限制系统参数配置为站长专属
This commit is contained in:
@@ -60,10 +60,6 @@
|
|||||||
<p class="px-4 text-xs text-slate-500 uppercase tracking-widest mb-1">
|
<p class="px-4 text-xs text-slate-500 uppercase tracking-widest mb-1">
|
||||||
{{ Auth::id() === 1 ? '站长功能' : '查看' }}</p>
|
{{ Auth::id() === 1 ? '站长功能' : '查看' }}</p>
|
||||||
|
|
||||||
<a href="{{ route('admin.system.edit') }}"
|
|
||||||
class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.system.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
|
|
||||||
{!! '⚙️ 聊天室参数' !!}
|
|
||||||
</a>
|
|
||||||
<a href="{{ route('admin.level-exp-configs.index') }}"
|
<a href="{{ route('admin.level-exp-configs.index') }}"
|
||||||
class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.level-exp-configs.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
|
class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.level-exp-configs.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
|
||||||
{!! '📶 等级经验阈值' !!}
|
{!! '📶 等级经验阈值' !!}
|
||||||
@@ -117,6 +113,10 @@
|
|||||||
@if (Auth::id() === 1)
|
@if (Auth::id() === 1)
|
||||||
<div class="border-t border-white/10 my-2"></div>
|
<div class="border-t border-white/10 my-2"></div>
|
||||||
<p class="px-4 text-xs text-slate-500 uppercase tracking-widest mb-1">系统配置</p>
|
<p class="px-4 text-xs text-slate-500 uppercase tracking-widest mb-1">系统配置</p>
|
||||||
|
<a href="{{ route('admin.system.edit') }}"
|
||||||
|
class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.system.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
|
||||||
|
⚙️ 聊天室参数
|
||||||
|
</a>
|
||||||
<a href="{{ route('admin.smtp.edit') }}"
|
<a href="{{ route('admin.smtp.edit') }}"
|
||||||
class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.smtp.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
|
class="block px-4 py-3 rounded-md transition {{ request()->routeIs('admin.smtp.*') ? 'bg-indigo-600 font-bold' : 'hover:bg-white/10' }}">
|
||||||
📧 邮件 SMTP 配置
|
📧 邮件 SMTP 配置
|
||||||
|
|||||||
+3
-4
@@ -437,10 +437,6 @@ Route::middleware(['chat.auth', 'chat.has_position'])->prefix('admin')->name('ad
|
|||||||
// 大卡片通知广播(仅超级管理员,安全隔离:普通用户无此接口)
|
// 大卡片通知广播(仅超级管理员,安全隔离:普通用户无此接口)
|
||||||
Route::post('/banner/broadcast', [\App\Http\Controllers\Admin\BannerBroadcastController::class, 'send'])->name('admin.banner.broadcast');
|
Route::post('/banner/broadcast', [\App\Http\Controllers\Admin\BannerBroadcastController::class, 'send'])->name('admin.banner.broadcast');
|
||||||
|
|
||||||
// 聊天室参数(含保存)
|
|
||||||
Route::get('/system', [\App\Http\Controllers\Admin\SystemController::class, 'edit'])->name('system.edit');
|
|
||||||
Route::put('/system', [\App\Http\Controllers\Admin\SystemController::class, 'update'])->name('system.update');
|
|
||||||
|
|
||||||
// 等级经验阈值配置
|
// 等级经验阈值配置
|
||||||
Route::get('/level-exp-configs', [\App\Http\Controllers\Admin\LevelExpConfigController::class, 'index'])->name('level-exp-configs.index');
|
Route::get('/level-exp-configs', [\App\Http\Controllers\Admin\LevelExpConfigController::class, 'index'])->name('level-exp-configs.index');
|
||||||
Route::put('/level-exp-configs', [\App\Http\Controllers\Admin\LevelExpConfigController::class, 'update'])->name('level-exp-configs.update');
|
Route::put('/level-exp-configs', [\App\Http\Controllers\Admin\LevelExpConfigController::class, 'update'])->name('level-exp-configs.update');
|
||||||
@@ -583,6 +579,9 @@ Route::middleware(['chat.auth', 'chat.has_position'])->prefix('admin')->name('ad
|
|||||||
// 层级 2:仅站长(id=1)可进行以下操作
|
// 层级 2:仅站长(id=1)可进行以下操作
|
||||||
// ──────────────────────────────────────────────────────────────
|
// ──────────────────────────────────────────────────────────────
|
||||||
Route::middleware(['chat.site_owner'])->group(function () {
|
Route::middleware(['chat.site_owner'])->group(function () {
|
||||||
|
// 聊天室参数(含保存)
|
||||||
|
Route::get('/system', [\App\Http\Controllers\Admin\SystemController::class, 'edit'])->name('system.edit');
|
||||||
|
Route::put('/system', [\App\Http\Controllers\Admin\SystemController::class, 'update'])->name('system.update');
|
||||||
|
|
||||||
// 用户编辑 & 删除
|
// 用户编辑 & 删除
|
||||||
Route::put('/users/{user}', [\App\Http\Controllers\Admin\UserManagerController::class, 'update'])->name('users.update');
|
Route::put('/users/{user}', [\App\Http\Controllers\Admin\UserManagerController::class, 'update'])->name('users.update');
|
||||||
|
|||||||
@@ -152,12 +152,44 @@ class AdminSystemControllerTest extends TestCase
|
|||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 验证非站长的高等级后台用户不能访问系统参数页。
|
||||||
|
*/
|
||||||
|
public function test_non_site_owner_cannot_access_system_page(): void
|
||||||
|
{
|
||||||
|
$this->seedSystemParams();
|
||||||
|
$admin = User::factory()->create([
|
||||||
|
'user_level' => 100,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->actingAs($admin)
|
||||||
|
->get(route('admin.system.edit'))
|
||||||
|
->assertForbidden();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 验证非站长的高等级后台用户看不到系统参数菜单入口。
|
||||||
|
*/
|
||||||
|
public function test_non_site_owner_dashboard_hides_system_menu_link(): void
|
||||||
|
{
|
||||||
|
$this->seedSystemParams();
|
||||||
|
$admin = User::factory()->create([
|
||||||
|
'user_level' => 100,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response = $this->actingAs($admin)->get(route('admin.dashboard'));
|
||||||
|
|
||||||
|
$response->assertOk();
|
||||||
|
$response->assertDontSee('⚙️ 聊天室参数', false);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 创建可访问后台通用系统页的超级管理员账号。
|
* 创建可访问后台通用系统页的超级管理员账号。
|
||||||
*/
|
*/
|
||||||
private function createSuperAdmin(): User
|
private function createSuperAdmin(): User
|
||||||
{
|
{
|
||||||
return User::factory()->create([
|
return User::factory()->create([
|
||||||
|
'id' => 1,
|
||||||
'user_level' => 100,
|
'user_level' => 100,
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user