feature: add role and permission management functionality

- Implemented migrations to create permission, role, and related pivot tables.
- Added models for `ServiceProtocol`, `ServiceProvider`, `ServiceStatus`, and `ConnectedService`.
- Introduced `spatie/laravel-permission` for managing roles and permissions.
- Created data seeders for `ServiceProtocols` and `ServiceStatuses`.
- Refactored `ConnectionTechTypes` to `ConnectionProtocols` and added Enum utilities.
- Updated `ConnectedService` component to use revised enums and model-backed data.
This commit is contained in:
= 2026-05-11 13:23:38 +00:00
parent ea6b48b4e9
commit 5cadfcc959
20 changed files with 736 additions and 45 deletions

View File

@ -0,0 +1,13 @@
<?php
declare(strict_types=1);
namespace App\Concerns;
trait EnumValuesAsArray
{
public static function values(): array
{
return array_column(self::cases(), 'value');
}
}

View File

@ -4,7 +4,7 @@
namespace App\Data\Ui\ConnectedServices;
use App\Enums\{ConnectionStatus, ConnectionTechTypes};
use App\Enums\{ConnectionProtocols, ConnectionStatus};
use Spatie\LaravelData\Data;
final class ConnectedServiceData extends Data
@ -12,7 +12,7 @@ final class ConnectedServiceData extends Data
public function __construct(
public string $name,
public string $icon,
public ConnectionTechTypes $type,
public ConnectionProtocols $type,
public string $connectionService,
public ConnectionStatus $status,
) {}

View File

@ -0,0 +1,16 @@
<?php
declare(strict_types=1);
namespace App\Enums;
use App\Concerns\EnumValuesAsArray;
enum ConnectionProtocols: string
{
use EnumValuesAsArray;
case OIDC = 'oidc';
case SAML = 'saml';
case OAUTH2 = 'oauth2';
}

View File

@ -4,8 +4,12 @@
namespace App\Enums;
use App\Concerns\EnumValuesAsArray;
enum ConnectionStatus: string
{
use EnumValuesAsArray;
case Connected = 'connected';
case Disconnected = 'disconnected';
case Pending = 'pending';

View File

@ -1,11 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Enums;
enum ConnectionTechTypes: string
{
case OIDC = 'oidc';
case SAML = 'saml';
}

View File

@ -0,0 +1,9 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
final class ConnectedService extends Model {}

View File

@ -0,0 +1,9 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
final class ServiceProtocol extends Model {}

View File

@ -0,0 +1,9 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
final class ServiceProvider extends Model {}

View File

@ -0,0 +1,9 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
final class ServiceStatus extends Model {}

View File

@ -17,7 +17,8 @@
"livewire/flux": "^2.13.1",
"livewire/livewire": "^4.1",
"mallardduck/blade-lucide-icons": "^1.26",
"spatie/laravel-data": "^4.22"
"spatie/laravel-data": "^4.22",
"spatie/laravel-permission": "^7.4"
},
"require-dev": {
"fakerphp/faker": "^1.24",

