javier/construprogress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
13f36e8ec0950d75cc3552f4b9e5d1a4680447f0
construprogress/app/Livewire/ProjectUsers.php
T
javier 8025fa6d05 refactor(authz): Phase 2 — replace hasRole('Admin') with permission checks 
Permissions now actually govern access instead of the hard-coded Admin role:
- Super-admin bypass (see all projects / full access) -> can('manage all')
  in Project::scopeAccessibleBy, ProjectMap, ProjectDashboard, PhaseGantt,
  LayerManager, ProjectReportController.
- Redundant '|| hasRole(Admin)' fallbacks dropped (Gate::before already lets
  manage-all through can()): LayerManager (upload/delete layers), MediaManager
  (upload), ProjectMap (update progress), ProjectUsers/ProjectCompanies
  (assign users).
- Admin-only screens now gated by the matching permission: AdminUsers/UserView
  -> can('view users'), UserForm -> can('create users')|can('edit users'),
  CompanyView -> can('view companies').
- MediaManager delete: can('delete media') OR owner.
- Kept UserForm's domain guard (can't remove your own Admin role).

Note: the /admin route group still has middleware can:manage all, so admin
screens stay super-admin-only until that group is relaxed per-route.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 19:10:23 +02:00

81 lines
2.2 KiB
PHP
Raw Blame History

<?php
namespace App\Livewire;
use Livewire\Component;
use App\Models\Project;
use App\Models\User;
use Illuminate\Support\Facades\Auth;
class ProjectUsers extends Component
{
public Project $project;
public $assignedUsers = [];
public $allUsers = [];
public $selectedUserId = '';
public $selectedRole = 'viewer';
public function mount(Project $project)
{
$this->project = $project;
$this->loadUsers();
}
public function loadUsers()
{
$this->assignedUsers = $this->project->users()->withPivot('role_in_project')->get();
$assignedIds = $this->assignedUsers->pluck('id')->toArray();
$this->allUsers = User::whereNotIn('id', $assignedIds)->orderBy('name')->get();
}
public function assignUser()
{
$user = Auth::user();
if (!$user->can('assign users')) {
session()->flash('error', 'No tienes permisos para asignar usuarios.');
return;
}
$this->validate([
'selectedUserId' => 'required|exists:users,id',
'selectedRole' => 'required|in:supervisor,consultant,client,viewer',
]);
$this->project->users()->attach($this->selectedUserId, [
'role_in_project' => $this->selectedRole
]);
$this->reset(['selectedUserId', 'selectedRole']);
$this->loadUsers();
$this->dispatch('notify', 'Usuario asignado al proyecto.');
}
public function removeUser($userId)
{
$user = Auth::user();
if (!$user->can('assign users')) {
session()->flash('error', 'Sin permisos.');
return;
}
$this->project->users()->detach($userId);
$this->loadUsers();
$this->dispatch('notify', 'Usuario eliminado del proyecto.');
}
public function changeRole($userId, $role)
{
if (!in_array($role, ['supervisor', 'consultant', 'client', 'viewer'])) return;
$this->project->users()->updateExistingPivot($userId, [
'role_in_project' => $role
]);
$this->loadUsers();
$this->dispatch('notify', 'Rol actualizado.');
}
public function render()
{
return view('livewire.project-users');
}
}
Reference in New Issue View Git Blame Copy Permalink