= dfb47f7d19 Feat: Add unlimited flag to app roles and enhance Keka integration
- Introduced `is_unlimited` field in `app_roles` table to support roles with unlimited duration.
- Enhanced front-end and back-end implementations to manage unlimited roles, including UI updates and validation.
- Refactored `KekaOutlookController` and `KekaOutlookService` for streamlined exception handling and code consistency.
- Applied linting and formatting improvements across updated files.
2026-06-15 12:59:30 +00:00

114 lines
5.4 KiB
PHP

<?php
declare(strict_types=1);
use App\Enums\DefaultUserRole;
use App\Enums\Permissions\{AppPermissionEnum,
ConnectionProviderPermissionEnum,
PermissionPermissionEnum,
RoleAndAppsPermissionEnum,
UserPermissionEnum};
use App\Http\Controllers\{EntraController, KekaController};
use App\Http\Controllers\KekaOutlookController;
use App\Http\Controllers\{ResolveDashboardRouteController, SamlIdpController};
use Illuminate\Support\Facades\Route;
use Spatie\Permission\Middleware\{PermissionMiddleware, RoleMiddleware};
Route::redirect('/', '/dashboard')->name('home');
Route::get('saml/metadata', [SamlIdpController::class, 'metadata'])->name('saml.metadata');
Route::match(['get', 'post'], 'saml/sso', [SamlIdpController::class, 'sso'])->name('saml.sso');
Route::group(['middleware' => ['auth', 'verified']], function (): void {
Route::get('dashboard', ResolveDashboardRouteController::class)->name('dashboard');
Route::post('notifications/read-all', function () {
auth()->user()?->unreadNotifications->markAsRead();
return back();
})->name('notifications.read-all');
Route::get('notifications/{id}/resolve', App\Http\Controllers\ResolveNotificationRouteController::class)->name('notifications.resolve');
Route::livewire('tickets', 'pages::tickets.index')->name('tickets.index');
Route::prefix('dashboard')->name('dashboard.')->group(function (): void {
Route::livewire('/user', 'pages::dashboards.user')
->middleware(RoleMiddleware::using(DefaultUserRole::User))
->name('user');
Route::livewire('admin', 'pages::dashboards.admin')
->middleware(RoleMiddleware::using(DefaultUserRole::Admin))
->name('admin');
});
Route::prefix('access-manager')->name('access-manager.')->group(function (): void {
Route::prefix('roles-and-apps')->name('roles-and-apps.')
->middleware(PermissionMiddleware::using(RoleAndAppsPermissionEnum::Access))
->group(function (): void {
Route::livewire('roles-and-apps', 'pages::access-manager.roles-and-apps.index')->name('index');
Route::livewire('roles-and-apps/{id}', 'pages::access-manager.roles-and-apps.show')->name('show');
});
Route::prefix('users')->name('users.')
->middleware(PermissionMiddleware::using(UserPermissionEnum::Access))
->group(function (): void {
Route::livewire('users', 'pages::access-manager.users.index')->name('index');
});
Route::prefix('permissions')->name('permissions.')
->middleware(PermissionMiddleware::using(PermissionPermissionEnum::Access))
->group(function (): void {
Route::livewire('/', 'pages::access-manager.permissions.index')->name('index');
});
});
Route::prefix('apps')->name('apps.')->group(function (): void {
Route::livewire('microsoft-federation', 'pages::connecton-providers.microsoft-federation')
->middleware(PermissionMiddleware::using(ConnectionProviderPermissionEnum::Access))
->name('microsoft-federation');
Route::middleware(PermissionMiddleware::using(AppPermissionEnum::Access))->group(function (): void {
Route::livewire('create', 'pages::connected-apps.create')->name('create');
Route::livewire('{id}/edit', 'pages::connected-apps.edit')->name('edit');
Route::livewire('/', 'pages::connected-apps.index')->name('index');
});
Route::prefix('connection-providers')->name('connectionProviders.')
->middleware(PermissionMiddleware::using(ConnectionProviderPermissionEnum::Access))
->group(function (): void {
Route::livewire('create', 'pages::connecton-providers.create')->name('create');
Route::livewire('{slug}/edit', 'pages::connecton-providers.edit')->name('edit');
Route::livewire('index', 'pages::connecton-providers.index')->name('index');
});
});
});
Route::middleware(['auth', 'verified'])->prefix('entra')->name('entra.')->group(function (): void {
// Step 1: Kick off OAuth flow
Route::get('connect', [EntraController::class, 'connect'])->name('connect');
// Step 2: Microsoft redirects back here with auth code
Route::get('callback', [EntraController::class, 'callback'])->name('callback');
// Open Entra (refreshes token silently if expired)
Route::get('open', [EntraController::class, 'openEntra'])->name('open');
// Disconnect / revoke saved token
Route::delete('disconnect', [EntraController::class, 'disconnect'])->name('disconnect');
});
Route::middleware(['auth', 'verified'])->prefix('keka')->name('keka.')->group(function (): void {
Route::get('/connect', [KekaOutlookController::class, 'connect'])->name('connect');
Route::get('/callback', [KekaOutlookController::class, 'callback'])->name('callback');
Route::post('/disconnect', [KekaOutlookController::class, 'disconnect'])->name('disconnect');
});
Route::middleware(['auth', 'verified'])->prefix('keka')->name('keka.')->group(function (): void {
Route::get('connect', [KekaController::class, 'connect'])->name('connect');
Route::match(['get', 'post'], 'callback', [KekaController::class, 'callback'])->name('callback');
Route::delete('disconnect', [KekaController::class, 'disconnect'])->name('disconnect');
});
require __DIR__.'/settings.php';