feat: implement multi-tenancy and super admin impersonation with security banner
This commit is contained in:
jeremy bayse
@@ -31,17 +31,41 @@ class RegisteredUserController extends Controller
|
||||
public function store(Request $request): RedirectResponse
|
||||
{
|
||||
$request->validate([
|
||||
'structure_name' => 'required|string|max:255|unique:structures,name',
|
||||
'name' => 'required|string|max:255',
|
||||
'email' => 'required|string|lowercase|email|max:255|unique:'.User::class,
|
||||
'password' => ['required', 'confirmed', Rules\Password::defaults()],
|
||||
]);
|
||||
|
||||
$user = User::create([
|
||||
// 1. Créer la structure (Tenant)
|
||||
// Le slug est généré avec un uniqid() pour éviter les conflits si deux noms produisent le même slug.
|
||||
$structure = \App\Models\Structure::create([
|
||||
'name' => $request->structure_name,
|
||||
'slug' => \Illuminate\Support\Str::slug($request->structure_name) . '-' . substr(uniqid(), -5),
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
// 2. Définir le contexte Tenant pour que Spatie attache les rôles à cette structure-ci
|
||||
config(['tenant.structure_id' => $structure->id]);
|
||||
setPermissionsTeamId($structure->id);
|
||||
|
||||
// 3. Création des rôles par défaut pour le nouveau locataire
|
||||
$adminRole = \App\Models\Role::firstOrCreate(['name' => 'Admin']);
|
||||
\App\Models\Role::firstOrCreate(['name' => 'Agent']);
|
||||
\App\Models\Role::firstOrCreate(['name' => 'Manager']);
|
||||
\App\Models\Role::firstOrCreate(['name' => 'RH']);
|
||||
|
||||
// 4. Créer le premier compte Administrateur
|
||||
$user = User::withoutGlobalScope('structure')->create([
|
||||
'name' => $request->name,
|
||||
'email' => $request->email,
|
||||
'password' => Hash::make($request->password),
|
||||
'structure_id' => $structure->id,
|
||||
]);
|
||||
|
||||
// Affectation du rôle
|
||||
$user->assignRole($adminRole);
|
||||
|
||||
event(new Registered($user));
|
||||
|
||||
Auth::login($user);
|
||||
|
||||
@@ -4,7 +4,7 @@ namespace App\Http\Controllers;
|
||||
|
||||
use Illuminate\Http\Request;
|
||||
use Inertia\Inertia;
|
||||
use Spatie\Permission\Models\Role;
|
||||
use App\Models\Role;
|
||||
use Spatie\Permission\Models\Permission;
|
||||
|
||||
class RoleController extends Controller
|
||||
|
||||
@@ -5,7 +5,7 @@ namespace App\Http\Controllers;
|
||||
use App\Models\Service;
|
||||
use Illuminate\Http\Request;
|
||||
use Inertia\Inertia;
|
||||
use Spatie\Permission\Models\Role;
|
||||
use App\Models\Role;
|
||||
use Spatie\Permission\Models\Permission;
|
||||
|
||||
class ServiceController extends Controller
|
||||
|
||||
112
app/Http/Controllers/SuperAdminController.php
Normal file
112
app/Http/Controllers/SuperAdminController.php
Normal file
@@ -0,0 +1,112 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use Illuminate\Http\Request;
|
||||
use Inertia\Inertia;
|
||||
use App\Models\Structure;
|
||||
|
||||
class SuperAdminController extends Controller
|
||||
{
|
||||
public function index(Request $request)
|
||||
{
|
||||
// On s'assure que seul un SuperAdmin peut accéder ici
|
||||
if (!auth()->user()->hasRole('SuperAdmin')) {
|
||||
abort(403, 'Accès refusé. Vous devez être SuperAdmin.');
|
||||
}
|
||||
|
||||
$structures = Structure::withCount(['users' => function ($query) {
|
||||
$query->withoutGlobalScope('structure');
|
||||
}])->get();
|
||||
|
||||
return Inertia::render('SuperAdmin/Index', [
|
||||
'structures' => $structures,
|
||||
'current_structure_id' => session('target_structure_id')
|
||||
]);
|
||||
}
|
||||
|
||||
public function create()
|
||||
