Implemented user roles

PavlosIsaris · PavlosIsaris · commit 8b30ffcad674 · 2026-02-26T12:09:00.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -41,3 +41,5 @@ gitleaks
 
 # Gitleaks licence
 LICENSE
+
+user_stories.md
diff --git a/app/Enums/RolesEnum.php b/app/Enums/RolesEnum.php
@@ -5,18 +5,18 @@
 namespace App\Enums;
 
 enum RolesEnum: string {
-    case ADMINISTRATOR = 'admin';
+    case ADMIN = 'admin';
 
-    case USER_MANAGER = 'user-manager';
+    case ANNOTATION_MANAGER = 'annotation-manager';
 
-    case REGISTERED_USER = 'registered-user';
+    case ANNOTATOR = 'annotator';
 
     // extra helper to allow for greater customization of displayed values, without disclosing the name/value data directly
     public function label(): string {
         return match ($this) {
-            self::ADMINISTRATOR => 'Administrator',
-            self::USER_MANAGER => 'User Manager',
-            self::REGISTERED_USER => 'Registered User',
+            self::ADMIN => 'Admin',
+            self::ANNOTATION_MANAGER => 'Annotation Manager',
+            self::ANNOTATOR => 'Annotator',
         };
     }
 }
diff --git a/app/Http/Controllers/DashboardController.php b/app/Http/Controllers/DashboardController.php
@@ -21,7 +21,7 @@ public function index(): Response|RedirectResponse {
         /** @var User $user */
         $user = Auth::user();
 
-        if ($user->hasRole(RolesEnum::REGISTERED_USER->value)) {
+        if ($user->hasRole(RolesEnum::ANNOTATOR->value)) {
             return Inertia::render('dashboard-simple');
         }
 
diff --git a/app/Http/Resources/UserInfoResource.php b/app/Http/Resources/UserInfoResource.php
@@ -29,7 +29,7 @@ private function resolvePermissions(): array {
 
         $permissions = [];
 
-        if ($user->hasRole([RolesEnum::ADMINISTRATOR->value, RolesEnum::USER_MANAGER->value])) {
+        if ($user->hasRole([RolesEnum::ADMIN->value, RolesEnum::ANNOTATION_MANAGER->value])) {
             $permissions['dashboard'] = true;
         }
 
diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
@@ -23,12 +23,12 @@ public function create(User $user): bool {
 
     public function update(User $user, User $model): bool {
         // Admin can update anyone
-        if ($user->hasRole(RolesEnum::ADMINISTRATOR->value)) {
+        if ($user->hasRole(RolesEnum::ADMIN->value)) {
             return true;
         }
 
-        // User managers can't update admins
-        if ($model->hasRole(RolesEnum::ADMINISTRATOR->value)) {
+        // Annotation managers can't update admins
+        if ($model->hasRole(RolesEnum::ADMIN->value)) {
             return false;
         }
 
@@ -37,12 +37,12 @@ public function update(User $user, User $model): bool {
 
     public function delete(User $user, User $model): bool {
         // Admin can delete anyone
-        if ($user->hasRole(RolesEnum::ADMINISTRATOR->value)) {
+        if ($user->hasRole(RolesEnum::ADMIN->value)) {
             return true;
         }
 
-        // User managers can't delete admins
-        if ($model->hasRole(RolesEnum::ADMINISTRATOR->value)) {
+        // Annotation managers can't delete admins
+        if ($model->hasRole(RolesEnum::ADMIN->value)) {
             return false;
         }
 
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -41,7 +41,7 @@ public function boot(): void {
         // Implicitly grant "Super Admin" role all permissions
         // This works in the app by using gate-related functions like auth()->user->can() and @can()
         // NOSONAR
-        Gate::before(fn ($user, $ability): ?true => $user->hasRole(RolesEnum::ADMINISTRATOR) ? true : null);
+        Gate::before(fn ($user, $ability): ?true => $user->hasRole(RolesEnum::ADMIN) ? true : null);
 