89
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "2e46083521ccb7753e903364bb87f40b",
"content-hash": "c67b7d3d288d70102f45a51aac214c15",
"packages": [
{
"name": "bacon/bacon-qr-code",
@ -4567,6 +4567,93 @@
],
"time": "2026-02-21T12:49:54+00:00"
},
{
"name": "spatie/laravel-permission",
"version": "7.4.1",
"source": {
"type": "git",
"url": "https://github.com/spatie/laravel-permission.git",
"reference": "ef42ecb781e5534d368a3853fa161e420ad51397"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/spatie/laravel-permission/zipball/ef42ecb781e5534d368a3853fa161e420ad51397",
"reference": "ef42ecb781e5534d368a3853fa161e420ad51397",
"shasum": ""
},
"require": {
"illuminate/auth": "^12.0|^13.0",
"illuminate/container": "^12.0|^13.0",
"illuminate/contracts": "^12.0|^13.0",
"illuminate/database": "^12.0|^13.0",
"php": "^8.3",
"spatie/laravel-package-tools": "^1.0"
},
"require-dev": {
"larastan/larastan": "^3.9",
"laravel/passport": "^13.0",
"laravel/pint": "^1.0",
"orchestra/testbench": "^10.0|^11.0",
"pestphp/pest": "^3.0|^4.0",
"pestphp/pest-plugin-laravel": "^3.0|^4.1",
"phpstan/phpstan": "^2.1"
},
"type": "library",
"extra": {
"laravel": {
"providers": [
"Spatie\\Permission\\PermissionServiceProvider"
]
},
"branch-alias": {
"dev-main": "7.x-dev",
"dev-master": "7.x-dev"
}
},
"autoload": {
"files": [
"src/helpers.php"
],
"psr-4": {
"Spatie\\Permission\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Freek Van der Herten",
"email": "freek@spatie.be",
"homepage": "https://spatie.be",
"role": "Developer"
}
],
"description": "Permission handling for Laravel 12 and up",
"homepage": "https://github.com/spatie/laravel-permission",
"keywords": [
"acl",
"laravel",
"permission",
"permissions",
"rbac",
"roles",
"security",
"spatie"
],
"support": {
"issues": "https://github.com/spatie/laravel-permission/issues",
"source": "https://github.com/spatie/laravel-permission/tree/7.4.1"
},
"funding": [
{
"url": "https://github.com/spatie",
"type": "github"
}
],
"time": "2026-04-29T07:59:45+00:00"
},
{
"name": "spatie/php-structure-discoverer",
"version": "2.4.2",

