From 3cba715f01d28db8aa56fac9c26671879507790c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=90=9D=E5=8D=9C?= <dev@saasshop.local>
Date: Tue, 17 Mar 2026 01:24:47 +0800
Subject: [PATCH] Governance: block batch activate subscriptions when renewal
 missing subscription filter present

---
 .../Admin/PlatformOrderController.php         |  5 +++
 ...lockWhenRenewalMissingSubscriptionTest.php | 37 +++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 tests/Feature/AdminPlatformOrderBatchActivateSubscriptionsShouldBlockWhenRenewalMissingSubscriptionTest.php

diff --git a/app/Http/Controllers/Admin/PlatformOrderController.php b/app/Http/Controllers/Admin/PlatformOrderController.php
index 534d029..1c883cd 100644
--- a/app/Http/Controllers/Admin/PlatformOrderController.php
+++ b/app/Http/Controllers/Admin/PlatformOrderController.php
@@ -1419,6 +1419,11 @@ class PlatformOrderController extends Controller
             'refund_inconsistent' => (string) $request->input('refund_inconsistent', ''),
         ];
 
+        // 防误操作（治理优先）：续费单未绑定订阅属于高风险治理集合，不允许直接批量同步。
+        if ($scope === 'filtered' && ((string) ($filters['renewal_missing_subscription'] ?? '') === '1')) {
+            return redirect()->back()->with('warning', '当前筛选为「续费单未绑定订阅」治理集合。为避免带病推进，请先完成订阅绑定/修复关联后再批量同步订阅。');
+        }
+
         // 防误操作：批量同步默认要求先勾选“只看可同步”，避免无意识扩大处理范围
         if ($scope === 'filtered' && ($filters['syncable_only'] ?? '') !== '1') {
             return redirect()->back()->with('warning', '为避免误操作，请先在筛选条件中勾选「只看可同步」，再执行批量同步订阅。');
diff --git a/tests/Feature/AdminPlatformOrderBatchActivateSubscriptionsShouldBlockWhenRenewalMissingSubscriptionTest.php b/tests/Feature/AdminPlatformOrderBatchActivateSubscriptionsShouldBlockWhenRenewalMissingSubscriptionTest.php
new file mode 100644
index 0000000..edc5ce9
--- /dev/null
+++ b/tests/Feature/AdminPlatformOrderBatchActivateSubscriptionsShouldBlockWhenRenewalMissingSubscriptionTest.php
@@ -0,0 +1,37 @@
+<?php
+
+namespace Tests\Feature;
+
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class AdminPlatformOrderBatchActivateSubscriptionsShouldBlockWhenRenewalMissingSubscriptionTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_batch_activate_should_block_when_renewal_missing_subscription_present(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $res = $this->post('/admin/platform-orders/batch-activate-subscriptions', [
+            'scope' => 'filtered',
+            'renewal_missing_subscription' => '1',
+            // syncable_only 即使传了，也应被治理集合优先阻断
+            'syncable_only' => '1',
+            'limit' => 50,
+        ]);
+
+        $res->assertRedirect();
+        $res->assertSessionHas('warning');
+    }
+}