From 6db36912d4142501ab0e85e799f0d2e534c6f9e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=9Cmit=20Tun=C3=A7?= Date: Wed, 5 Nov 2025 03:02:35 -0300 Subject: [PATCH] Add policies for template management: Introduced new policy classes for managing permissions related to FooterTemplate, HeaderTemplate, MenuTemplate, SectionTemplate, and Setting. Updated LanguagePolicy and UserPolicy to utilize AuthUser for authorization checks, enhancing the security and maintainability of the application. --- app/Console/Commands/MakeSuperAdmin.php | 33 +++++++-- app/Policies/FooterTemplatePolicy.php | 70 +++++++++++++++++ app/Policies/HeaderTemplatePolicy.php | 70 +++++++++++++++++ app/Policies/LanguagePolicy.php | 99 +++++++++---------------- app/Policies/MenuTemplatePolicy.php | 70 +++++++++++++++++ app/Policies/SectionTemplatePolicy.php | 70 +++++++++++++++++ app/Policies/SettingPolicy.php | 70 +++++++++++++++++ app/Policies/UserPolicy.php | 92 +++++++---------------- 8 files changed, 439 insertions(+), 135 deletions(-) create mode 100644 app/Policies/FooterTemplatePolicy.php create mode 100644 app/Policies/HeaderTemplatePolicy.php create mode 100644 app/Policies/MenuTemplatePolicy.php create mode 100644 app/Policies/SectionTemplatePolicy.php create mode 100644 app/Policies/SettingPolicy.php diff --git a/app/Console/Commands/MakeSuperAdmin.php b/app/Console/Commands/MakeSuperAdmin.php index a435dbe..2eb66c6 100644 --- a/app/Console/Commands/MakeSuperAdmin.php +++ b/app/Console/Commands/MakeSuperAdmin.php @@ -4,6 +4,7 @@ namespace App\Console\Commands; use App\Models\User; use Illuminate\Console\Command; +use Spatie\Permission\Models\Permission; use Spatie\Permission\Models\Role; class MakeSuperAdmin extends Command @@ -54,18 +55,36 @@ class MakeSuperAdmin extends Command 'guard_name' => 'web', ]); - // Kullanıcı zaten super admin mi kontrol et - if ($user->hasRole('super_admin')) { - $this->warn("Kullanıcı '{$user->name}' ({$user->email}) zaten super admin!"); - return self::SUCCESS; + // Super admin rolünü ata (eğer yoksa) + if (!$user->hasRole('super_admin')) { + $user->assignRole('super_admin'); } - // Super admin rolünü ata - $user->assignRole('super_admin'); + // Tüm izinleri super admin rolüne ata (her zaman güncelle) + $this->info('Tüm izinler super admin rolüne atanıyor...'); + $this->syncAllPermissions($role); - $this->info("✓ Kullanıcı '{$user->name}' ({$user->email}) başarıyla super admin yapıldı!"); + $this->info("✓ Kullanıcı '{$user->name}' ({$user->email}) super admin yetkileri güncellendi!"); return self::SUCCESS; } + + /** + * Tüm izinleri super admin rolüne senkronize et + */ + protected function syncAllPermissions(Role $role): void + { + $allPermissions = Permission::where('guard_name', 'web')->get(); + + if ($allPermissions->isEmpty()) { + $this->warn('Henüz hiç izin tanımlanmamış. İzinleri oluşturmak için: php artisan shield:generate --all'); + return; + } + + $permissionCount = $allPermissions->count(); + $role->syncPermissions($allPermissions); + + $this->info("✓ {$permissionCount} adet izin super admin rolüne atandı."); + } } diff --git a/app/Policies/FooterTemplatePolicy.php b/app/Policies/FooterTemplatePolicy.php new file mode 100644 index 0000000..38b6fe3 --- /dev/null +++ b/app/Policies/FooterTemplatePolicy.php @@ -0,0 +1,70 @@ +can('ViewAny:FooterTemplate'); + } + + public function view(AuthUser $authUser, FooterTemplate $footerTemplate): bool + { + return $authUser->can('View:FooterTemplate'); + } + + public function create(AuthUser $authUser): bool + { + return $authUser->can('Create:FooterTemplate'); + } + + public function update(AuthUser $authUser, FooterTemplate $footerTemplate): bool + { + return $authUser->can('Update:FooterTemplate'); + } + + public function delete(AuthUser $authUser, FooterTemplate $footerTemplate): bool + { + return $authUser->can('Delete:FooterTemplate'); + } + + public function restore(AuthUser $authUser, FooterTemplate $footerTemplate): bool + { + return $authUser->can('Restore:FooterTemplate'); + } + + public function forceDelete(AuthUser $authUser, FooterTemplate $footerTemplate): bool + { + return $authUser->can('ForceDelete:FooterTemplate'); + } + + public function forceDeleteAny(AuthUser $authUser): bool + { + return $authUser->can('ForceDeleteAny:FooterTemplate'); + } + + public function restoreAny(AuthUser $authUser): bool + { + return $authUser->can('RestoreAny:FooterTemplate'); + } + + public function