feat: tambah policy per role via PermissionSeeder, shield:generate otomatis di seeder

database/seeders/DatabaseSeeder.php

@@ -10,6 +10,7 @@ class DatabaseSeeder extends Seeder
     {
         $this->call([
             RolesAndPermissionsSeeder::class,
+            PermissionSeeder::class,
             DivisionSeeder::class,
             UserSeeder::class,
             ActivitySeeder::class,

database/seeders/PermissionSeeder.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace Database\Seeders;
+
+use Illuminate\Database\Seeder;
+use Spatie\Permission\Models\Permission;
+use Spatie\Permission\Models\Role;
+
+class PermissionSeeder extends Seeder
+{
+    public function run(): void
+    {
+        app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();
+
+        $ketua = Role::findByName('ketua');
+        $bendahara = Role::findByName('bendahara');
+        $pengurus = Role::findByName('pengurus');
+        $anggota = Role::findByName('anggota');
+        $auditor = Role::findByName('auditor');
+
+        // Ketua: akses penuh kecuali shield roles
+        $ketua->syncPermissions(Permission::where('name', 'not like', '%Role%')
+            ->where('name', 'not like', '%Permission%')
+            ->get());
+
+        // Bendahara: hanya kas
+        $bendahara->syncPermissions(Permission::where('name', 'like', '%CashRecord%')
+            ->orWhere('name', 'like', '%CashCategory%')
+            ->get());
+
+        // Pengurus: kegiatan + lihat anggota & divisi
+        $pengurus->syncPermissions(Permission::where('name', 'like', '%Activity%')
+            ->orWhere('name', 'like', 'ViewAny:User')
+            ->orWhere('name', 'like', 'View:User')
+            ->orWhere('name', 'like', 'ViewAny:Division')
+            ->orWhere('name', 'like', 'View:Division')
+            ->get());
+
+        // Anggota: hanya lihat kegiatan & voting
+        $anggota->syncPermissions(Permission::whereIn('name', [
+            'ViewAny:Activity', 'View:Activity',
+            'ViewAny:Vote', 'View:Vote',
+        ])->get());
+
+        // Auditor: read-only semua + akses audit
+        $auditor->syncPermissions(Permission::where('name', 'like', 'ViewAny:%')
+            ->orWhere('name', 'like', 'View:%')
+            ->orWhere('name', 'like', '%Audit%')
+            ->get());
+    }
+}

database/seeders/RolesAndPermissionsSeeder.php

@@ -4,6 +4,7 @@ namespace Database\Seeders;
 
 use App\Models\User;
 use Illuminate\Database\Seeder;
+use Illuminate\Support\Facades\Artisan;
 use Spatie\Permission\Models\Role;
 
 class RolesAndPermissionsSeeder extends Seeder
@@ -18,6 +19,9 @@ class RolesAndPermissionsSeeder extends Seeder
             Role::firstOrCreate(['name' => $role, 'guard_name' => 'web']);
         }
 
+        // Generate Shield permissions untuk semua resource
+        \Artisan::call('shield:generate', ['--all' => true, '--panel' => 'admin']);
+
         // super_admin mendapat semua permission via Shield config
         $superAdmin = User::firstOrCreate(
             ['email' => 'admin@persegi.id'],