Initial commit with contrats and domaines modules

app/Policies/CommandePolicy.php

@@ -0,0 +1,68 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Commande;
+use App\Models\User;
+
+class CommandePolicy
+{
+    public function viewAny(User $user): bool
+    {
+        return true;
+    }
+
+    public function view(User $user, Commande $commande): bool
+    {
+        return true;
+    }
+
+    public function create(User $user): bool
+    {
+        return $user->hasAnyRole(['admin', 'responsable', 'acheteur']);
+    }
+
+    public function update(User $user, Commande $commande): bool
+    {
+        if ($user->hasRole('admin')) {
+            return true;
+        }
+
+        $statutsEditables = ['brouillon', 'en_attente_validation'];
+        if (!in_array($commande->statut, $statutsEditables)) {
+            return false;
+        }
+
+        return $user->hasAnyRole(['responsable', 'acheteur'])
+            && ($commande->user_id === $user->id || $commande->service_id === $user->service_id);
+    }
+
+    public function delete(User $user, Commande $commande): bool
+    {
+        return $user->hasRole('admin');
+    }
+
+    public function transition(User $user, Commande $commande, string $targetStatut): bool
+    {
+        if (!$commande->peutTransitionnerVers($targetStatut)) {
+            return false;
+        }
+
+        if ($user->hasRole('admin')) {
+            return true;
+        }
+
+        return match ($targetStatut) {
+            'en_attente_validation' => $user->hasAnyRole(['responsable', 'acheteur']) && $commande->user_id === $user->id,
+            'brouillon'             => $user->hasAnyRole(['responsable', 'acheteur']) && $commande->user_id === $user->id,
+            'validee'               => $user->hasRole('responsable') && $commande->service_id === $user->service_id,
+            'commandee'             => $user->hasAnyRole(['responsable', 'acheteur']),
+            'partiellement_recue',
+            'recue_complete'        => $user->hasAnyRole(['responsable', 'acheteur']),
+            'cloturee'              => $user->hasAnyRole(['responsable', 'acheteur']),
+            'annulee'               => $user->hasAnyRole(['responsable', 'acheteur'])
+                && !in_array($commande->statut, ['commandee', 'partiellement_recue', 'recue_complete', 'cloturee']),
+            default                 => false,
+        };
+    }
+}

app/Policies/ContratPolicy.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Contrat;
+use App\Models\User;
+
+class ContratPolicy
+{
+    public function viewAny(User $user): bool
+    {
+        return true;
+    }
+
+    public function view(User $user, Contrat $contrat): bool
+    {
+        if ($user->hasRole('admin')) {
+            return true;
+        }
+
+        return $user->service_id === $contrat->service_id;
+    }
+
+    public function create(User $user): bool
+    {
+        return true; // Anyone can create, but in the controller we'll restrict to their own service
+    }
+
+    public function update(User $user, Contrat $contrat): bool
+    {
+        if ($user->hasRole('admin')) {
+            return true;
+        }
+
+        return $user->service_id === $contrat->service_id;
+    }
+
+    public function delete(User $user, Contrat $contrat): bool
+    {
+        if ($user->hasRole('admin')) {
+            return true;
+        }
+
+        return $user->service_id === $contrat->service_id;
+    }
+}

app/Policies/DomainePolicy.php

@@ -0,0 +1,44 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Domaine;
+use App\Models\User;
+
+class DomainePolicy
+{
+    public function viewAny(User $user): bool
+    {
+        return true;
+    }
+
+    public function view(User $user, Domaine $domaine): bool
+    {
+        return true;
+    }
+
+    private function canManage(User $user): bool
+    {
+        if ($user->hasRole('admin')) {
+            return true;
+        }
+
+        // Must belong to "Infrastructure" service
+        return $user->service && $user->service->nom === 'Infrastructure';
+    }
+
+    public function create(User $user): bool
+    {
+        return $this->canManage($user);
+    }
+
+    public function update(User $user, Domaine $domaine): bool
+    {
+        return $this->canManage($user);
+    }
+
+    public function delete(User $user, Domaine $domaine): bool
+    {
+        return $this->canManage($user);
+    }
+}

app/Policies/FournisseurPolicy.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Fournisseur;
+use App\Models\User;
+
+class FournisseurPolicy
+{
+    public function viewAny(User $user): bool
+    {
+        return true;
+    }
+
+    public function view(User $user, Fournisseur $fournisseur): bool
+    {
+        return true;
+    }
+
+    public function create(User $user): bool
+    {
+        return $user->hasAnyRole(['admin', 'responsable', 'acheteur']);
+    }
+
+    public function update(User $user, Fournisseur $fournisseur): bool
+    {
+        return $user->hasAnyRole(['admin', 'responsable', 'acheteur']);
+    }
+
+    public function delete(User $user, Fournisseur $fournisseur): bool
+    {
+        return $user->hasRole('admin');
+    }
+}

app/Policies/PieceJointePolicy.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\PieceJointe;
+use App\Models\User;
+
+class PieceJointePolicy
+{
+    public function delete(User $user, PieceJointe $pieceJointe): bool
+    {
+        // Admin ou celui qui a uploadé
+        return $user->hasRole('admin') || $pieceJointe->user_id === $user->id;
+    }
+}

app/Policies/UserPolicy.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\User;
+
+class UserPolicy
+{
+    public function viewAny(User $user): bool
+    {
+        return $user->hasRole('admin');
+    }
+
+    public function update(User $user, User $model): bool
+    {
+        return $user->hasRole('admin');
+    }
+
+    public function delete(User $user, User $model): bool
+    {
+        return $user->hasRole('admin') && $user->id !== $model->id;
+    }
+}