220
config/permission.php Normal file
View File

@ -0,0 +1,220 @@
<?php
declare(strict_types=1);
use Spatie\Permission\DefaultTeamResolver;
use Spatie\Permission\Models\{Permission, Role};
return [
'models' => [
/*
* When using the "HasPermissions" trait from this package, we need to know which
* Eloquent model should be used to retrieve your permissions. Of course, it
* is often just the "Permission" model but you may use whatever you like.
*
* The model you want to use as a Permission model needs to implement the
* `Spatie\Permission\Contracts\Permission` contract.
*/
'permission' => Permission::class,
/*
* When using the "HasRoles" trait from this package, we need to know which
* Eloquent model should be used to retrieve your roles. Of course, it
* is often just the "Role" model but you may use whatever you like.
*
* The model you want to use as a Role model needs to implement the
* `Spatie\Permission\Contracts\Role` contract.
*/
'role' => Role::class,
/*
* When using the "Teams" feature from this package, we need to know which
* Eloquent model should be used to retrieve your teams. Of course, it
* is often just the "Team" model but you may use whatever you like.
*/
'team' => null,
/*
* When using the "HasModels" trait and passing raw IDs to syncModels,
* attachModels, or detachModels, this model class will be used to
* resolve those IDs. If null, defaults to the guard's model.
*/
'default_model' => null,
],
'table_names' => [
/*
* When using the "HasRoles" trait from this package, we need to know which
* table should be used to retrieve your roles. We have chosen a basic
* default value but you may easily change it to any table you like.
*/
'roles' => 'roles',
/*
* When using the "HasPermissions" trait from this package, we need to know which
* table should be used to retrieve your permissions. We have chosen a basic
* default value but you may easily change it to any table you like.
*/
'permissions' => 'permissions',
/*
* When using the "HasPermissions" trait from this package, we need to know which
* table should be used to retrieve your models permissions. We have chosen a
* basic default value but you may easily change it to any table you like.
*/
'model_has_permissions' => 'model_has_permissions',
/*
* When using the "HasRoles" trait from this package, we need to know which
* table should be used to retrieve your models roles. We have chosen a
* basic default value but you may easily change it to any table you like.
*/
'model_has_roles' => 'model_has_roles',
/*
* When using the "HasRoles" trait from this package, we need to know which
* table should be used to retrieve your roles permissions. We have chosen a
* basic default value but you may easily change it to any table you like.
*/
'role_has_permissions' => 'role_has_permissions',
],
'column_names' => [
/*
* Change this if you want to name the related pivots other than defaults
*/
'role_pivot_key' => null, // default 'role_id',
'permission_pivot_key' => null, // default 'permission_id',
/*
* Change this if you want to name the related model primary key other than
* `model_id`.
*
* For example, this would be nice if your primary keys are all UUIDs. In
* that case, name this `model_uuid`.
*/
'model_morph_key' => 'model_id',
/*
* Change this if you want to use the teams feature and your related model's
* foreign key is other than `team_id`.
*/
'team_foreign_key' => 'team_id',
],
/*
* When set to true, the method for checking permissions will be registered on the gate.
* Set this to false if you want to implement custom logic for checking permissions.
*/
'register_permission_check_method' => true,
/*
* When set to true, Laravel\Octane\Events\OperationTerminated event listener will be registered
* this will refresh permissions on every TickTerminated, TaskTerminated and RequestTerminated
* NOTE: This should not be needed in most cases, but an Octane/Vapor combination benefited from it.
*/
'register_octane_reset_listener' => false,
/*
* Events will fire when a role or permission is assigned/unassigned:
* \Spatie\Permission\Events\RoleAttachedEvent
* \Spatie\Permission\Events\RoleDetachedEvent
* \Spatie\Permission\Events\PermissionAttachedEvent
* \Spatie\Permission\Events\PermissionDetachedEvent
*
* To enable, set to true, and then create listeners to watch these events.
*/
'events_enabled' => false,
/*
* Teams Feature.
* When set to true the package implements teams using the 'team_foreign_key'.
* If you want the migrations to register the 'team_foreign_key', you must
* set this to true before doing the migration.
* If you already did the migration then you must make a new migration to also
* add 'team_foreign_key' to 'roles', 'model_has_roles', and 'model_has_permissions'
* (view the latest version of this package's migration file)
*/
'teams' => false,
/*
* The class to use to resolve the permissions team id
*/
'team_resolver' => DefaultTeamResolver::class,
/*
* Passport Client Credentials Grant
* When set to true the package will use Passports Client to check permissions
*/
'use_passport_client_credentials' => false,
/*
* When set to true, the required permission names are added to exception messages.
* This could be considered an information leak in some contexts, so the default
* setting is false here for optimum safety.
*/
'display_permission_in_exception' => false,
/*
* When set to true, the required role names are added to exception messages.
* This could be considered an information leak in some contexts, so the default
* setting is false here for optimum safety.
*/
'display_role_in_exception' => false,
/*
* By default wildcard permission lookups are disabled.
* See documentation to understand supported syntax.
*/
'enable_wildcard_permission' => false,
/*
* The class to use for interpreting wildcard permissions.
* If you need to modify delimiters, override the class and specify its name here.
*/
// 'wildcard_permission' => Spatie\Permission\WildcardPermission::class,
/* Cache-specific settings */
'cache' => [
/*
* By default all permissions are cached for 24 hours to speed up performance.
* When permissions or roles are updated the cache is flushed automatically.
*/
'expiration_time' => DateInterval::createFromDateString('24 hours'),
/*
* The cache key used to store all permissions.
*/
'key' => 'spatie.permission.cache',
/*
* You may optionally indicate a specific cache driver to use for permission and
* role caching using any of the `store` drivers listed in the cache.php config
* file. Using 'default' here means to use the `default` set in cache.php.
*/
'store' => 'default',
],
];

