From 5cadfcc959576076fc6d399cfae37ccc292aaf46 Mon Sep 17 00:00:00 2001 From: = Date: Mon, 11 May 2026 13:23:38 +0000 Subject: [PATCH] feature: add role and permission management functionality - Implemented migrations to create permission, role, and related pivot tables. - Added models for `ServiceProtocol`, `ServiceProvider`, `ServiceStatus`, and `ConnectedService`. - Introduced `spatie/laravel-permission` for managing roles and permissions. - Created data seeders for `ServiceProtocols` and `ServiceStatuses`. - Refactored `ConnectionTechTypes` to `ConnectionProtocols` and added Enum utilities. - Updated `ConnectedService` component to use revised enums and model-backed data. --- app/Concerns/EnumValuesAsArray.php | 13 ++ .../ConnectedServiceData.php | 4 +- app/Enums/ConnectionProtocols.php | 16 ++ app/Enums/ConnectionStatus.php | 4 + app/Enums/ConnectionTechTypes.php | 11 - app/Models/ConnectedService.php | 9 + app/Models/ServiceProtocol.php | 9 + app/Models/ServiceProvider.php | 9 + app/Models/ServiceStatus.php | 9 + composer.json | 3 +- composer.lock | 89 ++++++- config/permission.php | 220 ++++++++++++++++++ ..._05_11_112605_create_permission_tables.php | 147 ++++++++++++ ..._120016_create_service_providers_table.php | 31 +++ ...1_123840_create_service_statuses_table.php | 30 +++ ..._123849_create_service_protocols_table.php | 30 +++ ...123900_create_connected_services_table.php | 37 +++ database/seeders/ServiceProtocolsSeeder.php | 25 ++ database/seeders/ServiceStatusSeeder.php | 25 ++ .../connected-services/⚡all.blade.php | 60 ++--- 20 files changed, 736 insertions(+), 45 deletions(-) create mode 100644 app/Concerns/EnumValuesAsArray.php create mode 100644 app/Enums/ConnectionProtocols.php delete mode 100644 app/Enums/ConnectionTechTypes.php create mode 100644 app/Models/ConnectedService.php create mode 100644 app/Models/ServiceProtocol.php create mode 100644 app/Models/ServiceProvider.php create mode 100644 app/Models/ServiceStatus.php create mode 100644 config/permission.php create mode 100644 database/migrations/2026_05_11_112605_create_permission_tables.php create mode 100644 database/migrations/2026_05_11_120016_create_service_providers_table.php create mode 100644 database/migrations/2026_05_11_123840_create_service_statuses_table.php create mode 100644 database/migrations/2026_05_11_123849_create_service_protocols_table.php create mode 100644 database/migrations/2026_05_11_123900_create_connected_services_table.php create mode 100644 database/seeders/ServiceProtocolsSeeder.php create mode 100644 database/seeders/ServiceStatusSeeder.php diff --git a/app/Concerns/EnumValuesAsArray.php b/app/Concerns/EnumValuesAsArray.php new file mode 100644 index 0000000..97e4f2d --- /dev/null +++ b/app/Concerns/EnumValuesAsArray.php @@ -0,0 +1,13 @@ + [ + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * Eloquent model should be used to retrieve your permissions. Of course, it + * is often just the "Permission" model but you may use whatever you like. + * + * The model you want to use as a Permission model needs to implement the + * `Spatie\Permission\Contracts\Permission` contract. + */ + + 'permission' => Permission::class, + + /* + * When using the "HasRoles" trait from this package, we need to know which + * Eloquent model should be used to retrieve your roles. Of course, it + * is often just the "Role" model but you may use whatever you like. + * + * The model you want to use as a Role model needs to implement the + * `Spatie\Permission\Contracts\Role` contract. + */ + + 'role' => Role::class, + + /* + * When using the "Teams" feature from this package, we need to know which + * Eloquent model should be used to retrieve your teams. Of course, it + * is often just the "Team" model but you may use whatever you like. + */ + 'team' => null, + + /* + * When using the "HasModels" trait and passing raw IDs to syncModels, + * attachModels, or detachModels, this model class will be used to + * resolve those IDs. If null, defaults to the guard's model. + */ + 'default_model' => null, + ], + + 'table_names' => [ + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your roles. We have chosen a basic + * default value but you may easily change it to any table you like. + */ + + 'roles' => 'roles', + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * table should be used to retrieve your permissions. We have chosen a basic + * default value but you may easily change it to any table you like. + */ + + 'permissions' => 'permissions', + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * table should be used to retrieve your models permissions. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'model_has_permissions' => 'model_has_permissions', + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your models roles. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'model_has_roles' => 'model_has_roles', + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your roles permissions. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'role_has_permissions' => 'role_has_permissions', + ], + + 'column_names' => [ + /* + * Change this if you want to name the related pivots other than defaults + */ + 'role_pivot_key' => null, // default 'role_id', + 'permission_pivot_key' => null, // default 'permission_id', + + /* + * Change this if you want to name the related model primary key other than + * `model_id`. + * + * For example, this would be nice if your primary keys are all UUIDs. In + * that case, name this `model_uuid`. + */ + + 'model_morph_key' => 'model_id', + + /* + * Change this if you want to use the teams feature and your related model's + * foreign key is other than `team_id`. + */ + + 'team_foreign_key' => 'team_id', + ], + + /* + * When set to true, the method for checking permissions will be registered on the gate. + * Set this to false if you want to implement custom logic for checking permissions. + */ + + 'register_permission_check_method' => true, + + /* + * When set to true, Laravel\Octane\Events\OperationTerminated event listener will be registered + * this will refresh permissions on every TickTerminated, TaskTerminated and RequestTerminated + * NOTE: This should not be needed in most cases, but an Octane/Vapor combination benefited from it. + */ + 'register_octane_reset_listener' => false, + + /* + * Events will fire when a role or permission is assigned/unassigned: + * \Spatie\Permission\Events\RoleAttachedEvent + * \Spatie\Permission\Events\RoleDetachedEvent + * \Spatie\Permission\Events\PermissionAttachedEvent + * \Spatie\Permission\Events\PermissionDetachedEvent + * + * To enable, set to true, and then create listeners to watch these events. + */ + 'events_enabled' => false, + + /* + * Teams Feature. + * When set to true the package implements teams using the 'team_foreign_key'. + * If you want the migrations to register the 'team_foreign_key', you must + * set this to true before doing the migration. + * If you already did the migration then you must make a new migration to also + * add 'team_foreign_key' to 'roles', 'model_has_roles', and 'model_has_permissions' + * (view the latest version of this package's migration file) + */ + + 'teams' => false, + + /* + * The class to use to resolve the permissions team id + */ + 'team_resolver' => DefaultTeamResolver::class, + + /* + * Passport Client Credentials Grant + * When set to true the package will use Passports Client to check permissions + */ + + 'use_passport_client_credentials' => false, + + /* + * When set to true, the required permission names are added to exception messages. + * This could be considered an information leak in some contexts, so the default + * setting is false here for optimum safety. + */ + + 'display_permission_in_exception' => false, + + /* + * When set to true, the required role names are added to exception messages. + * This could be considered an information leak in some contexts, so the default + * setting is false here for optimum safety. + */ + + 'display_role_in_exception' => false, + + /* + * By default wildcard permission lookups are disabled. + * See documentation to understand supported syntax. + */ + + 'enable_wildcard_permission' => false, + + /* + * The class to use for interpreting wildcard permissions. + * If you need to modify delimiters, override the class and specify its name here. + */ + // 'wildcard_permission' => Spatie\Permission\WildcardPermission::class, + + /* Cache-specific settings */ + + 'cache' => [ + + /* + * By default all permissions are cached for 24 hours to speed up performance. + * When permissions or roles are updated the cache is flushed automatically. + */ + + 'expiration_time' => DateInterval::createFromDateString('24 hours'), + + /* + * The cache key used to store all permissions. + */ + + 'key' => 'spatie.permission.cache', + + /* + * You may optionally indicate a specific cache driver to use for permission and + * role caching using any of the `store` drivers listed in the cache.php config + * file. Using 'default' here means to use the `default` set in cache.php. + */ + + 'store' => 'default', + ], +]; diff --git a/database/migrations/2026_05_11_112605_create_permission_tables.php b/database/migrations/2026_05_11_112605_create_permission_tables.php new file mode 100644 index 0000000..8cf489f --- /dev/null +++ b/database/migrations/2026_05_11_112605_create_permission_tables.php @@ -0,0 +1,147 @@ +id(); // permission id + $table->string('name'); + $table->string('guard_name'); + $table->timestamps(); + + $table->unique(['name', 