# Phase 1: Foundation & Role Setup ## Objective Set up the Shop Manager role, middleware, and route skeleton so all subsequent phases can plug into a clean structure. --- ## Tasks ### 1.1 Add SHOP_MANAGER to AdminRole Enum **File:** `app/Enums/AdminRole.php` Add a new case: ```php case SHOP_MANAGER = 'shop_manager'; ``` Run the Spatie permission seeder or manually create the role in DB. ### 1.2 Add `is_shop_manager` Accessor to User Model **File:** `app/Models/User.php` ```php public function getIsShopManagerAttribute(): bool { return $this->employee?->hasRole(AdminRole::SHOP_MANAGER->value) ?? false; } ``` ### 1.3 Create EnsureShopManager Middleware **File:** `app/Http/Middleware/EnsureShopManagerMiddleware.php` Logic: - Extends/reuses `EnsureEmployeeOfPlace` logic - Additionally checks that the employee has the `shop_manager` role - Returns 403 if not authorized ### 1.4 Register Route Group **File:** `routes/api.php` ```php // Shop Manager routes Route::prefix('places/{place}/shop') ->middleware(['auth:sanctum', EnsureShopManagerMiddleware::class]) ->group(function () { // Phase 2: Products // Phase 3: Carts & Customers // Phase 4: Payments // Phase 5: Invoices // Phase 6: Dashboard }); ``` ### 1.5 Create Migration for Role Seeding **File:** `database/migrations/YYYY_MM_DD_HHMMSS_add_shop_manager_role.php` ```php public function up(): void { // Create the shop_manager role via Spatie Role::findOrCreate('shop_manager', 'web'); } public function down(): void { Role::findByName('shop_manager', 'web')?->delete(); } ``` ### 1.6 Tests **File:** `tests/Feature/Controllers/ShopManager/ShopManagerAuthorizationTest.php` Test cases: - [ ] Shop manager can access `/v1/places/{place}/shop/*` routes - [ ] Regular employee without shop_manager role gets 403 - [ ] Customer user gets 403 - [ ] Coach user gets 403 - [ ] Shop manager attached to Place A cannot access Place B routes --- ## Files Created/Modified | Action | File | |---|---| | Modify | `app/Enums/AdminRole.php` | | Modify | `app/Models/User.php` | | Create | `app/Http/Middleware/EnsureShopManagerMiddleware.php` | | Modify | `routes/api.php` | | Create | `database/migrations/..._add_shop_manager_role.php` | | Create | `tests/Feature/Controllers/ShopManager/ShopManagerAuthorizationTest.php` | --- ## Acceptance Criteria - [ ] `AdminRole::SHOP_MANAGER` exists and is recognized by Spatie - [ ] Middleware blocks non-shop-manager users with 403 - [ ] Route group is accessible by authenticated shop manager employees - [ ] All tests pass - [ ] `./gitCheck.sh` passes