Permission Seed Template
Template ini membantu implementasi permission admin ke seeder Laravel (umumnya dengan Spatie Permission).
Prasyarat
- Package permission aktif (contoh:
spatie/laravel-permission) - Role admin sudah didefinisikan (mis.
super-admin,compliance-admin,wallet-ops-l1, dst)
Contoh Seeder (PHP)
<?php
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;
class AdminPermissionSeeder extends Seeder
{
public function run(): void
{
$permissions = [
// users
'users.detail.read',
'users.detail.update',
'users.detail.suspend',
'users.detail.reactivate',
'users.detail.delete',
'users.kyc.read',
'users.kyc.approve',
'users.kyc.reject',
'users.kyc.suspend',
'users.kyc.unsuspend',
'users.kyc.retry_dukcapil',
// wallets
'wallets.withdrawal.read',
'wallets.withdrawal.approve1',
'wallets.withdrawal.approve2',
'wallets.withdrawal.reject',
'wallets.deposit_pending.read',
'wallets.deposit_pending.approve1',
'wallets.deposit_pending.approve2',
'wallets.deposit_pending.reject',
'wallets.configuration.read',
'wallets.configuration.update_status',
'wallets.withdrawal_setting.update',
// settings
'settings.administrator.read',
'settings.administrator.create',
'settings.administrator.update',
'settings.administrator.delete',
'settings.role.read',
'settings.role.create',
'settings.role.update',
'settings.role.delete',
'settings.maintenance.read',
'settings.maintenance.update_status',
'settings.maintenance.whitelist.update',
'settings.email_blast.read',
'settings.email_blast.create',
'settings.email_blast.send',
'settings.email_blast.delete',
// compliance
'compliance.bappebti.asset_report.read',
'compliance.bappebti.quarterly_risk.read',
'compliance.report.cfx.read',
'compliance.report.cfx.store',
'compliance.report.cfx.retry',
'compliance.report.kki.read',
'compliance.report.kki.retry',
'compliance.report.icc.read',
'compliance.report.icc.retry',
// tools
'tools.notification.test_send',
'tools.notification.test_fcm',
];
foreach ($permissions as $perm) {
Permission::firstOrCreate(['name' => $perm, 'guard_name' => 'web']);
}
$roleMap = [
'super-admin' => $permissions, // all
'compliance-admin' => [
'users.kyc.read',
'users.kyc.approve',
'users.kyc.reject',
'users.kyc.suspend',
'users.kyc.unsuspend',
'users.kyc.retry_dukcapil',
'compliance.bappebti.asset_report.read',
'compliance.bappebti.quarterly_risk.read',
'compliance.report.cfx.read',
'compliance.report.cfx.store',
'compliance.report.cfx.retry',
'compliance.report.kki.read',
'compliance.report.kki.retry',
'compliance.report.icc.read',
'compliance.report.icc.retry',
'settings.maintenance.read',
'settings.maintenance.whitelist.update',
],
'wallet-ops-l1' => [
'wallets.withdrawal.read',
'wallets.withdrawal.approve1',
'wallets.deposit_pending.read',
'wallets.deposit_pending.approve1',
'wallets.deposit_pending.reject',
],
'wallet-ops-l2' => [
'wallets.withdrawal.read',
'wallets.withdrawal.approve2',
'wallets.withdrawal.reject',
'wallets.deposit_pending.read',
'wallets.deposit_pending.approve2',
'wallets.configuration.read',
'wallets.withdrawal_setting.update',
],
'auditor-readonly' => [
'users.detail.read',
'users.kyc.read',
'wallets.withdrawal.read',
'wallets.deposit_pending.read',
'settings.administrator.read',
'settings.role.read',
'settings.maintenance.read',
'compliance.bappebti.asset_report.read',
'compliance.bappebti.quarterly_risk.read',
'compliance.report.cfx.read',
'compliance.report.kki.read',
'compliance.report.icc.read',
],
];
foreach ($roleMap as $roleName => $perms) {
$role = Role::firstOrCreate(['name' => $roleName, 'guard_name' => 'web']);
$role->syncPermissions($perms);
}
}
}
Rekomendasi rollout
- Seed di environment staging dulu
- Jalankan UAT dengan akun per role
- Audit route kritikal:
- approval/reject deposit-withdraw
- KYC approve/reject/suspend
- maintenance update
- Baru promote ke production
Sinkronisasi dokumen
- Master mapping tetap di
admin-panel/permission-keys-map - Kalau ada route admin baru, update kedua file:
permission-keys-mappermission-seed-template