diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index 96b95d0..1d2694d 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -15,14 +15,16 @@ class AppServiceProvider extends ServiceProvider // } - /** - * Bootstrap any application services. - */ public function boot(): void { // 如果是在正式環境,強制轉為 https if (config('app.env') === 'production') { URL::forceScheme('https'); } + + // 隱含授權:讓 "super-admin" 角色擁有所有權限 + \Illuminate\Support\Facades\Gate::before(function ($user, $ability) { + return $user->hasRole('super-admin') ? true : null; + }); } } diff --git a/database/migrations/2026_01_13_171900_sync_super_admin_all_permissions.php b/database/migrations/2026_01_13_171900_sync_super_admin_all_permissions.php new file mode 100644 index 0000000..1f7f7a1 --- /dev/null +++ b/database/migrations/2026_01_13_171900_sync_super_admin_all_permissions.php @@ -0,0 +1,47 @@ +where('name', 'super-admin')->first(); + if (!$role) { + return; // 角色不存在則跳過 + } + + // 取得所有權限 + $permissions = DB::table('permissions')->pluck('id'); + if ($permissions->isEmpty()) { + return; + } + + // 清除該角色現有的權限 + DB::table('role_has_permissions') + ->where('role_id', $role->id) + ->delete(); + + // 指派所有權限給 super-admin + $inserts = $permissions->map(fn ($permissionId) => [ + 'permission_id' => $permissionId, + 'role_id' => $role->id, + ])->toArray(); + + DB::table('role_has_permissions')->insert($inserts); + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + // 此 Migration 不需要復原邏輯 + } +};