View File

@ -0,0 +1,147 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class() extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
$teams = config('permission.teams');
$tableNames = config('permission.table_names');
$columnNames = config('permission.column_names');
$pivotRole = $columnNames['role_pivot_key'] ?? 'role_id';
$pivotPermission = $columnNames['permission_pivot_key'] ?? 'permission_id';
throw_if(empty($tableNames), 'Error: config/permission.php not loaded. Run [php artisan config:clear] and try again.');
throw_if($teams && empty($columnNames['team_foreign_key'] ?? null), 'Error: team_foreign_key on config/permission.php not loaded. Run [php artisan config:clear] and try again.');
/**
* See `docs/prerequisites.md` for suggested lengths on 'name' and 'guard_name' if "1071 Specified key was too long" errors are encountered.
*/
Schema::create($tableNames['permissions'], static function (Blueprint $table): void {
$table->id(); // permission id
$table->string('name');
$table->string('guard_name');
$table->timestamps();
$table->unique(['name', 'guard_name']);
});
/**
* See `docs/prerequisites.md` for suggested lengths on 'name' and 'guard_name' if "1071 Specified key was too long" errors are encountered.
*/
Schema::create($tableNames['roles'], static function (Blueprint $table) use ($teams, $columnNames): void {
$table->id(); // role id
if ($teams || config('permission.testing')) { // permission.testing is a fix for sqlite testing
$table->unsignedBigInteger($columnNames['team_foreign_key'])->nullable();
$table->index($columnNames['team_foreign_key'], 'roles_team_foreign_key_index');
}
$table->string('name');
$table->string('guard_name');
$table->timestamps();
if ($teams || config('permission.testing')) {
$table->unique([$columnNames['team_foreign_key'], 'name', 'guard_name']);
} else {
$table->unique(['name', 'guard_name']);
}
});
Schema::create($tableNames['model_has_permissions'], static function (Blueprint $table) use ($tableNames, $columnNames, $pivotPermission, $teams): void {
$table->unsignedBigInteger($pivotPermission);
$table->string('model_type');
$table->unsignedBigInteger($columnNames['model_morph_key']);
$table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_permissions_model_id_model_type_index');
$table->foreign($pivotPermission)
->references('id') // permission id
->on($tableNames['permissions'])
->cascadeOnDelete();
if ($teams) {
$table->unsignedBigInteger($columnNames['team_foreign_key']);
$table->index($columnNames['team_foreign_key'], 'model_has_permissions_team_foreign_key_index');
$table->primary(
[$columnNames['team_foreign_key'], $pivotPermission, $columnNames['model_morph_key'], 'model_type'],
'model_has_permissions_permission_model_type_primary'
);
} else {
$table->primary(
[$pivotPermission, $columnNames['model_morph_key'], 'model_type'],
'model_has_permissions_permission_model_type_primary'
);
}
});
Schema::create($tableNames['model_has_roles'], static function (Blueprint $table) use ($tableNames, $columnNames, $pivotRole, $teams): void {
$table->unsignedBigInteger($pivotRole);
$table->string('model_type');
$table->unsignedBigInteger($columnNames['model_morph_key']);
$table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_roles_model_id_model_type_index');
$table->foreign($pivotRole)
->references('id') // role id
->on($tableNames['roles'])
->cascadeOnDelete();
if ($teams) {
$table->unsignedBigInteger($columnNames['team_foreign_key']);
$table->index($columnNames['team_foreign_key'], 'model_has_roles_team_foreign_key_index');
$table->primary(
[$columnNames['team_foreign_key'], $pivotRole, $columnNames['model_morph_key'], 'model_type'],
'model_has_roles_role_model_type_primary'
);
} else {
$table->primary(
[$pivotRole, $columnNames['model_morph_key'], 'model_type'],
'model_has_roles_role_model_type_primary'
);
}
});
Schema::create($tableNames['role_has_permissions'], static function (Blueprint $table) use ($tableNames, $pivotRole, $pivotPermission): void {
$table->unsignedBigInteger($pivotPermission);
$table->unsignedBigInteger($pivotRole);
$table->foreign($pivotPermission)
->references('id') // permission id
->on($tableNames['permissions'])
->cascadeOnDelete();
$table->foreign($pivotRole)
->references('id') // role id
->on($tableNames['roles'])
->cascadeOnDelete();
$table->primary([$pivotPermission, $pivotRole], 'role_has_permissions_permission_id_role_id_primary');
});
app('cache')
->store('default' !== config('permission.cache.store') ? config('permission.cache.store') : null)
->forget(config('permission.cache.key'));
}
/**
* Reverse the migrations.
*/
public function down(): void
{
$tableNames = config('permission.table_names');
throw_if(empty($tableNames), 'Error: config/permission.php not found and defaults could not be merged. Please publish the package configuration before proceeding, or drop the tables manually.');
Schema::dropIfExists($tableNames['role_has_permissions']);
Schema::dropIfExists($tableNames['model_has_roles']);
Schema::dropIfExists($tableNames['model_has_permissions']);
Schema::dropIfExists($tableNames['roles']);
Schema::dropIfExists($tableNames['permissions']);
}
};

View File

@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class() extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('service_providers', function (Blueprint $table): void {
$table->id();
$table->string('name');
$table->string('slug')->unique();
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('service_providers');
}
};

