biiproject-kit-v2/app/Http/Controllers/RoleController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Inertia\Inertia;
use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;

class RoleController extends Controller
{
    public function index()
    {
        $order = ['super-admin' => 0, 'admin' => 1, 'user' => 2];

        $roles = Role::where('guard_name', 'web')
            ->with('permissions')
            ->get()
            ->map(function ($role) {
                return [
                    'id'          => $role->id,
                    'name'        => $role->name,
                    'guard_name'  => $role->guard_name,
                    'permissions' => $role->permissions->pluck('name')->toArray(),
                    'users_count' => $role->users()->count(),
                    'created_at'  => $role->created_at,
                ];
            })
            ->sortBy(fn ($role) => $order[$role['name']] ?? 99)
            ->values();

        $permissions = Permission::where('guard_name', 'web')
            ->get()
            ->map(fn($p) => [
                'id'    => $p->id,
                'name'  => $p->name,
                'group' => explode('.', $p->name)[0] ?? 'other',
            ]);

        return Inertia::render('Roles/Index', [
            'roles'       => $roles,
            'permissions' => $permissions,
        ]);
    }

    /**
     * Update the permissions matrix for a role.
     */
    public function updatePermissions(Request $request, Role $role)
    {
        $validated = $request->validate([
            'permissions'   => 'required|array',
            'permissions.*' => 'string|exists:permissions,name',
        ]);

        // Sync only web guard permissions
        $role->syncPermissions($validated['permissions']);

        return back()->with('success', "Permissions updated for role '{$role->name}'.");
    }

    /**
     * Store a new role.
     */
    public function store(Request $request)
    {
        $validated = $request->validate([
            'name' => 'required|string|max:50|unique:roles,name',
        ]);

        Role::create([
            'name'       => $validated['name'],
            'guard_name' => 'web',
        ]);

        return back()->with('success', 'Role created successfully.');
    }

    /**
     * Delete a role.
     */
    public function destroy(Role $role)
    {
        if ($role->name === 'super-admin') {
            return back()->withErrors(['error' => 'Cannot delete the super-admin role.']);
        }

        $role->delete();

        return back()->with('success', 'Role deleted successfully.');
    }
}