kang
a60ce8caad
- 在 DrawHallSnapshotBuilder 中简化数据获取逻辑,仅保留必要字段,更新状态表示方式。 - 在 AdminAuthorizationRegistry 中整合接入站点权限定义,提升权限管理的灵活性与可维护性。 - 更新调度任务配置,确保任务在单一服务器上运行,避免重叠执行,提高系统稳定性。 - 增强测试用例,确保新逻辑的正确性与稳定性。
225 lines
7.1 KiB
PHP
225 lines
7.1 KiB
PHP
<?php
|
|
|
|
use App\Models\Player;
|
|
use App\Models\AuditLog;
|
|
use App\Models\AdminRole;
|
|
use App\Models\AdminUser;
|
|
use App\Models\PlayerWallet;
|
|
use Database\Seeders\CurrencySeeder;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
beforeEach(function (): void {
|
|
$this->seed(CurrencySeeder::class);
|
|
});
|
|
|
|
function playerManageAdminToken(): string
|
|
{
|
|
$admin = AdminUser::query()->create([
|
|
'username' => 'player_manage_admin',
|
|
'name' => 'Player Manage Admin',
|
|
'email' => null,
|
|
'password' => Hash::make('secret-strong'),
|
|
'status' => 0,
|
|
]);
|
|
grantSuperAdminRole($admin);
|
|
|
|
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
|
|
}
|
|
|
|
function playerPermissionAdminToken(string $username, array $permissionSlugs): string
|
|
{
|
|
$admin = AdminUser::query()->create([
|
|
'username' => $username,
|
|
'name' => 'Player Permission Admin',
|
|
'email' => null,
|
|
'password' => Hash::make('secret-strong'),
|
|
'status' => 0,
|
|
]);
|
|
|
|
$role = AdminRole::query()->create([
|
|
'slug' => 'role_'.$username,
|
|
'name' => 'Role '.$username,
|
|
]);
|
|
$role->syncLegacyPermissionSlugs($permissionSlugs);
|
|
|
|
$admin->roles()->sync([
|
|
(int) $role->id => [
|
|
'site_id' => AdminUser::defaultAdminSiteId(),
|
|
'granted_at' => now(),
|
|
],
|
|
]);
|
|
|
|
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
|
|
}
|
|
|
|
function playerPermissionRequest($test, string $token)
|
|
{
|
|
app('auth')->forgetGuards();
|
|
|
|
return $test->withHeader('Authorization', 'Bearer '.$token);
|
|
}
|
|
|
|
test('admin can freeze and unfreeze player with audit log', function (): void {
|
|
$siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
|
|
$siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';
|
|
|
|
$player = Player::query()->create([
|
|
'site_code' => $siteCode,
|
|
'site_player_id' => 'freeze-1',
|
|
'username' => 'freeze_user',
|
|
'nickname' => 'Freeze',
|
|
'default_currency' => 'NPR',
|
|
'status' => 0,
|
|
]);
|
|
|
|
PlayerWallet::query()->create([
|
|
'player_id' => $player->id,
|
|
'wallet_type' => 'lottery',
|
|
'currency_code' => 'NPR',
|
|
'balance' => 1_000,
|
|
'frozen_balance' => 0,
|
|
'status' => 0,
|
|
'version' => 0,
|
|
]);
|
|
|
|
$token = playerManageAdminToken();
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->postJson('/api/v1/admin/players/'.$player->id.'/freeze')
|
|
->assertOk()
|
|
->assertJsonPath('data.status', 1);
|
|
|
|
$this->assertDatabaseHas('audit_logs', [
|
|
'module_code' => 'player_manage',
|
|
'action_code' => 'freeze',
|
|
'target_type' => 'player',
|
|
'target_id' => (string) $player->id,
|
|
]);
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->postJson('/api/v1/admin/players/'.$player->id.'/unfreeze')
|
|
->assertOk()
|
|
->assertJsonPath('data.status', 0);
|
|
|
|
expect(AuditLog::query()->where('module_code', 'player_manage')->count())->toBe(2);
|
|
});
|
|
|
|
test('player manage permission gates write and freeze APIs separately from view permissions', function (): void {
|
|
$siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
|
|
$siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';
|
|
|
|
