b2in/database/seeders/RoleSeeder.php

<?php

namespace Database\Seeders;

use Illuminate\Database\Seeder;
use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;

class RoleSeeder extends Seeder
{
    /**
     * Run the database seeds.
     */
    public function run(): void
    {
        // Reset cached roles and permissions
        app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();

        // --- Definiere Permissions ---
        $permissions = [
            // Hub Management
            'view hubs',
            'create hubs',
            'edit hubs',
            'delete hubs',

            // Partner Management
            'view partners',
            'create partners',
            'edit partners',
            'delete partners',
            'manage provisions', // Provisions-Regeln verwalten

            // Product Management
            'view products',
            'create products',
            'edit products',
            'delete products',
            'manage rental options', // Miet-Parameter verwalten

            // Order Management (für später)
            'view orders',
            'manage orders',

            // User & Role Management
            'view users',
            'manage users',
            'manage roles',

            // Frontend/Customer facing
            'access dashboard', // Genereller Backend-Zugriff
            'place orders'      // Für Kunden
        ];

        // Erstelle Permissions
        foreach ($permissions as $permission) {
            Permission::create(['name' => $permission]);
        }

        // --- Definiere Rollen und weise Permissions zu ---

        // 1. Customer (Endkunde)
        $customerRole = Role::create([
            'name' => 'Customer',
            'display_name' => 'Customer (Kunde)',
            'icon' => 'user',
            'color' => 'indigo',
            'can_be_invited' => true
        ]);
        $customerRole->givePermissionTo([
            'view products',
            'place orders',
            'view orders' // Eigene Bestellungen sehen
        ]);

        // 2. Estate-Agent (Makler)
        $estateAgentRole = Role::create([
            'name' => 'Estate-Agent',
            'display_name' => 'Estate-Agent (Makler)',
            'icon' => 'home',
            'color' => 'lime',
            'can_be_invited' => true
        ]);
        $estateAgentRole->givePermissionTo([
            'access dashboard',
            'view partners', // Damit sie sehen können, wen sie empfehlen
            'view hubs'
            // Makler bekommen KEINE Produkt- oder Order-Rechte
        ]);

        // 3. Retailer (Lokaler Händler)
        $retailerRole = Role::create([
            'name' => 'Retailer',
            'display_name' => 'Retailer (Händler)',
            'icon' => 'building-storefront',
            'color' => 'teal',
            'can_be_invited' => true
        ]);
        $retailerRole->givePermissionTo([
            'access dashboard',
            'view products',
            'create products',
            'edit products', // Später eingeschränkt auf EIGENE Produkte
            'delete products', // Später eingeschränkt auf EIGENE Produkte
            'manage rental options',
            'view orders', // Eigene Bestellungen
            'manage orders' // Eigene Bestellungen
        ]);

        // 4. Manufacturer (Hersteller)
        $manufacturerRole = Role::create([
            'name' => 'Manufacturer',
            'display_name' => 'Manufacturer (Hersteller)',
            'icon' => 'wrench-screwdriver',
            'color' => 'orange',
            'can_be_invited' => true
        ]);
        $manufacturerRole->givePermissionTo([
            'access dashboard',
            'view products',
            'create products',
            'edit products', // Später eingeschränkt auf EIGENE Produkte
            'delete products', // Später eingeschränkt auf EIGENE Produkte
            'manage rental options',
            'view orders', // Eigene Bestellungen
            'manage orders' // Eigene Bestellungen
        ]);

        // 5. Admin (B2In Management / Marcel)
        $adminRole = Role::create([
            'name' => 'Admin',
            'display_name' => 'Admin (Administrator)',
            'icon' => 'user-circle',
            'color' => 'purple',
            'can_be_invited' => false // Admins werden NICHT eingeladen
        ]);
        $adminRole->givePermissionTo([
            'access dashboard',
            'view hubs',
            'create hubs',
            'edit hubs',
            'delete hubs',
            'view partners',
            'create partners',
            'edit partners',
            'delete partners',
            'manage provisions',
            'view products',
            'create products',
            'edit products',
            'delete products',
            'manage rental options',
            'view orders',
            'manage orders',
            'view users',
            'manage users',
            'manage roles'
        ]);

        // 6. Super-Admin (Entwickler)
        // Super-Admins bekommen automatisch ALLE Rechte.
        // Das Paket erkennt die Rolle 'Super-Admin', wenn wir ein Gate definieren.
        $superAdminRole = Role::create([
            'name' => 'Super-Admin',
            'display_name' => 'Super-Admin (Entwickler)',
            'icon' => 'shield-check',
            'color' => 'red',
            'can_be_invited' => false // Super-Admins werden NICHT eingeladen
        ]);
    }
}