Admin Roles (#502)

* add spatie/permissions

* add policies

* add role resource

* add root admin role handling

* replace some "root_admin" with function

* add model specific permissions

* make permission selection nicer

* fix user creation

* fix tests

* add back subuser checks in server policy

* add custom model for role

* assign new users to role if root_admin is set

* add api for roles

* fix phpstan

* add permissions for settings page

* remove "restore" and "forceDelete" permissions

* add user count to list

* prevent deletion if role has users

* update user list

* fix server policy

* remove old `root_admin` column

* small refactor

* fix tests

* forgot can checks here

* forgot use

* disable editing own roles & disable assigning root admin

* don't allow to rename root admin role

* remove php bombing exception handler

* fix role assignment when creating a user

* fix disableOptionWhen

* fix missing `root_admin` attribute on react frontend

* add permission check for bulk delete

* rename viewAny to viewList

* improve canAccessPanel check

* fix admin not displaying for non-root admins

* make sure non root admins can't edit root admins

* fix import

* fix settings page permission check

* fix server permissions for non-subusers

* fix settings page permission check v2

* small cleanup

* cleanup config file

* move consts from resouce into enum & model

* Update database/migrations/2024_08_01_114538_remove_root_admin_column.php

Co-authored-by: Lance Pioch <lancepioch@gmail.com>

* fix config

* fix phpstan

* fix phpstan 2.0

---------

Co-authored-by: Lance Pioch <lancepioch@gmail.com>

tests/Unit/Http/Middleware/AdminAuthenticateTest.php

@@ -4,6 +4,7 @@ namespace App\Tests\Unit\Http\Middleware;
 
 use App\Models\User;
 use App\Http\Middleware\AdminAuthenticate;
+use Mockery;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 
 class AdminAuthenticateTest extends MiddlewareTestCase
@@ -13,7 +14,9 @@ class AdminAuthenticateTest extends MiddlewareTestCase
      */
     public function testAdminsAreAuthenticated(): void
     {
-        $user = User::factory()->make(['root_admin' => 1]);
+        $user = User::factory()->make();
+        $user = Mockery::mock($user)->makePartial();
+        $user->shouldReceive('isRootAdmin')->andReturnTrue();
 
         $this->request->shouldReceive('user')->withNoArgs()->twice()->andReturn($user);
 
@@ -39,7 +42,9 @@ class AdminAuthenticateTest extends MiddlewareTestCase
     {
         $this->expectException(AccessDeniedHttpException::class);
 
-        $user = User::factory()->make(['root_admin' => 0]);
+        $user = User::factory()->make();
+        $user = Mockery::mock($user)->makePartial();
+        $user->shouldReceive('isRootAdmin')->andReturnFalse();
 
         $this->request->shouldReceive('user')->withNoArgs()->twice()->andReturn($user);
 

tests/Unit/Http/Middleware/Api/Application/AuthenticateUserTest.php

@@ -27,7 +27,7 @@ class AuthenticateUserTest extends MiddlewareTestCase
     {
         $this->expectException(AccessDeniedHttpException::class);
 
-        $this->generateRequestUserModel(['root_admin' => false]);
+        $this->generateRequestUserModel(false);
 
         $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
     }
@@ -37,7 +37,7 @@ class AuthenticateUserTest extends MiddlewareTestCase
      */
     public function testAdminUser(): void
     {
-        $this->generateRequestUserModel(['root_admin' => true]);
+        $this->generateRequestUserModel(true);
 
         $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
     }