feat(verification): 教練審核流程完整版——狀態機/證照送審/Admin 裁決/通知
Run Tests / test (pull_request) Successful in 2m3s
Run Tests / test (pull_request) Successful in 2m3s
實作 openspec change provider-verification-workflow(25/25 tasks): - is_verified 升級為 verification_status 四狀態機(unsubmitted/pending/ approved/rejected),migration 自動轉換既有資料,API 以 accessor 保留 is_verified 相容輸出 - 教練端:證照上傳(≤3 張、複用 CompressesImages)、送審、駁回原因 顯示與重送(/coach/verification 新頁面) - Admin 端:審核佇列、通過/駁回(原因必填)、撤銷 approved;移除 toggle-verified 端點(防繞過狀態機);裁決後 flush 課程快取 - 通知:審核通過/駁回(站內+Email,駁回含原因) - 可見性與預約入口改判 approved(行為等價) - 測試 +18(ProviderVerificationTest 10、AdminVerificationTest 8), 既有 4 個測試檔 helper 遷移;Swagger 同步 - 規格同步:provider-verification 全面改寫、admin-user-management toggle 段落改為移除聲明 容器內全套件 173 passed / 439 assertions。 Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -5,7 +5,6 @@ namespace App\Http\Controllers\API;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\User;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
|
||||
class AdminUserController extends Controller
|
||||
{
|
||||
@@ -132,23 +131,5 @@ class AdminUserController extends Controller
|
||||
return response()->json(['status' => true, 'message' => $msg, 'data' => ['is_active' => $user->is_active]]);
|
||||
}
|
||||
|
||||
public function toggleProviderVerified(int $id)
|
||||
{
|
||||
if ($err = $this->checkAdmin()) return $err;
|
||||
|
||||
$user = $this->findUser($id, 'provider');
|
||||
if (!$user) {
|
||||
return response()->json(['status' => false, 'message' => '用戶不存在'], 404);
|
||||
}
|
||||
|
||||
$profile = $user->providerProfile;
|
||||
$profile->is_verified = !$profile->is_verified;
|
||||
$profile->save();
|
||||
|
||||
// 驗證狀態影響公開課程列表的可見性,需立即讓快取失效
|
||||
Cache::tags(['diving_offers'])->flush();
|
||||
|
||||
$msg = $profile->is_verified ? '教練已驗證' : '已取消驗證';
|
||||
return response()->json(['status' => true, 'message' => $msg, 'data' => ['is_verified' => $profile->is_verified]]);
|
||||
}
|
||||
// toggleProviderVerified 已移除:驗證狀態變更一律走 AdminVerificationController 的審核狀態機
|
||||
}
|
||||
|
||||
@@ -0,0 +1,94 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\API;
|
||||
|
||||
use App\Enums\VerificationStatus;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\User;
|
||||
use App\Notifications\ProviderVerificationApprovedNotification;
|
||||
use App\Notifications\ProviderVerificationRejectedNotification;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
class AdminVerificationController extends Controller
|
||||
{
|
||||
public function index(Request $request)
|
||||
{
|
||||
$status = $request->query('status', VerificationStatus::Pending->value);
|
||||
|
||||
$query = User::where('role', 'provider')
|
||||
->with(['providerProfile', 'providerCertifications'])
|
||||
->whereHas('providerProfile');
|
||||
|
||||
if ($status !== 'all') {
|
||||
$query->whereHas('providerProfile', fn($q) => $q->where('verification_status', $status));
|
||||
}
|
||||
|
||||
$providers = $query->orderByDesc('updated_at')->get()->map(fn($u) => [
|
||||
'user_id' => $u->id,
|
||||
'name' => $u->name,
|
||||
'email' => $u->email,
|
||||
'business_name' => $u->providerProfile->business_name,
|
||||
'verification_status' => $u->providerProfile->verification_status->value,
|
||||
'rejection_reason' => $u->providerProfile->rejection_reason,
|
||||
'certifications' => $u->providerCertifications->map(fn($c) => ['id' => $c->id, 'url' => $c->url])->values(),
|
||||
]);
|
||||
|
||||
return response()->json(['status' => true, 'data' => $providers]);
|
||||
}
|
||||
|
||||
public function approve(Request $request, int $userId)
|
||||
{
|
||||
$profile = $this->findProviderProfile($userId);
|
||||
|
||||
if (!$profile->verification_status->canTransitionTo(VerificationStatus::Approved)) {
|
||||
return response()->json(['status' => false, 'message' => '當前狀態無法通過審核'], 422);
|
||||
}
|
||||
|
||||
$profile->update(['verification_status' => VerificationStatus::Approved, 'rejection_reason' => null]);
|
||||
|
||||
// 驗證狀態影響公開課程可見性,需立即讓快取失效
|
||||
Cache::tags(['diving_offers'])->flush();
|
||||
|
||||
$this->notify($profile->user, new ProviderVerificationApprovedNotification());
|
||||
|
||||
return response()->json(['status' => true, 'message' => '教練已通過審核']);
|
||||
}
|
||||
|
||||
public function reject(Request $request, int $userId)
|
||||
{
|
||||
$data = $request->validate(['reason' => 'required|string|max:500']);
|
||||
|
||||
$profile = $this->findProviderProfile($userId);
|
||||
|
||||
if (!$profile->verification_status->canTransitionTo(VerificationStatus::Rejected)) {
|
||||
return response()->json(['status' => false, 'message' => '當前狀態無法駁回'], 422);
|
||||
}
|
||||
|
||||
$profile->update([
|
||||
'verification_status' => VerificationStatus::Rejected,
|
||||
'rejection_reason' => $data['reason'],
|
||||
]);
|
||||
|
||||
Cache::tags(['diving_offers'])->flush();
|
||||
|
||||
$this->notify($profile->user, new ProviderVerificationRejectedNotification($data['reason']));
|
||||
