From a0a61ba68367c4567f700059697b0c983ccb8d52 Mon Sep 17 00:00:00 2001
From: sky121113 <sky121113@gmail.com>
Date: Tue, 13 Jan 2026 17:21:36 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E7=A2=BA=E4=BF=9D=20super-admin=20?=
 =?UTF-8?q?=E8=A7=92=E8=89=B2=E6=93=81=E6=9C=89=E7=B3=BB=E7=B5=B1=E6=89=80?=
 =?UTF-8?q?=E6=9C=89=E6=AC=8A=E9=99=90=E4=B8=94=E9=96=8B=E5=95=9F=20Gate?=
 =?UTF-8?q?=20bypass?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Providers/AppServiceProvider.php          |  8 ++--
 ...71900_sync_super_admin_all_permissions.php | 47 +++++++++++++++++++
 2 files changed, 52 insertions(+), 3 deletions(-)
 create mode 100644 database/migrations/2026_01_13_171900_sync_super_admin_all_permissions.php

diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 96b95d0..1d2694d 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -15,14 +15,16 @@ class AppServiceProvider extends ServiceProvider
         //
     }
 
-    /**
-     * Bootstrap any application services.
-     */
     public function boot(): void
     {
         // 如果是在正式環境，強制轉為 https
         if (config('app.env') === 'production') {
             URL::forceScheme('https');
         }
+
+        // 隱含授權：讓 "super-admin" 角色擁有所有權限
+        \Illuminate\Support\Facades\Gate::before(function ($user, $ability) {
+            return $user->hasRole('super-admin') ? true : null;
+        });
     }
 }
diff --git a/database/migrations/2026_01_13_171900_sync_super_admin_all_permissions.php b/database/migrations/2026_01_13_171900_sync_super_admin_all_permissions.php
new file mode 100644
index 0000000..1f7f7a1
--- /dev/null
+++ b/database/migrations/2026_01_13_171900_sync_super_admin_all_permissions.php
@@ -0,0 +1,47 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\DB;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     * 確保 super-admin 角色擁有所有權限
+     */
+    public function up(): void
+    {
+        // 取得 super-admin 角色
+        $role = DB::table('roles')->where('name', 'super-admin')->first();
+        if (!$role) {
+            return; // 角色不存在則跳過
+        }
+
+        // 取得所有權限
+        $permissions = DB::table('permissions')->pluck('id');
+        if ($permissions->isEmpty()) {
+            return;
+        }
+
+        // 清除該角色現有的權限
+        DB::table('role_has_permissions')
+            ->where('role_id', $role->id)
+            ->delete();
+
+        // 指派所有權限給 super-admin
+        $inserts = $permissions->map(fn ($permissionId) => [
+            'permission_id' => $permissionId,
+            'role_id' => $role->id,
+        ])->toArray();
+
+        DB::table('role_has_permissions')->insert($inserts);
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        // 此 Migration 不需要復原邏輯
+    }
+};