xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
395e1c74005d6839349c396e82101345607e3374
lotteryLaravel/app/Support/AdminAgentNodeAccess.php
kang 395e1c7400 feat: refactor super admin to use is_super_admin flag and enhance site deletion logic 
- Changed super admin detection from role-based to `is_super_admin` flag in AdminUser model
- Added `requireDefaultAdminSiteId()` method to throw validation error when no integration site exists
- Enhanced site deletion to migrate platform role bindings to fallback site and auto-delete site-specific admin accounts
- Made agent line code optional with auto-generation fallback using `{site_code}-agent-{counter}` format
2026-06-12 20:47:40 +08:00

109 lines
3.2 KiB
PHP
Raw Blame History

<?php
namespace App\Support;
use App\Models\AdminSite;
use App\Models\AdminUser;
use App\Models\AgentNode;
use App\Lottery\ErrorCode;
use App\Support\ApiMessage;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
final class AdminAgentNodeAccess
{
public static function resolveAdminSiteId(AdminUser $admin, ?int $requestedSiteId): ?int
{
if ($admin->isSuperAdmin()) {
if ($requestedSiteId !== null && $requestedSiteId > 0) {
return $requestedSiteId;
}
return (int) (AdminSite::query()->where('is_default', true)->value('id')
?? AdminSite::query()->orderBy('id')->value('id'));
}
// Check if admin is a platform account (bound via admin_user_site_roles)
$accessibleSiteIds = $admin->accessibleAdminSiteIds();
if ($accessibleSiteIds !== null) {
// Platform account (site admin)
if ($requestedSiteId !== null && $requestedSiteId > 0) {
if (in_array($requestedSiteId, $accessibleSiteIds, true)) {
return $requestedSiteId;
}
return null;
}
// Return first accessible site if no specific site requested
return $accessibleSiteIds[0] ?? null;
}
// Agent account (bound via agent node)
$actor = AdminAgentScope::primaryAgentNode($admin);
if ($actor === null) {
return null;
}
if ($requestedSiteId !== null && $requestedSiteId > 0 && $requestedSiteId !== (int) $actor->admin_site_id) {
return null;
}
return (int) $actor->admin_site_id;
}
public static function denyUnlessSiteResolved(AdminUser $admin, ?int $siteId): ?JsonResponse
{
if ($siteId !== null && $siteId > 0) {
return null;
}
return ApiMessage::errorResponse(
request(),
'admin.agent_site_access_denied',
ErrorCode::AdminForbidden->value,
null,
403,
);
}
public static function denyUnlessNodeVisible(AdminUser $admin, AgentNode $node): ?JsonResponse
{
if (AdminAgentScope::nodeVisibleTo($admin, $node)) {
return null;
}
return ApiMessage::errorResponse(
request(),
'admin.agent_node_access_denied',
ErrorCode::AdminForbidden->value,
null,
403,
);
}
public static function denyUnlessCanManageParent(AdminUser $admin, AgentNode $parent): ?JsonResponse
{
if (! AdminAgentScope::nodeManageableBy($admin, $parent)) {
return ApiMessage::errorResponse(
request(),
'admin.agent_node_manage_denied',
ErrorCode::AdminForbidden->value,
null,
403,
);
}
if ($parent->isRoot() && ! $admin->isSuperAdmin()) {
return ApiMessage::errorResponse(
request(),
'admin.agent_root_create_denied',
ErrorCode::AdminForbidden->value,
null,
403,
);
}
return null;
}
}
Reference in New Issue View Git Blame Copy Permalink