anxinyan/server-api/app/support/AdminAccessService.php

<?php

namespace app\support;

use support\think\Db;

class AdminAccessService
{
    public function bootstrapDefaults(): void
    {
        $this->syncPermissions();
        $superAdminRoleId = $this->ensureSuperAdminRole();
        $this->ensureDefaultOperationRoles();
        $this->ensureDefaultAdmin($superAdminRoleId);
    }

    public function permissionDefinitions(): array
    {
        return [
            ['name' => '查看工作台', 'code' => 'dashboard.view', 'module' => 'dashboard', 'action' => 'view'],
            ['name' => '管理订单', 'code' => 'orders.manage', 'module' => 'orders', 'action' => 'manage'],
            ['name' => '管理鉴定任务', 'code' => 'appraisal_tasks.manage', 'module' => 'appraisal_tasks', 'action' => 'manage'],
            ['name' => '管理商品资料', 'code' => 'catalog.manage', 'module' => 'catalog', 'action' => 'manage'],
            ['name' => '管理报告', 'code' => 'reports.manage', 'module' => 'reports', 'action' => 'manage'],
            ['name' => '管理消息', 'code' => 'messages.manage', 'module' => 'messages', 'action' => 'manage'],
            ['name' => '管理工单', 'code' => 'tickets.manage', 'module' => 'tickets', 'action' => 'manage'],
            ['name' => '管理用户', 'code' => 'users.manage', 'module' => 'users', 'action' => 'manage'],
            ['name' => '管理客户', 'code' => 'customers.manage', 'module' => 'customers', 'action' => 'manage'],
            ['name' => '管理仓库', 'code' => 'warehouses.manage', 'module' => 'warehouses', 'action' => 'manage'],
            ['name' => '管理物料', 'code' => 'materials.manage', 'module' => 'materials', 'action' => 'manage'],
            ['name' => '管理权限', 'code' => 'access.manage', 'module' => 'access', 'action' => 'manage'],
            ['name' => '管理系统配置', 'code' => 'system.manage', 'module' => 'system_config', 'action' => 'manage'],
        ];
    }

    public function moduleText(string $module): string
    {
        return match ($module) {
            'dashboard' => '工作台',
            'orders' => '订单中心',
            'appraisal_tasks' => '鉴定作业台',
            'catalog' => '商品资料中心',
            'reports' => '报告中心',
            'messages' => '消息中心',
            'tickets' => '客服与售后',
            'users' => '用户管理',
            'customers' => '客户管理',
            'warehouses' => '仓库中心',
            'materials' => '物料管理',
            'access' => '权限中心',
            'system_config' => '系统配置',
            default => $module,
        };
    }

    public function statusText(string $status): string
    {
        return match ($status) {
            'enabled' => '启用中',
            'disabled' => '已停用',
            default => $status,
        };
    }

    private function syncPermissions(): void
    {
        $now = date('Y-m-d H:i:s');
        foreach ($this->permissionDefinitions() as $item) {
            $exists = Db::name('admin_permissions')->where('code', $item['code'])->find();
            $payload = [
                'name' => $item['name'],
                'code' => $item['code'],
                'module' => $item['module'],
                'action' => $item['action'],
                'updated_at' => $now,
            ];
            if ($exists) {
                Db::name('admin_permissions')->where('id', $exists['id'])->update($payload);
            } else {
                try {
                    $payload['created_at'] = $now;
                    Db::name('admin_permissions')->insert($payload);
                } catch (\Throwable $e) {
                    // Ignore duplicate insert caused by concurrent bootstrap.
                }
            }
        }
    }

    private function ensureSuperAdminRole(): int
    {
        $now = date('Y-m-d H:i:s');
        $role = Db::name('admin_roles')->where('code', 'super_admin')->find();

        if ($role) {
            Db::name('admin_roles')->where('id', $role['id'])->update([
                'name' => '超级管理员',
                'status' => 'enabled',
                'updated_at' => $now,
            ]);
            $roleId = (int)$role['id'];
        } else {
            $roleId = (int)Db::name('admin_roles')->insertGetId([
                'name' => '超级管理员',
                'code' => 'super_admin',
                'status' => 'enabled',
                'created_at' => $now,
                'updated_at' => $now,
            ]);
        }

