KnowledgeBase/app/Policies/UserPolicy.php

<?php

namespace App\Policies;

use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class UserPolicy
{
    use HandlesAuthorization;

    /**
     * 查看用户列表
     */
    public function viewAny(User $user): bool
    {
        return $user->can('user.view');
    }

    /**
     * 查看单个用户
     */
    public function view(User $user, User $model): bool
    {
        return $user->can('user.view');
    }

    /**
     * 创建用户
     */
    public function create(User $user): bool
    {
        return $user->can('user.create');
    }

    /**
     * 更新用户
     */
    public function update(User $user, User $model): bool
    {
        // 超级管理员只能由超级管理员编辑
        if ($model->isSuperAdmin() && !$user->isSuperAdmin()) {
            return false;
        }
        
        return $user->can('user.update');
    }

    /**
     * 删除用户
     */
    public function delete(User $user, User $model): bool
    {
        // 不能删除超级管理员
        if ($model->isSuperAdmin()) {
            return false;
        }
        
        // 不能删除自己
        if ($user->id === $model->id) {
            return false;
        }
        
        return $user->can('user.delete');
    }

    /**
     * 批量删除用户
     */
    public function deleteAny(User $user): bool
    {
        return $user->can('user.delete');
    }
}