kang
1dcd4716c5
- 在多个控制器中将权限检查从 hasAdminPermission 更新为 hasPermissionCode,以增强权限管理的灵活性。 - 引入 AdminScopePolicy,优化基于代理节点的权限和数据过滤逻辑,确保管理员能够更精确地控制访问权限。 - 在请求验证中添加 agent_node_id 字段,确保 API 接口支持代理节点的相关操作。 - 更新 AdminUser 模型,新增 hasPermissionCode 方法,以支持更细粒度的权限检查。 - 优化审计日志记录逻辑,确保在处理请求时能够准确记录管理员的操作。
57 lines
1.7 KiB
PHP
57 lines
1.7 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api\V1\Admin\Agent;
|
|
|
|
use App\Models\AdminUser;
|
|
use App\Support\ApiResponse;
|
|
use App\Services\AuditLogger;
|
|
use Illuminate\Http\JsonResponse;
|
|
use App\Http\Controllers\Controller;
|
|
use App\Services\Agent\AgentAdminUserService;
|
|
use App\Support\AdminAgentNodeAccess;
|
|
use App\Support\AdminUserApiPresenter;
|
|
use App\Http\Requests\Admin\AgentAdminUserRoleSyncRequest;
|
|
|
|
final class AgentAdminUserRoleSyncController extends Controller
|
|
{
|
|
public function __invoke(
|
|
AgentAdminUserRoleSyncRequest $request,
|
|
AdminUser $admin_user,
|
|
AgentAdminUserService $service,
|
|
): JsonResponse {
|
|
$admin = $request->lotteryAdmin();
|
|
abort_if($admin === null, 401);
|
|
|
|
$agent = $admin_user->primaryAgentNode();
|
|
if ($agent === null) {
|
|
abort(404);
|
|
}
|
|
|
|
$denied = AdminAgentNodeAccess::denyUnlessNodeVisible($admin, $agent);
|
|
if ($denied !== null) {
|
|
return $denied;
|
|
}
|
|
|
|
if (! $admin->isSuperAdmin() && ! $admin->hasPermissionCode('agent.node.manage')) {
|
|
return AdminAgentNodeAccess::denyUnlessCanManageParent($admin, $agent);
|
|
}
|
|
|
|
$before = AdminUserApiPresenter::listItem($admin_user);
|
|
$user = $service->syncRoles($agent, $admin_user, $request->validated('role_ids'));
|
|
$after = AdminUserApiPresenter::listItem($user);
|
|
|
|
AuditLogger::recordForAdmin(
|
|
$admin,
|
|
$request,
|
|
'agent',
|
|
'agent_admin_user.sync_roles',
|
|
'admin_user',
|
|
(string) $user->id,
|
|
$before,
|
|
$after,
|
|
);
|
|
|
|
return ApiResponse::success($after);
|
|
}
|
|
}
|