lotteryLaravel/app/Console/Commands/SyncAdminAuthorizationCommand.php

<?php

namespace App\Console\Commands;

use Illuminate\Console\Command;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
use App\Support\AdminAuthorizationRegistry;

final class SyncAdminAuthorizationCommand extends Command
{
    protected $signature = 'lottery:admin-auth-sync';

    protected $description = '根据后台统一注册表同步 admin_api_resources / bindings / role_api_resources';

    public function handle(): int
    {
        $now = Carbon::now();
        $menuActionIds = DB::table('admin_menu_actions')->pluck('id', 'permission_code');

        foreach (AdminAuthorizationRegistry::resources() as $resource) {
            $resourceId = DB::table('admin_api_resources')
                ->where('code', $resource['code'])
                ->value('id');

            $payload = [
                'module_code' => $resource['module_code'],
                'name' => $resource['name'],
                'http_method' => $resource['http_method'],
                'uri_pattern' => $resource['uri_pattern'],
                'route_name' => $resource['route_name'],
                'auth_mode' => $resource['auth_mode'],
                'is_audit_required' => $resource['is_audit_required'],
                'status' => 1,
                'meta_json' => null,
                'updated_at' => $now,
            ];

            if ($resourceId === null) {
                $resourceId = DB::table('admin_api_resources')->insertGetId($payload + [
                    'code' => $resource['code'],
                    'created_at' => $now,
                ]);
            } else {
                DB::table('admin_api_resources')
                    ->where('id', (int) $resourceId)
                    ->update($payload);
            }

            DB::table('admin_api_resource_bindings')
                ->where('api_resource_id', (int) $resourceId)
                ->delete();

            foreach ($resource['permission_codes'] as $permissionCode) {
                $menuActionId = $menuActionIds[$permissionCode] ?? null;
                if ($menuActionId === null) {
                    $this->warn(sprintf('跳过未找到的 permission_code: %s', $permissionCode));
                    continue;
                }

                DB::table('admin_api_resource_bindings')->insert([
                    'api_resource_id' => (int) $resourceId,
                    'menu_action_id' => (int) $menuActionId,
                    'created_at' => $now,
                    'updated_at' => $now,
                ]);
            }
        }

        DB::table('admin_role_api_resources')->delete();

        $roleResourceRows = DB::table('admin_role_menu_actions as rma')
            ->join('admin_api_resource_bindings as arb', 'arb.menu_action_id', '=', 'rma.menu_action_id')
            ->select('rma.role_id', 'arb.api_resource_id')
            ->distinct()
            ->get();

        foreach ($roleResourceRows as $row) {
            DB::table('admin_role_api_resources')->insert([
                'role_id' => (int) $row->role_id,
                'api_resource_id' => (int) $row->api_resource_id,
            ]);
        }

        $this->info(sprintf(
            'Admin authorization synced: %d resources, %d role-resource rows.',
            count(AdminAuthorizationRegistry::resources()),
            $roleResourceRows->count(),
        ));

        return self::SUCCESS;
    }
}