Add persmission in API in role CRUD controller

2026-04-28 10:30:54 +03:00 · 2026-04-28 10:30:54 +03:00 · bc497382a3
commit bc497382a3
parent e27cce45e0
3 changed files with 20 additions and 10 deletions
--- a/thanasoft-back/app/Http/Controllers/Api/AuthController.php
+++ b/thanasoft-back/app/Http/Controllers/Api/AuthController.php
@ -73,7 +73,7 @@ class AuthController extends BaseController
            $token = $user->createToken('api')->plainTextToken;

            return $this->sendResponse([
-                'user' => $user,
+                'user' => $user->load('roles', 'permissions'),
                'token' => $token,
            ], 'Login successful.');

@ -143,7 +143,7 @@ class AuthController extends BaseController
            $token = $user->createToken('api')->plainTextToken;

            return $this->sendResponse([
-                'user' => $user,
+                'user' => $user->load('roles', 'permissions'),
                'token' => $token,
            ], 'Mot de passe cree et connexion reussie.');
        } catch (ValidationException $e) {
--- a/thanasoft-back/bootstrap/app.php
+++ b/thanasoft-back/bootstrap/app.php
@ -3,6 +3,9 @@
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
+use Spatie\Permission\Middleware\PermissionMiddleware;
+use Spatie\Permission\Middleware\RoleMiddleware;
+use Spatie\Permission\Middleware\RoleOrPermissionMiddleware;

 return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
@ -13,6 +16,11 @@ return Application::configure(basePath: dirname(__DIR__))
    )
    ->withMiddleware(function (Middleware $middleware): void {
        $middleware->statefulApi();
+        $middleware->alias([
+            'role' => RoleMiddleware::class,
+            'permission' => PermissionMiddleware::class,
+            'role_or_permission' => RoleOrPermissionMiddleware::class,
+        ]);
    })
    ->withExceptions(function (Exceptions $exceptions): void {
        //
--- a/thanasoft-back/routes/api.php
+++ b/thanasoft-back/routes/api.php
@ -66,6 +66,7 @@ Route::middleware('auth:sanctum')->group(function () {
    Route::apiResource('client-groups', ClientGroupController::class);
    Route::apiResource('price-lists', PriceListController::class);
    Route::apiResource('users', UserController::class);
+    Route::middleware('permission:config.view_roles')->group(function () {
        Route::get('access-control', [AccessControlController::class, 'index']);
        Route::post('access-control/roles', [AccessControlController::class, 'storeRole']);
        Route::put('access-control/roles/{id}', [AccessControlController::class, 'updateRole']);
@ -74,6 +75,7 @@ Route::middleware('auth:sanctum')->group(function () {
        Route::post('access-control/permissions', [AccessControlController::class, 'storePermission']);
        Route::put('access-control/permissions/{id}', [AccessControlController::class, 'updatePermission']);
        Route::delete('access-control/permissions/{id}', [AccessControlController::class, 'destroyPermission']);
+    });

    Route::apiResource('client-locations', ClientLocationController::class);
    Route::apiResource('client-locations', ClientLocationController::class);