c9b50ccc5e
- Replace is_admin boolean with role enum('super_admin','admin') via migration
- ProgramPolicy: admin program can only view/edit/delete own programs
- EnsureIsAdmin: accepts both roles; EnsureSuperAdmin: super_admin only
- UserController + views: super_admin can manage admin accounts
- Sidebar: user management link & role badge gated on isSuperAdmin()
- Fix Controller base class: add AuthorizesRequests trait
- Fix tests: replace nonAdmin() (invalid enum) with adminProgram() against super_admin-only route
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
51 lines
1.1 KiB
PHP
51 lines
1.1 KiB
PHP
<?php
|
|
|
|
namespace App\Models;
|
|
|
|
use Database\Factories\UserFactory;
|
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
|
use Illuminate\Foundation\Auth\User as Authenticatable;
|
|
use Illuminate\Notifications\Notifiable;
|
|
|
|
class User extends Authenticatable
|
|
{
|
|
/** @use HasFactory<UserFactory> */
|
|
use HasFactory, Notifiable;
|
|
|
|
protected $fillable = ['name', 'email', 'password', 'role'];
|
|
protected $hidden = ['password', 'remember_token'];
|
|
|
|
protected function casts(): array
|
|
{
|
|
return [
|
|
'email_verified_at' => 'datetime',
|
|
'password' => 'hashed',
|
|
];
|
|
}
|
|
|
|
public function isSuperAdmin(): bool
|
|
{
|
|
return $this->role === 'super_admin';
|
|
}
|
|
|
|
public function isAdminProgram(): bool
|
|
{
|
|
return $this->role === 'admin';
|
|
}
|
|
|
|
public function canAccessProgram(Program $program): bool
|
|
{
|
|
return $this->isSuperAdmin() || $program->created_by === $this->id;
|
|
}
|
|
|
|
public function programs()
|
|
{
|
|
return $this->hasMany(Program::class, 'created_by');
|
|
}
|
|
|
|
public function auditLogs()
|
|
{
|
|
return $this->hasMany(AuditLog::class);
|
|
}
|
|
}
|