diff --git a/resources/views/admin/layouts/app.blade.php b/resources/views/admin/layouts/app.blade.php index b80848d..1c9d611 100644 --- a/resources/views/admin/layouts/app.blade.php +++ b/resources/views/admin/layouts/app.blade.php @@ -60,10 +60,6 @@

{{ Auth::id() === 1 ? '站长功能' : '查看' }}

- - {!! '⚙️ 聊天室参数' !!} - {!! '📶 等级经验阈值' !!} @@ -117,6 +113,10 @@ @if (Auth::id() === 1)

系统配置

+ + ⚙️ 聊天室参数 + 📧 邮件 SMTP 配置 diff --git a/routes/web.php b/routes/web.php index f56748f..ebe37e0 100644 --- a/routes/web.php +++ b/routes/web.php @@ -437,10 +437,6 @@ Route::middleware(['chat.auth', 'chat.has_position'])->prefix('admin')->name('ad // 大卡片通知广播(仅超级管理员,安全隔离:普通用户无此接口) Route::post('/banner/broadcast', [\App\Http\Controllers\Admin\BannerBroadcastController::class, 'send'])->name('admin.banner.broadcast'); - // 聊天室参数(含保存) - Route::get('/system', [\App\Http\Controllers\Admin\SystemController::class, 'edit'])->name('system.edit'); - Route::put('/system', [\App\Http\Controllers\Admin\SystemController::class, 'update'])->name('system.update'); - // 等级经验阈值配置 Route::get('/level-exp-configs', [\App\Http\Controllers\Admin\LevelExpConfigController::class, 'index'])->name('level-exp-configs.index'); Route::put('/level-exp-configs', [\App\Http\Controllers\Admin\LevelExpConfigController::class, 'update'])->name('level-exp-configs.update'); @@ -583,6 +579,9 @@ Route::middleware(['chat.auth', 'chat.has_position'])->prefix('admin')->name('ad // 层级 2:仅站长(id=1)可进行以下操作 // ────────────────────────────────────────────────────────────── Route::middleware(['chat.site_owner'])->group(function () { + // 聊天室参数(含保存) + Route::get('/system', [\App\Http\Controllers\Admin\SystemController::class, 'edit'])->name('system.edit'); + Route::put('/system', [\App\Http\Controllers\Admin\SystemController::class, 'update'])->name('system.update'); // 用户编辑 & 删除 Route::put('/users/{user}', [\App\Http\Controllers\Admin\UserManagerController::class, 'update'])->name('users.update'); diff --git a/tests/Feature/Feature/AdminSystemControllerTest.php b/tests/Feature/Feature/AdminSystemControllerTest.php index 718e223..14cffc8 100644 --- a/tests/Feature/Feature/AdminSystemControllerTest.php +++ b/tests/Feature/Feature/AdminSystemControllerTest.php @@ -152,12 +152,44 @@ class AdminSystemControllerTest extends TestCase ]); } + /** + * 验证非站长的高等级后台用户不能访问系统参数页。 + */ + public function test_non_site_owner_cannot_access_system_page(): void + { + $this->seedSystemParams(); + $admin = User::factory()->create([ + 'user_level' => 100, + ]); + + $this->actingAs($admin) + ->get(route('admin.system.edit')) + ->assertForbidden(); + } + + /** + * 验证非站长的高等级后台用户看不到系统参数菜单入口。 + */ + public function test_non_site_owner_dashboard_hides_system_menu_link(): void + { + $this->seedSystemParams(); + $admin = User::factory()->create([ + 'user_level' => 100, + ]); + + $response = $this->actingAs($admin)->get(route('admin.dashboard')); + + $response->assertOk(); + $response->assertDontSee('⚙️ 聊天室参数', false); + } + /** * 创建可访问后台通用系统页的超级管理员账号。 */ private function createSuperAdmin(): User { return User::factory()->create([ + 'id' => 1, 'user_level' => 100, ]); }