         // Uncomment the following line to enable strict mode for Eloquent models
         /**
diff --git a/app/Services/User/UserService.php b/app/Services/User/UserService.php
@@ -13,7 +13,7 @@ class UserService {
      * @param  array<string, mixed>  $data
      */
     public function create(array $data): User {
-        $role = $data['role'] ?? RolesEnum::REGISTERED_USER->value;
+        $role = $data['role'] ?? RolesEnum::ANNOTATOR->value;
         unset($data['role']);
 
         $user = User::query()->create($data);
@@ -77,18 +77,15 @@ public function getUsers(
      * @phpstan-return Collection<int, array{name: string, label: string}>
      */
     public function getRolesForForm(): Collection {
-        $roles = collect(RolesEnum::cases());
         /** @var User $user */
         $user = auth()->user();
 
-        // If user is not admin, further filter available roles
-        if (! $user->hasRole(RolesEnum::ADMINISTRATOR->value)) {
-            $roles = $roles->filter(
-                fn (RolesEnum $rolesEnum): bool => $rolesEnum->value === RolesEnum::USER_MANAGER->value
-            );
-        }
+        // Annotation managers can assign annotators and other annotation managers, but not admins
+        $cases = $user->hasRole(RolesEnum::ADMIN->value)
+            ? RolesEnum::cases()
+            : [RolesEnum::ANNOTATION_MANAGER, RolesEnum::ANNOTATOR];
 
-        return $roles->map(fn (RolesEnum $rolesEnum): array => [
+        return collect($cases)->map(fn (RolesEnum $rolesEnum): array => [
             'name' => $rolesEnum->value,
             'label' => 'roles.' . $rolesEnum->value,
         ])->values();
diff --git a/database/seeders/RolesAndPermissionsSeeder.php b/database/seeders/RolesAndPermissionsSeeder.php
@@ -31,26 +31,24 @@ public function run(): void {
         $permissions = collect(PermissionsEnum::cases())
             ->map(fn ($permission) => Permission::query()->firstOrCreate(['name' => $permission->value]));
 
-        // Create roles and assign permissions
-        // Role::query()->upsert(['name' => RolesEnum::ADMINISTRATOR->value, 'guard_name' => 'web'], uniqueBy: 'name', update: ['name']);
-
         // create roles using RolesEnum
-        $admin_role = Role::query()->firstOrCreate(['name' => RolesEnum::ADMINISTRATOR->value, 'guard_name' => 'web']);
-        $user_manager_role = Role::query()->firstOrCreate(['name' => RolesEnum::USER_MANAGER->value, 'guard_name' => 'web']);
-        Role::query()->firstOrCreate(['name' => RolesEnum::REGISTERED_USER->value, 'guard_name' => 'web']);
+        $adminRole = Role::query()->firstOrCreate(['name' => RolesEnum::ADMIN->value, 'guard_name' => 'web']);
+        $annotationManagerRole = Role::query()->firstOrCreate(['name' => RolesEnum::ANNOTATION_MANAGER->value, 'guard_name' => 'web']);
+        Role::query()->firstOrCreate(['name' => RolesEnum::ANNOTATOR->value, 'guard_name' => 'web']);
+
         // flush cache after creating roles and permissions
         app()->make(PermissionRegistrar::class)->forgetCachedPermissions();
 
-        // assign permissions to roles
-        $user_manager_role->givePermissionTo([
+        // Annotation managers can manage users
+        $annotationManagerRole->givePermissionTo([
             PermissionsEnum::VIEW_USERS->value,
             PermissionsEnum::CREATE_USERS->value,
             PermissionsEnum::UPDATE_USERS->value,
             PermissionsEnum::DELETE_USERS->value,
             PermissionsEnum::RESTORE_USERS->value,
         ]);
 
