51 lines
1.5 KiB
PHP
51 lines
1.5 KiB
PHP
<?php
|
|
|
|
namespace Database\Seeders;
|
|
|
|
use Illuminate\Database\Seeder;
|
|
use Spatie\Permission\Models\Permission;
|
|
use Spatie\Permission\Models\Role;
|
|
use Spatie\Permission\PermissionRegistrar;
|
|
|
|
class RolesAndPermissionsSeeder extends Seeder
|
|
{
|
|
public function run(): void
|
|
{
|
|
app()[PermissionRegistrar::class]->forgetCachedPermissions();
|
|
|
|
$permissions = [
|
|
'user.view',
|
|
'user.create',
|
|
'user.edit',
|
|
'user.delete',
|
|
'role.view',
|
|
'role.manage',
|
|
'settings.manage',
|
|
];
|
|
|
|
foreach ($permissions as $permission) {
|
|
Permission::firstOrCreate(['name' => $permission, 'guard_name' => 'web']);
|
|
Permission::firstOrCreate(['name' => $permission, 'guard_name' => 'api']);
|
|
}
|
|
|
|
// user — read-only access
|
|
$user = Role::firstOrCreate(['name' => 'user', 'guard_name' => 'web']);
|
|
$user->syncPermissions(['user.view']);
|
|
|
|
// admin — full user & role management, no system settings
|
|
$admin = Role::firstOrCreate(['name' => 'admin', 'guard_name' => 'web']);
|
|
$admin->syncPermissions([
|
|
'user.view',
|
|
'user.create',
|
|
'user.edit',
|
|
'user.delete',
|
|
'role.view',
|
|
'role.manage',
|
|
]);
|
|
|
|
// super-admin — everything (Gate::before bypasses checks anyway)
|
|
$superAdmin = Role::firstOrCreate(['name' => 'super-admin', 'guard_name' => 'web']);
|
|
$superAdmin->syncPermissions(Permission::where('guard_name', 'web')->get());
|
|
}
|
|
}
|