kang
e3ffffad9c
- 在 SyncAdminAuthorizationCommand 中新增对代理线路和结算菜单操作的同步功能,确保缺失的菜单操作行能够被创建。 - 更新多个控制器中的权限检查逻辑,使用 hasPermissionCode 替代原有的权限验证方式,提升权限管理的灵活性。 - 在 AdminPlayerStoreController 中引入对玩家创建能力的验证,确保只有具备相应权限的管理员能够创建玩家。 - 更新请求验证逻辑,新增 credit_limit、rebate_rate 和 extra_rebate_rate 字段,以支持更细粒度的玩家管理。 - 在 AdminUser 和 AgentNode 模型中增强角色与用户的权限管理功能,支持更细粒度的权限控制。
148 lines
5.7 KiB
PHP
148 lines
5.7 KiB
PHP
<?php
|
|
|
|
namespace App\Services\Agent;
|
|
|
|
use App\Models\AdminRole;
|
|
use App\Models\AdminSite;
|
|
use App\Models\AdminUser;
|
|
use App\Models\AgentNode;
|
|
use App\Services\Integration\IntegrationSiteService;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
final class AgentSiteProvisioningService
|
|
{
|
|
/** @var list<string> */
|
|
private const LINE_ROOT_ROLE_SLUGS = [
|
|
'prd.agent.view',
|
|
'prd.agent.manage',
|
|
'prd.users.manage',
|
|
'prd.users.view_finance',
|
|
'prd.users.view_cs',
|
|
'prd.tickets.view',
|
|
'prd.report.view',
|
|
'prd.wallet_reconcile.view',
|
|
'prd.wallet_reconcile.view_cs',
|
|
];
|
|
|
|
public function __construct(
|
|
private readonly IntegrationSiteService $integrationSiteService,
|
|
private readonly AgentProfileService $agentProfileService,
|
|
) {}
|
|
|
|
/**
|
|
* @param array<string, mixed> $payload site fields + name, username, password, email?, status?
|
|
* @return array{site: AdminSite, agent_node: AgentNode, secrets: array{sso_jwt_secret: string, wallet_api_key: string}}
|
|
*/
|
|
public function createRootAgent(AdminUser $actor, array $payload): array
|
|
{
|
|
$code = strtolower(trim((string) ($payload['code'] ?? '')));
|
|
$name = trim((string) ($payload['name'] ?? ''));
|
|
$username = trim((string) ($payload['username'] ?? ''));
|
|
$password = (string) ($payload['password'] ?? '');
|
|
$email = isset($payload['email']) ? trim((string) $payload['email']) : null;
|
|
$status = (int) ($payload['status'] ?? 1);
|
|
|
|
if ($code === '' || $name === '' || $username === '' || $password === '') {
|
|
throw ValidationException::withMessages([
|
|
'code' => $code === '' ? ['required'] : [],
|
|
'name' => $name === '' ? ['required'] : [],
|
|
'username' => $username === '' ? ['required'] : [],
|
|
'password' => $password === '' ? ['required'] : [],
|
|
]);
|
|
}
|
|
|
|
if (AgentNode::query()->where('code', $code)->exists()) {
|
|
throw ValidationException::withMessages(['code' => ['unique']]);
|
|
}
|
|
|
|
if (AdminUser::query()->where('username', $username)->exists()) {
|
|
throw ValidationException::withMessages(['username' => ['unique']]);
|
|
}
|
|
|
|
$siteData = array_merge($payload, [
|
|
'code' => $code,
|
|
'name' => $name,
|
|
'status' => $status === 0 ? 0 : 1,
|
|
]);
|
|
|
|
return DB::transaction(function () use ($actor, $siteData, $code, $name, $username, $password, $email, $status): array {
|
|
$created = $this->integrationSiteService->create($siteData);
|
|
$site = $created['site'];
|
|
$secrets = $created['secrets'];
|
|
|
|
$existingRoot = AgentNode::query()
|
|
->where('admin_site_id', $site->id)
|
|
->where('depth', 0)
|
|
->first();
|
|
|
|
if ($existingRoot !== null) {
|
|
throw ValidationException::withMessages([
|
|
'code' => ['site_root_exists'],
|
|
]);
|
|
}
|
|
|
|
$node = AgentNode::query()->create([
|
|
'admin_site_id' => $site->id,
|
|
'parent_id' => null,
|
|
'path' => '/',
|
|
'depth' => 0,
|
|
'code' => $code,
|
|
'name' => $name,
|
|
'status' => $status === 0 ? 0 : 1,
|
|
'created_by' => $actor->id,
|
|
'extra_json' => null,
|
|
]);
|
|
$node->path = '/'.$node->id.'/';
|
|
$node->save();
|
|
|
|
$role = AdminRole::query()->create([
|
|
'slug' => 'agent_owner_'.$node->id,
|
|
'code' => 'agent_owner_'.$node->id,
|
|
'name' => '代理账号',
|
|
'description' => '线路根代理默认角色',
|
|
'status' => $status === 0 ? 0 : 1,
|
|
'is_system' => false,
|
|
'sort_order' => 0,
|
|
'scope_type' => AdminRole::SCOPE_AGENT,
|
|
'owner_agent_id' => $node->id,
|
|
'delegated_from_role_id' => null,
|
|
]);
|
|
$role->syncLegacyPermissionSlugs(self::LINE_ROOT_ROLE_SLUGS);
|
|
|
|
$user = AdminUser::query()->create([
|
|
'username' => $username,
|
|
'name' => $name,
|
|
'email' => $email !== '' ? $email : null,
|
|
'password' => $password,
|
|
'status' => $status === 0 ? 0 : 1,
|
|
]);
|
|
|
|
DB::table('admin_user_agents')->insert([
|
|
'admin_user_id' => $user->id,
|
|
'agent_node_id' => $node->id,
|
|
'is_primary' => true,
|
|
'granted_at' => now(),
|
|
]);
|
|
$user->syncAgentRoleIds((int) $node->id, [(int) $role->id]);
|
|
|
|
$this->agentProfileService->upsertForNode($node, [
|
|
'total_share_rate' => (float) ($payload['total_share_rate'] ?? 100),
|
|
'credit_limit' => (int) ($payload['credit_limit'] ?? 0),
|
|
'rebate_limit' => (float) ($payload['rebate_limit'] ?? 0),
|
|
'default_player_rebate' => (float) ($payload['default_player_rebate'] ?? 0),
|
|
'settlement_cycle' => (string) ($payload['settlement_cycle'] ?? 'weekly'),
|
|
'can_grant_extra_rebate' => (bool) ($payload['can_grant_extra_rebate'] ?? true),
|
|
'can_create_child_agent' => (bool) ($payload['can_create_child_agent'] ?? true),
|
|
'can_create_player' => (bool) ($payload['can_create_player'] ?? true),
|
|
]);
|
|
|
|
return [
|
|
'site' => $site->fresh(),
|
|
'agent_node' => $node->fresh(['adminSite']),
|
|
'secrets' => $secrets,
|
|
];
|
|
});
|
|
}
|
|
}
|