kang
e3ffffad9c
- 在 SyncAdminAuthorizationCommand 中新增对代理线路和结算菜单操作的同步功能,确保缺失的菜单操作行能够被创建。 - 更新多个控制器中的权限检查逻辑,使用 hasPermissionCode 替代原有的权限验证方式,提升权限管理的灵活性。 - 在 AdminPlayerStoreController 中引入对玩家创建能力的验证,确保只有具备相应权限的管理员能够创建玩家。 - 更新请求验证逻辑,新增 credit_limit、rebate_rate 和 extra_rebate_rate 字段,以支持更细粒度的玩家管理。 - 在 AdminUser 和 AgentNode 模型中增强角色与用户的权限管理功能,支持更细粒度的权限控制。
266 lines
8.7 KiB
PHP
266 lines
8.7 KiB
PHP
<?php
|
|
|
|
use App\Models\Player;
|
|
use App\Models\AuditLog;
|
|
use App\Models\AdminRole;
|
|
use App\Models\AdminUser;
|
|
use App\Models\PlayerWallet;
|
|
use Database\Seeders\CurrencySeeder;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
beforeEach(function (): void {
|
|
$this->seed(CurrencySeeder::class);
|
|
});
|
|
|
|
function playerManageAdminToken(): string
|
|
{
|
|
$admin = AdminUser::query()->create([
|
|
'username' => 'player_manage_admin',
|
|
'name' => 'Player Manage Admin',
|
|
'email' => null,
|
|
'password' => Hash::make('secret-strong'),
|
|
'status' => 0,
|
|
]);
|
|
grantSuperAdminRole($admin);
|
|
|
|
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
|
|
}
|
|
|
|
function playerPermissionAdminToken(string $username, array $permissionSlugs): string
|
|
{
|
|
$admin = AdminUser::query()->create([
|
|
'username' => $username,
|
|
'name' => 'Player Permission Admin',
|
|
'email' => null,
|
|
'password' => Hash::make('secret-strong'),
|
|
'status' => 0,
|
|
]);
|
|
|
|
$role = AdminRole::query()->create([
|
|
'slug' => 'role_'.$username,
|
|
'name' => 'Role '.$username,
|
|
]);
|
|
$role->syncLegacyPermissionSlugs($permissionSlugs);
|
|
|
|
$admin->roles()->sync([
|
|
(int) $role->id => [
|
|
'site_id' => AdminUser::defaultAdminSiteId(),
|
|
'granted_at' => now(),
|
|
],
|
|
]);
|
|
|
|
return $admin->createToken('test', ['*'], now()->addDay())->plainTextToken;
|
|
}
|
|
|
|
function playerPermissionRequest($test, string $token)
|
|
{
|
|
app('auth')->forgetGuards();
|
|
|
|
return $test->withHeader('Authorization', 'Bearer '.$token);
|
|
}
|
|
|
|
test('super admin can create player under site root agent', function (): void {
|
|
$siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
|
|
$siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';
|
|
|
|
$token = playerManageAdminToken();
|
|
|
|
$sitePlayerId = 'manual-create-'.uniqid('', true);
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->postJson('/api/v1/admin/players', [
|
|
'site_code' => $siteCode,
|
|
'site_player_id' => $sitePlayerId,
|
|
'default_currency' => 'NPR',
|
|
'status' => 0,
|
|
])
|
|
->assertCreated()
|
|
->assertJsonPath('data.site_code', $siteCode)
|
|
->assertJsonPath('data.site_player_id', $sitePlayerId);
|
|
|
|
$this->assertDatabaseHas('players', [
|
|
'site_code' => $siteCode,
|
|
'site_player_id' => $sitePlayerId,
|
|
]);
|
|
});
|
|
|
|
test('platform user without agent binding cannot create player', function (): void {
|
|
$siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
|
|
$siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';
|
|
|
|
$token = playerPermissionAdminToken('player_manager_no_agent', ['prd.users.manage']);
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->postJson('/api/v1/admin/players', [
|
|
'site_code' => $siteCode,
|
|
'site_player_id' => 'blocked-create',
|
|
'default_currency' => 'NPR',
|
|
])
|
|
->assertStatus(422)
|
|
->assertJsonPath('msg', fn (string $msg): bool => str_contains($msg, '代理') || str_contains($msg, 'agent'));
|
|
});
|
|
|
|
test('admin can freeze and unfreeze player with audit log', function (): void {
|
|
$siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
|
|
$siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';
|
|
|
|
$player = Player::query()->create([
|
|
'site_code' => $siteCode,
|
|
'site_player_id' => 'freeze-1',
|
|
'username' => 'freeze_user',
|
|
'nickname' => 'Freeze',
|
|
'default_currency' => 'NPR',
|
|
'status' => 0,
|
|
]);
|
|
|
|
PlayerWallet::query()->create([
|
|
'player_id' => $player->id,
|
|
'wallet_type' => 'lottery',
|
|
'currency_code' => 'NPR',
|
|
'balance' => 1_000,
|
|
'frozen_balance' => 0,
|
|
'status' => 0,
|
|
'version' => 0,
|
|
]);
|
|
|
|
$token = playerManageAdminToken();
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->postJson('/api/v1/admin/players/'.$player->id.'/freeze')
|
|
