erp-backend/app/Http/Controllers/RoleController.php

<?php

namespace App\Http\Controllers;

use App\Models\Permission;
use App\Models\Role;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;

class RoleController extends Controller
{
    /**
     * 角色列表
     */
    public function index(Request $request)
    {
        $query = Role::query()->withCount('users');

        if ($request->filled('keyword')) {
            $query->where('name', 'like', "%{$request->keyword}%");
        }

        $roles = $query->orderBy('level', 'desc')->get();

        $list = $roles->map(fn($role) => [
            'id' => $role->id,
            'name' => $role->name,
            'code' => $role->slug,
            'level' => $role->level,
            'description' => $role->description,
            'userCount' => $role->users_count,
            'createTime' => $role->created_at?->format('Y-m-d H:i:s'),
            'permissions' => $role->permissions->pluck('slug')->toArray(),
        ]);

        return response()->json([
            'code' => 200,
            'data' => ['list' => $list],
            'message' => 'success',
        ]);
    }

    /**
     * 创建角色
     */
    public function store(Request $request)
    {
        $validator = Validator::make($request->all(), [
            'name' => 'required|string|max:255',
            'code' => 'required|string|max:50|unique:roles,slug|regex:/^[a-z_]+$/',
            'level' => 'required|integer|min:1|max:100',
            'description' => 'nullable|string|max:500',
            'permissions' => 'array',
            'permissions.*' => 'string',
        ]);

        if ($validator->fails()) {
            return response()->json(['code' => 422, 'message' => '验证失败', 'errors' => $validator->errors()], 422);
        }

        $role = Role::create([
            'name' => $request->name,
            'slug' => $request->code,
            'level' => $request->level,
            'description' => $request->description,
            'guard_name' => 'web',
        ]);

        // 分配权限
        if ($request->permissions) {
            $perms = Permission::whereIn('slug', $request->permissions)->pluck('id');
            $role->permissions()->sync($perms);
        }

        return response()->json([
            'code' => 200,
            'data' => $role,
            'message' => '角色创建成功',
        ]);
    }

    /**
     * 更新角色
     */
    public function update(Request $request, string $id)
    {
        $role = Role::find($id);
        if (!$role) {
            return response()->json(['code' => 404, 'message' => '角色不存在'], 404);
        }

        $validator = Validator::make($request->all(), [
            'name' => 'sometimes|string|max:255',
            'level' => 'sometimes|integer|min:1|max:100',
            'description' => 'nullable|string|max:500',
            'permissions' => 'array',
            'permissions.*' => 'string',
        ]);

        if ($validator->fails()) {
            return response()->json(['code' => 422, 'message' => '验证失败', 'errors' => $validator->errors()], 422);
        }

        $role->update($request->only(['name', 'level', 'description']));

        // 更新权限
        if ($request->has('permissions')) {
            $perms = Permission::whereIn('slug', $request->permissions)->pluck('id');
            $role->permissions()->sync($perms);
        }

        return response()->json([
            'code' => 200,
            'data' => $role,
            'message' => '角色更新成功',
        ]);
    }

    /**
     * 删除角色
     */
    public function destroy(string $id)
    {
        $role = Role::find($id);
        if (!$role) {
            return response()->json(['code' => 404, 'message' => '角色不存在'], 404);
        }

        if ($role->slug === 'super_admin') {
            return response()->json(['code' => 403, 'message' => '不能删除超级管理员角色'], 403);
        }

        if ($role->users()->exists()) {
            return response()->json(['code' => 400, 'message' => '该角色下有用户，无法删除'], 400);
        }

        $role->permissions()->detach();
        $role->delete();

        return response()->json(['code' => 200, 'message' => '删除成功']);
    }

    /**
     * 获取角色权限树
     */
    public function permissions(string $id)
    {
        $role = Role::with('permissions')->find($id);
        if (!$role) {
            return response()->json(['code' => 404, 'message' => '角色不存在'], 404);
        }

        $permissions = $role->permissions->pluck('slug')->toArray();

        return response()->json([
            'code' => 200,
            'data' => $permissions,
            'message' => 'success',
        ]);
    }

    /**
     * 分配角色权限
     */
    public function assignPermissions(Request $request, string $id)
    {
        $role = Role::find($id);
        if (!$role) {
            return response()->json(['code' => 404, 'message' => '角色不存在'], 404);
        }

        $validator = Validator::make($request->all(), [
            'permissions' => 'required|array',
            'permissions.*' => 'string',
        ]);

        if ($validator->fails()) {
            return response()->json(['code' => 422, 'message' => '验证失败', 'errors' => $validator->errors()], 422);
        }

        $perms = Permission::whereIn('slug', $request->permissions)->pluck('id');
        $role->permissions()->sync($perms);

        return response()->json(['code' => 200, 'message' => '权限分配成功']);
    }
}