star-erp/database/seeders/PermissionSeeder.php

<?php

namespace Database\Seeders;

use Illuminate\Database\Seeder;
use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;
use App\Modules\Core\Models\User;

class PermissionSeeder extends Seeder
{
    /**
     * Run the database seeds.
     */
    public function run(): void
    {
        // 重置快取
        app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();

        // 建立權限
        $permissions = [
            // 產品管理
            'products.view',
            'products.create',
            'products.edit',
            'products.delete',

            // 採購單管理
            'purchase_orders.view',
            'purchase_orders.create',
            'purchase_orders.edit',
            'purchase_orders.delete',
            'purchase_orders.publish',

            // 庫存管理
            'inventory.view',
            'inventory.view_cost', // 查看成本與價值
            'inventory.adjust',
            'inventory.count',     // 庫存盤點
            'inventory.transfer',  // 庫存調撥
            'inventory.delete',

            // 進貨單管理
            'goods_receipts.view',
            'goods_receipts.create',
            'goods_receipts.edit',
            'goods_receipts.delete',

            // 生產工單管理
            'production_orders.view',
            'production_orders.create',
            'production_orders.edit',
            'production_orders.delete',

            // 配方管理
            'recipes.view',
            'recipes.create',
            'recipes.edit',
            'recipes.delete',

            // 供應商管理
            'vendors.view',
            'vendors.create',
            'vendors.edit',
            'vendors.delete',

            // 倉庫管理
            'warehouses.view',
            'warehouses.create',
            'warehouses.edit',
            'warehouses.delete',

            // 使用者管理
            'users.view',
            'users.create',
            'users.edit',
            'users.delete',

            // 角色權限管理
            'roles.view',
            'roles.create',
            'roles.edit',
            'roles.delete',

            // 系統日誌
            'system.view_logs',

            // 公共事業費管理
            'utility_fees.view',
            'utility_fees.create',
            'utility_fees.edit',
            'utility_fees.delete',

            // 會計報表
            'accounting.view',
            'accounting.export',
        ];

        foreach ($permissions as $permission) {
            Permission::firstOrCreate(['name' => $permission]);
        }

        // 建立角色
        $superAdmin = Role::firstOrCreate(['name' => 'super-admin'], ['display_name' => '系統管理員']);
        $admin = Role::firstOrCreate(['name' => 'admin'], ['display_name' => '一般管理員']);
        $warehouseManager = Role::firstOrCreate(['name' => 'warehouse-manager'], ['display_name' => '倉庫管理員']);
        $purchaser = Role::firstOrCreate(['name' => 'purchaser'], ['display_name' => '採購人員']);
        $viewer = Role::firstOrCreate(['name' => 'viewer'], ['display_name' => '檢視人員']);


        // 給角色分配權限
        // super-admin 擁有所有權限
        $superAdmin->givePermissionTo(Permission::all());

        // admin 擁有大部分權限（除了角色管理）
        $admin->givePermissionTo([
            'products.view', 'products.create', 'products.edit', 'products.delete',
            'purchase_orders.view', 'purchase_orders.create', 'purchase_orders.edit', 
            'purchase_orders.delete', 'purchase_orders.publish',
            'inventory.view', 'inventory.view_cost', 'inventory.adjust', 'inventory.transfer', 'inventory.delete',
            'goods_receipts.view', 'goods_receipts.create', 'goods_receipts.edit', 'goods_receipts.delete',
            'production_orders.view', 'production_orders.create', 'production_orders.edit', 'production_orders.delete',
            'recipes.view', 'recipes.create', 'recipes.edit', 'recipes.delete',
            'vendors.view', 'vendors.create', 'vendors.edit', 'vendors.delete',
            'warehouses.view', 'warehouses.create', 'warehouses.edit', 'warehouses.delete',
            'users.view', 'users.create', 'users.edit',
            'users.view', 'users.create', 'users.edit',
            'system.view_logs',
            'utility_fees.view', 'utility_fees.create', 'utility_fees.edit', 'utility_fees.delete',
            'accounting.view', 'accounting.export',
        ]);

        // warehouse-manager 管理庫存與倉庫
        $warehouseManager->givePermissionTo([
            'products.view',
            'inventory.view', 'inventory.adjust', 'inventory.count', 'inventory.transfer', 'inventory.delete',
            'goods_receipts.view', 'goods_receipts.create', 'goods_receipts.edit', 'goods_receipts.delete',
            'production_orders.view', 'production_orders.create', 'production_orders.edit',
            'warehouses.view', 'warehouses.create', 'warehouses.edit',
        ]);

        // purchaser 管理採購與供應商
        $purchaser->givePermissionTo([
            'products.view',
            'purchase_orders.view', 'purchase_orders.create', 'purchase_orders.edit',
            'vendors.view', 'vendors.create', 'vendors.edit',
            'inventory.view',
            'goods_receipts.view', 'goods_receipts.create',
        ]);

        // viewer 僅能查看
        $viewer->givePermissionTo([
            'products.view',
            'purchase_orders.view',
            'inventory.view',
            'goods_receipts.view',
            'vendors.view',
            'warehouses.view',
            'utility_fees.view',
            'accounting.view',
        ]);

        // 將現有使用者設為 super-admin（如果存在的話）
        $firstUser = User::first();
        if ($firstUser) {
            $firstUser->assignRole('super-admin');
            $this->command->info("已將使用者 {$firstUser->name} 設為 super-admin");
        }
    }
}