feat: tambah policy per role via PermissionSeeder, shield:generate otomatis di seeder
This commit is contained in:
@@ -10,6 +10,7 @@ class DatabaseSeeder extends Seeder
|
|||||||
{
|
{
|
||||||
$this->call([
|
$this->call([
|
||||||
RolesAndPermissionsSeeder::class,
|
RolesAndPermissionsSeeder::class,
|
||||||
|
PermissionSeeder::class,
|
||||||
DivisionSeeder::class,
|
DivisionSeeder::class,
|
||||||
UserSeeder::class,
|
UserSeeder::class,
|
||||||
ActivitySeeder::class,
|
ActivitySeeder::class,
|
||||||
|
|||||||
@@ -0,0 +1,51 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Database\Seeders;
|
||||||
|
|
||||||
|
use Illuminate\Database\Seeder;
|
||||||
|
use Spatie\Permission\Models\Permission;
|
||||||
|
use Spatie\Permission\Models\Role;
|
||||||
|
|
||||||
|
class PermissionSeeder extends Seeder
|
||||||
|
{
|
||||||
|
public function run(): void
|
||||||
|
{
|
||||||
|
app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();
|
||||||
|
|
||||||
|
$ketua = Role::findByName('ketua');
|
||||||
|
$bendahara = Role::findByName('bendahara');
|
||||||
|
$pengurus = Role::findByName('pengurus');
|
||||||
|
$anggota = Role::findByName('anggota');
|
||||||
|
$auditor = Role::findByName('auditor');
|
||||||
|
|
||||||
|
// Ketua: akses penuh kecuali shield roles
|
||||||
|
$ketua->syncPermissions(Permission::where('name', 'not like', '%Role%')
|
||||||
|
->where('name', 'not like', '%Permission%')
|
||||||
|
->get());
|
||||||
|
|
||||||
|
// Bendahara: hanya kas
|
||||||
|
$bendahara->syncPermissions(Permission::where('name', 'like', '%CashRecord%')
|
||||||
|
->orWhere('name', 'like', '%CashCategory%')
|
||||||
|
->get());
|
||||||
|
|
||||||
|
// Pengurus: kegiatan + lihat anggota & divisi
|
||||||
|
$pengurus->syncPermissions(Permission::where('name', 'like', '%Activity%')
|
||||||
|
->orWhere('name', 'like', 'ViewAny:User')
|
||||||
|
->orWhere('name', 'like', 'View:User')
|
||||||
|
->orWhere('name', 'like', 'ViewAny:Division')
|
||||||
|
->orWhere('name', 'like', 'View:Division')
|
||||||
|
->get());
|
||||||
|
|
||||||
|
// Anggota: hanya lihat kegiatan & voting
|
||||||
|
$anggota->syncPermissions(Permission::whereIn('name', [
|
||||||
|
'ViewAny:Activity', 'View:Activity',
|
||||||
|
'ViewAny:Vote', 'View:Vote',
|
||||||
|
])->get());
|
||||||
|
|
||||||
|
// Auditor: read-only semua + akses audit
|
||||||
|
$auditor->syncPermissions(Permission::where('name', 'like', 'ViewAny:%')
|
||||||
|
->orWhere('name', 'like', 'View:%')
|
||||||
|
->orWhere('name', 'like', '%Audit%')
|
||||||
|
->get());
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -4,6 +4,7 @@ namespace Database\Seeders;
|
|||||||
|
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
use Illuminate\Database\Seeder;
|
use Illuminate\Database\Seeder;
|
||||||
|
use Illuminate\Support\Facades\Artisan;
|
||||||
use Spatie\Permission\Models\Role;
|
use Spatie\Permission\Models\Role;
|
||||||
|
|
||||||
class RolesAndPermissionsSeeder extends Seeder
|
class RolesAndPermissionsSeeder extends Seeder
|
||||||
@@ -18,6 +19,9 @@ class RolesAndPermissionsSeeder extends Seeder
|
|||||||
Role::firstOrCreate(['name' => $role, 'guard_name' => 'web']);
|
Role::firstOrCreate(['name' => $role, 'guard_name' => 'web']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Generate Shield permissions untuk semua resource
|
||||||
|
\Artisan::call('shield:generate', ['--all' => true, '--panel' => 'admin']);
|
||||||
|
|
||||||
// super_admin mendapat semua permission via Shield config
|
// super_admin mendapat semua permission via Shield config
|
||||||
$superAdmin = User::firstOrCreate(
|
$superAdmin = User::firstOrCreate(
|
||||||
['email' => 'admin@persegi.id'],
|
['email' => 'admin@persegi.id'],
|
||||||
|
|||||||
Reference in New Issue
Block a user