feat: granular permissions, export backup, user/role management
- PermissionSeeder: 29 permissions with role mapping (admin/manager/staff) - Policies updated to use hasPermissionTo() instead of hasRole() - ExportBackup command: JSON per-table backup with chunk processing - UserResource: CRUD users with role assignment (admin only) - RoleResource: CRUD roles with permission assignment (admin only) - UserPolicy + RolePolicy: admin-only access control - ImportCskh: detailed skip logging with color in dry-run mode - Widgets: permission-based visibility checks - Tests: 8/8 pass (21 assertions)
This commit is contained in:
111
database/seeders/PermissionSeeder.php
Normal file
111
database/seeders/PermissionSeeder.php
Normal file
@@ -0,0 +1,111 @@
|
||||
<?php
|
||||
|
||||
namespace Database\Seeders;
|
||||
|
||||
use Illuminate\Database\Seeder;
|
||||
use Spatie\Permission\Models\Permission;
|
||||
use Spatie\Permission\Models\Role;
|
||||
|
||||
class PermissionSeeder extends Seeder
|
||||
{
|
||||
public function run(): void
|
||||
{
|
||||
// Reset cached roles and permissions
|
||||
app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();
|
||||
|
||||
$permissions = [
|
||||
// Feedback
|
||||
'view-feedback',
|
||||
'create-feedback',
|
||||
'update-feedback',
|
||||
'delete-feedback',
|
||||
'add-interaction',
|
||||
'close-ticket',
|
||||
'transfer-department',
|
||||
|
||||
// Products
|
||||
'view-product',
|
||||
'create-product',
|
||||
'update-product',
|
||||
'delete-product',
|
||||
|
||||
// Customers
|
||||
'view-customer',
|
||||
'create-customer',
|
||||
'update-customer',
|
||||
'delete-customer',
|
||||
|
||||
// Contracts
|
||||
'view-contract',
|
||||
'create-contract',
|
||||
'update-contract',
|
||||
'delete-contract',
|
||||
|
||||
// Channels
|
||||
'view-channel',
|
||||
'create-channel',
|
||||
'update-channel',
|
||||
'delete-channel',
|
||||
|
||||
// Tags
|
||||
'view-tag',
|
||||
'create-tag',
|
||||
'update-tag',
|
||||
'delete-tag',
|
||||
|
||||
// Dashboard & Export
|
||||
'view-dashboard-widgets',
|
||||
'export-data',
|
||||
];
|
||||
|
||||
foreach ($permissions as $permission) {
|
||||
Permission::firstOrCreate(['name' => $permission]);
|
||||
}
|
||||
|
||||
// Admin: all permissions
|
||||
$admin = Role::findByName('admin');
|
||||
$admin->givePermissionTo($permissions);
|
||||
|
||||
// Manager: most except delete and export
|
||||
$manager = Role::findByName('manager');
|
||||
$manager->givePermissionTo([
|
||||
'view-feedback',
|
||||
'create-feedback',
|
||||
'update-feedback',
|
||||
'delete-feedback',
|
||||
'add-interaction',
|
||||
'close-ticket',
|
||||
'transfer-department',
|
||||
'view-product',
|
||||
'create-product',
|
||||
'update-product',
|
||||
'view-customer',
|
||||
'create-customer',
|
||||
'update-customer',
|
||||
'view-contract',
|
||||
'create-contract',
|
||||
'update-contract',
|
||||
'view-channel',
|
||||
'create-channel',
|
||||
'update-channel',
|
||||
'view-tag',
|
||||
'create-tag',
|
||||
'update-tag',
|
||||
'view-dashboard-widgets',
|
||||
]);
|
||||
|
||||
// Staff: read + limited write
|
||||
$staff = Role::findByName('staff');
|
||||
$staff->givePermissionTo([
|
||||
'view-feedback',
|
||||
'create-feedback',
|
||||
'update-feedback',
|
||||
'add-interaction',
|
||||
'view-product',
|
||||
'view-customer',
|
||||
'view-contract',
|
||||
'view-channel',
|
||||
'view-tag',
|
||||
]);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user