feat: pindahkan custom permission ke config/filament-shield.php

app/Policies/ActivityPolicy.php

@@ -19,9 +19,6 @@ class ActivityPolicy
 
     public function view(AuthUser $authUser, Activity $activity): bool
     {
-        if ($activity->status === 'draft' && $activity->created_by !== $authUser->id) {
-            return $authUser->can('ViewDraft:Activity');
-        }
         return $authUser->can('View:Activity');
     }
 

app/Policies/MemberPointPolicy.php

@@ -0,0 +1,75 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Policies;
+
+use Illuminate\Foundation\Auth\User as AuthUser;
+use App\Models\MemberPoint;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class MemberPointPolicy
+{
+    use HandlesAuthorization;
+    
+    public function viewAny(AuthUser $authUser): bool
+    {
+        return $authUser->can('ViewAny:MemberPoint');
+    }
+
+    public function view(AuthUser $authUser, MemberPoint $memberPoint): bool
+    {
+        return $authUser->can('View:MemberPoint');
+    }
+
+    public function create(AuthUser $authUser): bool
+    {
+        return $authUser->can('Create:MemberPoint');
+    }
+
+    public function update(AuthUser $authUser, MemberPoint $memberPoint): bool
+    {
+        return $authUser->can('Update:MemberPoint');
+    }
+
+    public function delete(AuthUser $authUser, MemberPoint $memberPoint): bool
+    {
+        return $authUser->can('Delete:MemberPoint');
+    }
+
+    public function deleteAny(AuthUser $authUser): bool
+    {
+        return $authUser->can('DeleteAny:MemberPoint');
+    }
+
+    public function restore(AuthUser $authUser, MemberPoint $memberPoint): bool
+    {
+        return $authUser->can('Restore:MemberPoint');
+    }
+
+    public function forceDelete(AuthUser $authUser, MemberPoint $memberPoint): bool
+    {
+        return $authUser->can('ForceDelete:MemberPoint');
+    }
+
+    public function forceDeleteAny(AuthUser $authUser): bool
+    {
+        return $authUser->can('ForceDeleteAny:MemberPoint');
+    }
+
+    public function restoreAny(AuthUser $authUser): bool
+    {
+        return $authUser->can('RestoreAny:MemberPoint');
+    }
+
+    public function replicate(AuthUser $authUser, MemberPoint $memberPoint): bool
+    {
+        return $authUser->can('Replicate:MemberPoint');
+    }
+
+    public function reorder(AuthUser $authUser): bool
+    {
+        return $authUser->can('Reorder:MemberPoint');
+    }
+
+}

config/filament-shield.php

@@ -264,4 +264,18 @@ return [
 
     'register_role_policy' => true,
 
+    /*
+    |--------------------------------------------------------------------------
+    | Custom Permissions
+    |--------------------------------------------------------------------------
+    |
+    | Permission tambahan di luar yang di-generate Shield.
+    | Di-seed via PermissionSeeder dan di-assign ke role yang sesuai.
+    |
+    */
+
+    'custom_permissions' => [
+        'ViewDraft:Activity', // Lihat kegiatan berstatus draft milik user lain (hanya super_admin)
+    ],
+
 ];

database/seeders/PermissionSeeder.php

@@ -20,8 +20,10 @@ class PermissionSeeder extends Seeder
         $superAdmin = Role::findByName('super_admin');
 
         // Permission khusus yang tidak di-generate Shield
-        Permission::firstOrCreate(['name' => 'ViewDraft:Activity', 'guard_name' => 'web']);
-        $superAdmin->givePermissionTo('ViewDraft:Activity');
+        foreach (config('filament-shield.custom_permissions', []) as $permission) {
+            Permission::firstOrCreate(['name' => $permission, 'guard_name' => 'web']);
+        }
+        $superAdmin->givePermissionTo(config('filament-shield.custom_permissions', []));
 
         // Ketua: akses penuh kecuali shield roles
         $ketua->syncPermissions(Permission::where('name', 'not like', '%Role%')