replicate(AuthUser $authUser, FooterTemplate $footerTemplate): bool + { + return $authUser->can('Replicate:FooterTemplate'); + } + + public function reorder(AuthUser $authUser): bool + { + return $authUser->can('Reorder:FooterTemplate'); + } + +} \ No newline at end of file diff --git a/app/Policies/HeaderTemplatePolicy.php b/app/Policies/HeaderTemplatePolicy.php new file mode 100644 index 0000000..76af00e --- /dev/null +++ b/app/Policies/HeaderTemplatePolicy.php @@ -0,0 +1,70 @@ +can('ViewAny:HeaderTemplate'); + } + + public function view(AuthUser $authUser, HeaderTemplate $headerTemplate): bool + { + return $authUser->can('View:HeaderTemplate'); + } + + public function create(AuthUser $authUser): bool + { + return $authUser->can('Create:HeaderTemplate'); + } + + public function update(AuthUser $authUser, HeaderTemplate $headerTemplate): bool + { + return $authUser->can('Update:HeaderTemplate'); + } + + public function delete(AuthUser $authUser, HeaderTemplate $headerTemplate): bool + { + return $authUser->can('Delete:HeaderTemplate'); + } + + public function restore(AuthUser $authUser, HeaderTemplate $headerTemplate): bool + { + return $authUser->can('Restore:HeaderTemplate'); + } + + public function forceDelete(AuthUser $authUser, HeaderTemplate $headerTemplate): bool + { + return $authUser->can('ForceDelete:HeaderTemplate'); + } + + public function forceDeleteAny(AuthUser $authUser): bool + { + return $authUser->can('ForceDeleteAny:HeaderTemplate'); + } + + public function restoreAny(AuthUser $authUser): bool + { + return $authUser->can('RestoreAny:HeaderTemplate'); + } + + public function replicate(AuthUser $authUser, HeaderTemplate $headerTemplate): bool + { + return $authUser->can('Replicate:HeaderTemplate'); + } + + public function reorder(AuthUser $authUser): bool + { + return $authUser->can('Reorder:HeaderTemplate'); + } + +} \ No newline at end of file diff --git a/app/Policies/LanguagePolicy.php b/app/Policies/LanguagePolicy.php index 95f50ff..97ceb0f 100644 --- a/app/Policies/LanguagePolicy.php +++ b/app/Policies/LanguagePolicy.php @@ -1,97 +1,70 @@ hasRole('super_admin') || $user->can('language::viewAny'); + return $authUser->can('ViewAny:Language'); } - /** - * Determine whether the user can view the model. - */ - public function view(User $user, Language $language): bool + public function view(AuthUser $authUser, Language $language): bool { - return $user->hasRole('super_admin') || $user->can('language::view'); + return $authUser->can('View:Language'); } - /** - * Determine whether the user can create models. - */ - public function create(User $user): bool + public function create(AuthUser $authUser): bool { - return $user->hasRole('super_admin') || $user->can('language::create'); + return $authUser->can('Create:Language'); } - /** - * Determine whether the user can update the model. - */ - public function update(User $user, Language $language): bool + public function update(AuthUser $authUser, Language $language): bool { - // Cannot disable default language - if ($language->is_default && !$user->hasRole('super_admin')) { - return false; - } - - return $user->hasRole('super_admin') || $user->can('language::update'); + return $authUser->can('Update:Language'); } - /** - * Determine whether the user can delete the model. - */ - public function delete(User $user, Language $language): bool + public function delete(AuthUser $authUser, Language $language): bool { - // Cannot delete default language - if ($language->is_default) { - return false; - } - - return $user->hasRole('super_admin') || $user->can('language::delete'); + return $authUser->can('Delete:Language'); } - /** - * Determine whether the user can restore the model. - */ - public function restore(User $user, Language $language): bool + public function restore(AuthUser $authUser, Language $language): bool { - return $user->hasRole('super_admin') || $user->can('language::restore'); + return $authUser->can('Restore:Language'); } - /** - * Determine whether the user can permanently delete the model. - */ - public function forceDelete(User $user, Language $language): bool + public function forceDelete(AuthUser $authUser, Language $language): bool { - // Cannot force delete default language - if ($language->is_default) { - return false; - } - - return $user->hasRole('super_admin') || $user->can('language::forceDelete'); + return $authUser->can('ForceDelete:Language'); } - /** - * Determine whether the user can