c9b50ccc5e
- Replace is_admin boolean with role enum('super_admin','admin') via migration
- ProgramPolicy: admin program can only view/edit/delete own programs
- EnsureIsAdmin: accepts both roles; EnsureSuperAdmin: super_admin only
- UserController + views: super_admin can manage admin accounts
- Sidebar: user management link & role badge gated on isSuperAdmin()
- Fix Controller base class: add AuthorizesRequests trait
- Fix tests: replace nonAdmin() (invalid enum) with adminProgram() against super_admin-only route
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
35 lines
730 B
PHP
35 lines
730 B
PHP
<?php
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\Program;
|
|
use App\Models\User;
|
|
|
|
class ProgramPolicy
|
|
{
|
|
public function viewAny(User $user): bool
|
|
{
|
|
return true; // Both roles can see programs list (scoped per controller)
|
|
}
|
|
|
|
public function view(User $user, Program $program): bool
|
|
{
|
|
return $user->canAccessProgram($program);
|
|
}
|
|
|
|
public function create(User $user): bool
|
|
{
|
|
return true; // Both roles can create programs
|
|
}
|
|
|
|
public function update(User $user, Program $program): bool
|
|
{
|
|
return $user->canAccessProgram($program);
|
|
}
|
|
|
|
public function delete(User $user, Program $program): bool
|
|
{
|
|
return $user->canAccessProgram($program);
|
|
}
|
|
}
|