From 5d94c9d92f0d61a904d70fcb312e061ef45b1f64 Mon Sep 17 00:00:00 2001
From: Dr Masroor Ehsan <masroore@gmail.com>
Date: Tue, 31 Dec 2024 22:15:35 +0600
Subject: [PATCH] wip RBAC

---
 app/Models/Enums/UserRole.php                 | 18 +++++-----
 database/factories/UserFactory.php            |  2 --
 .../0001_01_01_000000_create_users_table.php  |  2 --
 database/seeders/RoleSeeder.php               | 22 ++++++++++---
 database/seeders/UserSeeder.php               | 33 +++++++++++--------
 5 files changed, 47 insertions(+), 30 deletions(-)

diff --git a/app/Models/Enums/UserRole.php b/app/Models/Enums/UserRole.php
index 4e55389..3cb5fe2 100644
--- a/app/Models/Enums/UserRole.php
+++ b/app/Models/Enums/UserRole.php
@@ -2,14 +2,14 @@
 
 namespace App\Models\Enums;
 
-enum UserRole: int
+enum UserRole: string
 {
-    case Guest = 0;
-    case Patient = 1;
-    case ReferringPhysician = 2;
-    case Technician = 3;
-    case Radiologist = 4;
-    case Associate = 5;
-    case System = 6;
-    case Admin = 99;
+    case Guest = 'guest';
+    case Patient = 'patient';
+    case ReferringPhysician = 'referring_physician';
+    case Technician = 'technician';
+    case Radiologist = 'radiologist';
+    case Associate = 'associate';
+    case SystemAgent = 'system_agent';
+    case Admin = 'admin';
 }
diff --git a/database/factories/UserFactory.php b/database/factories/UserFactory.php
index fcbbf96..c085b9a 100644
--- a/database/factories/UserFactory.php
+++ b/database/factories/UserFactory.php
@@ -2,7 +2,6 @@
 
 namespace Database\Factories;
 
-use App\Models\Enums\UserRole;
 use App\Models\Team;
 use App\Models\User;
 use Illuminate\Database\Eloquent\Factories\Factory;
@@ -38,7 +37,6 @@ public function definition(): array
             'email_verified_at' => fake()->dateTime(),
             'last_seen_at' => fake()->dateTime(),
             'phone' => fake()->phoneNumber(),
-            'user_role' => static::$role ??= UserRole::Guest->value,
             'password' => static::$password ??= Hash::make('password'),
             'two_factor_secret' => null,
             'two_factor_recovery_codes' => null,
diff --git a/database/migrations/0001_01_01_000000_create_users_table.php b/database/migrations/0001_01_01_000000_create_users_table.php
index 8ae72e7..ef498a3 100644
--- a/database/migrations/0001_01_01_000000_create_users_table.php
+++ b/database/migrations/0001_01_01_000000_create_users_table.php
@@ -1,6 +1,5 @@
 <?php
 
-use App\Models\Enums\UserRole;
 use App\Models\Facility;
 use App\Models\Institute;
 use Illuminate\Database\Migrations\Migration;
@@ -25,7 +24,6 @@ public function up(): void
             $table->string('email')->nullable()->index();
             $table->timestamp('email_verified_at')->nullable();
             $table->string('password');
-            $table->unsignedTinyInteger('user_role')->default(UserRole::Guest->value);
             $table->foreignId('current_team_id')->nullable();
             $table->string('profile_photo_path')->nullable();
             $table->foreignIdFor(Institute::class)->nullable()->index();
diff --git a/database/seeders/RoleSeeder.php b/database/seeders/RoleSeeder.php
index d39ad11..732545d 100644
--- a/database/seeders/RoleSeeder.php
+++ b/database/seeders/RoleSeeder.php
@@ -12,10 +12,13 @@ class RoleSeeder extends Seeder
 {
     public function run(): void
     {
-        $adm = SpatieRole::create(['name' => UserRole::Admin->name]);
-        $rad = SpatieRole::create(['name' => UserRole::Radiologist->name]);
-        $tech = SpatieRole::create(['name' => UserRole::Technician->name]);
-        $guest = SpatieRole::create(['name' => UserRole::Guest->name]);
+        foreach (UserRole::cases() as $role) {
+            SpatieRole::create(['name' => $role->value]);
+        }
+        $adm = SpatieRole::findByName(UserRole::Admin->value);
+        $rad = SpatieRole::findByName(UserRole::Radiologist->value);
+        $tech = SpatieRole::findByName(UserRole::Technician->value);
+        $guest = SpatieRole::findByName(UserRole::Guest->value);
 
         foreach (Permission::cases() as $perm) {
             SpatiePermission::create(['name' => $perm->value]);
@@ -23,6 +26,7 @@ public function run(): void
 
         $rad->givePermissionTo([
             Permission::ReportCreate,
+            Permission::ReportDownload,
             Permission::StudyDownload,
             Permission::StudyMetadataView,
             Permission::StudyNotesCreate,
@@ -39,6 +43,16 @@ public function run(): void
             Permission::AttachmentUpload,
             Permission::AttachmentDownload,
             Permission::StudyArchive,
+            Permission::ReportDownload,
+        ]);
+
+        $adm->givePermissionTo(SpatiePermission::all());
+
+        $guest->givePermissionTo([
+            Permission::StudyMetadataView,
+            Permission::StudyNotesView,
+            Permission::StudyDownload,
+            Permission::ReportDownload,
         ]);
     }
 }
diff --git a/database/seeders/UserSeeder.php b/database/seeders/UserSeeder.php
index 6258a43..568de5d 100644
--- a/database/seeders/UserSeeder.php
+++ b/database/seeders/UserSeeder.php
@@ -13,42 +13,49 @@ public function run(): void
     {
         // User::factory(10)->create();
 
-        User::factory()->create([
+        $usr = User::factory()->create([
             'first_name' => 'PACS Sync',
             'display_name' => 'PACS Sync Agent',
             'username' => '$$_pacs_sync_$$',
             'password' => bcrypt(fake()->password(20)),
-            'user_role' => UserRole::System->value,
             'is_active' => false,
         ]);
+        $usr->assignRole(UserRole::SystemAgent);
 
-        User::factory()->create([
+        $usr = User::factory()->create([
             'first_name' => 'Administrator',
             'display_name' => 'Administrator',
             'username' => 'admin',
             'email' => 'admin@example.com',
             'email_verified_at' => now(),
             'phone' => '+8801733938582',
-            'user_role' => UserRole::Admin->value,
         ]);
+        $usr->assignRole(UserRole::Admin);
 
         $chevron = Institute::where('name', 'Chevron')->first();
         $srini = Institute::where('name', 'Srinivasa')->first();
 
         User::factory(2)->create([
             'institute_id' => $chevron->id,
-            'user_role' => UserRole::Technician->value,
-        ]);
-
+        ])
+            ->each(function ($u) {
+                $u->assignRole(UserRole::Technician);
+            });
         User::factory(2)->create([
             'institute_id' => $srini->id,
-            'user_role' => UserRole::Technician->value,
-        ]);
+        ])
+            ->each(function ($u) {
+                $u->assignRole(UserRole::Technician);
+            });
 
-        User::factory(2)->create([
-            'user_role' => UserRole::Radiologist->value,
-        ]);
+        User::factory(4)->create()
+            ->each(function ($u) {
+                $u->assignRole(UserRole::Radiologist);
+            });
 
-        User::factory(4)->create();
+        User::factory(4)->create()
+            ->each(function ($u) {
+                $u->assignRole(UserRole::Guest);
+            });
     }
 }