feat: granular permissions, export backup, user/role management
- PermissionSeeder: 29 permissions with role mapping (admin/manager/staff) - Policies updated to use hasPermissionTo() instead of hasRole() - ExportBackup command: JSON per-table backup with chunk processing - UserResource: CRUD users with role assignment (admin only) - RoleResource: CRUD roles with permission assignment (admin only) - UserPolicy + RolePolicy: admin-only access control - ImportCskh: detailed skip logging with color in dry-run mode - Widgets: permission-based visibility checks - Tests: 8/8 pass (21 assertions)
This commit is contained in:
@@ -9,27 +9,27 @@ class ContractPolicy
|
||||
{
|
||||
public function viewAny(User $user): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('view-contract');
|
||||
}
|
||||
|
||||
public function view(User $user, Contract $contract): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('view-contract');
|
||||
}
|
||||
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager']);
|
||||
return $user->hasPermissionTo('create-contract');
|
||||
}
|
||||
|
||||
public function update(User $user, Contract $contract): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager']);
|
||||
return $user->hasPermissionTo('update-contract');
|
||||
}
|
||||
|
||||
public function delete(User $user, Contract $contract): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
return $user->hasPermissionTo('delete-contract');
|
||||
}
|
||||
|
||||
public function restore(User $user, Contract $contract): bool
|
||||
|
||||
@@ -9,27 +9,27 @@ class CustomerPolicy
|
||||
{
|
||||
public function viewAny(User $user): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('view-customer');
|
||||
}
|
||||
|
||||
public function view(User $user, Customer $customer): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('view-customer');
|
||||
}
|
||||
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager']);
|
||||
return $user->hasPermissionTo('create-customer');
|
||||
}
|
||||
|
||||
public function update(User $user, Customer $customer): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager']);
|
||||
return $user->hasPermissionTo('update-customer');
|
||||
}
|
||||
|
||||
public function delete(User $user, Customer $customer): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
return $user->hasPermissionTo('delete-customer');
|
||||
}
|
||||
|
||||
public function restore(User $user, Customer $customer): bool
|
||||
|
||||
@@ -9,36 +9,36 @@ class FeedbackChannelPolicy
|
||||
{
|
||||
public function viewAny(User $user): bool
|
||||
{
|
||||
return in_array($user->role, ['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('view-channel');
|
||||
}
|
||||
|
||||
public function view(User $user, FeedbackChannel $feedbackChannel): bool
|
||||
public function view(User $user, FeedbackChannel $channel): bool
|
||||
{
|
||||
return in_array($user->role, ['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('view-channel');
|
||||
}
|
||||
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return in_array($user->role, ['admin', 'manager']);
|
||||
return $user->hasPermissionTo('create-channel');
|
||||
}
|
||||
|
||||
public function update(User $user, FeedbackChannel $feedbackChannel): bool
|
||||
public function update(User $user, FeedbackChannel $channel): bool
|
||||
{
|
||||
return in_array($user->role, ['admin', 'manager']);
|
||||
return $user->hasPermissionTo('update-channel');
|
||||
}
|
||||
|
||||
public function delete(User $user, FeedbackChannel $feedbackChannel): bool
|
||||
public function delete(User $user, FeedbackChannel $channel): bool
|
||||
{
|
||||
return $user->role === 'admin';
|
||||
return $user->hasPermissionTo('delete-channel');
|
||||
}
|
||||
|
||||
public function restore(User $user, FeedbackChannel $feedbackChannel): bool
|
||||
public function restore(User $user, FeedbackChannel $channel): bool
|
||||
{
|
||||
return $user->role === 'admin';
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function forceDelete(User $user, FeedbackChannel $feedbackChannel): bool
|
||||
public function forceDelete(User $user, FeedbackChannel $channel): bool
|
||||
{
|
||||
return $user->role === 'admin';
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,27 +9,27 @@ class FeedbackPolicy
|
||||
{
|
||||
public function viewAny(User $user): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('view-feedback');
|
||||
}
|
||||
|
||||
public function view(User $user, Feedback $feedback): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('view-feedback');
|
||||
}
|
||||
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('create-feedback');
|
||||
}
|
||||
|
||||
public function update(User $user, Feedback $feedback): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('update-feedback');
|
||||
}
|
||||
|
||||
public function delete(User $user, Feedback $feedback): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager']);
|
||||
return $user->hasPermissionTo('delete-feedback');
|
||||
}
|
||||
|
||||
public function restore(User $user, Feedback $feedback): bool
|
||||
|
||||
@@ -9,27 +9,27 @@ class ProductPolicy
|
||||
{
|
||||
public function viewAny(User $user): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('view-product');
|
||||
}
|
||||
|
||||
public function view(User $user, Product $product): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager', 'staff']);
|
||||
return $user->hasPermissionTo('view-product');
|
||||
}
|
||||
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager']);
|
||||
return $user->hasPermissionTo('create-product');
|
||||
}
|
||||
|
||||
public function update(User $user, Product $product): bool
|
||||
{
|
||||
return $user->hasRole(['admin', 'manager']);
|
||||
return $user->hasPermissionTo('update-product');
|
||||
}
|
||||
|
||||
public function delete(User $user, Product $product): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
return $user->hasPermissionTo('delete-product');
|
||||
}
|
||||
|
||||
public function restore(User $user, Product $product): bool
|
||||
|
||||
44
app/Policies/RolePolicy.php
Normal file
44
app/Policies/RolePolicy.php
Normal file
@@ -0,0 +1,44 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\User;
|
||||
use Spatie\Permission\Models\Role;
|
||||
|
||||
class RolePolicy
|
||||
{
|
||||
public function viewAny(User $user): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function view(User $user, Role $role): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function update(User $user, Role $role): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function delete(User $user, Role $role): bool
|
||||
{
|
||||
return $user->hasRole('admin') && ! in_array($role->name, ['admin', 'manager', 'staff']);
|
||||
}
|
||||
|
||||
public function restore(User $user, Role $role): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function forceDelete(User $user, Role $role): bool
|
||||
{
|
||||
return $user->hasRole('admin') && ! in_array($role->name, ['admin', 'manager', 'staff']);
|
||||
}
|
||||
}
|
||||
43
app/Policies/UserPolicy.php
Normal file
43
app/Policies/UserPolicy.php
Normal file
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\User;
|
||||
|
||||
class UserPolicy
|
||||
{
|
||||
public function viewAny(User $user): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function view(User $user, User $model): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function update(User $user, User $model): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function delete(User $user, User $model): bool
|
||||
{
|
||||
return $user->hasRole('admin') && $model->id !== $user->id;
|
||||
}
|
||||
|
||||
public function restore(User $user, User $model): bool
|
||||
{
|
||||
return $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function forceDelete(User $user, User $model): bool
|
||||
{
|
||||
return $user->hasRole('admin') && $model->id !== $user->id;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user