feat: granular permissions, export backup, user/role management
Some checks failed
Tests / PHP 8.3 (push) Has been cancelled
Tests / PHP 8.4 (push) Has been cancelled
Tests / PHP 8.5 (push) Has been cancelled

- PermissionSeeder: 29 permissions with role mapping (admin/manager/staff)
- Policies updated to use hasPermissionTo() instead of hasRole()
- ExportBackup command: JSON per-table backup with chunk processing
- UserResource: CRUD users with role assignment (admin only)
- RoleResource: CRUD roles with permission assignment (admin only)
- UserPolicy + RolePolicy: admin-only access control
- ImportCskh: detailed skip logging with color in dry-run mode
- Widgets: permission-based visibility checks
- Tests: 8/8 pass (21 assertions)
This commit is contained in:
2026-05-02 04:47:10 +00:00
parent 7c5055075b
commit 3a8db5cae6
40 changed files with 1804 additions and 440 deletions

View File

@@ -0,0 +1,111 @@
<?php
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;
class PermissionSeeder extends Seeder
{
public function run(): void
{
// Reset cached roles and permissions
app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();
$permissions = [
// Feedback
'view-feedback',
'create-feedback',
'update-feedback',
'delete-feedback',
'add-interaction',
'close-ticket',
'transfer-department',
// Products
'view-product',
'create-product',
'update-product',
'delete-product',
// Customers
'view-customer',
'create-customer',
'update-customer',
'delete-customer',
// Contracts
'view-contract',
'create-contract',
'update-contract',
'delete-contract',
// Channels
'view-channel',
'create-channel',
'update-channel',
'delete-channel',
// Tags
'view-tag',
'create-tag',
'update-tag',
'delete-tag',
// Dashboard & Export
'view-dashboard-widgets',
'export-data',
];
foreach ($permissions as $permission) {
Permission::firstOrCreate(['name' => $permission]);
}
// Admin: all permissions
$admin = Role::findByName('admin');
$admin->givePermissionTo($permissions);
// Manager: most except delete and export
$manager = Role::findByName('manager');
$manager->givePermissionTo([
'view-feedback',
'create-feedback',
'update-feedback',
'delete-feedback',
'add-interaction',
'close-ticket',
'transfer-department',
'view-product',
'create-product',
'update-product',
'view-customer',
'create-customer',
'update-customer',
'view-contract',
'create-contract',
'update-contract',
'view-channel',
'create-channel',
'update-channel',
'view-tag',
'create-tag',
'update-tag',
'view-dashboard-widgets',
]);
// Staff: read + limited write
$staff = Role::findByName('staff');
$staff->givePermissionTo([
'view-feedback',
'create-feedback',
'update-feedback',
'add-interaction',
'view-product',
'view-customer',
'view-contract',
'view-channel',
'view-tag',
]);
}
}