->assertOk()
|
|
->assertJsonPath('data.status', 1);
|
|
|
|
$this->assertDatabaseHas('audit_logs', [
|
|
'module_code' => 'player_manage',
|
|
'action_code' => 'freeze',
|
|
'target_type' => 'player',
|
|
'target_id' => (string) $player->id,
|
|
]);
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->postJson('/api/v1/admin/players/'.$player->id.'/unfreeze')
|
|
->assertOk()
|
|
->assertJsonPath('data.status', 0);
|
|
|
|
expect(AuditLog::query()->where('module_code', 'player_manage')->count())->toBe(2);
|
|
});
|
|
|
|
test('player manage permission gates write and freeze APIs separately from view permissions', function (): void {
|
|
$siteCode = DB::table('admin_sites')->where('is_default', true)->value('code');
|
|
$siteCode = is_string($siteCode) && $siteCode !== '' ? $siteCode : 'default_site';
|
|
|
|
$player = Player::query()->create([
|
|
'site_code' => $siteCode,
|
|
'site_player_id' => 'perm-1',
|
|
'username' => 'perm_user',
|
|
'nickname' => 'Perm',
|
|
'default_currency' => 'NPR',
|
|
'status' => 0,
|
|
]);
|
|
|
|
$financeToken = playerPermissionAdminToken('player_finance_viewer', ['prd.users.view_finance']);
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->getJson('/api/v1/admin/players?per_page=10')
|
|
->assertOk();
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/wallets')
|
|
->assertOk();
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/ticket-items')
|
|
->assertForbidden();
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->postJson('/api/v1/admin/players', [
|
|
'site_code' => 'main',
|
|
'site_player_id' => 'created-by-finance',
|
|
'default_currency' => 'NPR',
|
|
])
|
|
->assertForbidden();
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->putJson('/api/v1/admin/players/'.$player->id, ['nickname' => 'blocked'])
|
|
->assertForbidden();
|
|
|
|
playerPermissionRequest($this, $financeToken)
|
|
->postJson('/api/v1/admin/players/'.$player->id.'/freeze')
|
|
->assertForbidden();
|
|
|
|
$csToken = playerPermissionAdminToken('player_cs_viewer', ['prd.users.view_cs']);
|
|
|
|
playerPermissionRequest($this, $csToken)
|
|
->getJson('/api/v1/admin/players?per_page=10')
|
|
->assertOk();
|
|
|
|
playerPermissionRequest($this, $csToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/ticket-items')
|
|
->assertOk();
|
|
|
|
playerPermissionRequest($this, $csToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/wallets')
|
|
->assertForbidden();
|
|
|
|
$freezeToken = playerPermissionAdminToken('player_freezer', ['prd.player_freeze.manage']);
|
|
|
|
playerPermissionRequest($this, $freezeToken)
|
|
->getJson('/api/v1/admin/players?per_page=10')
|
|
->assertForbidden();
|
|
|
|
$freezeResp = playerPermissionRequest($this, $freezeToken)
|
|
->postJson('/api/v1/admin/players/'.$player->id.'/freeze');
|
|
$freezeResp->assertOk()
|
|
->assertJsonPath('data.status', 1);
|
|
|
|
playerPermissionRequest($this, $freezeToken)
|
|
->postJson('/api/v1/admin/players/'.$player->id.'/unfreeze')
|
|
->assertOk()
|
|
->assertJsonPath('data.status', 0);
|
|
|
|
$manageToken = playerPermissionAdminToken('player_manager', ['prd.users.manage']);
|
|
|
|
playerPermissionRequest($this, $manageToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/wallets')
|
|
->assertOk();
|
|
|
|
playerPermissionRequest($this, $manageToken)
|
|
->getJson('/api/v1/admin/players/'.$player->id.'/ticket-items')
|
|
->assertOk();
|
|
});
|
|
|
|
test('admin can update player default currency and validation rejects unknown code', function (): void {
|
|
$player = Player::query()->create([
|
|
'site_code' => 'main',
|
|
'site_player_id' => 'currency-1',
|
|
'username' => 'currency_user',
|
|
'nickname' => 'Currency',
|
|
'default_currency' => 'NPR',
|
|
'status' => 0,
|
|
]);
|
|
|
|
$token = playerManageAdminToken();
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->putJson('/api/v1/admin/players/'.$player->id, [
|
|
'default_currency' => 'usd',
|
|
])
|
|
->assertOk()
|
|
->assertJsonPath('data.default_currency', 'USD');
|
|
|
|
$this->assertDatabaseHas('players', [
|
|
'id' => $player->id,
|
|
'default_currency' => 'USD',
|
|
]);
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->putJson('/api/v1/admin/players/'.$player->id, [
|
|
'default_currency' => 'ABC',
|
|
])
|
|
->assertStatus(422);
|
|
});
|