kang
a10135d6ee
在多个玩家相关控制器中引入 AdminSiteScope,确保管理员在执行操作前具备相应的接入站点权限。更新 Player 相关请求以支持 site_code 参数,增强权限验证逻辑,确保系统安全性与灵活性。同时,新增 AdminUser 模型方法以获取可访问的站点 ID 列表,优化权限管理。
44 lines
1.2 KiB
PHP
44 lines
1.2 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api\V1\Admin\Player;
|
|
|
|
use App\Models\Player;
|
|
use App\Support\ApiResponse;
|
|
use App\Support\AdminSiteScope;
|
|
use App\Support\PlayerApiPresenter;
|
|
use App\Http\Controllers\Controller;
|
|
use App\Services\AuditLogger;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Request;
|
|
|
|
/** POST /api/v1/admin/players/{player}/unfreeze */
|
|
final class AdminPlayerUnfreezeController extends Controller
|
|
{
|
|
public function __invoke(Request $request, Player $player): JsonResponse
|
|
{
|
|
$admin = $request->lotteryAdmin();
|
|
abort_if($admin === null, 401);
|
|
|
|
if ($denied = AdminSiteScope::denyUnlessPlayerAccessible($admin, $player)) {
|
|
return $denied;
|
|
}
|
|
|
|
$before = PlayerApiPresenter::listItem($player);
|
|
|
|
$player->forceFill(['status' => 0])->save();
|
|
|
|
AuditLogger::recordForAdmin(
|
|
$request->user(),
|
|
$request,
|
|
'player_manage',
|
|
'unfreeze',
|
|
'player',
|
|
(string) $player->id,
|
|
$before,
|
|
PlayerApiPresenter::listItem($player->fresh(['wallets'])),
|
|
);
|
|
|
|
return ApiResponse::success(PlayerApiPresenter::listItem($player->fresh(['wallets'])));
|
|
}
|
|
}
|