feat: 確保 super-admin 角色擁有系統所有權限且開啟 Gate bypass
This commit is contained in:
@@ -15,14 +15,16 @@ class AppServiceProvider extends ServiceProvider
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Bootstrap any application services.
|
||||
*/
|
||||
public function boot(): void
|
||||
{
|
||||
// 如果是在正式環境,強制轉為 https
|
||||
if (config('app.env') === 'production') {
|
||||
URL::forceScheme('https');
|
||||
}
|
||||
|
||||
// 隱含授權:讓 "super-admin" 角色擁有所有權限
|
||||
\Illuminate\Support\Facades\Gate::before(function ($user, $ability) {
|
||||
return $user->hasRole('super-admin') ? true : null;
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,47 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
* 確保 super-admin 角色擁有所有權限
|
||||
*/
|
||||
public function up(): void
|
||||
{
|
||||
// 取得 super-admin 角色
|
||||
$role = DB::table('roles')->where('name', 'super-admin')->first();
|
||||
if (!$role) {
|
||||
return; // 角色不存在則跳過
|
||||
}
|
||||
|
||||
// 取得所有權限
|
||||
$permissions = DB::table('permissions')->pluck('id');
|
||||
if ($permissions->isEmpty()) {
|
||||
return;
|
||||
}
|
||||
|
||||
// 清除該角色現有的權限
|
||||
DB::table('role_has_permissions')
|
||||
->where('role_id', $role->id)
|
||||
->delete();
|
||||
|
||||
// 指派所有權限給 super-admin
|
||||
$inserts = $permissions->map(fn ($permissionId) => [
|
||||
'permission_id' => $permissionId,
|
||||
'role_id' => $role->id,
|
||||
])->toArray();
|
||||
|
||||
DB::table('role_has_permissions')->insert($inserts);
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*/
|
||||
public function down(): void
|
||||
{
|
||||
// 此 Migration 不需要復原邏輯
|
||||
}
|
||||
};
|
||||
Reference in New Issue
Block a user