activate the language. - */ - public function activate(User $user): bool + public function forceDeleteAny(AuthUser $authUser): bool { - return $user->hasRole('super_admin') || $user->can('language::activate'); + return $authUser->can('ForceDeleteAny:Language'); } - /** - * Determine whether the user can set the language as default. - */ - public function setDefault(User $user): bool + public function restoreAny(AuthUser $authUser): bool { - return $user->hasRole('super_admin') || $user->can('language::setDefault'); + return $authUser->can('RestoreAny:Language'); } -} + + public function replicate(AuthUser $authUser, Language $language): bool + { + return $authUser->can('Replicate:Language'); + } + + public function reorder(AuthUser $authUser): bool + { + return $authUser->can('Reorder:Language'); + } + +} \ No newline at end of file diff --git a/app/Policies/MenuTemplatePolicy.php b/app/Policies/MenuTemplatePolicy.php new file mode 100644 index 0000000..ab27efc --- /dev/null +++ b/app/Policies/MenuTemplatePolicy.php @@ -0,0 +1,70 @@ +can('ViewAny:MenuTemplate'); + } + + public function view(AuthUser $authUser, MenuTemplate $menuTemplate): bool + { + return $authUser->can('View:MenuTemplate'); + } + + public function create(AuthUser $authUser): bool + { + return $authUser->can('Create:MenuTemplate'); + } + + public function update(AuthUser $authUser, MenuTemplate $menuTemplate): bool + { + return $authUser->can('Update:MenuTemplate'); + } + + public function delete(AuthUser $authUser, MenuTemplate $menuTemplate): bool + { + return $authUser->can('Delete:MenuTemplate'); + } + + public function restore(AuthUser $authUser, MenuTemplate $menuTemplate): bool + { + return $authUser->can('Restore:MenuTemplate'); + } + + public function forceDelete(AuthUser $authUser, MenuTemplate $menuTemplate): bool + { + return $authUser->can('ForceDelete:MenuTemplate'); + } + + public function forceDeleteAny(AuthUser $authUser): bool + { + return $authUser->can('ForceDeleteAny:MenuTemplate'); + } + + public function restoreAny(AuthUser $authUser): bool + { + return $authUser->can('RestoreAny:MenuTemplate'); + } + + public function replicate(AuthUser $authUser, MenuTemplate $menuTemplate): bool + { + return $authUser->can('Replicate:MenuTemplate'); + } + + public function reorder(AuthUser $authUser): bool + { + return $authUser->can('Reorder:MenuTemplate'); + } + +} \ No newline at end of file diff --git a/app/Policies/SectionTemplatePolicy.php b/app/Policies/SectionTemplatePolicy.php new file mode 100644 index 0000000..7e06657 --- /dev/null +++ b/app/Policies/SectionTemplatePolicy.php @@ -0,0 +1,70 @@ +can('ViewAny:SectionTemplate'); + } + + public function view(AuthUser $authUser, SectionTemplate $sectionTemplate): bool + { + return $authUser->can('View:SectionTemplate'); + } + + public function create(AuthUser $authUser): bool + { + return $authUser->can('Create:SectionTemplate'); + } + + public function update(AuthUser $authUser, SectionTemplate $sectionTemplate): bool + { + return $authUser->can('Update:SectionTemplate'); + } + + public function delete(AuthUser $authUser, SectionTemplate $sectionTemplate): bool + { + return $authUser->can('Delete:SectionTemplate'); + } + + public function restore(AuthUser $authUser, SectionTemplate $sectionTemplate): bool + { + return $authUser->can('Restore:SectionTemplate'); + } + + public function forceDelete(AuthUser $authUser, SectionTemplate $sectionTemplate): bool + { + return $authUser->can('ForceDelete:SectionTemplate'); + } + + public function forceDeleteAny(AuthUser $authUser): bool + { + return $authUser->can('ForceDeleteAny:SectionTemplate'); + } + + public function restoreAny(AuthUser $authUser): bool + { + return $authUser->can('RestoreAny:SectionTemplate'); + } + + public function replicate(AuthUser $authUser, SectionTemplate $sectionTemplate): bool + { + return $authUser->can('Replicate:SectionTemplate'); + } + + public function reorder(AuthUser $authUser): bool + { + return $authUser->can('Reorder:SectionTemplate'); + } + +} \ No newline at end of file diff --git a/app/Policies/SettingPolicy.php b/app/Policies/SettingPolicy.php new file mode 100644 index 0000000..9d2453f --- /dev/null +++ b/app/Policies/SettingPolicy.php @@ -0,0 +1,70 @@ +can('ViewAny:Setting'); + } + + public function view(AuthUser $authUser, Setting $setting): bool + { + return $authUser->can('View:Setting'); + } + + public function create(AuthUser $authUser): bool + { + return $authUser->can('Create:Setting'); + } + + public function update(AuthUser $authUser, Setting $setting): bool + { + return $authUser->can('Update:Setting'); + } + + public function delete(AuthUser $authUser, Setting $setting): bool + { + return $authUser->can('Delete:Setting'); + } + + public function restore(AuthUser $authUser, Setting $setting): bool + { + return $authUser->can('Restore:Setting'); + } + + public function forceDelete(AuthUser $authUser, Setting $setting): bool + { + return $authUser->can('ForceDelete:Setting'); + } + + public function forceDeleteAny(AuthUser $authUser): bool + { + return $authUser->can('ForceDeleteAny:Setting'); + } + + public function restoreAny(AuthUser $authUser): bool + { + return $authUser->can('RestoreAny:Setting'); + } + + public function replicate(AuthUser $authUser, Setting $setting): bool + { + return $authUser->can('Replicate:Setting'); + } + + public function reorder(AuthUser $authUser): bool + { + return $authUser->can('Reorder:Setting'); + } + +} \ No newline at end of file diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php index 2e9ab73..10cdce3 100644 --- a/app/Policies/UserPolicy.php +++ b/app/Policies/UserPolicy.php @@ -2,104 +2,66 @@ namespace App\Policies; -use App\Models\User; -use Illuminate\Auth\Access\Response; +use Illuminate\Foundation\Auth\User as AuthUser; +use Illuminate\Auth\Access\HandlesAuthorization; class UserPolicy { - /** - * Determine whether the user can view any models. - */ - public function viewAny(User $user): bool + use HandlesAuthorization; + + public function viewAny(AuthUser $authUser): bool { - return $user->can('ViewAny:User'); + return $authUser->can('ViewAny:User'); } - /** - * Determine whether the user can view the model. - */ - public function view(User $user, User $model): bool + public function view(AuthUser $authUser): bool { - return $user->can('View:User'); + return $authUser->can('View:User'); } - /** - * Determine whether the user can create models. - */ - public function create(User $user): bool + public function create(AuthUser $authUser): bool { - return $user->can('Create:User'); + return $authUser->can('Create:User'); } - /** - * Determine whether the user can update the model. - */ - public function update(User $user, User $model): bool + public function update(AuthUser $authUser): bool { - return $user->can('Update:User'); + return $authUser->can('Update:User'); } - /** - * Determine whether the user can delete the model. - */ - public function delete(User $user, User $model): bool + public function delete(AuthUser $authUser): bool { - return $user->can('Delete:User'); + return $authUser->can('Delete:User'); } - /** - * Determine whether the user can restore the model. - */ - public function restore(User $user, User $model): bool + public function restore(AuthUser $authUser): bool { - return $user->can('Restore:User'); + return $authUser->can('Restore:User'); } - /** - * Determine whether the user can permanently delete the model. - */ - public function forceDelete(User $user, User $model): bool + public function forceDelete(AuthUser $authUser): bool { - return $user->can('ForceDelete:User'); + return $authUser->can('ForceDelete:User'); } - /** - * Determine whether the user can delete any models. - */ - public function deleteAny(User $user): bool + public function forceDeleteAny(AuthUser $authUser): bool { - return $user->can('DeleteAny:User'); + return $authUser->can('ForceDeleteAny:User'); } - /** - * Determine whether the user can restore any models. - */ - public function restoreAny(User $user): bool + public function restoreAny(AuthUser $authUser): bool { - return $user->can('RestoreAny:User'); + return $authUser->can('RestoreAny:User'); } - /** - * Determine whether the user can permanently delete any models. - */ - public function forceDeleteAny(User $user): bool + public function replicate(AuthUser $authUser): bool { - return $user->can('ForceDeleteAny:User'); + return $authUser->can('Replicate:User'); } - /** - * Determine whether the user can replicate the model. - */ - public function replicate(User $user, User $model): bool + public function reorder(AuthUser $authUser): bool { - return $user->can('Replicate:User'); + return $authUser->can('Reorder:User'); } - /** - * Determine whether the user can reorder models. - */ - public function reorder(User $user): bool - { - return $user->can('Reorder:User'); - } -} +} \ No newline at end of file