javier
8025fa6d05
Permissions now actually govern access instead of the hard-coded Admin role:
- Super-admin bypass (see all projects / full access) -> can('manage all')
in Project::scopeAccessibleBy, ProjectMap, ProjectDashboard, PhaseGantt,
LayerManager, ProjectReportController.
- Redundant '|| hasRole(Admin)' fallbacks dropped (Gate::before already lets
manage-all through can()): LayerManager (upload/delete layers), MediaManager
(upload), ProjectMap (update progress), ProjectUsers/ProjectCompanies
(assign users).
- Admin-only screens now gated by the matching permission: AdminUsers/UserView
-> can('view users'), UserForm -> can('create users')|can('edit users'),
CompanyView -> can('view companies').
- MediaManager delete: can('delete media') OR owner.
- Kept UserForm's domain guard (can't remove your own Admin role).
Note: the /admin route group still has middleware can:manage all, so admin
screens stay super-admin-only until that group is relaxed per-route.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
81 lines
2.4 KiB
PHP
81 lines
2.4 KiB
PHP
<?php
|
|
|
|
namespace App\Livewire;
|
|
|
|
use Livewire\Component;
|
|
use App\Models\Project;
|
|
use App\Models\Company;
|
|
use Illuminate\Support\Facades\Auth;
|
|
|
|
class ProjectCompanies extends Component
|
|
{
|
|
public Project $project;
|
|
public $assignedCompanies = [];
|
|
public $allCompanies = [];
|
|
public $selectedCompanyId = '';
|
|
public $selectedRole = 'other';
|
|
|
|
public function mount(Project $project)
|
|
{
|
|
$this->project = $project;
|
|
$this->loadCompanies();
|
|
}
|
|
|
|
public function loadCompanies()
|
|
{
|
|
$this->assignedCompanies = $this->project->companies()->withPivot('role_in_project')->get();
|
|
$assignedIds = $this->assignedCompanies->pluck('id')->toArray();
|
|
$this->allCompanies = Company::whereNotIn('id', $assignedIds)->orderBy('name')->get();
|
|
}
|
|
|
|
public function assignCompany()
|
|
{
|
|
$user = Auth::user();
|
|
if (!$user->can('assign users')) {
|
|
session()->flash('error', 'No tienes permisos para asignar compañías.');
|
|
return;
|
|
}
|
|
|
|
$this->validate([
|
|
'selectedCompanyId' => 'required|exists:companies,id',
|
|
'selectedRole' => 'required|in:owner,constructor,subcontractor,consultant,supplier,other',
|
|
]);
|
|
|
|
$this->project->companies()->attach($this->selectedCompanyId, [
|
|
'role_in_project' => $this->selectedRole
|
|
]);
|
|
|
|
$this->reset(['selectedCompanyId', 'selectedRole']);
|
|
$this->loadCompanies();
|
|
$this->dispatch('notify', 'Compañía asignada al proyecto.');
|
|
}
|
|
|
|
public function removeCompany($companyId)
|
|
{
|
|
$user = Auth::user();
|
|
if (!$user->can('assign users')) {
|
|
session()->flash('error', 'Sin permisos.');
|
|
return;
|
|
}
|
|
|
|
$this->project->companies()->detach($companyId);
|
|
$this->loadCompanies();
|
|
$this->dispatch('notify', 'Compañía eliminada del proyecto.');
|
|
}
|
|
|
|
public function changeRole($companyId, $role)
|
|
{
|
|
if (!in_array($role, ['owner', 'constructor', 'subcontractor', 'consultant', 'supplier', 'other'])) return;
|
|
|
|
$this->project->companies()->updateExistingPivot($companyId, [
|
|
'role_in_project' => $role
|
|
]);
|
|
$this->loadCompanies();
|
|
$this->dispatch('notify', 'Rol actualizado.');
|
|
}
|
|
|
|
public function render()
|
|
{
|
|
return view('livewire.project-companies');
|
|
}
|
|
} |