kang
1d31f9e872
- 新增后台 RBAC 相关文档,提供权限目录与维护命令说明。 - 移除不必要的角色资源同步检查,简化权限审计命令。 - 更新权限描述与同步逻辑,确保一致性与可维护性。 - 统一权限注册表,替换过时的权限别名,增强代码可读性。
112 lines
3.0 KiB
PHP
112 lines
3.0 KiB
PHP
<?php
|
|
|
|
namespace App\Models;
|
|
|
|
use Illuminate\Support\Facades\DB;
|
|
use App\Support\AdminPermissionBridge;
|
|
use Illuminate\Database\Eloquent\Model;
|
|
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
|
|
|
|
final class AdminRole extends Model
|
|
{
|
|
public const ROLE_SUPER_ADMIN = 'super_admin';
|
|
|
|
protected $table = 'admin_roles';
|
|
|
|
protected static function booted(): void
|
|
{
|
|
self::creating(function (AdminRole $role): void {
|
|
if (($role->code ?? '') === '' && is_string($role->slug) && $role->slug !== '') {
|
|
$role->code = $role->slug;
|
|
}
|
|
});
|
|
}
|
|
|
|
protected $fillable = [
|
|
'slug',
|
|
'name',
|
|
'code',
|
|
'description',
|
|
'status',
|
|
'is_system',
|
|
'sort_order',
|
|
];
|
|
|
|
/**
|
|
* @return BelongsToMany<AdminMenuAction, AdminRole>
|
|
*/
|
|
public function menuActions(): BelongsToMany
|
|
{
|
|
return $this->belongsToMany(
|
|
AdminMenuAction::class,
|
|
'admin_role_menu_actions',
|
|
'role_id',
|
|
'menu_action_id',
|
|
);
|
|
}
|
|
|
|
/** @return BelongsToMany<AdminUser, AdminRole> */
|
|
public function users(): BelongsToMany
|
|
{
|
|
return $this->belongsToMany(
|
|
AdminUser::class,
|
|
'admin_user_site_roles',
|
|
'role_id',
|
|
'admin_user_id',
|
|
)->withPivot(['site_id', 'granted_at']);
|
|
}
|
|
|
|
/**
|
|
* 由已授权的 menu_action 反推 `prd.*`(与 Registry 映射一致)。
|
|
*
|
|
* @return list<string>
|
|
*/
|
|
public function legacyPermissionSlugs(): array
|
|
{
|
|
$codes = DB::table('admin_role_menu_actions as rma')
|
|
->join('admin_menu_actions as ma', 'ma.id', '=', 'rma.menu_action_id')
|
|
->where('rma.role_id', $this->id)
|
|
->where('ma.status', 1)
|
|
->pluck('ma.permission_code')
|
|
->all();
|
|
|
|
return AdminPermissionBridge::legacySlugsGrantedByMenuActionCodes($codes);
|
|
}
|
|
|
|
/**
|
|
* @param list<string> $slugs
|
|
*/
|
|
public function syncLegacyPermissionSlugs(array $slugs): void
|
|
{
|
|
$legacySlugs = AdminPermissionBridge::normalizeCanonicalLegacySlugs($slugs);
|
|
|
|
$codes = [];
|
|
foreach ($legacySlugs as $slug) {
|
|
$codes = array_merge($codes, AdminPermissionBridge::menuActionCodesForLegacy($slug));
|
|
}
|
|
$codes = array_values(array_unique($codes));
|
|
|
|
$ids = DB::table('admin_menu_actions')
|
|
->whereIn('permission_code', $codes)
|
|
->where('status', 1)
|
|
->pluck('id')
|
|
->all();
|
|
|
|
DB::table('admin_role_menu_actions')->where('role_id', $this->id)->delete();
|
|
foreach ($ids as $mid) {
|
|
DB::table('admin_role_menu_actions')->insert([
|
|
'role_id' => $this->id,
|
|
'menu_action_id' => (int) $mid,
|
|
]);
|
|
}
|
|
}
|
|
|
|
public function assignedUserCount(): int
|
|
{
|
|
return (int) DB::table('admin_user_site_roles')
|
|
->where('role_id', $this->id)
|
|
->distinct()
|
|
->count('admin_user_id');
|
|
}
|
|
}
|