'guard_name']); + }); + + /** + * See `docs/prerequisites.md` for suggested lengths on 'name' and 'guard_name' if "1071 Specified key was too long" errors are encountered. + */ + Schema::create($tableNames['roles'], static function (Blueprint $table) use ($teams, $columnNames): void { + $table->id(); // role id + if ($teams || config('permission.testing')) { // permission.testing is a fix for sqlite testing + $table->unsignedBigInteger($columnNames['team_foreign_key'])->nullable(); + $table->index($columnNames['team_foreign_key'], 'roles_team_foreign_key_index'); + } + $table->string('name'); + $table->string('guard_name'); + $table->timestamps(); + if ($teams || config('permission.testing')) { + $table->unique([$columnNames['team_foreign_key'], 'name', 'guard_name']); + } else { + $table->unique(['name', 'guard_name']); + } + }); + + Schema::create($tableNames['model_has_permissions'], static function (Blueprint $table) use ($tableNames, $columnNames, $pivotPermission, $teams): void { + $table->unsignedBigInteger($pivotPermission); + + $table->string('model_type'); + $table->unsignedBigInteger($columnNames['model_morph_key']); + $table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_permissions_model_id_model_type_index'); + + $table->foreign($pivotPermission) + ->references('id') // permission id + ->on($tableNames['permissions']) + ->cascadeOnDelete(); + if ($teams) { + $table->unsignedBigInteger($columnNames['team_foreign_key']); + $table->index($columnNames['team_foreign_key'], 'model_has_permissions_team_foreign_key_index'); + + $table->primary( + [$columnNames['team_foreign_key'], $pivotPermission, $columnNames['model_morph_key'], 'model_type'], + 'model_has_permissions_permission_model_type_primary' + ); + } else { + $table->primary( + [$pivotPermission, $columnNames['model_morph_key'], 'model_type'], + 'model_has_permissions_permission_model_type_primary' + ); + } + }); + + Schema::create($tableNames['model_has_roles'], static function (Blueprint $table) use ($tableNames, $columnNames, $pivotRole, $teams): void { + $table->unsignedBigInteger($pivotRole); + + $table->string('model_type'); + $table->unsignedBigInteger($columnNames['model_morph_key']); + $table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_roles_model_id_model_type_index'); + + $table->foreign($pivotRole) + ->references('id') // role id + ->on($tableNames['roles']) + ->cascadeOnDelete(); + if ($teams) { + $table->unsignedBigInteger($columnNames['team_foreign_key']); + $table->index($columnNames['team_foreign_key'], 'model_has_roles_team_foreign_key_index'); + + $table->primary( + [$columnNames['team_foreign_key'], $pivotRole, $columnNames['model_morph_key'], 'model_type'], + 'model_has_roles_role_model_type_primary' + ); + } else { + $table->primary( + [$pivotRole, $columnNames['model_morph_key'], 'model_type'], + 'model_has_roles_role_model_type_primary' + ); + } + }); + + Schema::create($tableNames['role_has_permissions'], static function (Blueprint $table) use ($tableNames, $pivotRole, $pivotPermission): void { + $table->unsignedBigInteger($pivotPermission); + $table->unsignedBigInteger($pivotRole); + + $table->foreign($pivotPermission) + ->references('id') // permission id + ->on($tableNames['permissions']) + ->cascadeOnDelete(); + + $table->foreign($pivotRole) + ->references('id') // role id + ->on($tableNames['roles']) + ->cascadeOnDelete(); + + $table->primary([$pivotPermission, $pivotRole], 'role_has_permissions_permission_id_role_id_primary'); + }); + + app('cache') + ->store('default' !== config('permission.cache.store') ? config('permission.cache.store') : null) + ->forget(config('permission.cache.key')); + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + $tableNames = config('permission.table_names'); + + throw_if(empty($tableNames), 'Error: config/permission.php not found and defaults could not be merged. Please publish the package configuration before proceeding, or drop the tables manually.'); + + Schema::dropIfExists($tableNames['role_has_permissions']); + Schema::dropIfExists($tableNames['model_has_roles']); + Schema::dropIfExists($tableNames['model_has_permissions']); + Schema::dropIfExists($tableNames['roles']); + Schema::dropIfExists($tableNames['permissions']); + } +}; diff --git a/database/migrations/2026_05_11_120016_create_service_providers_table.php b/database/migrations/2026_05_11_120016_create_service_providers_table.php new file mode 100644 index 0000000..bf25624 --- /dev/null +++ b/database/migrations/2026_05_11_120016_create_service_providers_table.php @@ -0,0 +1,31 @@ +id(); + $table->string('name'); + $table->string('slug')->unique(); + $table->timestamps(); + }); + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + Schema::dropIfExists('service_providers'); + } +}; diff --git a/database/migrations/2026_05_11_123840_create_service_statuses_table.php b/database/migrations/2026_05_11_123840_create_service_statuses_table.php new file mode 100644 index 0000000..dc46b48 --- /dev/null +++ b/database/migrations/2026_05_11_123840_create_service_statuses_table.php @@ -0,0 +1,30 @@ +id(); + $table->string('name')->unique(); + $table->timestamps(); + }); + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + Schema::dropIfExists('service_statuses'); + } +}; diff --git a/database/migrations/2026_05_11_123849_create_service_protocols_table.php b/database/migrations/2026_05_11_123849_create_service_protocols_table.php new file mode 100644 index 0000000..541e70b --- /dev/null +++ b/database/migrations/2026_05_11_123849_create_service_protocols_table.php @@ -0,0 +1,30 @@ +id(); + $table->string('name')->unique(); + $table->timestamps(); + }); + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + Schema::dropIfExists('service_protocols'); + } +}; diff --git a/database/migrations/2026_05_11_123900_create_connected_services_table.php b/database/migrations/2026_05_11_123900_create_connected_services_table.php new file mode 100644 index 0000000..7f470fc --- /dev/null +++ b/database/migrations/2026_05_11_123900_create_connected_services_table.php @@ -0,0 +1,37 @@ +id(); + $table->string('name'); + $table->string('slug')->unique(); + $table->foreignIdFor(ServiceProtocol::class); + $table->foreignIdFor(ServiceProvider::class); + $table->foreignIdFor(ServiceStatus::class); + $table->timestamps(); + $table->index(['name', 'slug']); + $table->index(['service_protocol_id', 'service_provider_id']); + }); + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + Schema::dropIfExists('connected_services'); + } +}; diff --git a/database/seeders/ServiceProtocolsSeeder.php b/database/seeders/ServiceProtocolsSeeder.php new file mode 100644 index 0000000..99b733f --- /dev/null +++ b/database/seeders/ServiceProtocolsSeeder.php @@ -0,0 +1,25 @@ + [ + 'name' => $value, + 'created_at' => now(), + ], ConnectionProtocols::values()); + ServiceProtocol::query() + ->upsert($data, 'name', ['updated_at']); + } +} diff --git a/database/seeders/ServiceStatusSeeder.php b/database/seeders/ServiceStatusSeeder.php new file mode 100644 index 0000000..a6f2651 --- /dev/null +++ b/database/seeders/ServiceStatusSeeder.php @@ -0,0 +1,25 @@ + [ + 'name' => $value, + 'created_at' => now(), + ], ConnectionStatus::values()); + ServiceStatus::query() + ->upsert($data, 'name', ['updated_at']); + } +} diff --git a/resources/views/components/dashboard/connected-services/⚡all.blade.php b/resources/views/components/dashboard/connected-services/⚡all.blade.php index 120d0e6..a0526ba 100644 --- a/resources/views/components/dashboard/connected-services/⚡all.blade.php +++ b/resources/views/components/dashboard/connected-services/⚡all.blade.php @@ -2,7 +2,7 @@ use App\Data\Ui\ConnectedServices\ConnectedServiceData; use App\Enums\ConnectionStatus; -use App\Enums\ConnectionTechTypes; +use App\Enums\ConnectionProtocols; use Illuminate\Support\Collection; use Livewire\Component; use Spatie\LaravelData\Attributes\DataCollectionOf; @@ -15,35 +15,35 @@ public function mount(): void { $this->connectedServices = ConnectedServiceData::collect([ - new ConnectedServiceData( - name: 'Microsoft Outlook', - icon: 'home', - type: ConnectionTechTypes::OIDC, - connectionService: 'Azure AD', - status: ConnectionStatus::Connected - ), - new ConnectedServiceData( - name: 'Microsoft Teams', - icon: 'home', - type: ConnectionTechTypes::OIDC, - connectionService: 'Azure AD', - status: ConnectionStatus::Pending - ), - new ConnectedServiceData( - name: 'Keka HR', - icon: 'home', - type: ConnectionTechTypes::SAML, - connectionService: 'KeKA', - status: ConnectionStatus::Disconnected - ), - new ConnectedServiceData( - name: 'Trutimer', - icon: 'home', - type: ConnectionTechTypes::SAML, - connectionService: 'Redmine', - status: ConnectionStatus::Error - ), - ], DataCollection::class); + new ConnectedServiceData( + name: 'Microsoft Outlook', + icon: 'home', + type: ConnectionProtocols::OIDC, + connectionService: 'Azure AD', + status: ConnectionStatus::Connected + ), + new ConnectedServiceData( + name: 'Microsoft Teams', + icon: 'home', + type: ConnectionProtocols::OIDC, + connectionService: 'Azure AD', + status: ConnectionStatus::Pending + ), + new ConnectedServiceData( + name: 'Keka HR', + icon: 'home', + type: ConnectionProtocols::SAML, + connectionService: 'KeKA', + status: ConnectionStatus::Disconnected + ), + new ConnectedServiceData( + name: 'Trutimer', + icon: 'home', + type: ConnectionProtocols::SAML, + connectionService: 'Redmine', + status: ConnectionStatus::Error + ), + ], DataCollection::class); } }; ?>