        $permissionIds = Db::name('admin_permissions')->column('id');
        foreach ($permissionIds as $permissionId) {
            $exists = Db::name('admin_role_permissions')
                ->where('role_id', $roleId)
                ->where('permission_id', $permissionId)
                ->find();
            if (!$exists) {
                try {
                    Db::name('admin_role_permissions')->insert([
                        'role_id' => $roleId,
                        'permission_id' => $permissionId,
                        'created_at' => $now,
                    ]);
                } catch (\Throwable $e) {
                    // Ignore duplicate insert caused by concurrent bootstrap.
                }
            }
        }

        return $roleId;
    }

    private function ensureDefaultOperationRoles(): void
    {
        $this->ensureRoleWithPermissions('appraiser', '鉴定师', [
            'dashboard.view',
            'appraisal_tasks.manage',
            'reports.manage',
        ]);

        $this->ensureRoleWithPermissions('reviewer', '报告管理员', [
            'dashboard.view',
            'appraisal_tasks.manage',
            'reports.manage',
        ]);

        $this->ensureRoleWithPermissions('material_manager', '物料管理员', [
            'dashboard.view',
            'materials.manage',
        ]);
    }

    private function ensureRoleWithPermissions(string $code, string $name, array $permissionCodes): int
    {
        $now = date('Y-m-d H:i:s');
        $role = Db::name('admin_roles')->where('code', $code)->find();

        if ($role) {
            Db::name('admin_roles')->where('id', $role['id'])->update([
                'name' => $name,
                'status' => 'enabled',
                'updated_at' => $now,
            ]);
            $roleId = (int)$role['id'];
        } else {
            $roleId = (int)Db::name('admin_roles')->insertGetId([
                'name' => $name,
                'code' => $code,
                'status' => 'enabled',
                'created_at' => $now,
                'updated_at' => $now,
            ]);
        }

        $permissionIds = Db::name('admin_permissions')
            ->whereIn('code', $permissionCodes)
            ->column('id');

        $permissionIds = array_map('intval', $permissionIds);
        $existingPermissionIds = array_map(
            'intval',
            Db::name('admin_role_permissions')->where('role_id', $roleId)->column('permission_id')
        );

        $obsoletePermissionIds = array_values(array_diff($existingPermissionIds, $permissionIds));
        if ($obsoletePermissionIds) {
            Db::name('admin_role_permissions')
                ->where('role_id', $roleId)
                ->whereIn('permission_id', $obsoletePermissionIds)
                ->delete();
        }

        $missingPermissionIds = array_values(array_diff($permissionIds, $existingPermissionIds));
        foreach ($missingPermissionIds as $permissionId) {
            try {
                Db::name('admin_role_permissions')->insert([
                    'role_id' => $roleId,
                    'permission_id' => (int)$permissionId,
                    'created_at' => $now,
                ]);
            } catch (\Throwable $e) {
                // Ignore duplicate insert caused by concurrent bootstrap.
            }
        }

        return $roleId;
    }

    private function ensureDefaultAdmin(int $superAdminRoleId): void
    {
        $now = date('Y-m-d H:i:s');
        $admin = Db::name('admin_users')->order('id', 'asc')->find();
        $defaultPasswordHash = password_hash('Admin@123456', PASSWORD_BCRYPT);

        if ($admin) {
            if (($admin['password'] ?? '') === '' || ($admin['password'] ?? '') === 'not-used') {
                Db::name('admin_users')->where('id', $admin['id'])->update([
                    'password' => $defaultPasswordHash,
                    'updated_at' => $now,
                ]);
            }
            $adminId = (int)$admin['id'];
        } else {
            $adminId = (int)Db::name('admin_users')->insertGetId([
                'name' => '系统管理员',
                'mobile' => '13800138000',
                'email' => 'admin@anxinyan.local',
                'password' => $defaultPasswordHash,
                'status' => 'enabled',
                'last_login_at' => null,
                'created_at' => $now,
                'updated_at' => $now,
            ]);
        }

        $relation = Db::name('admin_role_relations')
            ->where('admin_user_id', $adminId)
            ->where('role_id', $superAdminRoleId)
            ->find();
        if (!$relation) {
            try {
                Db::name('admin_role_relations')->insert([
                    'admin_user_id' => $adminId,
                    'role_id' => $superAdminRoleId,
                    'created_at' => $now,
                ]);
            } catch (\Throwable $e) {
                // Ignore duplicate insert caused by concurrent bootstrap.
            }
        }
    }
}