*/ #[NoDiscard] public function getRolesWithPermissionsAndUsers(): PaginatedDataCollection { $roles = Role::query() ->visible() ->with(['permissions:id,name', 'users:id,name']) ->orderBy('priority', 'asc') ->paginate(); return RoleData::collect($roles, PaginatedDataCollection::class); } /** * Get all non-app system permissions mapped to the PermissionData DTO. * * @return DataCollection */ #[NoDiscard] public function getNonAppPermissions(): DataCollection { $permissions = Permission::all() ->filter(fn ($p) => null === AppPermission::type($p->name)); return PermissionData::collect($permissions, DataCollection::class); } /** * Get a role by its ID, ensuring it has a priority strictly greater than the logged in user's priority. * * @throws \Symfony\Component\HttpKernel\Exception\HttpException */ public function getRoleForEditing(int $roleId): Role { $role = Role::query()->findOrFail($roleId); $userPriority = auth()->user()?->roles()->min('priority') ?? 999999; if ($role->priority <= $userPriority) { abort(403, 'Unauthorized to manage permissions for this role.'); } return $role; } }