- PermissionSeeder: 29 permissions with role mapping (admin/manager/staff) - Policies updated to use hasPermissionTo() instead of hasRole() - ExportBackup command: JSON per-table backup with chunk processing - UserResource: CRUD users with role assignment (admin only) - RoleResource: CRUD roles with permission assignment (admin only) - UserPolicy + RolePolicy: admin-only access control - ImportCskh: detailed skip logging with color in dry-run mode - Widgets: permission-based visibility checks - Tests: 8/8 pass (21 assertions)
112 lines
2.9 KiB
PHP
112 lines
2.9 KiB
PHP
<?php
|
|
|
|
namespace Database\Seeders;
|
|
|
|
use Illuminate\Database\Seeder;
|
|
use Spatie\Permission\Models\Permission;
|
|
use Spatie\Permission\Models\Role;
|
|
|
|
class PermissionSeeder extends Seeder
|
|
{
|
|
public function run(): void
|
|
{
|
|
// Reset cached roles and permissions
|
|
app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();
|
|
|
|
$permissions = [
|
|
// Feedback
|
|
'view-feedback',
|
|
'create-feedback',
|
|
'update-feedback',
|
|
'delete-feedback',
|
|
'add-interaction',
|
|
'close-ticket',
|
|
'transfer-department',
|
|
|
|
// Products
|
|
'view-product',
|
|
'create-product',
|
|
'update-product',
|
|
'delete-product',
|
|
|
|
// Customers
|
|
'view-customer',
|
|
'create-customer',
|
|
'update-customer',
|
|
'delete-customer',
|
|
|
|
// Contracts
|
|
'view-contract',
|
|
'create-contract',
|
|
'update-contract',
|
|
'delete-contract',
|
|
|
|
// Channels
|
|
'view-channel',
|
|
'create-channel',
|
|
'update-channel',
|
|
'delete-channel',
|
|
|
|
// Tags
|
|
'view-tag',
|
|
'create-tag',
|
|
'update-tag',
|
|
'delete-tag',
|
|
|
|
// Dashboard & Export
|
|
'view-dashboard-widgets',
|
|
'export-data',
|
|
];
|
|
|
|
foreach ($permissions as $permission) {
|
|
Permission::firstOrCreate(['name' => $permission]);
|
|
}
|
|
|
|
// Admin: all permissions
|
|
$admin = Role::findByName('admin');
|
|
$admin->givePermissionTo($permissions);
|
|
|
|
// Manager: most except delete and export
|
|
$manager = Role::findByName('manager');
|
|
$manager->givePermissionTo([
|
|
'view-feedback',
|
|
'create-feedback',
|
|
'update-feedback',
|
|
'delete-feedback',
|
|
'add-interaction',
|
|
'close-ticket',
|
|
'transfer-department',
|
|
'view-product',
|
|
'create-product',
|
|
'update-product',
|
|
'view-customer',
|
|
'create-customer',
|
|
'update-customer',
|
|
'view-contract',
|
|
'create-contract',
|
|
'update-contract',
|
|
'view-channel',
|
|
'create-channel',
|
|
'update-channel',
|
|
'view-tag',
|
|
'create-tag',
|
|
'update-tag',
|
|
'view-dashboard-widgets',
|
|
]);
|
|
|
|
// Staff: read + limited write
|
|
$staff = Role::findByName('staff');
|
|
$staff->givePermissionTo([
|
|
'view-feedback',
|
|
'create-feedback',
|
|
'update-feedback',
|
|
'add-interaction',
|
|
'view-product',
|
|
'view-customer',
|
|
'view-contract',
|
|
'view-channel',
|
|
'view-tag',
|
|
]);
|
|
}
|
|
}
|