ensureSuperAdmin($request); $users = User::with('venues:id,name') ->orderByDesc('id') ->get(['id', 'username', 'name', 'email', 'role', 'is_active', 'created_at']); return response()->json($users); } public function store(Request $request): JsonResponse { $this->ensureSuperAdmin($request); $data = $request->validate([ 'username' => ['required', 'string', 'max:50', 'unique:users,username'], 'name' => ['required', 'string', 'max:100'], 'email' => ['required', 'email', 'max:100', 'unique:users,email'], 'password' => ['required', 'string', 'min:6'], 'role' => ['required', 'in:super_admin,venue_admin'], 'is_active' => ['boolean'], 'venue_ids' => ['array'], 'venue_ids.*' => ['integer', 'exists:venues,id'], ]); $user = User::create([ 'username' => $data['username'], 'name' => $data['name'], 'email' => $data['email'], 'password' => Hash::make($data['password']), 'role' => $data['role'], 'is_active' => $data['is_active'] ?? true, ]); $user->venues()->sync($data['venue_ids'] ?? []); return response()->json($user->load('venues:id,name'), 201); } public function update(Request $request, User $user): JsonResponse { $this->ensureSuperAdmin($request); $data = $request->validate([ 'name' => ['sometimes', 'string', 'max:100'], 'email' => ['nullable', 'email', 'max:100', 'unique:users,email,' . $user->id], 'password' => ['nullable', 'string', 'min:6'], 'role' => ['sometimes', 'in:super_admin,venue_admin'], 'is_active' => ['sometimes', 'boolean'], 'venue_ids' => ['sometimes', 'array'], 'venue_ids.*' => ['integer', 'exists:venues,id'], ]); if (isset($data['password'])) { $data['password'] = Hash::make($data['password']); } else { unset($data['password']); } $user->fill($data)->save(); if (array_key_exists('venue_ids', $data)) { $user->venues()->sync($data['venue_ids']); } return response()->json($user->fresh()->load('venues:id,name')); } private function ensureSuperAdmin(Request $request): void { abort_unless($request->user()?->isSuperAdmin(), 403, '仅超级管理员可操作'); } }