignable($agent, $roleIds); $user->syncAgentRoleIds($agent->id, $roleIds); return $user->fresh(); } /** * @param list $roleIds */ private function assertRolesAssignable(AgentNode $agent, array $roleIds): void { if ($roleIds === []) { return; } $validCount = AdminRole::query() ->where('scope_type', AdminRole::SCOPE_AGENT) ->where('owner_agent_id', $agent->id) ->whereIn('id', $roleIds) ->count(); if ($validCount !== count($roleIds)) { throw ValidationException::withMessages(['role_ids' => ['invalid_for_agent']]); } } }