Add policies for template management: Introduced new policy classes for managing permissions related to FooterTemplate, HeaderTemplate, MenuTemplate, SectionTemplate, and Setting. Updated LanguagePolicy and UserPolicy to utilize AuthUser for authorization checks, enhancing the security and maintainability of the application.

This commit is contained in:
Ümit Tunç
2025-11-05 03:02:35 -03:00
parent 91ddc64009
commit 6db36912d4
8 changed files with 439 additions and 135 deletions
+26 -7
View File
@@ -4,6 +4,7 @@ namespace App\Console\Commands;
use App\Models\User;
use Illuminate\Console\Command;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;
class MakeSuperAdmin extends Command
@@ -54,18 +55,36 @@ class MakeSuperAdmin extends Command
'guard_name' => 'web',
]);
// Kullanıcı zaten super admin mi kontrol et
if ($user->hasRole('super_admin')) {
$this->warn("Kullanıcı '{$user->name}' ({$user->email}) zaten super admin!");
// Super admin rolünü ata (eğer yoksa)
if (!$user->hasRole('super_admin')) {
$user->assignRole('super_admin');
}
// Tüm izinleri super admin rolüne ata (her zaman güncelle)
$this->info('Tüm izinler super admin rolüne atanıyor...');
$this->syncAllPermissions($role);
$this->info("✓ Kullanıcı '{$user->name}' ({$user->email}) super admin yetkileri güncellendi!");
return self::SUCCESS;
}
// Super admin rolünü ata
$user->assignRole('super_admin');
/**
* Tüm izinleri super admin rolüne senkronize et
*/
protected function syncAllPermissions(Role $role): void
{
$allPermissions = Permission::where('guard_name', 'web')->get();
$this->info("✓ Kullanıcı '{$user->name}' ({$user->email}) başarıyla super admin yapıldı!");
if ($allPermissions->isEmpty()) {
$this->warn('Henüz hiç izin tanımlanmamış. İzinleri oluşturmak için: php artisan shield:generate --all');
return;
}
return self::SUCCESS;
$permissionCount = $allPermissions->count();
$role->syncPermissions($allPermissions);
$this->info("{$permissionCount} adet izin super admin rolüne atandı.");
}
}
+70
View File
@@ -0,0 +1,70 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use Illuminate\Foundation\Auth\User as AuthUser;
use App\Models\FooterTemplate;
use Illuminate\Auth\Access\HandlesAuthorization;
class FooterTemplatePolicy
{
use HandlesAuthorization;
public function viewAny(AuthUser $authUser): bool
{
return $authUser->can('ViewAny:FooterTemplate');
}
public function view(AuthUser $authUser, FooterTemplate $footerTemplate): bool
{
return $authUser->can('View:FooterTemplate');
}
public function create(AuthUser $authUser): bool
{
return $authUser->can('Create:FooterTemplate');
}
public function update(AuthUser $authUser, FooterTemplate $footerTemplate): bool
{
return $authUser->can('Update:FooterTemplate');
}
public function delete(AuthUser $authUser, FooterTemplate $footerTemplate): bool
{
return $authUser->can('Delete:FooterTemplate');
}
public function restore(AuthUser $authUser, FooterTemplate $footerTemplate): bool
{
return $authUser->can('Restore:FooterTemplate');
}
public function forceDelete(AuthUser $authUser, FooterTemplate $footerTemplate): bool
{
return $authUser->can('ForceDelete:FooterTemplate');
}
public function forceDeleteAny(AuthUser $authUser): bool
{
return $authUser->can('ForceDeleteAny:FooterTemplate');
}
public function restoreAny(AuthUser $authUser): bool
{
return $authUser->can('RestoreAny:FooterTemplate');
}
public function replicate(AuthUser $authUser, FooterTemplate $footerTemplate): bool
{
return $authUser->can('Replicate:FooterTemplate');
}
public function reorder(AuthUser $authUser): bool
{
return $authUser->can('Reorder:FooterTemplate');
}
}
+70
View File
@@ -0,0 +1,70 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use Illuminate\Foundation\Auth\User as AuthUser;
use App\Models\HeaderTemplate;
use Illuminate\Auth\Access\HandlesAuthorization;
class HeaderTemplatePolicy
{
use HandlesAuthorization;
public function viewAny(AuthUser $authUser): bool
{
return $authUser->can('ViewAny:HeaderTemplate');
}
public function view(AuthUser $authUser, HeaderTemplate $headerTemplate): bool
