add role permission logic

This commit is contained in:
root
2026-03-10 17:11:48 -04:00
parent abebe0d9c0
commit c235fd2170
40 changed files with 1896 additions and 838 deletions
@@ -0,0 +1,245 @@
<?php
namespace App\Http\Controllers\Api;
use App\Http\Requests\Roles\AssignUserRolesRequest;
use App\Http\Requests\Roles\PermissionStoreRequest;
use App\Http\Requests\Roles\PermissionUpdateRequest;
use App\Http\Requests\Roles\RoleListRequest;
use App\Http\Requests\Roles\RolePermissionUpdateRequest;
use App\Http\Requests\Roles\RoleStoreRequest;
use App\Http\Requests\Roles\RoleUpdateRequest;
use App\Http\Requests\Roles\UserRoleListRequest;
use App\Http\Resources\Roles\PermissionResource;
use App\Http\Resources\Roles\RolePermissionResource;
use App\Http\Resources\Roles\RoleResource;
use App\Http\Resources\Roles\UserWithRolesResource;
use App\Models\Permission;
use App\Models\Role;
use App\Services\Roles\PermissionCrudService;
use App\Services\Roles\RoleAssignmentService;
use App\Services\Roles\RoleCrudService;
use App\Services\Roles\RolePermissionService;
use App\Services\Roles\RoleQueryService;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Log;
use Symfony\Component\HttpFoundation\Response;
class RolePermissionController extends BaseApiController
{
public function __construct(
private RoleQueryService $queryService,
private RoleAssignmentService $assignmentService,
private RolePermissionService $permissionService,
private RoleCrudService $roleCrudService,
private PermissionCrudService $permissionCrudService
) {
parent::__construct();
}
public function roles(RoleListRequest $request): JsonResponse
{
$roles = $this->queryService->listRoles($request->validated());
return $this->success([
'roles' => RoleResource::collection($roles->items()),
'meta' => [
'total' => $roles->total(),
'per_page' => $roles->perPage(),
'current_page' => $roles->currentPage(),
'last_page' => $roles->lastPage(),
],
]);
}
public function showRole(int $roleId): JsonResponse
{
$role = Role::query()->find($roleId);
if (!$role) {
return $this->error('Role not found.', Response::HTTP_NOT_FOUND);
}
return $this->success([
'role' => new RoleResource($role),
]);
}
public function storeRole(RoleStoreRequest $request): JsonResponse
{
try {
$role = $this->roleCrudService->create($request->validated());
} catch (\Throwable $e) {
Log::error('Role store failed: ' . $e->getMessage());
return $this->error('Failed to create role.', Response::HTTP_INTERNAL_SERVER_ERROR);
}
return $this->success([
'role' => new RoleResource($role),
], 'Role created successfully.', Response::HTTP_CREATED);
}
public function updateRole(RoleUpdateRequest $request, int $roleId): JsonResponse
{
$role = Role::query()->find($roleId);
if (!$role) {
return $this->error('Role not found.', Response::HTTP_NOT_FOUND);
}
try {
$role = $this->roleCrudService->update($role, $request->validated());
} catch (\Throwable $e) {
Log::error('Role update failed: ' . $e->getMessage());
return $this->error('Failed to update role.', Response::HTTP_INTERNAL_SERVER_ERROR);
}
return $this->success([
'role' => new RoleResource($role),
], 'Role updated successfully.');
}
public function deleteRole(int $roleId): JsonResponse
{
$role = Role::query()->find($roleId);
if (!$role) {
return $this->error('Role not found.', Response::HTTP_NOT_FOUND);
}
try {
$this->roleCrudService->delete($role);
} catch (\Throwable $e) {
Log::error('Role delete failed: ' . $e->getMessage());
return $this->error('Failed to delete role.', Response::HTTP_INTERNAL_SERVER_ERROR);
}
return $this->success(null, 'Role deleted successfully.');
}
public function users(UserRoleListRequest $request): JsonResponse
{
$users = $this->queryService->listUsersWithRoles($request->validated());
return $this->success([
'users' => UserWithRolesResource::collection($users->items()),
'meta' => [
'total' => $users->total(),
'per_page' => $users->perPage(),
'current_page' => $users->currentPage(),
'last_page' => $users->lastPage(),
],
]);
}
