- PermissionSeeder: 29 permissions with role mapping (admin/manager/staff) - Policies updated to use hasPermissionTo() instead of hasRole() - ExportBackup command: JSON per-table backup with chunk processing - UserResource: CRUD users with role assignment (admin only) - RoleResource: CRUD roles with permission assignment (admin only) - UserPolicy + RolePolicy: admin-only access control - ImportCskh: detailed skip logging with color in dry-run mode - Widgets: permission-based visibility checks - Tests: 8/8 pass (21 assertions)
45 lines
976 B
PHP
45 lines
976 B
PHP
<?php
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\User;
|
|
use Spatie\Permission\Models\Role;
|
|
|
|
class RolePolicy
|
|
{
|
|
public function viewAny(User $user): bool
|
|
{
|
|
return $user->hasRole('admin');
|
|
}
|
|
|
|
public function view(User $user, Role $role): bool
|
|
{
|
|
return $user->hasRole('admin');
|
|
}
|
|
|
|
public function create(User $user): bool
|
|
{
|
|
return $user->hasRole('admin');
|
|
}
|
|
|
|
public function update(User $user, Role $role): bool
|
|
{
|
|
return $user->hasRole('admin');
|
|
}
|
|
|
|
public function delete(User $user, Role $role): bool
|
|
{
|
|
return $user->hasRole('admin') && ! in_array($role->name, ['admin', 'manager', 'staff']);
|
|
}
|
|
|
|
public function restore(User $user, Role $role): bool
|
|
{
|
|
return $user->hasRole('admin');
|
|
}
|
|
|
|
public function forceDelete(User $user, Role $role): bool
|
|
{
|
|
return $user->hasRole('admin') && ! in_array($role->name, ['admin', 'manager', 'staff']);
|
|
}
|
|
}
|