Group abilities by groups, list abilities for user roles (#42)

* Introduce ability groups

* Add users details page

* Add page showing own abilities

* Improve UI, add missing ability checks

Author: patrickrobrecht

app/Http/Controllers/AccountController.php

@@ -18,6 +18,13 @@ public function show(): View
         return view('account.account_show');
     }
 
+    public function showAbilities(): View
+    {
+        $this->authorize('viewAbilities', User::class);
+
+        return view('account.account_show_abilities');
+    }
+
     public function edit(): View
     {
         $this->authorize('editAccount', User::class);

app/Http/Controllers/UserRoleController.php

@@ -47,6 +47,15 @@ public function store(UserRoleRequest $request): RedirectResponse
         return back();
     }
 
+    public function show(UserRole $userRole): View
+    {
+        $this->authorize('view', $userRole);
+
+        return view('user_roles.user_role_show', [
+            'userRole' => $userRole,
+        ]);
+    }
+
     public function edit(UserRole $userRole): View
     {
         $this->authorize('update', $userRole);

app/Models/User.php

@@ -198,17 +198,25 @@ public function fillAndSave(array $validatedData): bool
     }
 
     /**
-     * @return \Illuminate\Support\Collection<Ability>
+     * @return Collection<string>
      */
-    public function getAbilities(): \Illuminate\Support\Collection
+    public function getAbilitiesAsStrings(): \Illuminate\Support\Collection
     {
         $abilities = \Illuminate\Support\Collection::empty();
         foreach ($this->userRoles as $userRole) {
             $abilities->add($userRole->abilities);
         }
 
         return $abilities->flatten()
-            ->unique()
+            ->unique();
+    }
+
+    /**
+     * @return \Illuminate\Support\Collection<Ability>
+     */
+    public function getAbilities(): \Illuminate\Support\Collection
+    {
+        return $this->getAbilitiesAsStrings()
             ->map(static fn (string $ability) => Ability::tryFrom($ability))
             ->filter()
             ->values();
@@ -250,6 +258,9 @@ public function loadProfileData(): self
                     'documents',
                     'groups',
                 ]),
+            'responsibleForEvents.eventSeries',
+            'responsibleForEvents.location',
+            'responsibleForEvents.parentEvent',
             'responsibleForEventSeries' => fn (MorphToMany $eventSeries) => $eventSeries
                 ->withCount([
                     'documents',
@@ -261,7 +272,7 @@ public function loadProfileData(): self
                     'events_min_started_at' => 'datetime',
                     'events_max_started_at' => 'datetime',
                 ]),
-            'responsibleForOrganizations',
+            'responsibleForOrganizations.location',
         ]);
 
         // Set backwards relation for documents.

app/Options/Ability.php

@@ -8,14 +8,13 @@ enum Ability: string
 {
     use NamedOption;
 
-    case ViewAccount = 'users.view_account';
-    case EditAccount = 'users.edit_account';
-    case ManagePersonalAccessTokens = 'personal_access_tokens.manage_own';
-
+    // Events
     case ViewEvents = 'events.view';
     case ViewPrivateEvents = 'events.view_private';
     case CreateEvents = 'events.create';
     case EditEvents = 'events.edit';
+    case ViewResponsibilitiesOfEvents = 'events.responsibilities.view';
+
     case ManageBookingOptionsOfEvent = 'events.manage_booking_options';
     case ViewBookingsOfEvent = 'events.view_bookings';
     case ExportBookingsOfEvent = 'events.export_bookings';
@@ -24,39 +23,45 @@ enum Ability: string
     case EditBookingComment = 'events.edit_booking_comment';
     case ViewPaymentStatus = 'events.view_payment_status';
     case EditPaymentStatus = 'events.edit_payment_status';
+
     case ManageGroupsOfEvent = 'events.manage_groups';
     case ExportGroupsOfEvent = 'events.export_groups';
-    case ViewDocumentsOfEvents = 'events.documents.view';
-    case AddDocumentsToEvents = 'events.documents.create';
-    case EditDocumentsOfEvents = 'events.documents.edit';
-    case DeleteDocumentsOfEvents = 'events.documents.delete';
-    case ViewResponsibilitiesOfEvents = 'events.responsibilities.view';
 
     case ViewEventSeries = 'event_series.view';
     case ViewPrivateEventSeries = 'event_series.view_private';
     case CreateEventSeries = 'event_series.create';
     case EditEventSeries = 'event_series.edit';
-    case ViewDocumentsOfEventSeries = 'event_series.documents.view';
-    case AddDocumentsToEventSeries = 'event_series.documents.create';
-    case EditDocumentsOfEventSeries = 'event_series.documents.edit';
-    case DeleteDocumentsOfEventSeries = 'event_series.documents.delete';
     case ViewResponsibilitiesOfEventSeries = 'event_series.responsibilities.view';
 
