Enhance: platform order create flow carries back and redirects with back

2026-03-13 19:25:55 +00:00
parent 843db0fef9
commit 2feb8055f2
3 changed files with 97 additions and 2 deletions
--- a/app/Http/Controllers/Admin/PlatformOrderController.php
+++ b/app/Http/Controllers/Admin/PlatformOrderController.php
@@ -38,6 +38,8 @@ class PlatformOrderController extends Controller
            'discount_amount' => (float) $request->query('discount_amount', 0),
            'payment_channel' => (string) $request->query('payment_channel', ''),
            'remark' => (string) $request->query('remark', ''),
+            // back：用于创建成功后回到来源页（例如订阅详情）
+            'back' => (string) $request->query('back', ''),
        ];

        $siteSubscription = null;
@@ -69,6 +71,7 @@ class PlatformOrderController extends Controller
            'discount_amount' => ['nullable', 'numeric', 'min:0'],
            'payment_channel' => ['nullable', 'string', 'max:30'],
            'remark' => ['nullable', 'string', 'max:2000'],
+            'back' => ['nullable', 'string', 'max:2000'],
        ]);

        $plan = Plan::query()->findOrFail((int) $data['plan_id']);
@@ -122,7 +125,15 @@ class PlatformOrderController extends Controller
            'remark' => $data['remark'] ?? null,
        ]);

-        return redirect('/admin/platform-orders/' . $order->id)
+        $back = (string) ($data['back'] ?? '');
+        $safeBack = str_starts_with($back, '/') ? $back : '';
+
+        $redirectUrl = '/admin/platform-orders/' . $order->id;
+        if ($safeBack !== '') {
+            $redirectUrl .= '?back=' . urlencode($safeBack);
+        }
+
+        return redirect($redirectUrl)
            ->with('success', '平台订单已创建：' . $order->order_no . '（待支付/待生效）');
    }

--- a/resources/views/admin/platform_orders/form.blade.php
+++ b/resources/views/admin/platform_orders/form.blade.php
@@ -23,6 +23,7 @@
    @csrf

    <input type="hidden" name="site_subscription_id" value="{{ old('site_subscription_id', $defaults['site_subscription_id'] ?? '') }}">
+    <input type="hidden" name="back" value="{{ old('back', $defaults['back'] ?? '') }}">

    <label>
        <span>站点</span>
@@ -79,7 +80,17 @@
    </label>

    <div class="form-actions">
-        <a href="/admin/platform-orders" class="btn-secondary">返回</a>
+        @php
+            $incomingBack = (string) ($defaults['back'] ?? '');
+            $safeBack = str_starts_with($incomingBack, '/') ? $incomingBack : '';
+        @endphp
+
+        @if($safeBack)
+            <a href="{{ $safeBack }}" class="btn-secondary">返回（保留上下文）</a>
+        @else
+            <a href="/admin/platform-orders" class="btn-secondary">返回</a>
+        @endif
+
        <button type="submit">创建订单</button>
    </div>
 </form>
--- a/tests/Feature/AdminPlatformOrderCreateBackFlowTest.php
+++ b/tests/Feature/AdminPlatformOrderCreateBackFlowTest.php
@@ -0,0 +1,73 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Merchant;
+use App\Models\Plan;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class AdminPlatformOrderCreateBackFlowTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_create_form_renders_safe_back_button_when_back_present(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $back = '/admin/site-subscriptions/1';
+
+        $this->get('/admin/platform-orders/create?back=' . urlencode($back))
+            ->assertOk()
+            ->assertSee('返回（保留上下文）')
+            ->assertSee('href="' . $back . '"', false)
+            ->assertSee('name="back"', false);
+    }
+
+    public function test_store_redirects_to_show_with_back_when_back_is_safe_relative_path(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $merchant = Merchant::query()->firstOrFail();
+        $plan = Plan::query()->create([
+            'code' => 'po_create_back_flow_plan',
+            'name' => '创建订单 back 流程测试套餐',
+            'billing_cycle' => 'monthly',
+            'price' => 10,
+            'list_price' => 10,
+            'status' => 'active',
+            'sort' => 10,
+            'published_at' => now(),
+        ]);
+
+        $back = '/admin/site-subscriptions/123?status=activated';
+
+        $res = $this->post('/admin/platform-orders', [
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'order_type' => 'new_purchase',
+            'quantity' => 1,
+            'discount_amount' => 0,
+            'payment_channel' => 'offline',
+            'remark' => 'back flow',
+            'back' => $back,
+        ]);
+
+        $res->assertRedirect();
+        $location = $res->headers->get('Location');
+
+        $this->assertNotNull($location);
+        $this->assertStringContainsString('/admin/platform-orders/', $location);
+        $this->assertStringContainsString('back=' . urlencode($back), $location);
+    }
+}