{
return $authUser->can('View:HeaderTemplate');
}
public function create(AuthUser $authUser): bool
{
return $authUser->can('Create:HeaderTemplate');
}
public function update(AuthUser $authUser, HeaderTemplate $headerTemplate): bool
{
return $authUser->can('Update:HeaderTemplate');
}
public function delete(AuthUser $authUser, HeaderTemplate $headerTemplate): bool
{
return $authUser->can('Delete:HeaderTemplate');
}
public function restore(AuthUser $authUser, HeaderTemplate $headerTemplate): bool
{
return $authUser->can('Restore:HeaderTemplate');
}
public function forceDelete(AuthUser $authUser, HeaderTemplate $headerTemplate): bool
{
return $authUser->can('ForceDelete:HeaderTemplate');
}
public function forceDeleteAny(AuthUser $authUser): bool
{
return $authUser->can('ForceDeleteAny:HeaderTemplate');
}
public function restoreAny(AuthUser $authUser): bool
{
return $authUser->can('RestoreAny:HeaderTemplate');
}
public function replicate(AuthUser $authUser, HeaderTemplate $headerTemplate): bool
{
return $authUser->can('Replicate:HeaderTemplate');
}
public function reorder(AuthUser $authUser): bool
{
return $authUser->can('Reorder:HeaderTemplate');
}
}
+35 -62
View File
@@ -1,97 +1,70 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use Illuminate\Foundation\Auth\User as AuthUser;
use App\Models\Language;
use App\Models\User;
use Illuminate\Auth\Access\Response;
use Illuminate\Auth\Access\HandlesAuthorization;
class LanguagePolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
use HandlesAuthorization;
public function viewAny(AuthUser $authUser): bool
{
return $user->hasRole('super_admin') || $user->can('language::viewAny');
return $authUser->can('ViewAny:Language');
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, Language $language): bool
public function view(AuthUser $authUser, Language $language): bool
{
return $user->hasRole('super_admin') || $user->can('language::view');
return $authUser->can('View:Language');
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
public function create(AuthUser $authUser): bool
{
return $user->hasRole('super_admin') || $user->can('language::create');
return $authUser->can('Create:Language');
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Language $language): bool
public function update(AuthUser $authUser, Language $language): bool
{
// Cannot disable default language
if ($language->is_default && !$user->hasRole('super_admin')) {
return false;
return $authUser->can('Update:Language');
}
return $user->hasRole('super_admin') || $user->can('language::update');
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, Language $language): bool
public function delete(AuthUser $authUser, Language $language): bool
{
// Cannot delete default language
if ($language->is_default) {
return false;
return $authUser->can('Delete:Language');
}
return $user->hasRole('super_admin') || $user->can('language::delete');
}
/**
* Determine whether the user can restore the model.
*/
public function restore(User $user, Language $language): bool
public function restore(AuthUser $authUser, Language $language): bool
{
return $user->hasRole('super_admin') || $user->can('language::restore');
return $authUser->can('Restore:Language');
}
/**
* Determine whether the user can permanently delete the model.
*/
public function forceDelete(User $user, Language $language): bool
public function forceDelete(AuthUser $authUser, Language $language): bool
{
// Cannot force delete default language
if ($language->is_default) {
return false;
return $authUser->can('ForceDelete:Language');
}
return $user->hasRole('super_admin') || $user->can('language::forceDelete');
}
/**
* Determine whether the user can activate the language.
*/
public function activate(User $user): bool
public function forceDeleteAny(AuthUser $authUser): bool
{
return $user->hasRole('super_admin') || $user->can('language::activate');
return $authUser->can('ForceDeleteAny:Language');
}
/**
* Determine whether the user can set the language as default.
