110 lines
3.9 KiB
PHP
110 lines
3.9 KiB
PHP
<?php
|
|
|
|
namespace App\Providers;
|
|
|
|
use App\Auth\DockerSessionGuard;
|
|
use App\Models\Bank;
|
|
use App\Policies\BankPolicy;
|
|
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\Gate;
|
|
|
|
class AuthServiceProvider extends ServiceProvider
|
|
{
|
|
/**
|
|
* Register any authentication / authorization services.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function boot()
|
|
{
|
|
$this->registerPolicies();
|
|
|
|
// Set remember me duration from platform configuration
|
|
$rememberMeDays = timebank_config('auth.remember_me_days', 90);
|
|
$rememberMeMinutes = $rememberMeDays * 24 * 60; // Convert days to minutes
|
|
|
|
// Use custom guard in Docker that doesn't migrate sessions
|
|
if (env('IS_DOCKER', false)) {
|
|
Auth::extend('session', function ($app, $name, array $config) use ($rememberMeMinutes) {
|
|
$provider = Auth::createUserProvider($config['provider']);
|
|
$guard = new DockerSessionGuard($name, $provider, $app['session.store']);
|
|
|
|
// Set the cookie jar on the guard
|
|
$guard->setCookieJar($app['cookie']);
|
|
|
|
// If a request is available, set it on the guard
|
|
if (method_exists($guard, 'setRequest')) {
|
|
$guard->setRequest($app->refresh('request', $guard, 'setRequest'));
|
|
}
|
|
|
|
// Set remember me duration
|
|
$guard->setRememberDuration($rememberMeMinutes);
|
|
|
|
return $guard;
|
|
});
|
|
}
|
|
|
|
// Set remember me duration for all standard guards
|
|
foreach (['web', 'organization', 'bank', 'admin'] as $guardName) {
|
|
$guard = Auth::guard($guardName);
|
|
if (method_exists($guard, 'setRememberDuration')) {
|
|
$guard->setRememberDuration($rememberMeMinutes);
|
|
}
|
|
}
|
|
|
|
// Spatie Laravel-Permissions:
|
|
// Implicitly grant "Super-Admin" role all permission checks using can()
|
|
Gate::before(function ($user, $ability) {
|
|
if ($user->hasRole('Super-Admin')) {
|
|
return true;
|
|
}
|
|
});
|
|
|
|
// Add these explicit gate definitions:
|
|
// These gates check permissions directly via Spatie's permission system
|
|
Gate::define('manage banks', function ($user) {
|
|
try {
|
|
// Always check on web guard since that's where permissions are stored
|
|
if ($user instanceof \App\Models\User) {
|
|
return $user->hasPermissionTo('manage banks', 'web');
|
|
}
|
|
return false;
|
|
} catch (\Spatie\Permission\Exceptions\PermissionDoesNotExist $e) {
|
|
return false;
|
|
} catch (\Exception $e) {
|
|
return false;
|
|
}
|
|
});
|
|
|
|
Gate::define('manage organizations', function ($user) {
|
|
try {
|
|
// Always check on web guard since that's where permissions are stored
|
|
if ($user instanceof \App\Models\User) {
|
|
return $user->hasPermissionTo('manage organizations', 'web');
|
|
}
|
|
return false;
|
|
} catch (\Spatie\Permission\Exceptions\PermissionDoesNotExist $e) {
|
|
return false;
|
|
} catch (\Exception $e) {
|
|
return false;
|
|
}
|
|
});
|
|
|
|
Gate::define('manage admins', function ($user) {
|
|
try {
|
|
// Always check on web guard since that's where permissions are stored
|
|
if ($user instanceof \App\Models\User) {
|
|
return $user->hasPermissionTo('manage admins', 'web');
|
|
}
|
|
return false;
|
|
} catch (\Spatie\Permission\Exceptions\PermissionDoesNotExist $e) {
|
|
return false;
|
|
} catch (\Exception $e) {
|
|
return false;
|
|
}
|
|
});
|
|
|
|
}
|
|
}
|