feat(offers): 未驗證教練的課程不對公開端點曝光

is_verified 原本只有 Admin toggle 開關、無任何業務約束(稽核 P1-1)。
- DivingOffer 新增 visibleToPublic scope:provider_id null 或教練已驗證
- 公開 index/show 套用過濾,未驗證教練課程列表排除、詳情 404
- toggle-verified 後 flush diving_offers 快取標籤,切換立即生效
- 新增 provider-verification 規格(含已知限制註記)與 7 條可見性測試

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-06-11 17:42:43 +08:00
parent 88a81aac41
commit 3c38d085bd
5 changed files with 205 additions and 2 deletions
@@ -5,6 +5,7 @@ namespace App\Http\Controllers\API;
use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cache;
class AdminUserController extends Controller
{
@@ -144,6 +145,9 @@ class AdminUserController extends Controller
$profile->is_verified = !$profile->is_verified;
$profile->save();
// 驗證狀態影響公開課程列表的可見性,需立即讓快取失效
Cache::tags(['diving_offers'])->flush();
$msg = $profile->is_verified ? '教練已驗證' : '已取消驗證';
return response()->json(['status' => true, 'message' => $msg, 'data' => ['is_verified' => $profile->is_verified]]);
}
@@ -15,7 +15,7 @@ class DivingOfferController extends Controller
$cacheKey = 'diving_offers_' . md5(serialize($request->all()));
$result = Cache::tags(['diving_offers'])->remember($cacheKey, 180, function () use ($request, $perPage) {
$query = DivingOffer::query();
$query = DivingOffer::query()->visibleToPublic();
if ($q = $request->query('q')) {
$query->where(function ($sub) use ($q) {
@@ -55,7 +55,7 @@ class DivingOfferController extends Controller
public function show(int $id)
{
$offer = DivingOffer::with('courseImages')->find($id);
$offer = DivingOffer::with('courseImages')->visibleToPublic()->find($id);
if (!$offer) {
return response()->json(['status' => false, 'message' => '課程不存在'], 404);