View File

@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class() extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('service_statuses', function (Blueprint $table): void {
$table->id();
$table->string('name')->unique();
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('service_statuses');
}
};

View File

@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class() extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('service_protocols', function (Blueprint $table): void {
$table->id();
$table->string('name')->unique();
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('service_protocols');
}
};

View File

@ -0,0 +1,37 @@
<?php
declare(strict_types=1);
use App\Models\{ServiceProtocol, ServiceProvider, ServiceStatus};
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class() extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('connected_services', function (Blueprint $table): void {
$table->id();
$table->string('name');
$table->string('slug')->unique();
$table->foreignIdFor(ServiceProtocol::class);
$table->foreignIdFor(ServiceProvider::class);
$table->foreignIdFor(ServiceStatus::class);
$table->timestamps();
$table->index(['name', 'slug']);
$table->index(['service_protocol_id', 'service_provider_id']);
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('connected_services');
}
};

View File

@ -0,0 +1,25 @@
<?php
declare(strict_types=1);
namespace Database\Seeders;
use App\Enums\ConnectionProtocols;
use App\Models\ServiceProtocol;
use Illuminate\Database\Seeder;
final class ServiceProtocolsSeeder extends Seeder
{
/**
* Run the database seeds.
*/
public function run(): void
{
$data = array_map(fn ($value) => [
'name' => $value,
'created_at' => now(),
], ConnectionProtocols::values());
ServiceProtocol::query()
->upsert($data, 'name', ['updated_at']);
}
}

View File

@ -0,0 +1,25 @@
<?php
declare(strict_types=1);
namespace Database\Seeders;
use App\Enums\ConnectionStatus;
use App\Models\ServiceStatus;
use Illuminate\Database\Seeder;
final class ServiceStatusSeeder extends Seeder
{
/**
* Run the database seeds.
*/
public function run(): void
{
$data = array_map(fn ($value) => [
'name' => $value,
'created_at' => now(),
], ConnectionStatus::values());
ServiceStatus::query()
->upsert($data, 'name', ['updated_at']);
}
}

View File

@ -2,7 +2,7 @@
use App\Data\Ui\ConnectedServices\ConnectedServiceData;
use App\Enums\ConnectionStatus;
use App\Enums\ConnectionTechTypes;
use App\Enums\ConnectionProtocols;
use Illuminate\Support\Collection;
use Livewire\Component;
use Spatie\LaravelData\Attributes\DataCollectionOf;
@ -15,35 +15,35 @@
public function mount(): void
{
$this->connectedServices = ConnectedServiceData::collect([
new ConnectedServiceData(
name: 'Microsoft Outlook',
icon: 'home',
type: ConnectionTechTypes::OIDC,
connectionService: 'Azure AD',
status: ConnectionStatus::Connected
),
new ConnectedServiceData(
name: 'Microsoft Teams',
icon: 'home',
type: ConnectionTechTypes::OIDC,
connectionService: 'Azure AD',
status: ConnectionStatus::Pending
),
new ConnectedServiceData(
name: 'Keka HR',
icon: 'home',
type: ConnectionTechTypes::SAML,
connectionService: 'KeKA',
status: ConnectionStatus::Disconnected
),
new ConnectedServiceData(
name: 'Trutimer',
icon: 'home',
type: ConnectionTechTypes::SAML,
connectionService: 'Redmine',
status: ConnectionStatus::Error
),
], DataCollection::class);
new ConnectedServiceData(
name: 'Microsoft Outlook',
icon: 'home',
type: ConnectionProtocols::OIDC,
connectionService: 'Azure AD',
status: ConnectionStatus::Connected
),
new ConnectedServiceData(
name: 'Microsoft Teams',
icon: 'home',
type: ConnectionProtocols::OIDC,
connectionService: 'Azure AD',
status: ConnectionStatus::Pending
),
new ConnectedServiceData(
name: 'Keka HR',
icon: 'home',
type: ConnectionProtocols::SAML,
connectionService: 'KeKA',
status: ConnectionStatus::Disconnected
),
new ConnectedServiceData(
name: 'Trutimer',
icon: 'home',
type: ConnectionProtocols::SAML,
connectionService: 'Redmine',
status: ConnectionStatus::Error
),
], DataCollection::class);
}
};
?>