From 352ed0f1f6c012458eccef096da3f375e21c456b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=90=9D=E5=8D=9C?= <dev@saasshop.local>
Date: Fri, 13 Mar 2026 11:49:49 +0000
Subject: [PATCH] Add audit trail for mark-paid-and-activate SOP

---
 .../Admin/PlatformOrderController.php         |  15 +++
 ...tformOrderMarkPaidAndActivateAuditTest.php | 119 ++++++++++++++++++
 2 files changed, 134 insertions(+)
 create mode 100644 tests/Feature/AdminPlatformOrderMarkPaidAndActivateAuditTest.php

diff --git a/app/Http/Controllers/Admin/PlatformOrderController.php b/app/Http/Controllers/Admin/PlatformOrderController.php
index f4a7a5d..4ac1380 100644
--- a/app/Http/Controllers/Admin/PlatformOrderController.php
+++ b/app/Http/Controllers/Admin/PlatformOrderController.php
@@ -471,6 +471,21 @@ class PlatformOrderController extends Controller
 
             $meta = (array) ($order->meta ?? []);
             data_forget($meta, 'subscription_activation_error');
+
+            // 审计：标记支付并生效（并已同步订阅）
+            $audit = (array) (data_get($meta, 'audit', []) ?? []);
+            $audit[] = [
+                'action' => 'mark_paid_and_activate',
+                'scope' => 'single',
+                'at' => now()->toDateTimeString(),
+                'admin_id' => $admin->id,
+                'subscription_id' => $subscription->id,
+                'paid_amount' => (float) ($order->paid_amount ?? 0),
+                'payable_amount' => (float) ($order->payable_amount ?? 0),
+                'note' => '手动点击订单详情【标记支付并生效】（包含订阅同步）',
+            ];
+            data_set($meta, 'audit', $audit);
+
             $order->meta = $meta;
             $order->save();
         } catch (\Throwable $e) {
diff --git a/tests/Feature/AdminPlatformOrderMarkPaidAndActivateAuditTest.php b/tests/Feature/AdminPlatformOrderMarkPaidAndActivateAuditTest.php
new file mode 100644
index 0000000..279edb6
--- /dev/null
+++ b/tests/Feature/AdminPlatformOrderMarkPaidAndActivateAuditTest.php
@@ -0,0 +1,119 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Merchant;
+use App\Models\Plan;
+use App\Models\PlatformOrder;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class AdminPlatformOrderMarkPaidAndActivateAuditTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_mark_paid_and_activate_will_append_audit_record(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $merchant = Merchant::query()->firstOrFail();
+        $plan = Plan::query()->create([
+            'code' => 'mark_paid_audit_test',
+            'name' => '标记支付并生效审计测试（月付）',
+            'billing_cycle' => 'monthly',
+            'price' => 30,
+            'list_price' => 30,
+            'status' => 'active',
+            'sort' => 10,
+            'published_at' => now(),
+        ]);
+
+        $order = PlatformOrder::query()->create([
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'order_no' => 'PO_MARK_PAID_AUDIT_0001',
+            'order_type' => 'new_purchase',
+            'status' => 'pending',
+            'payment_status' => 'unpaid',
+            'plan_name' => $plan->name,
+            'billing_cycle' => $plan->billing_cycle,
+            'period_months' => 1,
+            'quantity' => 1,
+            'payable_amount' => 30,
+            'paid_amount' => 0,
+            'placed_at' => now(),
+        ]);
+
+        $this->post('/admin/platform-orders/' . $order->id . '/mark-paid-and-activate')
+            ->assertRedirect();
+
+        $order->refresh();
+
+        $audit = (array) (data_get($order->meta, 'audit', []) ?? []);
+        $this->assertNotEmpty($audit);
+
+        $last = end($audit);
+        $this->assertSame('mark_paid_and_activate', data_get($last, 'action'));
+        $this->assertSame('single', data_get($last, 'scope'));
+        $this->assertNotEmpty(data_get($last, 'at'));
+        $this->assertNotEmpty(data_get($last, 'admin_id'));
+        $this->assertNotEmpty(data_get($last, 'subscription_id'));
+    }
+
+    public function test_mark_paid_and_activate_success_will_clear_error_meta(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $merchant = Merchant::query()->firstOrFail();
+        $plan = Plan::query()->create([
+            'code' => 'mark_paid_clear_error_test',
+            'name' => '标记支付并生效清理失败记录测试（月付）',
+            'billing_cycle' => 'monthly',
+            'price' => 30,
+            'list_price' => 30,
+            'status' => 'active',
+            'sort' => 10,
+            'published_at' => now(),
+        ]);
+
+        $order = PlatformOrder::query()->create([
+            'merchant_id' => $merchant->id,
+            'plan_id' => $plan->id,
+            'order_no' => 'PO_MARK_PAID_AUDIT_0002',
+            'order_type' => 'new_purchase',
+            'status' => 'pending',
+            'payment_status' => 'unpaid',
+            'plan_name' => $plan->name,
+            'billing_cycle' => $plan->billing_cycle,
+            'period_months' => 1,
+            'quantity' => 1,
+            'payable_amount' => 30,
+            'paid_amount' => 0,
+            'placed_at' => now(),
+            'meta' => [
+                'subscription_activation_error' => [
+                    'message' => '历史错误',
+                    'at' => now()->subDay()->toDateTimeString(),
+                    'admin_id' => 1,
+                ],
+            ],
+        ]);
+
+        $this->post('/admin/platform-orders/' . $order->id . '/mark-paid-and-activate')
+            ->assertRedirect();
+
+        $order->refresh();
+        $this->assertEmpty(data_get($order->meta, 'subscription_activation_error'));
+        $this->assertNotNull($order->site_subscription_id);
+    }
+}