# Penggunaan Spatie Laravel Permission (RBAC)

## Middleware di Route

### Role
Batasi akses berdasarkan role (bisa lebih dari satu, dipisah koma):

```php
// Satu role
Route::get('/admin/dashboard', [DashboardController::class, 'admin'])
    ->middleware(['auth', 'role:admin']);

// Beberapa role (user cukup punya salah satu)
Route::get('/dashboard', [DashboardController::class, 'index'])
    ->middleware(['auth', 'role:admin,operator,superadmin']);

// Group route dengan role
Route::middleware(['auth', 'role:admin,superadmin'])->group(function () {
    Route::get('/users', [UserController::class, 'index']);
    Route::get('/settings', [SettingController::class, 'index']);
});
```

### Permission
Batasi akses berdasarkan permission:

```php
// Satu permission
Route::get('/reports', [ReportController::class, 'index'])
    ->middleware(['auth', 'permission:view reports']);

// Beberapa permission (user cukup punya salah satu)
Route::get('/posts/create', [PostController::class, 'create'])
    ->middleware(['auth', 'permission:manage posts,manage users']);

// Gabungan role dan permission
Route::get('/admin/reports', [ReportController::class, 'admin'])
    ->middleware(['auth', 'role:admin', 'permission:view reports']);
```

### Admin (alias)
Middleware `admin` = user harus punya role `admin` atau `superadmin`:

```php
Route::get('/admin', [DashboardController::class, 'admin'])
    ->middleware(['auth', 'admin']);
```

## Di Controller / Blade

```php
// Cek role
if (auth()->user()->hasRole('admin')) {
    // ...
}
if (auth()->user()->hasAnyRole(['admin', 'operator'])) {
    // ...
}

// Cek permission (via Gate)
if (auth()->user()->can('manage users')) {
    // ...
}
if (auth()->user()->hasPermissionTo('view reports')) {
    // ...
}

// Di Blade
@role('admin')
    <a href="/admin">Panel Admin</a>
@endrole

@can('manage users')
    <a href="/users">Kelola User</a>
@endcan
```

## Assign Role ke User

```php
$user = User::find($id);
$user->assignRole('admin');
$user->assignRole('operator'); // bisa lebih dari satu role

$user->removeRole('operator');
$user->syncRoles(['staff']); // ganti semua role jadi hanya 'staff'
```

## Role & Permission Awal (Seeder)

- **admin**: manage users, manage posts, view reports + semua permission aktivitas
- **operator**: manage posts, view reports
- **staff**: view reports
- **superadmin**: semua permission

Jalankan seeder: `php artisan db:seed --class=SpatieRolePermissionSeeder`

## Migrasi

1. `composer update` (install spatie/laravel-permission)
2. `php artisan migrate` (jalankan migration drop legacy + create Spatie tables)
3. `php artisan db:seed --class=SpatieRolePermissionSeeder`
4. Assign role ke user: `$user->assignRole('admin');`