lotteryLaravel/app/Support/AgentDefaultRolePermissions.php

<?php

namespace App\Support;

use App\Models\AdminRole;
use App\Models\AgentNode;
use App\Models\AgentProfile;

/**
 * 平台「代理」系统角色（slug=agent）的默认 prd.* 模板。
 * 经营代理主账号只绑定该角色；权限在「平台角色管理」调整，不按线路写 agent_owner_*。
 *
 * @see \App\Support\AgentPlatformRole
 */
final class AgentDefaultRolePermissions
{
    /** 所有经营代理主账号均具备的基础能力（不含钱包对账 / 平台配置）。 */
    private const BASE_SLUGS = [
        'prd.dashboard.view',
        'prd.agent.view',
        'prd.agent.role.view',
        'prd.agent.user.view',
        'prd.tickets.view',
        'prd.settlement.agent.view',
    ];

    private const CHILD_AGENT_MANAGE_SLUGS = [
        'prd.agent.manage',
        'prd.agent.profile.manage',
    ];

    private const PLAYER_MANAGE_SLUGS = [
        'prd.users.manage',
        'prd.users.view_cs',
    ];

    /** 线路根代理（depth=0）在基础包之上额外具备的经营权限。 */
    private const LINE_ROOT_EXTRA_SLUGS = [
        'prd.agent.manage',
        'prd.agent.profile.manage',
        'prd.agent.role.manage',
        'prd.agent.user.manage',
        'prd.users.manage',
        'prd.users.view_cs',
        'prd.settlement.agent.manage',
    ];

    /**
     * @return list<string>
     */
    public static function baseSlugs(): array
    {
        return self::BASE_SLUGS;
    }

    /**
     * @return list<string>
     */
    public static function ownerSlugsForNode(AgentNode $node, ?AgentProfile $profile = null): array
    {
        if ($node->isRoot()) {
            return self::lineRootOwnerSlugs();
        }

        $profile ??= AgentProfile::query()->where('agent_node_id', $node->id)->first();

        if ($profile === null) {
            return self::defaultOwnerSlugsWithoutProfile();
        }

        return self::ownerSlugsFromProfile($profile);
    }

    /**
     * @return list<string>
     */
    public static function lineRootOwnerSlugs(): array
    {
        return array_values(array_unique(array_merge(
            self::BASE_SLUGS,
            self::LINE_ROOT_EXTRA_SLUGS,
        )));
    }

    /**
     * @return list<string>
     */
    public static function ownerSlugsFromProfile(AgentProfile $profile): array
    {
        $slugs = self::BASE_SLUGS;
        if ($profile->can_create_child_agent) {
            $slugs = array_merge($slugs, self::CHILD_AGENT_MANAGE_SLUGS);
        }
        if ($profile->can_create_player) {
            $slugs = array_merge($slugs, self::PLAYER_MANAGE_SLUGS);
        }

        return array_values(array_unique($slugs));
    }

    /**
     * @return list<string>
     */
    public static function defaultOwnerSlugsWithoutProfile(): array
    {
        return self::BASE_SLUGS;
    }

    /**
     * @param  array<string, mixed>  $createPayload
     * @return list<string>
     */
    public static function ownerSlugsForNewChild(array $createPayload): array
    {
        $slugs = self::BASE_SLUGS;
        if ((bool) ($createPayload['can_create_child_agent'] ?? false)) {
            $slugs = array_merge($slugs, self::CHILD_AGENT_MANAGE_SLUGS);
        }
        if ((bool) ($createPayload['can_create_player'] ?? true)) {
            $slugs = array_merge($slugs, self::PLAYER_MANAGE_SLUGS);
        }

        return array_values(array_unique($slugs));
    }

    /**
     * 平台「代理」系统角色模板（出现在「平台角色管理」列表，供手动分配或作站点 pivot 回退）。
     *
     * @return list<string>
     */
    public static function platformAgentRoleTemplateSlugs(): array
    {
        return self::defaultOwnerSlugsWithoutProfile();
    }

    /** 确保存在 slug=agent 的平台系统角色，并同步模板权限。 */
    public static function ensurePlatformAgentRole(): AdminRole
    {
        $role = AdminRole::query()->updateOrCreate(
            [
                'slug' => 'agent',
                'scope_type' => AdminRole::SCOPE_SYSTEM,
            ],
            [
                'code' => 'agent',
                'name' => '代理',
                'description' => '经营代理默认权限模板（与线路内 agent_owner 默认包一致）',
                'status' => 1,
                'is_system' => true,
                'sort_order' => 50,
                'owner_agent_id' => null,
                'delegated_from_role_id' => null,
            ],
        );

        $role->syncLegacyPermissionSlugs(self::platformAgentRoleTemplateSlugs());

        return $role->fresh() ?? $role;
    }
}