GeoNetAgent, LDAPWeb, server-audit, server-connection
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

96 lines
3.3 KiB

<?php
namespace Database\Seeders;
use App\Models\GroupPermission;
use Illuminate\Database\Seeder;
class GroupPermissionSeeder extends Seeder
{
/**
* Default permission mapping per LDAP group.
*
* Permissions catalogue:
* profile.view – lihat profil sendiri
* profile.edit – edit profil sendiri
* cmdb.view – lihat semua asset di CMDB
* cmdb.manage – edit meta asset, set status/tag
* cmdb.assign_owner – assign asset ke user LDAP
* monitoring.view – akses halaman monitoring
* ticketing.view – lihat tiket
* ticketing.create – buat tiket
* ticketing.manage – manage semua tiket (admin)
* mail.view – akses fitur mail
* dashboard.view – akses dashboard
* asset_mgmt.view – menu Asset Management
* asset_mgmt.manage – kelola inventaris (create/edit/delete)
* geonet_agent.view – lihat GeoNetAgent data
* admin.users – manage LDAP users
* admin.groups – manage LDAP groups
* admin.permissions – manage group-permission mapping
*/
private array $defaults = [
'Domain Admins' => [
'profile.view', 'profile.edit',
'dashboard.view',
'cmdb.view', 'cmdb.manage', 'cmdb.assign_owner',
'monitoring.view',
'ticketing.view', 'ticketing.create', 'ticketing.manage',
'mail.view',
'asset_mgmt.view', 'asset_mgmt.manage',
'geonet_agent.view',
'admin.users', 'admin.groups', 'admin.permissions',
],
'IT-Admin' => [
'profile.view', 'profile.edit',
'dashboard.view',
'cmdb.view', 'cmdb.manage', 'cmdb.assign_owner',
'monitoring.view',
'ticketing.view', 'ticketing.create', 'ticketing.manage',
'asset_mgmt.view', 'asset_mgmt.manage',
'geonet_agent.view',
],
'IT-Staff' => [
'profile.view', 'profile.edit',
'dashboard.view',
'cmdb.view', 'cmdb.manage', 'cmdb.assign_owner',
'monitoring.view',
'ticketing.view', 'ticketing.create',
'asset_mgmt.view',
'geonet_agent.view',
],
'Management' => [
'profile.view', 'profile.edit',
'dashboard.view',
'cmdb.view',
'monitoring.view',
'ticketing.view', 'ticketing.create',
'mail.view',
'asset_mgmt.view',
],
'Staff' => [
'profile.view', 'profile.edit',
'dashboard.view',
'ticketing.view', 'ticketing.create',
'mail.view',
],
'HR' => [
'profile.view', 'profile.edit',
'dashboard.view',
'ticketing.view', 'ticketing.create',
'mail.view',
],
];
public function run(): void
{
foreach ($this->defaults as $group => $permissions) {
foreach ($permissions as $permission) {
GroupPermission::firstOrCreate([
'group_key' => $group,
'permission' => $permission,
]);
}
}
}
}