javier/construprogress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(authz): per-route permission gating for /admin (granular admin roles)

Browse Source 
Finishes Phase 2: the /admin route group no longer requires 'manage all'
globally. Each route is gated by its specific permission so a non-super-admin
role can be granted partial admin access:
- /admin/users (+show) -> can:view users; create -> can:create users;
  edit -> can:edit users
- /admin/roles, roles/*, permissions -> can:manage roles
- Aligned the role screens' mount checks (RoleForm/RoleView/RolePermissionManager)
  from 'manage all' to 'manage roles'.
- Nav 'Administrator' link now shows on can('view users').
Admins keep full access via Gate::before (manage all). Closure routes
(users/roles lists) are now protected at the route level.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Javier Braña
2026-06-17 19:15:58 +02:00
parent 8025fa6d05
commit 13f36e8ec0
5 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
resources/views/livewire/layout/navigation.blade.php
+1 -1
View File
@@ -49,7 +49,7 @@ new class extends Component
</x-nav-link>
</div>
@can('manage all')
@can('view users')
<div class="hidden space-x-8 sm:-my-px sm:ms-10 sm:flex">
<x-nav-link :href="route('admin.users')" :active="request()->routeIs('admin.users')" wire:navigate>
{{ __('Administrator') }}