From 5249af00b41b758373f08b950b7c0f0bcbd2d68f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=90=9D=E5=8D=9C?= <dev@saasshop.local>
Date: Tue, 17 Mar 2026 18:08:29 +0800
Subject: [PATCH] =?UTF-8?q?feat(admin):=20success=20flash=E6=94=AF?=
 =?UTF-8?q?=E6=8C=81=E5=8F=AF=E9=80=89=E9=93=BE=E6=8E=A5=E5=B9=B6=E7=94=A8?=
 =?UTF-8?q?=E4=BA=8EBAS=E6=89=B9=E6=AC=A1=E5=A4=8D=E7=9B=98=E5=85=A5?=
 =?UTF-8?q?=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Admin/PlatformOrderController.php         |  5 +-
 resources/views/admin/layouts/app.blade.php   | 13 ++++-
 ...shSuccessShouldSupportOptionalLinkTest.php | 52 +++++++++++++++++++
 3 files changed, 68 insertions(+), 2 deletions(-)
 create mode 100644 tests/Feature/AdminFlashSuccessShouldSupportOptionalLinkTest.php

diff --git a/app/Http/Controllers/Admin/PlatformOrderController.php b/app/Http/Controllers/Admin/PlatformOrderController.php
index 38cd771..8e3b7fd 100644
--- a/app/Http/Controllers/Admin/PlatformOrderController.php
+++ b/app/Http/Controllers/Admin/PlatformOrderController.php
@@ -1635,7 +1635,10 @@ class PlatformOrderController extends Controller
             (string) $runId,
         );
 
-        return redirect()->back()->with('success', '批量同步订阅任务已提交到队列：命中 ' . $matchedTotal . ' 条，本次处理 ' . $processed . ' 条（limit=' . $limit . '，run_id=' . $runId . '）。');
+        return redirect()->back()
+            ->with('success', '批量同步订阅任务已提交到队列：命中 ' . $matchedTotal . ' 条，本次处理 ' . $processed . ' 条（limit=' . $limit . '，run_id=' . $runId . '）。')
+            ->with('success_link_href', '/admin/platform-batches/show?type=bas&run_id=' . urlencode((string) $runId))
+            ->with('success_link_label', '进入批次复盘');
     }
 
     public function batchMarkPaidAndActivate(Request $request, SubscriptionActivationService $service): RedirectResponse
diff --git a/resources/views/admin/layouts/app.blade.php b/resources/views/admin/layouts/app.blade.php
index deb1182..57f3889 100644
--- a/resources/views/admin/layouts/app.blade.php
+++ b/resources/views/admin/layouts/app.blade.php
@@ -77,7 +77,18 @@
 
         {{-- 页面标题已统一收敛到各页面的 PageHeader 组件，避免重复出现“大标题”。 --}}
         @if(session('success'))
-            <div class="flash" data-flash="success">{{ session('success') }}</div>
+            <div class="flash" data-flash="success">
+                <span>{{ session('success') }}</span>
+                @if(session('success_link_href'))
+                    @php
+                        $flashLinkHref = \App\Support\BackUrl::sanitizeForLinks((string) session('success_link_href'));
+                        $flashLinkLabel = (string) (session('success_link_label') ?: '查看');
+                    @endphp
+                    @if($flashLinkHref !== '')
+                        <a href="{{ $flashLinkHref }}" class="btn btn-secondary btn-sm" style="margin-left:8px;">{{ $flashLinkLabel }}</a>
+                    @endif
+                @endif
+            </div>
         @endif
         @if(session('warning'))
             <div class="warning" data-flash="warning">{{ session('warning') }}</div>
diff --git a/tests/Feature/AdminFlashSuccessShouldSupportOptionalLinkTest.php b/tests/Feature/AdminFlashSuccessShouldSupportOptionalLinkTest.php
new file mode 100644
index 0000000..c25c2d9
--- /dev/null
+++ b/tests/Feature/AdminFlashSuccessShouldSupportOptionalLinkTest.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace Tests\Feature;
+
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class AdminFlashSuccessShouldSupportOptionalLinkTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function loginAsPlatformAdmin(): void
+    {
+        $this->seed();
+
+        $this->post('/admin/login', [
+            'email' => 'platform.admin@demo.local',
+            'password' => 'Platform@123456',
+        ])->assertRedirect('/admin');
+    }
+
+    public function test_flash_success_should_render_optional_link_when_session_keys_present(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $res = $this->withSession([
+            'success' => '操作成功',
+            'success_link_href' => '/admin/platform-batches/show?type=bas&run_id=BAS202603171234560001',
+            'success_link_label' => '进入批次复盘',
+        ])->get('/admin');
+
+        $res->assertOk();
+        $res->assertSee('操作成功');
+        $res->assertSee('进入批次复盘');
+        $res->assertSee('/admin/platform-batches/show?type=bas&amp;run_id=BAS202603171234560001', false);
+    }
+
+    public function test_flash_success_link_should_be_sanitized_to_relative_path(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $res = $this->withSession([
+            'success' => 'ok',
+            'success_link_href' => 'https://evil.example.com/x',
+            'success_link_label' => '查看',
+        ])->get('/admin');
+
+        $res->assertOk();
+        // 外链应被 sanitize 掉，不应渲染 href
+        $res->assertDontSee('https://evil.example.com/x');
+    }
+}