feat: granular permissions, export backup, user/role management
Some checks failed
Tests / PHP 8.3 (push) Has been cancelled
Tests / PHP 8.4 (push) Has been cancelled
Tests / PHP 8.5 (push) Has been cancelled

- PermissionSeeder: 29 permissions with role mapping (admin/manager/staff)
- Policies updated to use hasPermissionTo() instead of hasRole()
- ExportBackup command: JSON per-table backup with chunk processing
- UserResource: CRUD users with role assignment (admin only)
- RoleResource: CRUD roles with permission assignment (admin only)
- UserPolicy + RolePolicy: admin-only access control
- ImportCskh: detailed skip logging with color in dry-run mode
- Widgets: permission-based visibility checks
- Tests: 8/8 pass (21 assertions)
This commit is contained in:
2026-05-02 04:47:10 +00:00
parent 7c5055075b
commit 3a8db5cae6
40 changed files with 1804 additions and 440 deletions

View File

@@ -9,27 +9,27 @@ class ContractPolicy
{
public function viewAny(User $user): bool
{
return $user->hasRole(['admin', 'manager', 'staff']);
return $user->hasPermissionTo('view-contract');
}
public function view(User $user, Contract $contract): bool
{
return $user->hasRole(['admin', 'manager', 'staff']);
return $user->hasPermissionTo('view-contract');
}
public function create(User $user): bool
{
return $user->hasRole(['admin', 'manager']);
return $user->hasPermissionTo('create-contract');
}
public function update(User $user, Contract $contract): bool
{
return $user->hasRole(['admin', 'manager']);
return $user->hasPermissionTo('update-contract');
}
public function delete(User $user, Contract $contract): bool
{
return $user->hasRole('admin');
return $user->hasPermissionTo('delete-contract');
}
public function restore(User $user, Contract $contract): bool

View File

@@ -9,27 +9,27 @@ class CustomerPolicy
{
public function viewAny(User $user): bool
{
return $user->hasRole(['admin', 'manager', 'staff']);
return $user->hasPermissionTo('view-customer');
}
public function view(User $user, Customer $customer): bool
{
return $user->hasRole(['admin', 'manager', 'staff']);
return $user->hasPermissionTo('view-customer');
}
public function create(User $user): bool
{
return $user->hasRole(['admin', 'manager']);
return $user->hasPermissionTo('create-customer');
}
public function update(User $user, Customer $customer): bool
{
return $user->hasRole(['admin', 'manager']);
return $user->hasPermissionTo('update-customer');
}
public function delete(User $user, Customer $customer): bool
{
return $user->hasRole('admin');
return $user->hasPermissionTo('delete-customer');
}
public function restore(User $user, Customer $customer): bool

View File

@@ -9,36 +9,36 @@ class FeedbackChannelPolicy
{
public function viewAny(User $user): bool
{
return in_array($user->role, ['admin', 'manager', 'staff']);
return $user->hasPermissionTo('view-channel');
}
public function view(User $user, FeedbackChannel $feedbackChannel): bool
public function view(User $user, FeedbackChannel $channel): bool
{
return in_array($user->role, ['admin', 'manager', 'staff']);
return $user->hasPermissionTo('view-channel');
}
public function create(User $user): bool
{
return in_array($user->role, ['admin', 'manager']);
return $user->hasPermissionTo('create-channel');
}
public function update(User $user, FeedbackChannel $feedbackChannel): bool
public function update(User $user, FeedbackChannel $channel): bool
{
return in_array($user->role, ['admin', 'manager']);
return $user->hasPermissionTo('update-channel');
}
public function delete(User $user, FeedbackChannel $feedbackChannel): bool
public function delete(User $user, FeedbackChannel $channel): bool
{
return $user->role === 'admin';
return $user->hasPermissionTo('delete-channel');
}
public function restore(User $user, FeedbackChannel $feedbackChannel): bool
public function restore(User $user, FeedbackChannel $channel): bool
{
return $user->role === 'admin';
return $user->hasRole('admin');
}
public function forceDelete(User $user, FeedbackChannel $feedbackChannel): bool
public function forceDelete(User $user, FeedbackChannel $channel): bool
{
return $user->role === 'admin';
return $user->hasRole('admin');
}
}

View File

@@ -9,27 +9,27 @@ class FeedbackPolicy
{
public function viewAny(User $user): bool
{
return $user->hasRole(['admin', 'manager', 'staff']);
return $user->hasPermissionTo('view-feedback');
}
public function view(User $user, Feedback $feedback): bool
{
return $user->hasRole(['admin', 'manager', 'staff']);
return $user->hasPermissionTo('view-feedback');
}
public function create(User $user): bool
{
return $user->hasRole(['admin', 'manager', 'staff']);
return $user->hasPermissionTo('create-feedback');
}
public function update(User $user, Feedback $feedback): bool
{
return $user->hasRole(['admin', 'manager', 'staff']);
return $user->hasPermissionTo('update-feedback');
}
public function delete(User $user, Feedback $feedback): bool
{
return $user->hasRole(['admin', 'manager']);
return $user->hasPermissionTo('delete-feedback');
}
public function restore(User $user, Feedback $feedback): bool

View File

@@ -9,27 +9,27 @@ class ProductPolicy
{
public function viewAny(User $user): bool
{
return $user->hasRole(['admin', 'manager', 'staff']);
return $user->hasPermissionTo('view-product');
}
public function view(User $user, Product $product): bool
{
return $user->hasRole(['admin', 'manager', 'staff']);
return $user->hasPermissionTo('view-product');
}
public function create(User $user): bool
{
return $user->hasRole(['admin', 'manager']);
return $user->hasPermissionTo('create-product');
}
public function update(User $user, Product $product): bool
{
return $user->hasRole(['admin', 'manager']);
return $user->hasPermissionTo('update-product');
}
public function delete(User $user, Product $product): bool
{
return $user->hasRole('admin');
return $user->hasPermissionTo('delete-product');
}
public function restore(User $user, Product $product): bool

View File

@@ -0,0 +1,44 @@
<?php
namespace App\Policies;
use App\Models\User;
use Spatie\Permission\Models\Role;
class RolePolicy
{
public function viewAny(User $user): bool
{
return $user->hasRole('admin');
}
public function view(User $user, Role $role): bool
{
return $user->hasRole('admin');
}
public function create(User $user): bool
{
return $user->hasRole('admin');
}
public function update(User $user, Role $role): bool
{
return $user->hasRole('admin');
}
public function delete(User $user, Role $role): bool
{
return $user->hasRole('admin') && ! in_array($role->name, ['admin', 'manager', 'staff']);
}
public function restore(User $user, Role $role): bool
{
return $user->hasRole('admin');
}
public function forceDelete(User $user, Role $role): bool
{
return $user->hasRole('admin') && ! in_array($role->name, ['admin', 'manager', 'staff']);
}
}

View File

@@ -0,0 +1,43 @@
<?php
namespace App\Policies;
use App\Models\User;
class UserPolicy
{
public function viewAny(User $user): bool
{
return $user->hasRole('admin');
}
public function view(User $user, User $model): bool
{
return $user->hasRole('admin');
}
public function create(User $user): bool
{
return $user->hasRole('admin');
}
public function update(User $user, User $model): bool
{
return $user->hasRole('admin');
}
public function delete(User $user, User $model): bool
{
return $user->hasRole('admin') && $model->id !== $user->id;
}
public function restore(User $user, User $model): bool
{
return $user->hasRole('admin');
}
public function forceDelete(User $user, User $model): bool
{
return $user->hasRole('admin') && $model->id !== $user->id;
}
}