{
|
||||
if (!auth()->user()->hasRole('SuperAdmin')) { abort(403); }
|
||||
|
||||
return Inertia::render('SuperAdmin/Create');
|
||||
}
|
||||
|
||||
public function store(Request $request)
|
||||
{
|
||||
if (!auth()->user()->hasRole('SuperAdmin')) { abort(403); }
|
||||
|
||||
$validated = $request->validate([
|
||||
'name' => 'required|string|max:255',
|
||||
'slug' => 'required|string|max:255|unique:structures',
|
||||
'domain' => 'nullable|string|max:255|unique:structures',
|
||||
'is_active' => 'boolean'
|
||||
]);
|
||||
|
||||
Structure::create($validated);
|
||||
|
||||
return redirect()->route('superadmin.index')->with('success', 'Structure créée avec succès.');
|
||||
}
|
||||
|
||||
public function edit(Structure $structure)
|
||||
{
|
||||
if (!auth()->user()->hasRole('SuperAdmin')) { abort(403); }
|
||||
|
||||
return Inertia::render('SuperAdmin/Edit', [
|
||||
'structure' => $structure
|
||||
]);
|
||||
}
|
||||
|
||||
public function update(Request $request, Structure $structure)
|
||||
{
|
||||
if (!auth()->user()->hasRole('SuperAdmin')) { abort(403); }
|
||||
|
||||
$validated = $request->validate([
|
||||
'name' => 'required|string|max:255',
|
||||
'slug' => 'required|string|max:255|unique:structures,slug,' . $structure->id,
|
||||
'domain' => 'nullable|string|max:255|unique:structures,domain,' . $structure->id,
|
||||
'is_active' => 'boolean'
|
||||
]);
|
||||
|
||||
$structure->update($validated);
|
||||
|
||||
return redirect()->route('superadmin.index')->with('success', 'Structure mise à jour.');
|
||||
}
|
||||
|
||||
public function destroy(Structure $structure)
|
||||
{
|
||||
if (!auth()->user()->hasRole('SuperAdmin')) { abort(403); }
|
||||
|
||||
if (Structure::count() <= 1) {
|
||||
return redirect()->back()->with('error', 'Impossible de supprimer la dernière structure.');
|
||||
}
|
||||
|
||||
$structure->delete();
|
||||
|
||||
return redirect()->route('superadmin.index')->with('success', 'Structure supprimée avec succès.');
|
||||
}
|
||||
|
||||
public function switchStructure(Request $request, Structure $structure)
|
||||
{
|
||||
if (!auth()->user()->hasRole('SuperAdmin')) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
// On enregistre dans la session qu'on veut "impersonner" cette structure
|
||||
$request->session()->put('target_structure_id', $structure->id);
|
||||
|
||||
return redirect()->route('dashboard')->with('success', "Vous naviguez maintenant sur la structure : {$structure->name}.");
|
||||
}
|
||||
|
||||
public function resetStructure(Request $request)
|
||||
{
|
||||
if (!auth()->user()->hasRole('SuperAdmin')) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
// On retire l'impersonnation, on redevient un SuperAdmin "Global"
|
||||
$request->session()->forget('target_structure_id');
|
||||
|
||||
return redirect()->route('superadmin.index')->with('success', "Périmètre global restauré.");
|
||||
}
|
||||
}
|
||||
@@ -30,7 +30,7 @@ class UserController extends Controller implements \Illuminate\Routing\Controlle
|
||||
public function create()
|
||||
{
|
||||
return Inertia::render('User/Edit', [
|
||||
'roles' => \Spatie\Permission\Models\Role::all(),
|
||||
'roles' => \App\Models\Role::all(),
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -60,7 +60,7 @@ class UserController extends Controller implements \Illuminate\Routing\Controlle
|
||||
{
|
||||
return Inertia::render('User/Edit', [
|
||||
'user' => $user->load('roles'),
|
||||
'roles' => \Spatie\Permission\Models\Role::all(),
|
||||
'roles' => \App\Models\Role::all(),
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user