mama/star-erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a160e3f15f74fcf34a9eeb2ebf2e6cfa3f20f4b5
star-erp/database/seeders/PermissionSeeder.php
sky121113 d671c08338
All checks were successful
Koori-ERP-Deploy-System / deploy-demo (push) Has been skipped
Details
Koori-ERP-Deploy-System / deploy-production (push) Successful in 1m1s
Details
feat: 實作使用者啟停用功能與安全性強化 
- 新增使用者「啟用/停用」狀態切換功能 (含後端 API、權限控管、活動紀錄)
- 強化安全性:隱藏超級管理員角色的可見度與操作權限
- 更新開發規範:加入多租戶資料同步規範於 framework.md
- 前端優化:使用 Switch 元件進行狀態快速切換,調整表格欄位順序
2026-02-03 11:51:46 +08:00

172 lines
6.0 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;
use App\Modules\Core\Models\User;
class PermissionSeeder extends Seeder
{
/**
* Run the database seeds.
*/
public function run(): void
{
// 重置快取
app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();
// 建立權限
$permissions = [
// 產品管理
'products.view',
'products.create',
'products.edit',
'products.delete',
// 採購單管理
'purchase_orders.view',
'purchase_orders.create',
'purchase_orders.edit',
'purchase_orders.delete',
'purchase_orders.publish',
// 庫存管理
'inventory.view',
'inventory.view_cost', // 查看成本與價值
'inventory.adjust',
'inventory.count', // 庫存盤點
'inventory.transfer', // 庫存調撥
'inventory.delete',
// 進貨單管理
'goods_receipts.view',
'goods_receipts.create',
'goods_receipts.edit',
'goods_receipts.delete',
// 生產工單管理
'production_orders.view',
'production_orders.create',
'production_orders.edit',
'production_orders.delete',
// 配方管理
'recipes.view',
'recipes.create',
'recipes.edit',
'recipes.delete',
// 供應商管理
'vendors.view',
'vendors.create',
'vendors.edit',
'vendors.delete',
// 倉庫管理
'warehouses.view',
'warehouses.create',
'warehouses.edit',
'warehouses.delete',
// 使用者管理
'users.view',
'users.create',
'users.edit',
'users.delete',
'users.activate', // 啟用/停用使用者
// 角色權限管理
'roles.view',
'roles.create',
'roles.edit',
'roles.delete',
// 系統日誌
'system.view_logs',
// 公共事業費管理
'utility_fees.view',
'utility_fees.create',
'utility_fees.edit',
'utility_fees.delete',
// 會計報表
'accounting.view',
'accounting.export',
];
foreach ($permissions as $permission) {
Permission::firstOrCreate(['name' => $permission]);
}
// 建立角色
$superAdmin = Role::firstOrCreate(['name' => 'super-admin'], ['display_name' => '系統管理員']);
$admin = Role::firstOrCreate(['name' => 'admin'], ['display_name' => '一般管理員']);
$warehouseManager = Role::firstOrCreate(['name' => 'warehouse-manager'], ['display_name' => '倉庫管理員']);
$purchaser = Role::firstOrCreate(['name' => 'purchaser'], ['display_name' => '採購人員']);
$viewer = Role::firstOrCreate(['name' => 'viewer'], ['display_name' => '檢視人員']);
// 給角色分配權限
// super-admin 擁有所有權限
$superAdmin->givePermissionTo(Permission::all());
// admin 擁有大部分權限(除了角色管理)
$admin->givePermissionTo([
'products.view', 'products.create', 'products.edit', 'products.delete',
'purchase_orders.view', 'purchase_orders.create', 'purchase_orders.edit',
'purchase_orders.delete', 'purchase_orders.publish',
'inventory.view', 'inventory.view_cost', 'inventory.adjust', 'inventory.transfer', 'inventory.delete',
'goods_receipts.view', 'goods_receipts.create', 'goods_receipts.edit', 'goods_receipts.delete',
'production_orders.view', 'production_orders.create', 'production_orders.edit', 'production_orders.delete',
'recipes.view', 'recipes.create', 'recipes.edit', 'recipes.delete',
'vendors.view', 'vendors.create', 'vendors.edit', 'vendors.delete',
'warehouses.view', 'warehouses.create', 'warehouses.edit', 'warehouses.delete',
'users.view', 'users.create', 'users.edit',
'users.view', 'users.create', 'users.edit',
'system.view_logs',
'utility_fees.view', 'utility_fees.create', 'utility_fees.edit', 'utility_fees.delete',
'accounting.view', 'accounting.export',
]);
// warehouse-manager 管理庫存與倉庫
$warehouseManager->givePermissionTo([
'products.view',
'inventory.view', 'inventory.adjust', 'inventory.count', 'inventory.transfer', 'inventory.delete',
'goods_receipts.view', 'goods_receipts.create', 'goods_receipts.edit', 'goods_receipts.delete',
'production_orders.view', 'production_orders.create', 'production_orders.edit',
'warehouses.view', 'warehouses.create', 'warehouses.edit',
]);
// purchaser 管理採購與供應商
$purchaser->givePermissionTo([
'products.view',
'purchase_orders.view', 'purchase_orders.create', 'purchase_orders.edit',
'vendors.view', 'vendors.create', 'vendors.edit',
'inventory.view',
'goods_receipts.view', 'goods_receipts.create',
]);
// viewer 僅能查看
$viewer->givePermissionTo([
'products.view',
'purchase_orders.view',
'inventory.view',
'goods_receipts.view',
'vendors.view',
'warehouses.view',
'utility_fees.view',
'accounting.view',
]);
// 將現有使用者設為 super-admin如果存在的話
$firstUser = User::first();
if ($firstUser) {
$firstUser->assignRole('super-admin');
$this->command->info("已將使用者 {$firstUser->name} 設為 super-admin");
}
}
}
Reference in New Issue View Git Blame Copy Permalink