handle super admin skip gate checks

Signed-off-by: Lloric Mayuga Garcia <[email protected]>

README.md

@@ -36,11 +36,21 @@ return [
      * role_names.*.admin is required
      */
     'role_names' => [
+
         // keyed by guard name
         'web' => [
+
             // required this cannot rename or delete or modify permissions
-            'super_admin' => 'super_admin', // no permission attached to this role, but it always skips gate checks
-            'admin' => 'admin', // all permissions attached to this role
+            /**
+             * no permission attached to this role, but it always skips gate checks
+             * see https://freek.dev/1325-when-to-use-gateafter-in-laravel
+             */
+            'super_admin' => 'super_admin',
+
+            /**
+             * all permissions attached to this role
+             */
+            'admin' => 'admin',
 
             //  as many as you want, below it can edit permissions but cannot rename or delete role names
             // sample 'user' => 'user',
@@ -55,7 +65,6 @@ return [
     'translated' => false,
 ];
 
-
 ```
 
 ## Usage

config/filament-permission.php

@@ -11,11 +11,21 @@
      * role_names.*.admin is required
      */
     'role_names' => [
+
         // keyed by guard name
         'web' => [
+
             // required this cannot rename or delete or modify permissions
-            'super_admin' => 'super_admin', // no permission attached to this role, but it always skips gate checks
-            'admin' => 'admin', // all permissions attached to this role
+            /**
+             * no permission attached to this role, but it always skips gate checks
+             * see https://freek.dev/1325-when-to-use-gateafter-in-laravel
+             */
+            'super_admin' => 'super_admin',
+
+            /**
+             * all permissions attached to this role
+             */
+            'admin' => 'admin',
 
             //  as many as you want, below it can edit permissions but cannot rename or delete role names
             // sample 'user' => 'user',

src/Contracts/HasPermissionUser.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Lloricode\FilamentSpatieLaravelPermissionPlugin\Contracts;
+
+interface HasPermissionUser
+{
+    /**
+     * This will skipp all gate checks
+     */
+    public function isSuperAdmin(?string $guardName = null): bool;
+
+    public function isAdminOrSuperAdmin(?string $guardName = null): bool;
+}

src/FilamentSpatieLaravelPermissionPluginServiceProvider.php

@@ -4,9 +4,11 @@
 
 namespace Lloricode\FilamentSpatieLaravelPermissionPlugin;
 
+use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Support\Facades\Gate;
 use Livewire\Features\SupportTesting\Testable;
 use Lloricode\FilamentSpatieLaravelPermissionPlugin\Commands\PermissionSyncCommand;
+use Lloricode\FilamentSpatieLaravelPermissionPlugin\Contracts\HasPermissionUser;
 use Lloricode\FilamentSpatieLaravelPermissionPlugin\Policies\RolePolicy;
 use Lloricode\FilamentSpatieLaravelPermissionPlugin\Testing\TestsFilamentSpatieLaravelPermissionPlugin;
 use Spatie\LaravelPackageTools\Package;
@@ -32,6 +34,16 @@ public function packageRegistered(): void
 
     public function packageBooted(): void
     {
+        Gate::after(function (Authenticatable $user) {
+
+            if ($user instanceof HasPermissionUser && $user->isSuperAdmin()) {
+                /** @see https://freek.dev/1325-when-to-use-gateafter-in-laravel */
+                return true;
+            }
+
+            return null;
+        });
+
         // Testing
         Testable::mixin(new TestsFilamentSpatieLaravelPermissionPlugin);
     }

tests/Fixture/Models/User.php

@@ -8,13 +8,13 @@
 use Filament\Models\Contracts\HasName;
 use Filament\Panel;
 use Illuminate\Foundation\Auth\User as Authenticatable;
-use Lloricode\FilamentSpatieLaravelPermissionPlugin\Concern\PermissionUser;
+use Lloricode\FilamentSpatieLaravelPermissionPlugin\Concern\HasUserPermission;
 use Spatie\Permission\Traits\HasRoles;
 
 class User extends Authenticatable implements FilamentUser, HasName
 {
     use HasRoles;
-    use PermissionUser;
+    use HasUserPermission;
 
     protected $guard_name = 'web';