KnowledgeBase/app/Filament/Resources/RoleResource.php

<?php

namespace App\Filament\Resources;

use App\Filament\Resources\RoleResource\Pages;
use Filament\Forms;
use Filament\Forms\Form;
use Filament\Resources\Resource;
use Filament\Tables;
use Filament\Tables\Table;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;

class RoleResource extends Resource
{
    protected static ?string $model = Role::class;

    protected static ?string $navigationIcon = 'heroicon-o-shield-check';

    protected static ?string $navigationLabel = '角色管理';

    protected static ?string $modelLabel = '角色';

    protected static ?string $pluralModelLabel = '角色';

    protected static ?int $navigationSort = 2;

    protected static ?string $navigationGroup = '权限管理';

    /**
     * 控制导航菜单是否显示
     */
    public static function shouldRegisterNavigation(): bool
    {
        return auth()->user()?->can('role.view') ?? false;
    }

    /**
     * 获取权限分组标签页
     */
    protected static function getPermissionTabs(): array
    {
        // 模块名称和图标映射
        $moduleConfig = [
            'document' => ['name' => '文档管理', 'icon' => 'heroicon-o-document-text'],
            'system-setting' => ['name' => '系统设置', 'icon' => 'heroicon-o-cog-6-tooth'],
            'activity-log' => ['name' => '操作日志', 'icon' => 'heroicon-o-clipboard-document-list'],
            'terminal' => ['name' => '终端管理', 'icon' => 'heroicon-o-computer-desktop'],
            'guide' => ['name' => '操作指引', 'icon' => 'heroicon-o-book-open'],
            'group' => ['name' => '分组管理', 'icon' => 'heroicon-o-user-group'],
            'user' => ['name' => '用户管理', 'icon' => 'heroicon-o-users'],
            'role' => ['name' => '角色管理', 'icon' => 'heroicon-o-shield-check'],
        ];

        // 操作名称映射
        $actionNames = [
            'viewAny' => '查看列表',
            'view' => '查看详情',
            'create' => '创建',
            'update' => '编辑',
            'delete' => '删除',
            'download' => '下载',
            'export' => '导出',
            'sync' => '同步',
            'publish' => '发布',
            'archive' => '归档',
        ];

        // 按模块分组权限
        $groupedPermissions = Permission::all()
            ->groupBy(function ($permission) {
                return explode('.', $permission->name)[0];
            });

        $tabs = [];

        foreach ($groupedPermissions as $module => $permissions) {
            $config = $moduleConfig[$module] ?? ['name' => $module, 'icon' => 'heroicon-o-square-3-stack-3d'];
            
            // 构建该模块的权限选项
            $options = $permissions->mapWithKeys(function ($permission) use ($actionNames) {
                $action = explode('.', $permission->name)[1] ?? '';
                $actionName = $actionNames[$action] ?? $action;
                return [$permission->name => $actionName];
            })->toArray();

            $tabs[] = Forms\Components\Tabs\Tab::make($config['name'])
                ->icon($config['icon'])
                ->schema([
                    Forms\Components\CheckboxList::make("permissions_{$module}")
                        ->label('')
                        ->options($options)
                        ->columns(2)
                        ->bulkToggleable()
                        ->disabled(fn (?Role $record): bool => $record?->name === 'super-admin')
                        ->helperText(fn (?Role $record): string => 
                            $record?->name === 'super-admin' 
                                ? 'super-admin 角色拥有所有权限，不可修改' 
                                : '选择该模块的权限'
                        )
                        ->afterStateHydrated(function ($component, $state, ?Role $record) use ($module) {
                            if ($record) {
                                // 获取该角色在当前模块的权限
                                $modulePermissions = $record->permissions()
                                    ->where('name', 'like', "{$module}.%")
                                    ->pluck('name')
                                    ->toArray();
                                $component->state($modulePermissions);
                            }
                        })
                        ->dehydrated(false), // 不直接保存，在下面统一处理
                ]);
        }

        return $tabs;
    }

    public static function form(Form $form): Form
    {
        return $form
            ->schema([
                Forms\Components\Section::make('基本信息')
                    ->schema([
                        Forms\Components\TextInput::make('name')
                            ->label('角色标识')
                            ->required()
                            ->unique(ignoreRecord: true)
                            ->maxLength(255)
                            ->placeholder('例如: content-manager')
                            ->helperText('角色的唯一标识符，使用小写字母和连字符')
                            ->regex('/^[a-z0-9\-]+$/')
                            ->validationMessages([
                                'regex' => '角色标识只能包含小写字母、数字和连字符',
                            ])
                            ->disabled(fn (?Role $record): bool => $record?->name === 'super-admin'),

                        Forms\Components\Select::make('guard_name')
                            ->label('守卫')
                            ->options([
                                'web' => 'Web',
                            ])
                            ->default('web')
                            ->required()
                            ->disabled(),
                    ])
                    ->columns(2),

                Forms\Components\Section::make('权限配置')
                    ->schema([
                        Forms\Components\Hidden::make('all_permissions')
                            ->afterStateHydrated(function ($component, ?Role $record) {
                                if ($record) {
                                    $component->state($record->permissions->pluck('name')->toArray());
                                }
                            })
                            ->dehydrateStateUsing(function ($state, $get) {
                                // 收集所有模块的权限
                                $allPermissions = [];
                                $modules = ['document', 'system-setting', 'activity-log', 'terminal', 'guide', 'group', 'user', 'role'];
                                