$player = Player::query()->create([
|
|
'site_code' => $siteCode,
|
|
'site_player_id' => 'perm-1',
|
|
'username' => 'perm_user',
|
|
'nickname' => 'Perm',
|
|
'default_currency' => 'NPR',
|
|
'status' => 0,
|
|
]);
|
|
|
|
$financeToken = playerPermissionAdminToken('player_finance_viewer', ['prd.users.view_finance']);
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->getJson('/api/v1/admin/players?per_page=10')
|
|
->assertOk();
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/wallets')
|
|
->assertOk();
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/ticket-items')
|
|
->assertForbidden();
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->postJson('/api/v1/admin/players', [
|
|
'site_code' => 'main',
|
|
'site_player_id' => 'created-by-finance',
|
|
'default_currency' => 'NPR',
|
|
])
|
|
->assertForbidden();
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->putJson('/api/v1/admin/players/'.$player->id, ['nickname' => 'blocked'])
|
|
->assertForbidden();
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->postJson('/api/v1/admin/players/'.$player->id.'/freeze')
|
|
->assertForbidden();
|
|
|
|
$csToken = playerPermissionAdminToken('player_cs_viewer', ['prd.users.view_cs']);
|
|
|
|
playerPermissionRequest($this, $csToken)
|
|
->getJson('/api/v1/admin/players?per_page=10')
|
|
->assertOk();
|
|
|
|
playerPermissionRequest($this, $csToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/ticket-items')
|
|
->assertOk();
|
|
|
|
playerPermissionRequest($this, $csToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/wallets')
|
|
->assertForbidden();
|
|
|
|
$freezeToken = playerPermissionAdminToken('player_freezer', ['prd.player_freeze.manage']);
|
|
|
|
playerPermissionRequest($this, $freezeToken)
|
|
->getJson('/api/v1/admin/players?per_page=10')
|
|
->assertForbidden();
|
|
|
|
$freezeResp = playerPermissionRequest($this, $freezeToken)
|
|
->postJson('/api/v1/admin/players/'.$player->id.'/freeze');
|
|
$freezeResp->assertOk()
|
|
->assertJsonPath('data.status', 1);
|
|
|
|
playerPermissionRequest($this, $freezeToken)
|
|
->postJson('/api/v1/admin/players/'.$player->id.'/unfreeze')
|
|
->assertOk()
|
|
->assertJsonPath('data.status', 0);
|
|
|
|
$manageToken = playerPermissionAdminToken('player_manager', ['prd.users.manage']);
|
|
|
|
playerPermissionRequest($this, $manageToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/wallets')
|
|
->assertOk();
|
|
|
|
playerPermissionRequest($this, $manageToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/ticket-items')
|
|
->assertOk();
|
|
});
|
|
|
|
test('admin can update player default currency and validation rejects unknown code', function (): void {
|
|
$player = Player::query()->create([
|
|
'site_code' => 'main',
|
|
'site_player_id' => 'currency-1',
|
|
'username' => 'currency_user',
|
|
'nickname' => 'Currency',
|
|
'default_currency' => 'NPR',
|
|
'status' => 0,
|
|
]);
|
|
|
|
$token = playerManageAdminToken();
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->putJson('/api/v1/admin/players/'.$player->id, [
|
|
'default_currency' => 'usd',
|
|
])
|
|
->assertOk()
|
|
->assertJsonPath('data.default_currency', 'USD');
|
|
|
|
$this->assertDatabaseHas('players', [
|
|
'id' => $player->id,
|
|
'default_currency' => 'USD',
|
|
]);
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->putJson('/api/v1/admin/players/'.$player->id, [
|
|
'default_currency' => 'ABC',
|
|
])
|
|
->assertStatus(422);
|
|
});
|