+    // Basic data
+    case ViewOrganizations = 'organizations.view';
+    case CreateOrganizations = 'organizations.create';
+    case EditOrganizations = 'organizations.edit';
+    case ViewResponsibilitiesOfOrganizations = 'organizations.responsibilities.view';
+
     case ViewLocations = 'locations.view';
     case CreateLocations = 'locations.create';
     case EditLocations = 'locations.edit';
 
-    case ViewOrganizations = 'organizations.view';
-    case CreateOrganizations = 'organizations.create';
-    case EditOrganizations = 'organizations.edit';
+    // Documents
+    case ViewDocuments = 'documents.view';
+
+    case ViewDocumentsOfEvents = 'events.documents.view';
+    case AddDocumentsToEvents = 'events.documents.create';
+    case EditDocumentsOfEvents = 'events.documents.edit';
+    case DeleteDocumentsOfEvents = 'events.documents.delete';
+
+    case ViewDocumentsOfEventSeries = 'event_series.documents.view';
+    case AddDocumentsToEventSeries = 'event_series.documents.create';
+    case EditDocumentsOfEventSeries = 'event_series.documents.edit';
+    case DeleteDocumentsOfEventSeries = 'event_series.documents.delete';
+
     case ViewDocumentsOfOrganizations = 'organizations.documents.view';
     case AddDocumentsToOrganizations = 'organizations.documents.create';
     case EditDocumentsOfOrganizations = 'organizations.documents.edit';
     case DeleteDocumentsOfOrganizations = 'organizations.documents.delete';
-    case ViewResponsibilitiesOfOrganizations = 'organizations.responsibilities.view';
-
-    case ViewDocuments = 'documents.view';
 
+    // Users and abilities
     case ViewUsers = 'users.view';
     case CreateUsers = 'users.create';
     case EditUsers = 'users.edit';
@@ -65,17 +70,84 @@ enum Ability: string
     case CreateUserRoles = 'user_roles.create';
     case EditUserRoles = 'user_roles.edit';
 
-    public function getTranslatedName(): string
+    case ViewAccount = 'users.view_account';
+    case ViewAbilities = 'users.view_account.abilities';
+    case EditAccount = 'users.edit_account';
+    case ManagePersonalAccessTokens = 'personal_access_tokens.manage_own';
+
+    public function getAbilityGroup(): AbilityGroup
     {
         return match ($this) {
-            self::ViewAccount => __('View own account'),
-            self::EditAccount => __('Edit own account'),
-            self::ManagePersonalAccessTokens => __('Manage personal access tokens'),
+            // Events
+            self::ViewEvents,
+            self::ViewPrivateEvents,
+            self::CreateEvents,
+            self::EditEvents,
+            self::ViewResponsibilitiesOfEvents => AbilityGroup::Events,
+            self::ManageBookingOptionsOfEvent,
+            self::ViewBookingsOfEvent,
+            self::ExportBookingsOfEvent,
+            self::EditBookingsOfEvent,
+            self::DeleteAndRestoreBookingsOfEvent,
+            self::EditBookingComment,
+            self::ViewPaymentStatus,
+            self::EditPaymentStatus => AbilityGroup::Bookings,
+            self::ManageGroupsOfEvent,
+            self::ExportGroupsOfEvent => AbilityGroup::Groups,
+            self::ViewEventSeries,
+            self::ViewPrivateEventSeries,
+            self::CreateEventSeries,
+            self::EditEventSeries,
+            self::ViewResponsibilitiesOfEventSeries => AbilityGroup::EventSeries,
+
+            // Basic data
+            self::ViewOrganizations,
+            self::CreateOrganizations,
+            self::EditOrganizations,
+            self::ViewResponsibilitiesOfOrganizations => AbilityGroup::Organizations,
+            self::ViewLocations,
+            self::CreateLocations,
+            self::EditLocations => AbilityGroup::Locations,
+
+            // Documents
+            self::ViewDocuments => AbilityGroup::Documents,
+            self::ViewDocumentsOfEvents,
+            self::AddDocumentsToEvents,
+            self::EditDocumentsOfEvents,
+            self::DeleteDocumentsOfEvents => AbilityGroup::DocumentsOfEvents,
+            self::ViewDocumentsOfEventSeries,
+            self::AddDocumentsToEventSeries,
+            self::EditDocumentsOfEventSeries,
+            self::DeleteDocumentsOfEventSeries => AbilityGroup::DocumentsOfEventSeries,
+            self::ViewDocumentsOfOrganizations,
+            self::AddDocumentsToOrganizations,
+            self::EditDocumentsOfOrganizations,
+            self::DeleteDocumentsOfOrganizations => AbilityGroup::DocumentsOfOrganizations,
+
+            // Users and abilities
+            self::ViewUsers,
+            self::CreateUsers,
+            self::EditUsers => AbilityGroup::Users,
+            self::ViewUserRoles,
+            self::CreateUserRoles,
+            self::EditUserRoles => AbilityGroup::UserRoles,
+            self::ViewAccount,
+            self::ViewAbilities,
+            self::EditAccount,
+            self::ManagePersonalAccessTokens => AbilityGroup::OwnAccount,
+        };
+    }
 
