first

2026-05-11 15:28:27 +08:00
commit edd1a02157
302 changed files with 67193 additions and 0 deletions
--- a/server-api/app/support/AdminAccessService.php
+++ b/server-api/app/support/AdminAccessService.php
@@ -0,0 +1,253 @@
+<?php
+
+namespace app\support;
+
+use support\think\Db;
+
+class AdminAccessService
+{
+    public function bootstrapDefaults(): void
+    {
+        $this->syncPermissions();
+        $superAdminRoleId = $this->ensureSuperAdminRole();
+        $this->ensureDefaultOperationRoles();
+        $this->ensureDefaultAdmin($superAdminRoleId);
+    }
+
+    public function permissionDefinitions(): array
+    {
+        return [
+            ['name' => '查看工作台', 'code' => 'dashboard.view', 'module' => 'dashboard', 'action' => 'view'],
+            ['name' => '管理订单', 'code' => 'orders.manage', 'module' => 'orders', 'action' => 'manage'],
+            ['name' => '管理鉴定任务', 'code' => 'appraisal_tasks.manage', 'module' => 'appraisal_tasks', 'action' => 'manage'],
+            ['name' => '管理商品资料', 'code' => 'catalog.manage', 'module' => 'catalog', 'action' => 'manage'],
+            ['name' => '管理报告', 'code' => 'reports.manage', 'module' => 'reports', 'action' => 'manage'],
+            ['name' => '管理消息', 'code' => 'messages.manage', 'module' => 'messages', 'action' => 'manage'],
+            ['name' => '管理工单', 'code' => 'tickets.manage', 'module' => 'tickets', 'action' => 'manage'],
+            ['name' => '管理用户', 'code' => 'users.manage', 'module' => 'users', 'action' => 'manage'],
+            ['name' => '管理客户', 'code' => 'customers.manage', 'module' => 'customers', 'action' => 'manage'],
+            ['name' => '管理仓库', 'code' => 'warehouses.manage', 'module' => 'warehouses', 'action' => 'manage'],
+            ['name' => '管理物料', 'code' => 'materials.manage', 'module' => 'materials', 'action' => 'manage'],
+            ['name' => '管理权限', 'code' => 'access.manage', 'module' => 'access', 'action' => 'manage'],
+            ['name' => '管理系统配置', 'code' => 'system.manage', 'module' => 'system_config', 'action' => 'manage'],
+        ];
+    }
+
+    public function moduleText(string $module): string
+    {
+        return match ($module) {
+            'dashboard' => '工作台',
+            'orders' => '订单中心',
+            'appraisal_tasks' => '鉴定作业台',
+            'catalog' => '商品资料中心',
+            'reports' => '报告中心',
+            'messages' => '消息中心',
+            'tickets' => '客服与售后',
+            'users' => '用户管理',
+            'customers' => '客户管理',
+            'warehouses' => '仓库中心',
+            'materials' => '物料管理',
+            'access' => '权限中心',
+            'system_config' => '系统配置',
+            default => $module,
+        };
+    }
+
+    public function statusText(string $status): string
+    {
+        return match ($status) {
+            'enabled' => '启用中',
+            'disabled' => '已停用',
+            default => $status,
+        };
+    }
+
+    private function syncPermissions(): void
+    {
+        $now = date('Y-m-d H:i:s');
+        foreach ($this->permissionDefinitions() as $item) {
+            $exists = Db::name('admin_permissions')->where('code', $item['code'])->find();
+            $payload = [
+                'name' => $item['name'],
+                'code' => $item['code'],
+                'module' => $item['module'],
+                'action' => $item['action'],
+                'updated_at' => $now,
+            ];
+            if ($exists) {
+                Db::name('admin_permissions')->where('id', $exists['id'])->update($payload);
+            } else {
+                try {
+                    $payload['created_at'] = $now;
+                    Db::name('admin_permissions')->insert($payload);
+                } catch (\Throwable $e) {
+                    // Ignore duplicate insert caused by concurrent bootstrap.
+                }
+            }
+        }
+    }
+
+    private function ensureSuperAdminRole(): int
+    {
+        $now = date('Y-m-d H:i:s');
+        $role = Db::name('admin_roles')->where('code', 'super_admin')->find();
+
+        if ($role) {
+            Db::name('admin_roles')->where('id', $role['id'])->update([
+                'name' => '超级管理员',
+                'status' => 'enabled',
+                'updated_at' => $now,
+            ]);
+            $roleId = (int)$role['id'];
+        } else {
+            $roleId = (int)Db::name('admin_roles')->insertGetId([
+                'name' => '超级管理员',
+                'code' => 'super_admin',
+                'status' => 'enabled',
+                'created_at' => $now,
+                'updated_at' => $now,
+            ]);
+        }
+
+        $permissionIds = Db::name('admin_permissions')->column('id');
+        foreach ($permissionIds as $permissionId) {
+            $exists = Db::name('admin_role_permissions')
+                ->where('role_id', $roleId)
+                ->where('permission_id', $permissionId)
+                ->find();
+            if (!$exists) {
+                try {
+                    Db::name('admin_role_permissions')->insert([
+                        'role_id' => $roleId,
+                        'permission_id' => $permissionId,
+                        'created_at' => $now,
+                    ]);
+                } catch (\Throwable $e) {
+                    // Ignore duplicate insert caused by concurrent bootstrap.
