kang
1dcd4716c5
- 在多个控制器中将权限检查从 hasAdminPermission 更新为 hasPermissionCode,以增强权限管理的灵活性。 - 引入 AdminScopePolicy,优化基于代理节点的权限和数据过滤逻辑,确保管理员能够更精确地控制访问权限。 - 在请求验证中添加 agent_node_id 字段,确保 API 接口支持代理节点的相关操作。 - 更新 AdminUser 模型,新增 hasPermissionCode 方法,以支持更细粒度的权限检查。 - 优化审计日志记录逻辑,确保在处理请求时能够准确记录管理员的操作。
82 lines
2.3 KiB
PHP
82 lines
2.3 KiB
PHP
<?php
|
|
|
|
namespace App\Support;
|
|
|
|
use App\Models\AdminUser;
|
|
use App\Models\AgentNode;
|
|
|
|
final class AdminAuthProfile
|
|
{
|
|
/**
|
|
* @return array{
|
|
* id: int,
|
|
* username: string,
|
|
* nickname: string,
|
|
* email: ?string,
|
|
* permissions: list<string>,
|
|
* navigation: list<array{
|
|
* segment: string,
|
|
* label: string,
|
|
* href: string,
|
|
* nav_group: string,
|
|
* platform_only?: bool,
|
|
* activeMatchPrefix?: string,
|
|
* requiredAny?: list<string>
|
|
* }>,
|
|
* agent: ?array{
|
|
* id: int,
|
|
* admin_site_id: int,
|
|
* path: string,
|
|
* code: string,
|
|
* name: string,
|
|
* depth: int
|
|
* },
|
|
* is_super_admin: bool,
|
|
* operational_permissions: list<string>,
|
|
* delegation_ceiling: list<string>
|
|
* }
|
|
*/
|
|
public static function fromAdmin(AdminUser $admin): array
|
|
{
|
|
$fresh = $admin->fresh();
|
|
$permissionSlugs = $fresh->adminPermissionSlugs();
|
|
|
|
return [
|
|
'id' => $fresh->id,
|
|
'username' => $fresh->username,
|
|
'nickname' => $fresh->name,
|
|
'email' => $fresh->email,
|
|
'permissions' => $permissionSlugs,
|
|
'navigation' => AdminAuthorizationRegistry::visibleNavigationItems($permissionSlugs, $fresh),
|
|
'agent' => self::agentContext($fresh),
|
|
'is_super_admin' => $fresh->isSuperAdmin(),
|
|
'operational_permissions' => $permissionSlugs,
|
|
'delegation_ceiling' => AgentDelegationAuthorization::delegationLegacySlugsForAdminUser($fresh),
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @return array{id: int, admin_site_id: int, path: string, code: string, name: string, depth: int}|null
|
|
*/
|
|
private static function agentContext(AdminUser $admin): ?array
|
|
{
|
|
if ($admin->isSuperAdmin()) {
|
|
return null;
|
|
}
|
|
|
|
$node = $admin->primaryAgentNode();
|
|
if (! $node instanceof AgentNode) {
|
|
return null;
|
|
}
|
|
|
|
return [
|
|
'id' => (int) $node->id,
|
|
'admin_site_id' => (int) $node->admin_site_id,
|
|
'path' => (string) $node->path,
|
|
'code' => (string) $node->code,
|
|
'name' => (string) $node->name,
|
|
'depth' => (int) $node->depth,
|
|
];
|
|
}
|
|
}
|