diff --git a/app/Http/Controllers/RolesController.php b/app/Http/Controllers/RolesController.php new file mode 100644 index 0000000..712dba8 --- /dev/null +++ b/app/Http/Controllers/RolesController.php @@ -0,0 +1,64 @@ +middleware('auth'); + $this->middleware('permission:create-user|edit-user|delete-user', ['only' => ['index', 'show']]); + $this->middleware('permission:create-user', ['only' => ['create', 'store']]); + $this->middleware('permission:edit-user', ['only' => ['edit', 'update']]); + $this->middleware('permission:delete-user', ['only' => ['destroy']]); + } + + /** + * Display a listing of the resource. + */ + public function index() + { + return view('users.index', [ + 'users' => User::latest('id')->paginate(3) + ]); + } + + /** + * Show the form for creating a new resource. + */ + public function create() + { + return view('users.create', [ + 'roles' => Role::pluck('name')->all() + ]); + } + + /** + * Store a newly created resource in storage. + */ + public function store(StoreUserRequest $request) + { + $input = $request->all(); + $input['password'] = Hash::make($request->password); + + $user = User::create($input); + $user->assignRole($request->roles); + + return redirect()->route('users.index') + ->withSuccess('New user is added successfully.'); + } + + /** + * Display the specified resource. + */ + public function show(User $user) + { + return view('users.show', [ + 'user' => $user + ]); + } + + /** + * Show the form for editing the specified resource. + */ + public function edit(User $user) + { + // Check Only Super Admin can update his own Profile + if ($user->hasRole('ADMIN')){ + if($user->id != auth()->user()->id){ + abort(403, 'USER DOES NOT HAVE THE RIGHT PERMISSIONS'); + } + } + + return view('users.edit', [ + 'user' => $user, + 'roles' => Role::pluck('name')->all(), + 'userRoles' => $user->roles->pluck('name')->all() + ]); + } + + /** + * Update the specified resource in storage. + */ + public function update(UpdateUserRequest $request, User $user) + { + $input = $request->all(); + + if(!empty($request->password)){ + $input['password'] = Hash::make($request->password); + }else{ + $input = $request->except('password'); + } + + $user->update($input); + + $user->syncRoles($request->roles); + + return redirect()->back() + ->withSuccess('User is updated successfully.'); + } + + /** + * Remove the specified resource from storage. + */ + public function destroy(User $user) + { + // About if user is Super Admin or User ID belongs to Auth User + if ($user->hasRole('Super Admin') || $user->id == auth()->user()->id) + { + abort(403, 'USER DOES NOT HAVE THE RIGHT PERMISSIONS'); + } + + $user->syncRoles([]); + $user->delete(); + return redirect()->route('users.index') + ->withSuccess('User is deleted successfully.'); + } +} diff --git a/app/Http/Controllers/WordsController.php b/app/Http/Controllers/WordsController.php index 032209e..1472a46 100644 --- a/app/Http/Controllers/WordsController.php +++ b/app/Http/Controllers/WordsController.php @@ -9,6 +9,12 @@ use Illuminate\Http\Request; class WordsController extends Controller { + public function __construct() + { + $this->middleware('role:ADMIN'); + } + + public function index() { return view('words.index', [ diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 494c050..dde42cf 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -40,7 +40,7 @@ class Kernel extends HttpKernel 'api' => [ // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, - \Illuminate\Routing\Middleware\ThrottleRequests::class.':api', + \Illuminate\Routing\Middleware\ThrottleRequests::class . ':api', \Illuminate\Routing\Middleware\SubstituteBindings::class, ], ]; @@ -64,5 +64,9 @@ class Kernel extends HttpKernel 'signed' => \App\Http\Middleware\ValidateSignature::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class, + //SPATIE PERMISSION + 'role' => \Spatie\Permission\Middleware\RoleMiddleware::class, + 'permission' => \Spatie\Permission\Middleware\PermissionMiddleware::class, + 'role_or_permission' => \Spatie\Permission\Middleware\RoleOrPermissionMiddleware::class, ]; } diff --git a/app/Http/Requests/StoreUserRequest.php b/app/Http/Requests/StoreUserRequest.php new file mode 100644 index 0000000..8ca652e --- /dev/null +++ b/app/Http/Requests/StoreUserRequest.php @@ -0,0 +1,31 @@ +|string> + */ + public function rules(): array + { + return [ + 'name' => 'required|string|max:250', + 'email' => 'required|string|email:rfc,dns|max:250|unique:users,email', + 'password' => 'required|string|min:8|confirmed', + 'roles' => 'required' + ]; + } +} diff --git a/app/Http/Requests/UpdateUserRequest.php b/app/Http/Requests/UpdateUserRequest.php new file mode 100644 index 0000000..d98534b --- /dev/null +++ b/app/Http/Requests/UpdateUserRequest.php @@ -0,0 +1,31 @@ +|string> + */ + public function rules(): array + { + return [ + 'name' => 'required|string|max:250', + 'email' => 'required|string|email:rfc,dns|max:250|unique:users,email,'.