public function assignRoles(AssignUserRolesRequest $request, int $userId): JsonResponse
{
try {
$result = $this->assignmentService->assignRoles(
$userId,
(array) ($request->validated()['role_ids'] ?? []),
(int) (auth()->id() ?? 0)
);
} catch (\Throwable $e) {
Log::error('Assign roles failed: ' . $e->getMessage());
return $this->error('Failed to update roles.', Response::HTTP_INTERNAL_SERVER_ERROR);
}
if (!($result['ok'] ?? false)) {
return $this->error($result['message'] ?? 'Failed to update roles.', Response::HTTP_UNPROCESSABLE_ENTITY);
}
return $this->success([
'role_names' => $result['role_names'] ?? [],
], 'Roles updated successfully.');
}
public function permissions(): JsonResponse
{
$permissions = $this->permissionService->listPermissions();
return $this->success([
'permissions' => PermissionResource::collection($permissions),
]);
}
public function showPermission(int $permissionId): JsonResponse
{
$permission = Permission::query()->find($permissionId);
if (!$permission) {
return $this->error('Permission not found.', Response::HTTP_NOT_FOUND);
}
return $this->success([
'permission' => new PermissionResource($permission),
]);
}
public function storePermission(PermissionStoreRequest $request): JsonResponse
{
try {
$permission = $this->permissionCrudService->create($request->validated());
} catch (\Throwable $e) {
Log::error('Permission store failed: ' . $e->getMessage());
return $this->error('Failed to create permission.', Response::HTTP_INTERNAL_SERVER_ERROR);
}
return $this->success([
'permission' => new PermissionResource($permission),
], 'Permission created successfully.', Response::HTTP_CREATED);
}
public function updatePermission(PermissionUpdateRequest $request, int $permissionId): JsonResponse
{
$permission = Permission::query()->find($permissionId);
if (!$permission) {
return $this->error('Permission not found.', Response::HTTP_NOT_FOUND);
}
try {
$permission = $this->permissionCrudService->update($permission, $request->validated());
} catch (\Throwable $e) {
Log::error('Permission update failed: ' . $e->getMessage());
return $this->error('Failed to update permission.', Response::HTTP_INTERNAL_SERVER_ERROR);
}
return $this->success([
'permission' => new PermissionResource($permission),
], 'Permission updated successfully.');
}
public function deletePermission(int $permissionId): JsonResponse
{
$permission = Permission::query()->find($permissionId);
if (!$permission) {
return $this->error('Permission not found.', Response::HTTP_NOT_FOUND);
}
try {
$this->permissionCrudService->delete($permission);
} catch (\Throwable $e) {
Log::error('Permission delete failed: ' . $e->getMessage());
return $this->error('Failed to delete permission.', Response::HTTP_INTERNAL_SERVER_ERROR);
}
return $this->success(null, 'Permission deleted successfully.');
}
public function rolePermissions(int $roleId): JsonResponse
{
$rows = $this->permissionService->listRolePermissions($roleId);
return $this->success([
'permissions' => RolePermissionResource::collection($rows),
]);
}
public function updateRolePermissions(RolePermissionUpdateRequest $request, int $roleId): JsonResponse
{
try {
$this->permissionService->saveRolePermissions($roleId, $request->validated()['permissions'] ?? []);
} catch (\Throwable $e) {
Log::error('Role permissions update failed: ' . $e->getMessage());
return $this->error('Failed to update role permissions.', Response::HTTP_INTERNAL_SERVER_ERROR);
}
return $this->success(null, 'Permissions saved successfully.');
}
}
@@ -0,0 +1,44 @@
<?php
namespace App\Http\Controllers\Api;
use App\Http\Requests\Roles\RoleSwitchRequest;
use App\Services\Roles\RoleSwitchService;
use Illuminate\Http\JsonResponse;
use Symfony\Component\HttpFoundation\Response;
class RoleSwitcherController extends BaseApiController
{
public function __construct(private RoleSwitchService $switchService)
{
parent::__construct();
}
public function index(): JsonResponse
{
$userId = (int) (auth()->id() ?? 0);
if ($userId <= 0) {