-        $admin_role->givePermissionTo(Permission::all());
-        $admin_role->givePermissionTo($permissions);
+        // Admin gets all permissions
+        $adminRole->givePermissionTo($permissions);
     }
 }
diff --git a/database/seeders/UsersSeeder.php b/database/seeders/UsersSeeder.php
@@ -21,20 +21,20 @@ public function run(): void {
             'name' => 'Admin User',
             'password' => Hash::make($password),
         ]);
-        $admin->assignRole(RolesEnum::ADMINISTRATOR->value);
+        $admin->syncRoles([RolesEnum::ADMIN->value]);
 
-        // Create or update the user manager
-        $userManager = User::query()->updateOrCreate(['email' => 'user_manager@scify.org'], [
-            'name' => 'User Manager',
+        // Create or update the annotation manager
+        $annotationManager = User::query()->updateOrCreate(['email' => 'annotation_manager@scify.org'], [
+            'name' => 'Annotation Manager',
             'password' => Hash::make($password),
         ]);
-        $userManager->assignRole(RolesEnum::USER_MANAGER->value);
+        $annotationManager->syncRoles([RolesEnum::ANNOTATION_MANAGER->value]);
 
-        // Create or update the registered user
-        $registeredUser = User::query()->updateOrCreate(['email' => 'registered_user@scify.org'], [
-            'name' => 'Registered User',
+        // Create or update the annotator
+        $annotator = User::query()->updateOrCreate(['email' => 'annotator@scify.org'], [
+            'name' => 'Annotator User',
             'password' => Hash::make($password),
         ]);
-        $registeredUser->assignRole(RolesEnum::REGISTERED_USER->value);
+        $annotator->syncRoles([RolesEnum::ANNOTATOR->value]);
     }
 }
diff --git a/lang/el/roles.php b/lang/el/roles.php
@@ -4,6 +4,6 @@
 
 return [
     'admin' => 'Διαχειριστής',
-    'user-manager' => 'Διαχειριστής Χρηστών',
-    'registered-user' => 'Εγγεγραμένος Χρήστης',
+    'annotation-manager' => 'Υπεύθυνος Επισημείωσης',
+    'annotator' => 'Επισημειωτής',
 ];
diff --git a/lang/en/roles.php b/lang/en/roles.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 return [
-    'admin' => 'Administrator',
-    'user-manager' => 'User Manager',
-    'registered-user' => 'Registered User',
+    'admin' => 'Admin',
+    'annotation-manager' => 'Annotation Manager',
+    'annotator' => 'Annotator',
 ];
diff --git a/resources/js/pages/__tests__/dashboard.test.tsx b/resources/js/pages/__tests__/dashboard.test.tsx
@@ -43,8 +43,8 @@ const mockStats = {
 		deleted: 10,
 		by_role: {
 			admin: 5,
-			'user-manager': 15,
-			'registered-user': 80,
+			'annotation-manager': 15,
+			annotator: 80,
 		},
 		recent: {
 			week: 5,
@@ -57,7 +57,7 @@ const mockStats = {
 			name: 'Test User',
 			email: 'test@example.com',
 			created_at: '2025-04-01T00:00:00.000Z',
-			role: RolesEnum.ADMINISTRATOR,
+			role: RolesEnum.ADMIN,
 		},
 	],
 };
@@ -92,10 +92,10 @@ describe('Dashboard Component', () => {
 		expect(screen.getByText('roles.admin')).toBeInTheDocument();
 		expect(screen.getByText('5 dashboard.users')).toBeInTheDocument();
 
-		expect(screen.getByText('roles.user-manager')).toBeInTheDocument();
+		expect(screen.getByText('roles.annotation-manager')).toBeInTheDocument();
 		expect(screen.getByText('15 dashboard.users')).toBeInTheDocument();
 
