= dcb5bd2790 Feat: implement role-based priority restrictions and permission manager
- Added `priority`-based access logic to restrict role and user management actions.
- Introduced `Permission Manager` UI and routes for permission access control.
- Updated `RoleService` and `AppRoleService` to include `visible` scope for priority filtering.
- Enhanced seeding to assign priorities to default roles and ensure proper hierarchy.
- Updated sidebar, routes, and data structure to handle new permission enums and resource segmentation.
- Improved UI components to dynamically restrict visibility and actions based on role priority.
2026-05-25 10:12:42 +00:00

70 lines
1.8 KiB
PHP

<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Attributes\Fillable;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
use Spatie\Activitylog\Models\Concerns\LogsActivity;
use Spatie\Activitylog\Support\LogOptions;
use Spatie\Permission\Models\{Permission, Role as SpatieRole};
/**
* @property int $priority
* @property AppRole $pivot
* @property ConnectedApp $apps
*
* @method static Builder<Role> visible()
*/
#[Fillable(['priority'])]
class Role extends SpatieRole
{
use LogsActivity;
public function apps(): BelongsToMany
{
return $this->belongsToMany(
ConnectedApp::class,
'app_roles',
'role_id',
'app_id'
)
->using(AppRole::class)
->withPivot('id', 'duration');
}
public function getActivitylogOptions(): LogOptions
{
return LogOptions::defaults()
->logOnly(['name', 'priority'])
->logOnlyDirty()
->useLogName('role_management');
}
/**
* Override the Spatie permissions relationship to provide precise type-hinting for Larastan.
*
* @return BelongsToMany<Permission, Role>
*/
public function permissions(): BelongsToMany
{
return parent::permissions();
}
/**
* Scope a query to only include roles with priority strictly greater than the logged in user's priority (lower privilege).
*/
public function scopeVisible(Builder $query): Builder
{
if (! auth()->check()) {
return $query;
}
$userPriority = auth()->user()?->roles()->min('priority') ?? 999999;
return $query->where('priority', '>', $userPriority);
}
}