diff --git a/app/Http/Controllers/Admin/PlatformOrderController.php b/app/Http/Controllers/Admin/PlatformOrderController.php index 35889b0..ce03ab8 100644 --- a/app/Http/Controllers/Admin/PlatformOrderController.php +++ b/app/Http/Controllers/Admin/PlatformOrderController.php @@ -38,6 +38,8 @@ class PlatformOrderController extends Controller 'discount_amount' => (float) $request->query('discount_amount', 0), 'payment_channel' => (string) $request->query('payment_channel', ''), 'remark' => (string) $request->query('remark', ''), + // back:用于创建成功后回到来源页(例如订阅详情) + 'back' => (string) $request->query('back', ''), ]; $siteSubscription = null; @@ -69,6 +71,7 @@ class PlatformOrderController extends Controller 'discount_amount' => ['nullable', 'numeric', 'min:0'], 'payment_channel' => ['nullable', 'string', 'max:30'], 'remark' => ['nullable', 'string', 'max:2000'], + 'back' => ['nullable', 'string', 'max:2000'], ]); $plan = Plan::query()->findOrFail((int) $data['plan_id']); @@ -122,7 +125,15 @@ class PlatformOrderController extends Controller 'remark' => $data['remark'] ?? null, ]); - return redirect('/admin/platform-orders/' . $order->id) + $back = (string) ($data['back'] ?? ''); + $safeBack = str_starts_with($back, '/') ? $back : ''; + + $redirectUrl = '/admin/platform-orders/' . $order->id; + if ($safeBack !== '') { + $redirectUrl .= '?back=' . urlencode($safeBack); + } + + return redirect($redirectUrl) ->with('success', '平台订单已创建:' . $order->order_no . '(待支付/待生效)'); } diff --git a/resources/views/admin/platform_orders/form.blade.php b/resources/views/admin/platform_orders/form.blade.php index 373a555..c3a82f9 100644 --- a/resources/views/admin/platform_orders/form.blade.php +++ b/resources/views/admin/platform_orders/form.blade.php @@ -23,6 +23,7 @@ @csrf +
- 返回 + @php + $incomingBack = (string) ($defaults['back'] ?? ''); + $safeBack = str_starts_with($incomingBack, '/') ? $incomingBack : ''; + @endphp + + @if($safeBack) + 返回(保留上下文) + @else + 返回 + @endif +
diff --git a/tests/Feature/AdminPlatformOrderCreateBackFlowTest.php b/tests/Feature/AdminPlatformOrderCreateBackFlowTest.php new file mode 100644 index 0000000..5886ada --- /dev/null +++ b/tests/Feature/AdminPlatformOrderCreateBackFlowTest.php @@ -0,0 +1,73 @@ +seed(); + + $this->post('/admin/login', [ + 'email' => 'platform.admin@demo.local', + 'password' => 'Platform@123456', + ])->assertRedirect('/admin'); + } + + public function test_create_form_renders_safe_back_button_when_back_present(): void + { + $this->loginAsPlatformAdmin(); + + $back = '/admin/site-subscriptions/1'; + + $this->get('/admin/platform-orders/create?back=' . urlencode($back)) + ->assertOk() + ->assertSee('返回(保留上下文)') + ->assertSee('href="' . $back . '"', false) + ->assertSee('name="back"', false); + } + + public function test_store_redirects_to_show_with_back_when_back_is_safe_relative_path(): void + { + $this->loginAsPlatformAdmin(); + + $merchant = Merchant::query()->firstOrFail(); + $plan = Plan::query()->create([ + 'code' => 'po_create_back_flow_plan', + 'name' => '创建订单 back 流程测试套餐', + 'billing_cycle' => 'monthly', + 'price' => 10, + 'list_price' => 10, + 'status' => 'active', + 'sort' => 10, + 'published_at' => now(), + ]); + + $back = '/admin/site-subscriptions/123?status=activated'; + + $res = $this->post('/admin/platform-orders', [ + 'merchant_id' => $merchant->id, + 'plan_id' => $plan->id, + 'order_type' => 'new_purchase', + 'quantity' => 1, + 'discount_amount' => 0, + 'payment_channel' => 'offline', + 'remark' => 'back flow', + 'back' => $back, + ]); + + $res->assertRedirect(); + $location = $res->headers->get('Location'); + + $this->assertNotNull($location); + $this->assertStringContainsString('/admin/platform-orders/', $location); + $this->assertStringContainsString('back=' . urlencode($back), $location); + } +}