|
||||
return response()->json(['status' => true, 'message' => '已駁回,教練將收到原因通知']);
|
||||
}
|
||||
|
||||
private function findProviderProfile(int $userId)
|
||||
{
|
||||
return User::where('role', 'provider')->findOrFail($userId)->providerProfile()->firstOrFail();
|
||||
}
|
||||
|
||||
private function notify(User $provider, object $notification): void
|
||||
{
|
||||
try {
|
||||
$provider->notify($notification);
|
||||
} catch (\Throwable $e) {
|
||||
Log::error('ProviderVerification notification failed: ' . $e->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -48,9 +48,10 @@ class MemberBookingController extends Controller
|
||||
$schedule = CourseSchedule::with('divingOffer.provider.providerProfile')->findOrFail($data['schedule_id']);
|
||||
|
||||
// Layer 1:快速失敗
|
||||
// 可見性繞過防護:課程屬未驗證教練時不可建立新預約(既有預約不受影響,見 provider-verification 規格)
|
||||
// 可見性繞過防護:課程教練未通過審核時不可建立新預約(既有預約不受影響,見 provider-verification 規格)
|
||||
$offer = $schedule->divingOffer;
|
||||
if ($offer->provider_id !== null && !($offer->provider?->providerProfile?->is_verified)) {
|
||||
// is_verified 為 accessor(= verification_status === approved)
|
||||
return response()->json(['status' => false, 'message' => '此課程目前不開放預約'], 422);
|
||||
}
|
||||
if ($schedule->status !== ScheduleStatus::Open) {
|
||||
|
||||
@@ -0,0 +1,113 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\API;
|
||||
|
||||
use App\Enums\VerificationStatus;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\ProviderCertification;
|
||||
use App\Traits\CompressesImages;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class ProviderVerificationController extends Controller
|
||||
{
|
||||
use CompressesImages;
|
||||
|
||||
private const MAX_CERTIFICATIONS = 3;
|
||||
|
||||
public function show(Request $request)
|
||||
{
|
||||
$profile = $request->user()->providerProfile;
|
||||
|
||||
return response()->json([
|
||||
'status' => true,
|
||||
'data' => [
|
||||
'verification_status' => $profile->verification_status->value,
|
||||
'rejection_reason' => $profile->rejection_reason,
|
||||
'certifications' => $request->user()->providerCertifications
|
||||
->map(fn($c) => ['id' => $c->id, 'url' => $c->url])->values(),
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
||||
public function uploadCertification(Request $request)
|
||||
{
|
||||
$request->validate([
|
||||
'image' => 'required|image|mimes:jpg,jpeg,png,webp|max:10240',
|
||||
]);
|
||||
|
||||
if ($err = $this->ensureCertificationsEditable($request)) {
|
||||
return $err;
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
if ($user->providerCertifications()->count() >= self::MAX_CERTIFICATIONS) {
|
||||
return response()->json(['status' => false, 'message' => '證照最多 3 張'], 422);
|
||||
}
|
||||
|
||||
$path = $this->compressToJpeg($request->file('image'), "providers/{$user->id}/certifications");
|
||||
|
||||
$certification = ProviderCertification::create([
|
||||
'user_id' => $user->id,
|
||||
'image_path' => $path,
|
||||
]);
|
||||
|
||||
return response()->json([
|
||||
'status' => true,
|
||||
'message' => '證照已上傳',
|
||||
'data' => ['id' => $certification->id, 'url' => $certification->url],
|
||||
], 201);
|
||||
}
|
||||
|
||||
public function deleteCertification(Request $request, int $id)
|
||||
{
|
||||
$certification = ProviderCertification::findOrFail($id);
|
||||
|
||||
if ($certification->user_id !== $request->user()->id) {
|
||||
return response()->json(['status' => false, 'message' => '無權刪除此證照'], 403);
|
||||
}
|
||||
|
||||
if ($err = $this->ensureCertificationsEditable($request)) {
|
||||
return $err;
|
||||
}
|
||||
|
||||
$certification->delete();
|
||||
|
||||
return response()->json(['status' => true, 'message' => '證照已刪除']);
|
||||
}
|
||||
|
||||
public function submit(Request $request)
|
||||
{
|
||||
$user = $request->user();
|
||||
$profile = $user->providerProfile;
|
||||
|
||||
if (!$profile->verification_status->canTransitionTo(VerificationStatus::Pending)) {
|
||||
return response()->json(['status' => false, 'message' => '當前狀態無法送審'], 422);
|
||||
}
|
||||
|
||||
if ($user->providerCertifications()->count() < 1) {
|
||||
return response()->json(['status' => false, 'message' => '請先上傳至少 1 張證照'], 422);
|
||||
}
|
||||
|
||||
$profile->update([
|
||||
'verification_status' => VerificationStatus::Pending,
|
||||
'rejection_reason' => null,
|
||||
]);
|
||||
|
||||
return response()->json(['status' => true, 'message' => '已送出審核,請等待平台審核結果']);
|
||||
}
|
||||
|
||||
/**
|
||||
* 證照僅於 unsubmitted / rejected 可增刪:pending / approved 是審核依據,不可變動
|
||||
*/
|
||||
private function ensureCertificationsEditable(Request $request)
|
||||
{
|
||||
$status = $request->user()->providerProfile->verification_status;
|
||||
|
||||
if (!in_array($status, [VerificationStatus::Unsubmitted, VerificationStatus::Rejected])) {
|
||||
return response()->json(['status' => false, 'message' => '審核期間或通過後不可變更證照'], 422);
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user