kang
1d31f9e872
- 新增后台 RBAC 相关文档,提供权限目录与维护命令说明。 - 移除不必要的角色资源同步检查,简化权限审计命令。 - 更新权限描述与同步逻辑,确保一致性与可维护性。 - 统一权限注册表,替换过时的权限别名,增强代码可读性。
84 lines
2.9 KiB
PHP
84 lines
2.9 KiB
PHP
<?php
|
|
|
|
namespace App\Console\Commands;
|
|
|
|
use Illuminate\Support\Carbon;
|
|
use Illuminate\Console\Command;
|
|
use Illuminate\Support\Facades\DB;
|
|
use App\Support\AdminAuthorizationRegistry;
|
|
|
|
final class SyncAdminAuthorizationCommand extends Command
|
|
{
|
|
protected $signature = 'lottery:admin-auth-sync
|
|
{--audit : 同步完成后立即执行后台权限体检}';
|
|
|
|
protected $description = '根据后台统一注册表同步 admin_api_resources 与 resource_bindings';
|
|
|
|
public function handle(): int
|
|
{
|
|
$now = Carbon::now();
|
|
$menuActionIds = DB::table('admin_menu_actions')->pluck('id', 'permission_code');
|
|
|
|
foreach (AdminAuthorizationRegistry::resources() as $resource) {
|
|
$resourceId = DB::table('admin_api_resources')
|
|
->where('code', $resource['code'])
|
|
->value('id');
|
|
|
|
$payload = [
|
|
'module_code' => $resource['module_code'],
|
|
'name' => $resource['name'],
|
|
'http_method' => $resource['http_method'],
|
|
'uri_pattern' => $resource['uri_pattern'],
|
|
'route_name' => $resource['route_name'],
|
|
'auth_mode' => $resource['auth_mode'],
|
|
'is_audit_required' => $resource['is_audit_required'],
|
|
'status' => 1,
|
|
'meta_json' => null,
|
|
'updated_at' => $now,
|
|
];
|
|
|
|
if ($resourceId === null) {
|
|
$resourceId = DB::table('admin_api_resources')->insertGetId($payload + [
|
|
'code' => $resource['code'],
|
|
'created_at' => $now,
|
|
]);
|
|
} else {
|
|
DB::table('admin_api_resources')
|
|
->where('id', (int) $resourceId)
|
|
->update($payload);
|
|
}
|
|
|
|
DB::table('admin_api_resource_bindings')
|
|
->where('api_resource_id', (int) $resourceId)
|
|
->delete();
|
|
|
|
foreach ($resource['permission_codes'] as $permissionCode) {
|
|
$menuActionId = $menuActionIds[$permissionCode] ?? null;
|
|
if ($menuActionId === null) {
|
|
$this->warn(sprintf('跳过未找到的 permission_code: %s', $permissionCode));
|
|
|
|
continue;
|
|
}
|
|
|
|
DB::table('admin_api_resource_bindings')->insert([
|
|
'api_resource_id' => (int) $resourceId,
|
|
'menu_action_id' => (int) $menuActionId,
|
|
'created_at' => $now,
|
|
'updated_at' => $now,
|
|
]);
|
|
}
|
|
}
|
|
|
|
$this->info(sprintf(
|
|
'Admin authorization synced: %d resources.',
|
|
count(AdminAuthorizationRegistry::resources()),
|
|
));
|
|
|
|
if ((bool) $this->option('audit')) {
|
|
return $this->call('lottery:admin-auth-audit');
|
|
}
|
|
|
|
return self::SUCCESS;
|
|
}
|
|
}
|