diff --git a/app/Http/Controllers/Admin/PlatformOrderController.php b/app/Http/Controllers/Admin/PlatformOrderController.php index 4ac1380..f3f8e39 100644 --- a/app/Http/Controllers/Admin/PlatformOrderController.php +++ b/app/Http/Controllers/Admin/PlatformOrderController.php @@ -989,6 +989,16 @@ class PlatformOrderController extends Controller return redirect()->back()->with('warning', '当前筛选集合包含「对账不一致/退款不一致」订单,为避免带病同步,请先完成金额/状态治理(补回执/核对退款/修正状态)后再批量同步订阅。'); } + // 防误操作(口径一致):当用户显式传入了 status/payment_status 时,要求口径至少锁定「已支付+已生效」 + // 说明:订阅详情页的批量同步入口会带 site_subscription_id + syncable_only=1,但未必显式带 status/payment_status。 + // 这里采用“仅在显式传参时校验”的策略,避免误伤订阅详情页的一键批量同步。 + $hasExplicitStatusFilters = ((string) ($filters['payment_status'] ?? '') !== '') || ((string) ($filters['status'] ?? '') !== ''); + if ($scope === 'filtered' && $hasExplicitStatusFilters) { + if (($filters['payment_status'] ?? '') !== 'paid' || ($filters['status'] ?? '') !== 'activated') { + return redirect()->back()->with('warning', '为避免误操作,请先在筛选条件中锁定「支付状态=已支付」且「订单状态=已生效」,再执行批量同步订阅。'); + } + } + // 防误操作:scope=all 需要二次确认 if ($scope === 'all' && (string) $request->input('confirm', '') !== 'YES') { return redirect()->back()->with('warning', '为避免误操作,执行全量批量同步前请在确认框输入 YES。'); diff --git a/tests/Feature/AdminPlatformOrderBatchActivateSubscriptionsStatusFilterSafetyValveTest.php b/tests/Feature/AdminPlatformOrderBatchActivateSubscriptionsStatusFilterSafetyValveTest.php new file mode 100644 index 0000000..e9f543c --- /dev/null +++ b/tests/Feature/AdminPlatformOrderBatchActivateSubscriptionsStatusFilterSafetyValveTest.php @@ -0,0 +1,103 @@ +seed(); + + $this->post('/admin/login', [ + 'email' => 'platform.admin@demo.local', + 'password' => 'Platform@123456', + ])->assertRedirect('/admin'); + } + + public function test_batch_activate_subscriptions_filtered_scope_requires_paid_and_activated_filters(): void + { + $this->loginAsPlatformAdmin(); + + $merchant = Merchant::query()->firstOrFail(); + $plan = Plan::query()->create([ + 'code' => 'batch_activate_requires_status_filters_plan', + 'name' => '批量同步订阅要求口径锁定(已支付+已生效)测试套餐', + 'billing_cycle' => 'monthly', + 'price' => 10, + 'list_price' => 10, + 'status' => 'active', + 'sort' => 10, + 'published_at' => now(), + ]); + + $order = PlatformOrder::query()->create([ + 'merchant_id' => $merchant->id, + 'plan_id' => $plan->id, + 'order_no' => 'PO_BATCH_ACTIVATE_REQUIRE_FILTERS_0001', + 'order_type' => 'new_purchase', + 'status' => 'activated', + 'payment_status' => 'paid', + 'plan_name' => $plan->name, + 'billing_cycle' => $plan->billing_cycle, + 'period_months' => 1, + 'quantity' => 1, + 'payable_amount' => 10, + 'paid_amount' => 10, + 'placed_at' => now(), + 'paid_at' => now(), + 'activated_at' => now(), + ]); + + // 仅勾选 syncable_only=1(不传 status/payment_status)时不应被该“口径锁定提示”误伤 + $res = $this->post('/admin/platform-orders/batch-activate-subscriptions', [ + 'scope' => 'filtered', + 'syncable_only' => '1', + 'limit' => 50, + ]); + $res->assertRedirect(); + + $order->refresh(); + $this->assertNotNull(data_get($order->meta, 'subscription_activation.subscription_id')); + + // 当显式传入 status/payment_status 且不符合 paid+activated 时,应触发 warning 并阻断 + $o2 = PlatformOrder::query()->create([ + 'merchant_id' => $merchant->id, + 'plan_id' => $plan->id, + 'order_no' => 'PO_BATCH_ACTIVATE_REQUIRE_FILTERS_0002', + 'order_type' => 'new_purchase', + 'status' => 'activated', + 'payment_status' => 'paid', + 'plan_name' => $plan->name, + 'billing_cycle' => $plan->billing_cycle, + 'period_months' => 1, + 'quantity' => 1, + 'payable_amount' => 10, + 'paid_amount' => 10, + 'placed_at' => now(), + 'paid_at' => now(), + 'activated_at' => now(), + ]); + + $res2 = $this->post('/admin/platform-orders/batch-activate-subscriptions', [ + 'scope' => 'filtered', + 'syncable_only' => '1', + 'status' => 'pending', + 'payment_status' => 'paid', + 'limit' => 50, + ]); + + $res2->assertRedirect(); + $res2->assertSessionHas('warning'); + + $o2->refresh(); + $this->assertNull(data_get($o2->meta, 'subscription_activation.subscription_id')); + } +}