return $this->error('Please log in first.', Response::HTTP_UNAUTHORIZED);
}
$roles = $this->switchService->getUserRoleNames($userId);
if (empty($roles)) {
return $this->error('No roles assigned to this user.', Response::HTTP_NOT_FOUND);
}
return $this->success([
'roles' => $roles,
]);
}
public function switch(RoleSwitchRequest $request): JsonResponse
{
$role = (string) $request->validated()['role'];
$route = $this->switchService->switchRole($role);
return $this->success([
'role' => $role,
'dashboard_route' => $route,
], 'Role switched successfully.');
}
}
@@ -0,0 +1,21 @@
<?php
namespace App\Http\Requests\Roles;
use App\Http\Requests\ApiFormRequest;
class AssignUserRolesRequest extends ApiFormRequest
{
public function authorize(): bool
{
return auth()->check();
}
public function rules(): array
{
return [
'role_ids' => ['nullable', 'array'],
'role_ids.*' => ['integer', 'min:1', 'exists:roles,id'],
];
}
}
@@ -0,0 +1,22 @@
<?php
namespace App\Http\Requests\Roles;
use App\Http\Requests\ApiFormRequest;
use Illuminate\Validation\Rule;
class PermissionStoreRequest extends ApiFormRequest
{
public function authorize(): bool
{
return auth()->check();
}
public function rules(): array
{
return [
'name' => ['required', 'string', 'max:255', 'unique:permissions,name'],
'description' => ['nullable', 'string', 'max:500'],
];
}
}
@@ -0,0 +1,24 @@
<?php
namespace App\Http\Requests\Roles;
use App\Http\Requests\ApiFormRequest;
use Illuminate\Validation\Rule;
class PermissionUpdateRequest extends ApiFormRequest
{
public function authorize(): bool
{
return auth()->check();
}
public function rules(): array
{
$permissionId = (int) $this->route('permissionId');
return [
'name' => ['sometimes', 'string', 'max:255', Rule::unique('permissions', 'name')->ignore($permissionId)],
'description' => ['nullable', 'string', 'max:500'],
];
}
}
@@ -0,0 +1,24 @@
<?php
namespace App\Http\Requests\Roles;
use App\Http\Requests\ApiFormRequest;
use Illuminate\Validation\Rule;
class RoleListRequest extends ApiFormRequest
{
public function authorize(): bool
{
return auth()->check();
}
public function rules(): array
{
return [
'search' => ['nullable', 'string', 'max:255'],
'sort_by' => ['nullable', 'string', Rule::in(['name', 'slug', 'priority', 'is_active', 'created_at'])],
'sort_dir' => ['nullable', 'string', Rule::in(['asc', 'desc'])],
'per_page' => ['nullable', 'integer', 'min:1', 'max:200'],
];
}
}
@@ -0,0 +1,26 @@
<?php
namespace App\Http\Requests\Roles;
use App\Http\Requests\ApiFormRequest;
class RolePermissionUpdateRequest extends ApiFormRequest
{
public function authorize(): bool
{
return auth()->check();
}
public function rules(): array
{
return [
'permissions' => ['required', 'array'],
'permissions.*' => ['array'],
'permissions.*.create' => ['nullable', 'boolean'],
'permissions.*.read' => ['nullable', 'boolean'],
'permissions.*.update' => ['nullable', 'boolean'],
'permissions.*.delete' => ['nullable', 'boolean'],
'permissions.*.manage' => ['nullable', 'boolean'],
];
}
}
@@ -0,0 +1,26 @@
<?php
namespace App\Http\Requests\Roles;
use App\Http\Requests\ApiFormRequest;
use Illuminate\Validation\Rule;
class RoleStoreRequest extends ApiFormRequest
{
public function authorize(): bool
{
return auth()->check();
}
public function rules(): array
{
return [
'name' => ['required', 'string', 'min:3', 'max:255', 'unique:roles,name'],
'slug' => ['nullable', 'string', 'max:64', 'unique:roles,slug'],
'description' => ['nullable', 'string', 'max:500'],
'dashboard_route' => ['required', 'string', 'min:1', 'max:255', 'regex:/^[a-z0-9_\\/\\-]+$/'],
'priority' => ['required', 'integer', 'min:0', 'max:100000'],
'is_active' => ['required', Rule::in([0, 1, '0', '1', true, false])],
];
}
}
@@ -0,0 +1,20 @@
<?php
namespace App\Http\Requests\Roles;
use App\Http\Requests\ApiFormRequest;
class RoleSwitchRequest extends ApiFormRequest
{
public function authorize(): bool
{
return auth()->check();
}
public function rules(): array
{
return [
'role' => ['required', 'string', 'max:255'],
];
}
}
@@ -0,0 +1,28 @@