+    public function getTranslatedName(): string
+    {
+        return match ($this) {
+            // Events
             self::ViewEvents => __('View events'),
             self::ViewPrivateEvents => __('View private events'),
             self::CreateEvents => __('Create events'),
             self::EditEvents => __('Edit events'),
+            self::ViewResponsibilitiesOfEvents => __('View responsibilities of events'),
+
             self::ManageBookingOptionsOfEvent => __('Manage booking options of event'),
             self::ViewBookingsOfEvent => __('View bookings of event'),
             self::ExportBookingsOfEvent => __('Export bookings of event'),
@@ -84,46 +156,67 @@ public function getTranslatedName(): string
             self::EditBookingComment => __('Edit booking comment'),
             self::ViewPaymentStatus => __('View payment status'),
             self::EditPaymentStatus => __('Edit payment status'),
+
             self::ManageGroupsOfEvent => __('Manage groups of event'),
             self::ExportGroupsOfEvent => __('Export groups of event'),
-            self::ViewDocumentsOfEvents => __('View documents of events'),
-            self::AddDocumentsToEvents => __('Add documents to events'),
-            self::EditDocumentsOfEvents => __('Update documents of events'),
-            self::DeleteDocumentsOfEvents => __('Delete documents of events'),
-            self::ViewResponsibilitiesOfEvents => __('View responsibilities of events'),
 
             self::ViewEventSeries => __('View event series'),
             self::ViewPrivateEventSeries => __('View private event series'),
             self::CreateEventSeries => __('Create event series'),
             self::EditEventSeries => __('Edit event series'),
-            self::ViewDocumentsOfEventSeries => __('View documents of event series'),
-            self::AddDocumentsToEventSeries => __('Add documents to event series'),
-            self::EditDocumentsOfEventSeries => __('Update documents of event series'),
-            self::DeleteDocumentsOfEventSeries => __('Delete documents of event series'),
             self::ViewResponsibilitiesOfEventSeries => __('View responsibilities of event series'),
 
+            // Basic data
+            self::ViewOrganizations => __('View organizations'),
+            self::CreateOrganizations => __('Create organizations'),
+            self::EditOrganizations => __('Edit organizations'),
+            self::ViewResponsibilitiesOfOrganizations => __('View responsibilities of organizations'),
+
             self::ViewLocations => __('View locations'),
             self::CreateLocations => __('Create locations'),
             self::EditLocations => __('Edit locations'),
 
-            self::ViewOrganizations => __('View organizations'),
-            self::CreateOrganizations => __('Create organizations'),
-            self::EditOrganizations => __('Edit organizations'),
+            // Documents
+            self::ViewDocuments => __('View documents'),
+
+            self::ViewDocumentsOfEvents => __('View documents of events'),
+            self::AddDocumentsToEvents => __('Add documents to events'),
+            self::EditDocumentsOfEvents => __('Update documents of events'),
+            self::DeleteDocumentsOfEvents => __('Delete documents of events'),
+
+            self::ViewDocumentsOfEventSeries => __('View documents of event series'),
+            self::AddDocumentsToEventSeries => __('Add documents to event series'),
+            self::EditDocumentsOfEventSeries => __('Update documents of event series'),
+            self::DeleteDocumentsOfEventSeries => __('Delete documents of event series'),
+
             self::ViewDocumentsOfOrganizations => __('View documents of organizations'),
             self::AddDocumentsToOrganizations => __('Add documents to organizations'),
             self::EditDocumentsOfOrganizations => __('Update documents of organizations'),
             self::DeleteDocumentsOfOrganizations => __('Delete documents of organizations'),
-            self::ViewResponsibilitiesOfOrganizations => __('View responsibilities of organizations'),
-
-            self::ViewDocuments => __('View documents'),
 
+            // Users and abilities
             self::ViewUsers => __('View users'),
             self::CreateUsers => __('Create users'),
             self::EditUsers => __('Edit users'),
 
             self::ViewUserRoles => __('View user roles'),
             self::CreateUserRoles => __('Create user roles'),
             self::EditUserRoles => __('Edit user roles'),
+
+            self::ViewAccount => __('View own account'),
+            self::ViewAbilities => __('View abilities'),
+            self::EditAccount => __('Edit own account'),
+            self::ManagePersonalAccessTokens => __('Manage personal access tokens'),
         };
     }
+
+    /**
+     * @return self[]
+     */
+    public static function apiCases(): array
+    {
+        return [
+            self::EditAccount,
+        ];
+    }
 }