                                foreach ($modules as $module) {
                                    $modulePermissions = $get("permissions_{$module}") ?? [];
                                    $allPermissions = array_merge($allPermissions, $modulePermissions);
                                }
                                
                                return $allPermissions;
                            }),
                        Forms\Components\Tabs::make('权限分组')
                            ->tabs(self::getPermissionTabs())
                            ->columnSpanFull(),
                    ])
                    ->description('配置角色的权限，super-admin 角色拥有所有权限且不可修改'),
            ]);
    }

    public static function table(Table $table): Table
    {
        return $table
            ->columns([
                Tables\Columns\TextColumn::make('name')
                    ->label('角色标识')
                    ->searchable()
                    ->sortable()
                    ->weight('bold')
                    ->badge()
                    ->color(fn (string $state): string => match ($state) {
                        'super-admin' => 'danger',
                        'admin' => 'warning',
                        'user' => 'success',
                        default => 'gray',
                    }),

                Tables\Columns\TextColumn::make('guard_name')
                    ->label('守卫')
                    ->badge()
                    ->sortable()
                    ->toggleable(),

                Tables\Columns\TextColumn::make('permissions_count')
                    ->label('权限数量')
                    ->counts('permissions')
                    ->sortable()
                    ->alignCenter()
                    ->badge()
                    ->color('info'),

                Tables\Columns\TextColumn::make('users_count')
                    ->label('用户数量')
                    ->counts('users')
                    ->sortable()
                    ->alignCenter()
                    ->badge()
                    ->color('success'),

                Tables\Columns\IconColumn::make('is_system')
                    ->label('系统角色')
                    ->boolean()
                    ->trueIcon('heroicon-o-lock-closed')
                    ->falseIcon('heroicon-o-lock-open')
                    ->trueColor('danger')
                    ->falseColor('gray')
                    ->getStateUsing(fn (Role $record): bool => $record->name === 'super-admin')
                    ->alignCenter()
                    ->tooltip(fn (Role $record): string => 
                        $record->name === 'super-admin' 
                            ? '系统角色，不可删除' 
                            : '可以删除'
                    ),

                Tables\Columns\TextColumn::make('created_at')
                    ->label('创建时间')
                    ->dateTime('Y-m-d H:i:s')
                    ->sortable()
                    ->toggleable(isToggledHiddenByDefault: true),

                Tables\Columns\TextColumn::make('updated_at')
                    ->label('更新时间')
                    ->dateTime('Y-m-d H:i:s')
                    ->sortable()
                    ->toggleable(isToggledHiddenByDefault: true),
            ])
            ->filters([
                Tables\Filters\SelectFilter::make('guard_name')
                    ->label('守卫')
                    ->options([
                        'web' => 'Web',
                    ]),
            ])
            ->actions([
                Tables\Actions\ViewAction::make()
                    ->label('查看'),
                Tables\Actions\EditAction::make()
                    ->label('编辑')
                    ->visible(fn (Role $record): bool => $record->name !== 'super-admin'),
                Tables\Actions\DeleteAction::make()
                    ->label('删除')
                    ->visible(fn (Role $record): bool => $record->name !== 'super-admin')
                    ->before(function (Tables\Actions\DeleteAction $action, Role $record) {
                        // 检查是否有关联用户
                        if ($record->users()->count() > 0) {
                            \Filament\Notifications\Notification::make()
                                ->danger()
                                ->title('无法删除')
                                ->body("该角色还有 {$record->users()->count()} 个用户，请先移除用户的角色后再删除。")
                                ->persistent()
                                ->send();

                            $action->cancel();
                        }
                    }),
            ])
            ->bulkActions([
                Tables\Actions\BulkActionGroup::make([
                    Tables\Actions\DeleteBulkAction::make()
                        ->label('批量删除')
                        ->before(function (Tables\Actions\DeleteBulkAction $action, $records) {
                            // 检查是否包含 super-admin
                            if ($records->contains('name', 'super-admin')) {
                                \Filament\Notifications\Notification::make()
                                    ->danger()
                                    ->title('无法删除')
                                    ->body('不能删除 super-admin 角色')
                                    ->persistent()
                                    ->send();

                                $action->cancel();
                                return;
                            }

                            // 检查是否有关联用户
                            $rolesWithUsers = $records->filter(fn ($role) => $role->users()->count() > 0);
                            if ($rolesWithUsers->count() > 0) {
                                $roleNames = $rolesWithUsers->pluck('name')->join('、');
                                \Filament\Notifications\Notification::make()
                                    ->danger()
                                    ->title('无法删除')
                                    ->body("以下角色还有关联用户：{$roleNames}，请先移除用户的角色后再删除。")
                                    ->persistent()
                                    ->send();

                                $action->cancel();
                            }
                        }),
                ]),
            ])
            ->defaultSort('created_at', 'desc');
    }

    public static function getPages(): array
    {
        return [
            'index' => Pages\ListRoles::route('/'),
            'create' => Pages\CreateRole::route('/create'),
            'edit' => Pages\EditRole::route('/{record}/edit'),
            'view' => Pages\ViewRole::route('/{record}'),
        ];
    }
}