|null `null` 表示不限制（超管） */ public static function accessibleSiteCodes(AdminUser $admin): ?array { $siteIds = $admin->accessibleAdminSiteIds(); if ($siteIds === null) { return null; } if ($siteIds === []) { return []; } return AdminSite::query() ->whereIn('id', $siteIds) ->orderBy('code') ->pluck('code') ->map(static fn ($code): string => (string) $code) ->values() ->all(); } public static function siteCodeAllowed(AdminUser $admin, string $siteCode): bool { $allowed = self::accessibleSiteCodes($admin); if ($allowed === null) { return true; } return in_array($siteCode, $allowed, true); } public static function playerAccessible(AdminUser $admin, Player $player): bool { return self::siteCodeAllowed($admin, (string) $player->site_code); } /** * @param Builder $query */ public static function applyToPlayerQuery(Builder $query, AdminUser $admin): void { $codes = self::accessibleSiteCodes($admin); if ($codes === null) { return; } if ($codes === []) { $query->whereRaw('0 = 1'); return; } $query->whereIn('site_code', $codes); } /** * 在站点范围基础上，可选按请求的 site_code 再收窄。 * * @param Builder $query */ public static function applyPlayerFilters(Builder $query, AdminUser $admin, ?string $requestedSiteCode): void { self::applyToPlayerQuery($query, $admin); $siteCode = is_string($requestedSiteCode) ? trim($requestedSiteCode) : ''; if ($siteCode === '') { return; } if (! self::siteCodeAllowed($admin, $siteCode)) { $query->whereRaw('0 = 1'); return; } $query->where('site_code', $siteCode); } /** * @param Builder $query */ public static function applyViaPlayerRelation(Builder $query, AdminUser $admin, string $relation = 'player'): void { $codes = self::accessibleSiteCodes($admin); if ($codes === null) { return; } if ($codes === []) { $query->whereRaw('0 = 1'); return; } $query->whereHas($relation, static function (Builder $playerQuery) use ($codes): void { $playerQuery->whereIn('site_code', $codes); }); } /** * @param Builder $query */ public static function applyViaPlayerRelationWithSiteCode( Builder $query, AdminUser $admin, ?string $requestedSiteCode, string $relation = 'player', ): void { self::applyViaPlayerRelation($query, $admin, $relation); $siteCode = is_string($requestedSiteCode) ? trim($requestedSiteCode) : ''; if ($siteCode === '') { return; } if (! self::siteCodeAllowed($admin, $siteCode)) { $query->whereRaw('0 = 1'); return; } $query->whereHas($relation, static function (Builder $playerQuery) use ($siteCode): void { $playerQuery->where('site_code', $siteCode); }); } public static function denyUnlessPlayerAccessible(AdminUser $admin, Player $player): ?JsonResponse { if (! self::playerAccessible($admin, $player)) { return ApiResponse::error('无权访问该站点下的玩家', ErrorCode::AdminForbidden->value, null, 403); } return null; } }