kang
1dcd4716c5
- 在多个控制器中将权限检查从 hasAdminPermission 更新为 hasPermissionCode,以增强权限管理的灵活性。 - 引入 AdminScopePolicy,优化基于代理节点的权限和数据过滤逻辑,确保管理员能够更精确地控制访问权限。 - 在请求验证中添加 agent_node_id 字段,确保 API 接口支持代理节点的相关操作。 - 更新 AdminUser 模型,新增 hasPermissionCode 方法,以支持更细粒度的权限检查。 - 优化审计日志记录逻辑,确保在处理请求时能够准确记录管理员的操作。
55 lines
1.8 KiB
PHP
55 lines
1.8 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api\V1\Admin\User;
|
|
|
|
use App\Models\AdminRole;
|
|
use App\Support\ApiResponse;
|
|
use App\Services\AuditLogger;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Support\Facades\DB;
|
|
use App\Http\Controllers\Controller;
|
|
use App\Support\AdminPermissionInheritance;
|
|
use App\Support\AdminRoleApiPresenter;
|
|
use App\Http\Requests\Admin\AdminRoleStoreRequest;
|
|
|
|
final class AdminRoleStoreController extends Controller
|
|
{
|
|
public function __invoke(AdminRoleStoreRequest $request): JsonResponse
|
|
{
|
|
$permissionSlugs = AdminPermissionInheritance::expand(
|
|
array_values(array_unique($request->validated('permission_slugs', []))),
|
|
);
|
|
|
|
$role = DB::transaction(function () use ($request, $permissionSlugs): AdminRole {
|
|
$role = AdminRole::query()->create([
|
|
'slug' => $request->validated('slug'),
|
|
'code' => $request->validated('slug'),
|
|
'name' => $request->validated('name'),
|
|
'description' => $request->validated('description'),
|
|
'status' => $request->validated('status', 1),
|
|
'is_system' => false,
|
|
'sort_order' => 0,
|
|
'scope_type' => AdminRole::SCOPE_SYSTEM,
|
|
'owner_agent_id' => null,
|
|
'delegated_from_role_id' => null,
|
|
]);
|
|
$role->syncLegacyPermissionSlugs($permissionSlugs);
|
|
|
|
return $role->fresh();
|
|
});
|
|
|
|
AuditLogger::recordForAdmin(
|
|
$request->lotteryAdmin(),
|
|
$request,
|
|
'system',
|
|
'admin_role.create',
|
|
'admin_role',
|
|
(string) $role->id,
|
|
null,
|
|
AdminRoleApiPresenter::item($role),
|
|
);
|
|
|
|
return ApiResponse::success(AdminRoleApiPresenter::item($role));
|
|
}
|
|
}
|