-		expect(screen.getByText('roles.registered-user')).toBeInTheDocument();
+		expect(screen.getByText('roles.annotator')).toBeInTheDocument();
 		expect(screen.getByText('80 dashboard.users')).toBeInTheDocument();
 	});
 
diff --git a/resources/js/pages/dashboard.tsx b/resources/js/pages/dashboard.tsx
@@ -14,8 +14,8 @@ interface DashboardProps {
 
 const ROLE_COLORS = {
 	admin: 'bg-blue-500',
-	'user-manager': 'bg-green-500',
-	'registered-user': 'bg-neutral-500',
+	'annotation-manager': 'bg-green-500',
+	annotator: 'bg-neutral-500',
 } as const satisfies Record<RolesEnum, string>;
 
 interface DashboardStats {
diff --git a/resources/js/types/index.ts b/resources/js/types/index.ts
@@ -72,7 +72,7 @@ export type PageProps<T extends Record<string, unknown> = Record<string, unknown
 };
 
 export enum RolesEnum {
-	ADMINISTRATOR = 'admin',
-	USER_MANAGER = 'user-manager',
-	REGISTERED_USER = 'registered-user',
+	ADMIN = 'admin',
+	ANNOTATION_MANAGER = 'annotation-manager',
+	ANNOTATOR = 'annotator',
 }
diff --git a/tests/Feature/Api/V1/UserControllerTest.php b/tests/Feature/Api/V1/UserControllerTest.php
@@ -43,7 +43,7 @@
     it('grants dashboard permission to admins', function (): void {
         // Arrange
         $user = User::factory()->create(['name' => 'Admin User'])
-            ->assignRole(RolesEnum::ADMINISTRATOR->value);
+            ->assignRole(RolesEnum::ADMIN->value);
 
         // Act
         $response = $this->actingAs($user)->getJson('/api/v1/user/info');
@@ -53,7 +53,7 @@
             ->assertJson([
                 'user' => [
                     'name' => 'Admin User',
-                    'role' => RolesEnum::ADMINISTRATOR->value,
+                    'role' => RolesEnum::ADMIN->value,
                 ],
                 'permissions' => ['dashboard' => true],
             ]);
@@ -62,7 +62,7 @@
     it('grants dashboard permission to user managers', function (): void {
         // Arrange
         $user = User::factory()->create(['name' => 'Manager User'])
-            ->assignRole(RolesEnum::USER_MANAGER->value);
+            ->assignRole(RolesEnum::ANNOTATION_MANAGER->value);
 
         // Act
         $response = $this->actingAs($user)->getJson('/api/v1/user/info');
@@ -72,7 +72,7 @@
             ->assertJson([
                 'user' => [
                     'name' => 'Manager User',
-                    'role' => RolesEnum::USER_MANAGER->value,
+                    'role' => RolesEnum::ANNOTATION_MANAGER->value,
                 ],
                 'permissions' => ['dashboard' => true],
             ]);
@@ -81,7 +81,7 @@
     it('denies dashboard permission to regular users', function (): void {
         // Arrange
         $user = User::factory()->create(['name' => 'Regular User'])
-            ->assignRole(RolesEnum::REGISTERED_USER->value);
+            ->assignRole(RolesEnum::ANNOTATOR->value);
 
         // Act
         $response = $this->actingAs($user)->getJson('/api/v1/user/info');
@@ -91,7 +91,7 @@
             ->assertJson([
                 'user' => [
                     'name' => 'Regular User',
-                    'role' => RolesEnum::REGISTERED_USER->value,
+                    'role' => RolesEnum::ANNOTATOR->value,
                 ],
             ])
             ->assertJsonPath('permissions', []);
diff --git a/tests/Feature/Auth/AuthenticationTest.php b/tests/Feature/Auth/AuthenticationTest.php
@@ -24,7 +24,7 @@
 });
 
 test('users can authenticate using the login screen', function (): void {
-    $user = User::factory()->create()->assignRole(RolesEnum::REGISTERED_USER->value);
+    $user = User::factory()->create()->assignRole(RolesEnum::ANNOTATOR->value);
 
