diff --git a/app/Policies/ActivityPolicy.php b/app/Policies/ActivityPolicy.php index fca1a6a..91e8221 100644 --- a/app/Policies/ActivityPolicy.php +++ b/app/Policies/ActivityPolicy.php @@ -19,9 +19,6 @@ class ActivityPolicy public function view(AuthUser $authUser, Activity $activity): bool { - if ($activity->status === 'draft' && $activity->created_by !== $authUser->id) { - return $authUser->can('ViewDraft:Activity'); - } return $authUser->can('View:Activity'); } diff --git a/app/Policies/MemberPointPolicy.php b/app/Policies/MemberPointPolicy.php new file mode 100644 index 0000000..bbedaad --- /dev/null +++ b/app/Policies/MemberPointPolicy.php @@ -0,0 +1,75 @@ +can('ViewAny:MemberPoint'); + } + + public function view(AuthUser $authUser, MemberPoint $memberPoint): bool + { + return $authUser->can('View:MemberPoint'); + } + + public function create(AuthUser $authUser): bool + { + return $authUser->can('Create:MemberPoint'); + } + + public function update(AuthUser $authUser, MemberPoint $memberPoint): bool + { + return $authUser->can('Update:MemberPoint'); + } + + public function delete(AuthUser $authUser, MemberPoint $memberPoint): bool + { + return $authUser->can('Delete:MemberPoint'); + } + + public function deleteAny(AuthUser $authUser): bool + { + return $authUser->can('DeleteAny:MemberPoint'); + } + + public function restore(AuthUser $authUser, MemberPoint $memberPoint): bool + { + return $authUser->can('Restore:MemberPoint'); + } + + public function forceDelete(AuthUser $authUser, MemberPoint $memberPoint): bool + { + return $authUser->can('ForceDelete:MemberPoint'); + } + + public function forceDeleteAny(AuthUser $authUser): bool + { + return $authUser->can('ForceDeleteAny:MemberPoint'); + } + + public function restoreAny(AuthUser $authUser): bool + { + return $authUser->can('RestoreAny:MemberPoint'); + } + + public function replicate(AuthUser $authUser, MemberPoint $memberPoint): bool + { + return $authUser->can('Replicate:MemberPoint'); + } + + public function reorder(AuthUser $authUser): bool + { + return $authUser->can('Reorder:MemberPoint'); + } + +} \ No newline at end of file diff --git a/config/filament-shield.php b/config/filament-shield.php index 2cb15cd..dd4392e 100644 --- a/config/filament-shield.php +++ b/config/filament-shield.php @@ -264,4 +264,18 @@ return [ 'register_role_policy' => true, + /* + |-------------------------------------------------------------------------- + | Custom Permissions + |-------------------------------------------------------------------------- + | + | Permission tambahan di luar yang di-generate Shield. + | Di-seed via PermissionSeeder dan di-assign ke role yang sesuai. + | + */ + + 'custom_permissions' => [ + 'ViewDraft:Activity', // Lihat kegiatan berstatus draft milik user lain (hanya super_admin) + ], + ]; diff --git a/database/seeders/PermissionSeeder.php b/database/seeders/PermissionSeeder.php index 4fe0ca2..83e962e 100644 --- a/database/seeders/PermissionSeeder.php +++ b/database/seeders/PermissionSeeder.php @@ -20,8 +20,10 @@ class PermissionSeeder extends Seeder $superAdmin = Role::findByName('super_admin'); // Permission khusus yang tidak di-generate Shield - Permission::firstOrCreate(['name' => 'ViewDraft:Activity', 'guard_name' => 'web']); - $superAdmin->givePermissionTo('ViewDraft:Activity'); + foreach (config('filament-shield.custom_permissions', []) as $permission) { + Permission::firstOrCreate(['name' => $permission, 'guard_name' => 'web']); + } + $superAdmin->givePermissionTo(config('filament-shield.custom_permissions', [])); // Ketua: akses penuh kecuali shield roles $ketua->syncPermissions(Permission::where('name', 'not like', '%Role%')