93 lines
2.9 KiB
PHP
93 lines
2.9 KiB
PHP
<?php
|
|
|
|
namespace Database\Seeders;
|
|
|
|
use Illuminate\Database\Seeder;
|
|
use Spatie\Permission\Models\Role;
|
|
use Spatie\Permission\Models\Permission;
|
|
|
|
class RestrictEmployeeRoleSeeder extends Seeder
|
|
{
|
|
/**
|
|
* Run the database seeds.
|
|
*/
|
|
public function run(): void
|
|
{
|
|
// Define the safe set of permissions for an employee
|
|
$employeePermissions = [
|
|
// Dashboard
|
|
'manage-dashboard',
|
|
|
|
// Attendance
|
|
'manage-attendance-records',
|
|
'manage-own-attendance-records',
|
|
'clock-in-out',
|
|
'manage-attendance-regularizations',
|
|
'manage-own-attendance-regularizations',
|
|
'create-attendance-regularizations',
|
|
'view-own-attendance-regularizations',
|
|
|
|
// Leaves
|
|
'manage-leave-applications',
|
|
'manage-own-leave-applications',
|
|
'create-leave-applications',
|
|
'edit-leave-applications',
|
|
'manage-leave-balances',
|
|
'manage-own-leave-balances',
|
|
|
|
// Payroll
|
|
'manage-payslips',
|
|
'manage-own-payslips',
|
|
'download-payslips',
|
|
|
|
// Performance & Goals
|
|
'manage-employee-goals',
|
|
'manage-own-employee-goals',
|
|
'manage-employee-reviews',
|
|
'manage-own-employee-reviews',
|
|
'manage-performance-indicators',
|
|
'manage-own-performance-indicators',
|
|
|
|
// Documents & Contracts
|
|
'manage-hr-documents',
|
|
'manage-own-hr-documents',
|
|
'manage-employee-contracts',
|
|
'manage-own-employee-contracts',
|
|
'manage-document-acknowledgments',
|
|
'manage-own-document-acknowledgments',
|
|
'acknowledge-document-acknowledgments',
|
|
|
|
// Assets
|
|
'manage-assets',
|
|
'manage-own-assets',
|
|
|
|
// Social & Communication
|
|
'manage-announcements',
|
|
'manage-own-announcements',
|
|
'manage-holidays',
|
|
'view-calendar',
|
|
'manage-meetings',
|
|
'manage-own-meetings',
|
|
|
|
// Training
|
|
'manage-employee-trainings',
|
|
'manage-own-employee-trainings',
|
|
];
|
|
|
|
// Find all roles named 'employee'
|
|
$roles = Role::where('name', 'employee')->get();
|
|
|
|
foreach ($roles as $role) {
|
|
$this->command->info("Restricting permissions for role: {$role->name} (ID: {$role->id}, Company: {$role->company_id})");
|
|
|
|
// Filter only permissions that actually exist in the database
|
|
$validPermissions = Permission::whereIn('name', $employeePermissions)->pluck('name')->toArray();
|
|
|
|
// Sync permissions (this removes old ones and adds new ones)
|
|
$role->syncPermissions($validPermissions);
|
|
}
|
|
|
|
$this->command->info('Done! All employee roles have been restricted.');
|
|
}
|
|
}
|