+                }
+            }
+        }
+
+        return $roleId;
+    }
+
+    private function ensureDefaultOperationRoles(): void
+    {
+        $this->ensureRoleWithPermissions('appraiser', '鉴定师', [
+            'dashboard.view',
+            'appraisal_tasks.manage',
+            'reports.manage',
+        ]);
+
+        $this->ensureRoleWithPermissions('reviewer', '报告管理员', [
+            'dashboard.view',
+            'appraisal_tasks.manage',
+            'reports.manage',
+        ]);
+
+        $this->ensureRoleWithPermissions('material_manager', '物料管理员', [
+            'dashboard.view',
+            'materials.manage',
+        ]);
+    }
+
+    private function ensureRoleWithPermissions(string $code, string $name, array $permissionCodes): int
+    {
+        $now = date('Y-m-d H:i:s');
+        $role = Db::name('admin_roles')->where('code', $code)->find();
+
+        if ($role) {
+            Db::name('admin_roles')->where('id', $role['id'])->update([
+                'name' => $name,
+                'status' => 'enabled',
+                'updated_at' => $now,
+            ]);
+            $roleId = (int)$role['id'];
+        } else {
+            $roleId = (int)Db::name('admin_roles')->insertGetId([
+                'name' => $name,
+                'code' => $code,
+                'status' => 'enabled',
+                'created_at' => $now,
+                'updated_at' => $now,
+            ]);
+        }
+
+        $permissionIds = Db::name('admin_permissions')
+            ->whereIn('code', $permissionCodes)
+            ->column('id');
+
+        $permissionIds = array_map('intval', $permissionIds);
+        $existingPermissionIds = array_map(
+            'intval',
+            Db::name('admin_role_permissions')->where('role_id', $roleId)->column('permission_id')
+        );
+
+        $obsoletePermissionIds = array_values(array_diff($existingPermissionIds, $permissionIds));
+        if ($obsoletePermissionIds) {
+            Db::name('admin_role_permissions')
+                ->where('role_id', $roleId)
+                ->whereIn('permission_id', $obsoletePermissionIds)
+                ->delete();
+        }
+
+        $missingPermissionIds = array_values(array_diff($permissionIds, $existingPermissionIds));
+        foreach ($missingPermissionIds as $permissionId) {
+            try {
+                Db::name('admin_role_permissions')->insert([
+                    'role_id' => $roleId,
+                    'permission_id' => (int)$permissionId,
+                    'created_at' => $now,
+                ]);
+            } catch (\Throwable $e) {
+                // Ignore duplicate insert caused by concurrent bootstrap.
+            }
+        }
+
+        return $roleId;
+    }
+
+    private function ensureDefaultAdmin(int $superAdminRoleId): void
+    {
+        $now = date('Y-m-d H:i:s');
+        $admin = Db::name('admin_users')->order('id', 'asc')->find();
+        $defaultPasswordHash = password_hash('Admin@123456', PASSWORD_BCRYPT);
+
+        if ($admin) {
+            if (($admin['password'] ?? '') === '' || ($admin['password'] ?? '') === 'not-used') {
+                Db::name('admin_users')->where('id', $admin['id'])->update([
+                    'password' => $defaultPasswordHash,
+                    'updated_at' => $now,
+                ]);
+            }
+            $adminId = (int)$admin['id'];
+        } else {
+            $adminId = (int)Db::name('admin_users')->insertGetId([
+                'name' => '系统管理员',
+                'mobile' => '13800138000',
+                'email' => 'admin@anxinyan.local',
+                'password' => $defaultPasswordHash,
+                'status' => 'enabled',
+                'last_login_at' => null,
+                'created_at' => $now,
+                'updated_at' => $now,
+            ]);
+        }
+
+        $relation = Db::name('admin_role_relations')
+            ->where('admin_user_id', $adminId)
+            ->where('role_id', $superAdminRoleId)
+            ->find();
+        if (!$relation) {
+            try {
+                Db::name('admin_role_relations')->insert([
+                    'admin_user_id' => $adminId,
+                    'role_id' => $superAdminRoleId,
+                    'created_at' => $now,
+                ]);
+            } catch (\Throwable $e) {
+                // Ignore duplicate insert caused by concurrent bootstrap.
+            }
+        }
+    }
+}