kang
a10135d6ee
在多个玩家相关控制器中引入 AdminSiteScope,确保管理员在执行操作前具备相应的接入站点权限。更新 Player 相关请求以支持 site_code 参数,增强权限验证逻辑,确保系统安全性与灵活性。同时,新增 AdminUser 模型方法以获取可访问的站点 ID 列表,优化权限管理。
28 lines
757 B
PHP
28 lines
757 B
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api\V1\Admin\Player;
|
|
|
|
use App\Models\Player;
|
|
use App\Support\ApiResponse;
|
|
use App\Support\AdminSiteScope;
|
|
use Illuminate\Http\JsonResponse;
|
|
use App\Http\Controllers\Controller;
|
|
use Illuminate\Http\Request;
|
|
use App\Support\PlayerApiPresenter;
|
|
|
|
/** GET /api/v1/admin/players/{player} */
|
|
final class AdminPlayerShowController extends Controller
|
|
{
|
|
public function __invoke(Request $request, Player $player): JsonResponse
|
|
{
|
|
$admin = $request->lotteryAdmin();
|
|
abort_if($admin === null, 401);
|
|
|
|
if ($denied = AdminSiteScope::denyUnlessPlayerAccessible($admin, $player)) {
|
|
return $denied;
|
|
}
|
|
|
|
return ApiResponse::success(PlayerApiPresenter::listItem($player));
|
|
}
|
|
}
|