$this->user->id, + 'password' => 'nullable|string|min:8|confirmed', + 'roles' => 'required' + ]; + } +} diff --git a/app/Models/User.php b/app/Models/User.php index 4d7f70f..8201eaf 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -7,10 +7,13 @@ use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Foundation\Auth\User as Authenticatable; use Illuminate\Notifications\Notifiable; use Laravel\Sanctum\HasApiTokens; +use Spatie\Permission\Models\Permission; +use Spatie\Permission\Models\Role; +use Spatie\Permission\Traits\HasRoles; class User extends Authenticatable { - use HasApiTokens, HasFactory, Notifiable; + use HasApiTokens, HasFactory, Notifiable, HasRoles; /** * The attributes that are mass assignable. @@ -42,4 +45,5 @@ class User extends Authenticatable 'email_verified_at' => 'datetime', 'password' => 'hashed', ]; + } diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 54756cd..8b062d4 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -4,6 +4,7 @@ namespace App\Providers; // use Illuminate\Support\Facades\Gate; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; +use Illuminate\Support\Facades\Gate; class AuthServiceProvider extends ServiceProvider { @@ -21,6 +22,8 @@ class AuthServiceProvider extends ServiceProvider */ public function boot(): void { - // + Gate::before(function ($user, $ability) { + return $user->hasRole('ADMIN') ? true : null; + }); } } diff --git a/composer.json b/composer.json index d46c330..5e05540 100644 --- a/composer.json +++ b/composer.json @@ -9,7 +9,8 @@ "guzzlehttp/guzzle": "^7.2", "laravel/framework": "^10.10", "laravel/sanctum": "^3.3", - "laravel/tinker": "^2.8" + "laravel/tinker": "^2.8", + "spatie/laravel-permission": "^6.3" }, "require-dev": { "fakerphp/faker": "^1.9.1", diff --git a/config/permission.php b/config/permission.php new file mode 100644 index 0000000..2a520f3 --- /dev/null +++ b/config/permission.php @@ -0,0 +1,186 @@ + [ + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * Eloquent model should be used to retrieve your permissions. Of course, it + * is often just the "Permission" model but you may use whatever you like. + * + * The model you want to use as a Permission model needs to implement the + * `Spatie\Permission\Contracts\Permission` contract. + */ + + 'permission' => Spatie\Permission\Models\Permission::class, + + /* + * When using the "HasRoles" trait from this package, we need to know which + * Eloquent model should be used to retrieve your roles. Of course, it + * is often just the "Role" model but you may use whatever you like. + * + * The model you want to use as a Role model needs to implement the + * `Spatie\Permission\Contracts\Role` contract. + */ + + 'role' => Spatie\Permission\Models\Role::class, + + ], + + 'table_names' => [ + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your roles. We have chosen a basic + * default value but you may easily change it to any table you like. + */ + + 'roles' => 'roles', + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * table should be used to retrieve your permissions. We have chosen a basic + * default value but you may easily change it to any table you like. + */ + + 'permissions' => 'permissions', + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * table should be used to retrieve your models permissions. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'model_has_permissions' => 'model_has_permissions', + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your models roles. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'model_has_roles' => 'model_has_roles', + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your roles permissions. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'role_has_permissions' => 'role_has_permissions', + ], + + 'column_names' => [ + /* + * Change this if you want to name the related pivots other than defaults + */ + 'role_pivot_key' => null, //default 'role_id', + 'permission_pivot_key' => null, //default 'permission_id', + + /* + * Change this if you want to name the related model primary key other than + * `model_id`. + * + * For example, this would be nice if your primary keys are all UUIDs. In + * that case, name this `model_uuid`. + */ + + 'model_morph_key' => 'model_id', + + /* + * Change this if you want to use the teams feature and your related model's + * foreign key is other than `team_id`. + */ + + 'team_foreign_key' => 'team_id', + ], + + /* + * When set to true, the method for checking permissions will be registered on the gate. + * Set this to false if you want to implement custom logic for checking permissions. + */ + + 'register_permission_check_method' => true, + + /* + * When set to true, Laravel\Octane\Events\OperationTerminated event listener will be registered + * this will refresh permissions on every TickTerminated, TaskTerminated and RequestTerminated + * NOTE: This should not be needed in most cases, but an Octane/Vapor combination benefited from it. + */ + 'register_octane_reset_listener' => false, + + /* + * Teams Feature. + * When set to true the package implements teams using the 'team_foreign_key'. + * If you want the migrations to register the 'team_foreign_key', you must + * set this to true before doing the migration. + * If you already did the migration then you must make a new migration to also + * add 'team_foreign_key' to 'roles', 'model_has_roles', and 'model_has_permissions' + * (view the latest version of this package's migration file) + */ + + 'teams' => false, + + /* + * Passport Client Credentials Grant + * When set to true the package will use Passports Client to check permissions + */ + + 'use_passport_client_credentials' => false, + + /* + * When set to true, the required permission names are added to exception messages. + * This could be considered an information leak in some contexts, so the default + * setting is false here for optimum safety. + */ + + 'display_permission_in_exception' => false, + + /* + * When set to true, the required role names are added to exception messages. + * This could be considered an information leak in some contexts, so the default + * setting is false here for optimum safety. + */ + + 'display_role_in_exception' => false, + + /* + * By default wildcard permission lookups are disabled. + * See documentation to understand supported syntax. + */ + + 'enable_wildcard_permission' => false, + + /* + * The class to use for interpreting wildcard permissions. + * If you need to modify delimiters, override the class and specify its name here. + */ + // 'permission.wildcard_permission' => Spatie\Permission\WildcardPermission::class, + + /* Cache-specific settings */ + + 'cache' => [ + + /* + * By default all permissions are cached for 24 hours to speed up performance. + * When permissions or roles are updated the cache is flushed automatically. + */ + + 'expiration_time' => \DateInterval::createFromDateString('24 hours'), + + /* + * The cache key used to store all permissions. + */ + + 'key' => 'spatie.permission.cache', + + /* + * You may optionally indicate a specific cache driver to use for permission and + * role caching using any of the `store` drivers listed in the cache.php config + * file. Using 'default' here means to use the `default` set in cache.php. + */ + + 'store' => 'default', + ], +]; diff --git a/database/migrations/2024_02_08_163020_create_permission_tables.php b/database/migrations/2024_02_08_163020_create_permission_tables.php new file mode 100644 index 0000000..b865d48 --- /dev/null +++ b/database/migrations/2024_02_08_163020_create_permission_tables.php @@ -0,0 +1,138 @@ +bigIncrements('id'); // permission id + $table->string('name'); // For MySQL 8.0 use string('name', 125); + $table->string('guard_name'); // For MySQL 8.0 use string('guard_name', 125); + $table->timestamps(); + + $table->unique(['name', 'guard_name']); + }); + + Schema::create($tableNames['roles'], function (Blueprint $table) use ($teams, $columnNames) { + $table->bigIncrements('id'); // role id + if ($teams || config('permission.testing')) { // permission.testing is a fix for sqlite testing + $table->unsignedBigInteger($columnNames['team_foreign_key'])->nullable(); + $table->index($columnNames['team_foreign_key'], 'roles_team_foreign_key_index'); + } + $table->string('name'); // For MySQL 8.0 use string('name', 125); + $table->string('guard_name'); // For MySQL 8.0 use string('guard_name', 125); + $table->timestamps(); + if ($teams || config('permission.testing')) { + $table->unique([$columnNames['team_foreign_key'], 'name', 'guard_name']); + } else { + $table->unique(['name', 'guard_name']); + } + }); + + Schema::create($tableNames['model_has_permissions'], function (Blueprint $table) use ($tableNames, $columnNames, $pivotPermission, $teams) { + $table->unsignedBigInteger($pivotPermission); + + $table->string('model_type'); + $table->unsignedBigInteger($columnNames['model_morph_key']); + $table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_permissions_model_id_model_type_index'); + + $table->foreign($pivotPermission) + ->references('id') // permission id + ->on($tableNames['permissions']) + ->onDelete('cascade'); + if ($teams) { + $table->unsignedBigInteger($columnNames['team_foreign_key']); + $table->index($columnNames['team_foreign_key'], 'model_has_permissions_team_foreign_key_index'); + + $table->primary([$columnNames['team_foreign_key'], $pivotPermission, $columnNames['model_morph_key'], 'model_type'], + 'model_has_permissions_permission_model_type_primary'); + } else { + $table->primary([$pivotPermission, $columnNames['model_morph_key'], 'model_type'], + 'model_has_permissions_permission_model_type_primary'); + } + + }); + + Schema::create($tableNames['model_has_roles'], function (Blueprint $table) use ($tableNames, $columnNames, $pivotRole, $teams) { + $table->unsignedBigInteger($pivotRole); + + $table->string('model_type'); + $table->unsignedBigInteger($columnNames['model_morph_key']); + $table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_roles_model_id_model_type_index'); + + $table->foreign($pivotRole) + ->references('id') // role id + ->on($tableNames['roles']) + ->onDelete('cascade'); + if ($teams) { + $table->unsignedBigInteger($columnNames['team_foreign_key']); + $table->index($columnNames['team_foreign_key'], 'model_has_roles_team_foreign_key_index'); + + $table->primary([$columnNames['team_foreign_key'], $pivotRole, $columnNames['model_morph_key'], 'model_type'], + 'model_has_roles_role_model_type_primary'); + } else { + $table->primary([$pivotRole, $columnNames['model_morph_key'], 'model_type'], + 'model_has_roles_role_model_type_primary'); + } + }); + + Schema::create($tableNames['role_has_permissions'], function (Blueprint $table) use ($tableNames, $pivotRole, $pivotPermission) { + $table->unsignedBigInteger($pivotPermission); + $table->unsignedBigInteger($pivotRole); + + $table->foreign($pivotPermission) + ->references('id') // permission id + ->on($tableNames['permissions']) + ->onDelete('cascade'); + + $table->foreign($pivotRole) + ->references('id') // role id + ->on($tableNames['roles']) + ->onDelete('cascade'); + + $table->primary([$pivotPermission, $pivotRole], 'role_has_permissions_permission_id_role_id_primary'); + }); + + app('cache') + ->store(config('permission.cache.store') != 'default' ? config('permission.cache.store') : null) + ->forget(config('permission.cache.key')); + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + $tableNames = config('permission.table_names'); + + if (empty($tableNames)) { + throw new \Exception('Error: config/permission.php not found and defaults could not be merged. Please publish the package configuration before proceeding, or drop the tables manually.'); + } + + Schema::drop($tableNames['role_has_permissions']); + Schema::drop($tableNames['model_has_roles']); + Schema::drop($tableNames['model_has_permissions']); + Schema::drop($tableNames['roles']); + Schema::drop($tableNames['permissions']); + } +}; diff --git a/database/seeders/AdminUserSeeder.php b/database/seeders/AdminUserSeeder.php new file mode 100644 index 0000000..18fc4c0 --- /dev/null +++ b/database/seeders/AdminUserSeeder.php @@ -0,0 +1,24 @@ + 'Kagir', + 'email' => 'kagir.dev@gmail.com ', + 'password' => Hash::make('Prova123!') + ]); + $superAdmin->assignRole('ADMIN'); + } +} diff --git a/database/seeders/DatabaseSeeder.php b/database/seeders/DatabaseSeeder.php index a9f4519..217eeb0 100644 --- a/database/seeders/DatabaseSeeder.php +++ b/database/seeders/DatabaseSeeder.php @@ -12,11 +12,10 @@ class DatabaseSeeder extends Seeder */ public function run(): void { - // \App\Models\User::factory(10)->create(); - - // \App\Models\User::factory()->create([ - // 'name' => 'Test User', - // 'email' => 'test@example.com', - // ]); + $this->call([ + PermissionSeeder::class, + RoleSeeder::class, + AdminUserSeeder::class, + ]); } } diff --git a/database/seeders/PermissionSeeder.php b/database/seeders/PermissionSeeder.php new file mode 100644 index 0000000..7cefd63 --- /dev/null +++ b/database/seeders/PermissionSeeder.php @@ -0,0 +1,33 @@ + $permission]); + } + } +} diff --git a/database/seeders/RoleSeeder.php b/database/seeders/RoleSeeder.php new file mode 100644 index 0000000..c3e8c56 --- /dev/null +++ b/database/seeders/RoleSeeder.php @@ -0,0 +1,26 @@ + 'ADMIN']); + $admin->givePermissionTo([ + 'create-user', + 'edit-user', + 'delete-user', + 'create-product', + 'edit-product', + 'delete-product' + ]); + } +} diff --git a/resources/views/layouts/partials/scripts.blade.php b/resources/views/layouts/partials/scripts.blade.php index eec714c..2f4bc2f 100644 --- a/resources/views/layouts/partials/scripts.blade.php +++ b/resources/views/layouts/partials/scripts.blade.php @@ -1,16 +1,16 @@ - + - + - - + + - + diff --git a/resources/views/users/create.blade.php b/resources/views/users/create.blade.php new file mode 100644 index 0000000..4ed929d --- /dev/null +++ b/resources/views/users/create.blade.php @@ -0,0 +1,101 @@ + +
+
+
+
+
+ Add New User +
+
+ ← Back +
+
+
+
+ @csrf + +
+ +
+ + @if ($errors->has('name')) + {{ $errors->first('name') }} + @endif +
+
+ +
+ +
+ + @if ($errors->has('email')) + {{ $errors->first('email') }} + @endif +
+
+ +
+ +
+ + @if ($errors->has('password')) + {{ $errors->first('password') }} + @endif +
+
+ +
+ +
+ +
+
+ +
+ +
+ + @if ($errors->has('roles')) + {{ $errors->first('roles') }} + @endif +
+
+ +
+ +
+ +
+
+
+
+
+ diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php new file mode 100644 index 0000000..553c2d3 --- /dev/null +++ b/resources/views/users/edit.blade.php @@ -0,0 +1,102 @@ + +
+
+
+
+
+ Edit User +
+
+ ← Back +
+
+
+
+ @csrf + @method("PUT") + +
+ +
+ + @if ($errors->has('name')) + {{ $errors->first('name') }} + @endif +
+
+ +
+ +
+ + @if ($errors->has('email')) + {{ $errors->first('email') }} + @endif +
+
+ +
+ +
+ + @if ($errors->has('password')) + {{ $errors->first('password') }} + @endif +
+
+ +
+ +
+ +
+
+ +
+ +
+ + @if ($errors->has('roles')) + {{ $errors->first('roles') }} + @endif +
+
+ +
+ +
+ +
+
+
+
+
+ diff --git a/resources/views/users/index.blade.php b/resources/views/users/index.blade.php new file mode 100644 index 0000000..87f8283 --- /dev/null +++ b/resources/views/users/index.blade.php @@ -0,0 +1,70 @@ +vi +
+
Manage Users
+
+ @can('create-user') + Add New User + @endcan + + + + + + + + + + + + @forelse ($users as $user) + + + + + + + + @empty + + @endforelse + +
S#NameEmailRolesAction
{{ $loop->iteration }}{{ $user->name }}{{ $user->email }} + @forelse ($user->getRoleNames() as $role) + {{ $role }} + @empty + @endforelse + +
+ @csrf + @method('DELETE') + + Show + + @if (in_array('Super Admin', $user->getRoleNames()->toArray() ?? []) ) + @if (Auth::user()->hasRole('Super Admin')) + Edit + @endif + @else + @can('edit-user') + Edit + @endcan + + @can('delete-user') + @if (Auth::user()->id!=$user->id) + + @endif + @endcan + @endif + +
+
+ + No User Found! + +
+ + {{ $users->links() }} + +
+
+ diff --git a/resources/views/users/show.blade.php b/resources/views/users/show.blade.php new file mode 100644 index 0000000..9ff80e8 --- /dev/null +++ b/resources/views/users/show.blade.php @@ -0,0 +1,44 @@ + +
+
+
+
+
+ User Information +
+
+ ← Back +
+
+
+ +
+ +
+ {{ $user->name }} +
+
+ +
+ +
+ {{ $user->email }} +
+
+ +
+ +
+ @forelse ($user->getRoleNames() as $role) + {{ $role }} + @empty + @endforelse +
+
+
+
+
+
+ diff --git a/routes/web.php b/routes/web.php index 5fff9c5..6972cc3 100644 --- a/routes/web.php +++ b/routes/web.php @@ -1,8 +1,11 @@ name('prova'); Route::get('/dashboard', function () { @@ -56,7 +60,10 @@ Route::prefix('words')->group(function () { Route::post('/', [WordsController::class, 'store'])->name('words.insert'); }); - +Route::resources([ + 'roles' => RolesController::class, + 'users' => UsersController::class, +]); require __DIR__ . '/auth.php';