101 lines
3.0 KiB
PHP
101 lines
3.0 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use Illuminate\Http\Request;
|
|
use Inertia\Inertia;
|
|
use Spatie\Permission\Models\Role;
|
|
use Spatie\Permission\Models\Permission;
|
|
|
|
class RoleController extends Controller
|
|
{
|
|
public function index()
|
|
{
|
|
abort_if(!auth()->user()->can('role.view'), 403, 'Unauthorized. Role view permission required.');
|
|
|
|
$order = ['super-admin' => 0, 'admin' => 1, 'user' => 2];
|
|
|
|
$roles = Role::where('guard_name', 'web')
|
|
->with('permissions')
|
|
->get()
|
|
->map(function ($role) {
|
|
return [
|
|
'id' => $role->id,
|
|
'name' => $role->name,
|
|
'guard_name' => $role->guard_name,
|
|
'permissions' => $role->permissions->pluck('name')->toArray(),
|
|
'users_count' => $role->users()->count(),
|
|
'created_at' => $role->created_at,
|
|
];
|
|
})
|
|
->sortBy(fn ($role) => $order[$role['name']] ?? 99)
|
|
->values();
|
|
|
|
$permissions = Permission::where('guard_name', 'web')
|
|
->get()
|
|
->map(fn($p) => [
|
|
'id' => $p->id,
|
|
'name' => $p->name,
|
|
'group' => explode('.', $p->name)[0] ?? 'other',
|
|
]);
|
|
|
|
return Inertia::render('Roles/Index', [
|
|
'roles' => $roles,
|
|
'permissions' => $permissions,
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Update the permissions matrix for a role.
|
|
*/
|
|
public function updatePermissions(Request $request, Role $role)
|
|
{
|
|
abort_if(!auth()->user()->can('role.manage'), 403, 'Unauthorized. Role management permission required.');
|
|
|
|
$validated = $request->validate([
|
|
'permissions' => 'required|array',
|
|
'permissions.*' => 'string|exists:permissions,name',
|
|
]);
|
|
|
|
// Sync only web guard permissions
|
|
$role->syncPermissions($validated['permissions']);
|
|
|
|
return back()->with('success', "Permissions updated for role '{$role->name}'.");
|
|
}
|
|
|
|
/**
|
|
* Store a new role.
|
|
*/
|
|
public function store(Request $request)
|
|
{
|
|
abort_if(!auth()->user()->can('role.manage'), 403, 'Unauthorized. Role management permission required.');
|
|
|
|
$validated = $request->validate([
|
|
'name' => 'required|string|max:50|unique:roles,name',
|
|
]);
|
|
|
|
Role::create([
|
|
'name' => $validated['name'],
|
|
'guard_name' => 'web',
|
|
]);
|
|
|
|
return back()->with('success', 'Role created successfully.');
|
|
}
|
|
|
|
/**
|
|
* Delete a role.
|
|
*/
|
|
public function destroy(Role $role)
|
|
{
|
|
abort_if(!auth()->user()->can('role.manage'), 403, 'Unauthorized. Role management permission required.');
|
|
|
|
if ($role->name === 'super-admin') {
|
|
return back()->withErrors(['error' => 'Cannot delete the super-admin role.']);
|
|
}
|
|
|
|
$role->delete();
|
|
|
|
return back()->with('success', 'Role deleted successfully.');
|
|
}
|
|
}
|