*/
public function setDefault(User $user): bool
public function restoreAny(AuthUser $authUser): bool
{
return $user->hasRole('super_admin') || $user->can('language::setDefault');
return $authUser->can('RestoreAny:Language');
}
public function replicate(AuthUser $authUser, Language $language): bool
{
return $authUser->can('Replicate:Language');
}
public function reorder(AuthUser $authUser): bool
{
return $authUser->can('Reorder:Language');
}
}
+70
View File
@@ -0,0 +1,70 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use Illuminate\Foundation\Auth\User as AuthUser;
use App\Models\MenuTemplate;
use Illuminate\Auth\Access\HandlesAuthorization;
class MenuTemplatePolicy
{
use HandlesAuthorization;
public function viewAny(AuthUser $authUser): bool
{
return $authUser->can('ViewAny:MenuTemplate');
}
public function view(AuthUser $authUser, MenuTemplate $menuTemplate): bool
{
return $authUser->can('View:MenuTemplate');
}
public function create(AuthUser $authUser): bool
{
return $authUser->can('Create:MenuTemplate');
}
public function update(AuthUser $authUser, MenuTemplate $menuTemplate): bool
{
return $authUser->can('Update:MenuTemplate');
}
public function delete(AuthUser $authUser, MenuTemplate $menuTemplate): bool
{
return $authUser->can('Delete:MenuTemplate');
}
public function restore(AuthUser $authUser, MenuTemplate $menuTemplate): bool
{
return $authUser->can('Restore:MenuTemplate');
}
public function forceDelete(AuthUser $authUser, MenuTemplate $menuTemplate): bool
{
return $authUser->can('ForceDelete:MenuTemplate');
}
public function forceDeleteAny(AuthUser $authUser): bool
{
return $authUser->can('ForceDeleteAny:MenuTemplate');
}
public function restoreAny(AuthUser $authUser): bool
{
return $authUser->can('RestoreAny:MenuTemplate');
}
public function replicate(AuthUser $authUser, MenuTemplate $menuTemplate): bool
{
return $authUser->can('Replicate:MenuTemplate');
}
public function reorder(AuthUser $authUser): bool
{
return $authUser->can('Reorder:MenuTemplate');
}
}
+70
View File
@@ -0,0 +1,70 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use Illuminate\Foundation\Auth\User as AuthUser;
use App\Models\SectionTemplate;
use Illuminate\Auth\Access\HandlesAuthorization;
class SectionTemplatePolicy
{
use HandlesAuthorization;
public function viewAny(AuthUser $authUser): bool
{
return $authUser->can('ViewAny:SectionTemplate');
}
public function view(AuthUser $authUser, SectionTemplate $sectionTemplate): bool
{
return $authUser->can('View:SectionTemplate');
}
public function create(AuthUser $authUser): bool
{
return $authUser->can('Create:SectionTemplate');
}
public function update(AuthUser $authUser, SectionTemplate $sectionTemplate): bool
{
return $authUser->can('Update:SectionTemplate');
}
public function delete(AuthUser $authUser, SectionTemplate $sectionTemplate): bool
{
return $authUser->can('Delete:SectionTemplate');
}
public function restore(AuthUser $authUser, SectionTemplate $sectionTemplate): bool
{
return $authUser->can('Restore:SectionTemplate');
}
public function forceDelete(AuthUser $authUser, SectionTemplate $sectionTemplate): bool
{
return $authUser->can('ForceDelete:SectionTemplate');
}
public function forceDeleteAny(AuthUser $authUser): bool
{
return $authUser->can('ForceDeleteAny:SectionTemplate');
}
public function restoreAny(AuthUser $authUser): bool
{
return $authUser->can('RestoreAny:SectionTemplate');
}
public function replicate(AuthUser $authUser, SectionTemplate $sectionTemplate): bool
{
return $authUser->can('Replicate:SectionTemplate');
}
public function reorder(AuthUser $authUser): bool
{
return $authUser->can('Reorder:SectionTemplate');
}
}
+70
View File
@@ -0,0 +1,70 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use Illuminate\Foundation\Auth\User as AuthUser;
use App\Models\Setting;
use Illuminate\Auth\Access\HandlesAuthorization;
class SettingPolicy
{
use HandlesAuthorization;
public function viewAny(AuthUser $authUser): bool
{
