From 8ce4af527487d931c707f10a0649383ce0f3c798 Mon Sep 17 00:00:00 2001
From: tuxarmy <ambarrubiyanto@gmail.com>
Date: Fri, 3 Apr 2026 04:59:30 +0700
Subject: [PATCH] feat: tambah policy per role via PermissionSeeder,
 shield:generate otomatis di seeder

---
 database/seeders/DatabaseSeeder.php           |  1 +
 database/seeders/PermissionSeeder.php         | 51 +++++++++++++++++++
 .../seeders/RolesAndPermissionsSeeder.php     |  4 ++
 3 files changed, 56 insertions(+)
 create mode 100644 database/seeders/PermissionSeeder.php

diff --git a/database/seeders/DatabaseSeeder.php b/database/seeders/DatabaseSeeder.php
index 421a5c8..8bca644 100644
--- a/database/seeders/DatabaseSeeder.php
+++ b/database/seeders/DatabaseSeeder.php
@@ -10,6 +10,7 @@ class DatabaseSeeder extends Seeder
     {
         $this->call([
             RolesAndPermissionsSeeder::class,
+            PermissionSeeder::class,
             DivisionSeeder::class,
             UserSeeder::class,
             ActivitySeeder::class,
diff --git a/database/seeders/PermissionSeeder.php b/database/seeders/PermissionSeeder.php
new file mode 100644
index 0000000..14e7bf5
--- /dev/null
+++ b/database/seeders/PermissionSeeder.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace Database\Seeders;
+
+use Illuminate\Database\Seeder;
+use Spatie\Permission\Models\Permission;
+use Spatie\Permission\Models\Role;
+
+class PermissionSeeder extends Seeder
+{
+    public function run(): void
+    {
+        app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();
+
+        $ketua = Role::findByName('ketua');
+        $bendahara = Role::findByName('bendahara');
+        $pengurus = Role::findByName('pengurus');
+        $anggota = Role::findByName('anggota');
+        $auditor = Role::findByName('auditor');
+
+        // Ketua: akses penuh kecuali shield roles
+        $ketua->syncPermissions(Permission::where('name', 'not like', '%Role%')
+            ->where('name', 'not like', '%Permission%')
+            ->get());
+
+        // Bendahara: hanya kas
+        $bendahara->syncPermissions(Permission::where('name', 'like', '%CashRecord%')
+            ->orWhere('name', 'like', '%CashCategory%')
+            ->get());
+
+        // Pengurus: kegiatan + lihat anggota & divisi
+        $pengurus->syncPermissions(Permission::where('name', 'like', '%Activity%')
+            ->orWhere('name', 'like', 'ViewAny:User')
+            ->orWhere('name', 'like', 'View:User')
+            ->orWhere('name', 'like', 'ViewAny:Division')
+            ->orWhere('name', 'like', 'View:Division')
+            ->get());
+
+        // Anggota: hanya lihat kegiatan & voting
+        $anggota->syncPermissions(Permission::whereIn('name', [
+            'ViewAny:Activity', 'View:Activity',
+            'ViewAny:Vote', 'View:Vote',
+        ])->get());
+
+        // Auditor: read-only semua + akses audit
+        $auditor->syncPermissions(Permission::where('name', 'like', 'ViewAny:%')
+            ->orWhere('name', 'like', 'View:%')
+            ->orWhere('name', 'like', '%Audit%')
+            ->get());
+    }
+}
diff --git a/database/seeders/RolesAndPermissionsSeeder.php b/database/seeders/RolesAndPermissionsSeeder.php
index a373dd6..844d332 100644
--- a/database/seeders/RolesAndPermissionsSeeder.php
+++ b/database/seeders/RolesAndPermissionsSeeder.php
@@ -4,6 +4,7 @@ namespace Database\Seeders;
 
 use App\Models\User;
 use Illuminate\Database\Seeder;
+use Illuminate\Support\Facades\Artisan;
 use Spatie\Permission\Models\Role;
 
 class RolesAndPermissionsSeeder extends Seeder
@@ -18,6 +19,9 @@ class RolesAndPermissionsSeeder extends Seeder
             Role::firstOrCreate(['name' => $role, 'guard_name' => 'web']);
         }
 
+        // Generate Shield permissions untuk semua resource
+        \Artisan::call('shield:generate', ['--all' => true, '--panel' => 'admin']);
+
         // super_admin mendapat semua permission via Shield config
         $superAdmin = User::firstOrCreate(
             ['email' => 'admin@persegi.id'],