     // First get the login page to obtain CSRF token
     $this->get($this->loginRoute);
diff --git a/tests/Feature/DashboardTest.php b/tests/Feature/DashboardTest.php
@@ -6,32 +6,45 @@
 use App\Models\User;
 use Database\Seeders\RolesAndPermissionsSeeder;
 
-beforeEach(function (): void {
-    $this->seed(RolesAndPermissionsSeeder::class);
-});
-
-test('guests are redirected to the login page', function (): void {
-    $this->get('/dashboard')->assertRedirect('/login');
-});
-
-test('admin users can visit the dashboard', function (): void {
-    $user = User::factory()->create([
-        'email' => 'admin@example.com',
-        'name' => 'Admin User',
-    ])->assignRole(RolesEnum::ADMINISTRATOR->value);
-
-    $this->actingAs($user);
-
-    $this->get('/dashboard')->assertOk();
-});
-
-test('registered users are redirected to the dashboard page', function (): void {
-    $user = User::factory()->create([
-        'email' => 'user@example.com',
-        'name' => 'Regular User',
-    ])->assignRole(RolesEnum::REGISTERED_USER->value);
-
-    $this->actingAs($user);
-
-    $this->get('/dashboard')->assertOk();
+describe('DashboardController', function (): void {
+    beforeEach(function (): void {
+        $this->seed(RolesAndPermissionsSeeder::class);
+    });
+
+    it('redirects guests to the login page', function (): void {
+        $this->get('/dashboard')->assertRedirect('/login');
+    });
+
+    it('renders the full dashboard for admins', function (): void {
+        // Arrange
+        $user = User::factory()->create()->assignRole(RolesEnum::ADMIN->value);
+
+        // Act & Assert
+        $this->actingAs($user)
+            ->get('/dashboard')
+            ->assertOk()
+            ->assertInertia(fn ($page) => $page->component('dashboard'));
+    });
+
+    it('renders the full dashboard for annotation managers', function (): void {
+        // Arrange
+        $user = User::factory()->create()->assignRole(RolesEnum::ANNOTATION_MANAGER->value);
+
+        // Act & Assert
+        $this->actingAs($user)
+            ->get('/dashboard')
+            ->assertOk()
+            ->assertInertia(fn ($page) => $page->component('dashboard'));
+    });
+
+    it('renders the simple dashboard for annotators', function (): void {
+        // Arrange
+        $user = User::factory()->create()->assignRole(RolesEnum::ANNOTATOR->value);
+
+        // Act & Assert
+        $this->actingAs($user)
+            ->get('/dashboard')
+            ->assertOk()
+            ->assertInertia(fn ($page) => $page->component('dashboard-simple'));
+    });
 });
diff --git a/tests/Feature/Http/Controllers/UserControllerTest.php b/tests/Feature/Http/Controllers/UserControllerTest.php
diff --git a/tests/Feature/Settings/PasswordUpdateTest.php b/tests/Feature/Settings/PasswordUpdateTest.php

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ public function index(): Response\|RedirectResponse {`
`21`	`21`	`/** @var User $user */`
`22`	`22`	`$user = Auth::user();`
`23`	`23`
`24`		`- if ($user->hasRole(RolesEnum::REGISTERED_USER->value)) {`
	`24`	`+ if ($user->hasRole(RolesEnum::ANNOTATOR->value)) {`
`25`	`25`	`return Inertia::render('dashboard-simple');`
`26`	`26`	`}`
`27`	`27`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ private function resolvePermissions(): array {`
`29`	`29`
`30`	`30`	`$permissions = [];`
`31`	`31`
`32`		`- if ($user->hasRole([RolesEnum::ADMINISTRATOR->value, RolesEnum::USER_MANAGER->value])) {`
	`32`	`+ if ($user->hasRole([RolesEnum::ADMIN->value, RolesEnum::ANNOTATION_MANAGER->value])) {`
`33`	`33`	`$permissions['dashboard'] = true;`
`34`	`34`	`}`
`35`	`35`