return $authUser->can('ViewAny:Setting');
}
public function view(AuthUser $authUser, Setting $setting): bool
{
return $authUser->can('View:Setting');
}
public function create(AuthUser $authUser): bool
{
return $authUser->can('Create:Setting');
}
public function update(AuthUser $authUser, Setting $setting): bool
{
return $authUser->can('Update:Setting');
}
public function delete(AuthUser $authUser, Setting $setting): bool
{
return $authUser->can('Delete:Setting');
}
public function restore(AuthUser $authUser, Setting $setting): bool
{
return $authUser->can('Restore:Setting');
}
public function forceDelete(AuthUser $authUser, Setting $setting): bool
{
return $authUser->can('ForceDelete:Setting');
}
public function forceDeleteAny(AuthUser $authUser): bool
{
return $authUser->can('ForceDeleteAny:Setting');
}
public function restoreAny(AuthUser $authUser): bool
{
return $authUser->can('RestoreAny:Setting');
}
public function replicate(AuthUser $authUser, Setting $setting): bool
{
return $authUser->can('Replicate:Setting');
}
public function reorder(AuthUser $authUser): bool
{
return $authUser->can('Reorder:Setting');
}
}
+26 -64
View File
@@ -2,104 +2,66 @@
namespace App\Policies;
use App\Models\User;
use Illuminate\Auth\Access\Response;
use Illuminate\Foundation\Auth\User as AuthUser;
use Illuminate\Auth\Access\HandlesAuthorization;
class UserPolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
use HandlesAuthorization;
public function viewAny(AuthUser $authUser): bool
{
return $user->can('ViewAny:User');
return $authUser->can('ViewAny:User');
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, User $model): bool
public function view(AuthUser $authUser): bool
{
return $user->can('View:User');
return $authUser->can('View:User');
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
public function create(AuthUser $authUser): bool
{
return $user->can('Create:User');
return $authUser->can('Create:User');
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, User $model): bool
public function update(AuthUser $authUser): bool
{
return $user->can('Update:User');
return $authUser->can('Update:User');
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, User $model): bool
public function delete(AuthUser $authUser): bool
{
return $user->can('Delete:User');
return $authUser->can('Delete:User');
}
/**
* Determine whether the user can restore the model.
*/
public function restore(User $user, User $model): bool
public function restore(AuthUser $authUser): bool
{
return $user->can('Restore:User');
return $authUser->can('Restore:User');
}
/**
* Determine whether the user can permanently delete the model.
*/
public function forceDelete(User $user, User $model): bool
public function forceDelete(AuthUser $authUser): bool
{
return $user->can('ForceDelete:User');
return $authUser->can('ForceDelete:User');
}
/**
* Determine whether the user can delete any models.
*/
public function deleteAny(User $user): bool
public function forceDeleteAny(AuthUser $authUser): bool
{
return $user->can('DeleteAny:User');
return $authUser->can('ForceDeleteAny:User');
}
/**
* Determine whether the user can restore any models.
*/
public function restoreAny(User $user): bool
public function restoreAny(AuthUser $authUser): bool
{
return $user->can('RestoreAny:User');
return $authUser->can('RestoreAny:User');
}
/**
* Determine whether the user can permanently delete any models.
*/
public function forceDeleteAny(User $user): bool
public function replicate(AuthUser $authUser): bool
{
return $user->can('ForceDeleteAny:User');
return $authUser->can('Replicate:User');
}
/**
* Determine whether the user can replicate the model.
*/
public function replicate(User $user, User $model): bool
public function reorder(AuthUser $authUser): bool
{
return $user->can('Replicate:User');
return $authUser->can('Reorder:User');
}
/**
* Determine whether the user can reorder models.
*/
public function reorder(User $user): bool
{
return $user->can('Reorder:User');
}
}