<?php
namespace App\Http\Requests\Roles;
use App\Http\Requests\ApiFormRequest;
use Illuminate\Validation\Rule;
class RoleUpdateRequest extends ApiFormRequest
{
public function authorize(): bool
{
return auth()->check();
}
public function rules(): array
{
$roleId = (int) $this->route('roleId');
return [
'name' => ['sometimes', 'string', 'min:3', 'max:255', Rule::unique('roles', 'name')->ignore($roleId)],
'slug' => ['nullable', 'string', 'max:64', Rule::unique('roles', 'slug')->ignore($roleId)],
'description' => ['nullable', 'string', 'max:500'],
'dashboard_route' => ['sometimes', 'string', 'min:1', 'max:255', 'regex:/^[a-z0-9_\\/\\-]+$/'],
'priority' => ['sometimes', 'integer', 'min:0', 'max:100000'],
'is_active' => ['sometimes', Rule::in([0, 1, '0', '1', true, false])],
];
}
}
@@ -0,0 +1,24 @@
<?php
namespace App\Http\Requests\Roles;
use App\Http\Requests\ApiFormRequest;
use Illuminate\Validation\Rule;
class UserRoleListRequest extends ApiFormRequest
{
public function authorize(): bool
{
return auth()->check();
}
public function rules(): array
{
return [
'search' => ['nullable', 'string', 'max:255'],
'sort_by' => ['nullable', 'string', Rule::in(['firstname', 'lastname', 'email', 'account_id'])],
'sort_dir' => ['nullable', 'string', Rule::in(['asc', 'desc'])],
'per_page' => ['nullable', 'integer', 'min:1', 'max:200'],
];
}
}
@@ -0,0 +1,19 @@
<?php
namespace App\Http\Resources\Roles;
use Illuminate\Http\Resources\Json\JsonResource;
class PermissionResource extends JsonResource
{
public function toArray($request): array
{
return [
'id' => (int) ($this->id ?? $this['id'] ?? 0),
'name' => (string) ($this->name ?? $this['name'] ?? ''),
'description' => $this->description ?? $this['description'] ?? null,
'created_at' => $this->created_at ?? $this['created_at'] ?? null,
'updated_at' => $this->updated_at ?? $this['updated_at'] ?? null,
];
}
}
@@ -0,0 +1,22 @@
<?php
namespace App\Http\Resources\Roles;
use Illuminate\Http\Resources\Json\JsonResource;
class RolePermissionResource extends JsonResource
{
public function toArray($request): array
{
return [
'permission_id' => (int) ($this['id'] ?? $this['permission_id'] ?? 0),
'name' => (string) ($this['name'] ?? ''),
'description' => $this['description'] ?? null,
'can_create' => (int) ($this['can_create'] ?? 0),
'can_read' => (int) ($this['can_read'] ?? 0),
'can_update' => (int) ($this['can_update'] ?? 0),
'can_delete' => (int) ($this['can_delete'] ?? 0),
'can_manage' => (int) ($this['can_manage'] ?? 0),
];
}
}
+24
View File
@@ -0,0 +1,24 @@
<?php
namespace App\Http\Resources\Roles;
use Illuminate\Http\Resources\Json\JsonResource;
class RoleResource extends JsonResource
{
public function toArray($request): array
{
return [
'id' => (int) ($this->id ?? $this['id'] ?? 0),
'name' => (string) ($this->name ?? $this['name'] ?? ''),
'slug' => (string) ($this->slug ?? $this['slug'] ?? ''),
'description' => $this->description ?? $this['description'] ?? null,
'dashboard_route' => (string) ($this->dashboard_route ?? $this['dashboard_route'] ?? ''),
'priority' => (int) ($this->priority ?? $this['priority'] ?? 0),
'is_active' => (int) ($this->is_active ?? $this['is_active'] ?? 0),
'user_count' => $this->user_count ?? $this['user_count'] ?? null,
'created_at' => $this->created_at ?? $this['created_at'] ?? null,
'updated_at' => $this->updated_at ?? $this['updated_at'] ?? null,
];
}
}
@@ -0,0 +1,25 @@
<?php
namespace App\Http\Resources\Roles;
use Illuminate\Http\Resources\Json\JsonResource;
class UserWithRolesResource extends JsonResource
{
public function toArray($request): array
{
$roles = $this['roles'] ?? [];
if (is_string($roles)) {
$roles = array_filter(array_map('trim', explode(',', $roles)));
}
return [
'id' => (int) ($this['id'] ?? 0),
'firstname' => (string) ($this['firstname'] ?? ''),
'lastname' => (string) ($this['lastname'] ?? ''),
'email' => (string) ($this['email'] ?? ''),
'account_id' => (string) ($this['account_id'] ?? ''),
'roles' => array_values(array_filter($roles)),
];
}
}