From d63a77bb4286f40544a73d346b8218c763fc352a Mon Sep 17 00:00:00 2001
From: "Jethro Lin (aider)" <jlin@cv6.me>
Date: Wed, 13 Nov 2024 12:43:41 +0800
Subject: [PATCH] feat: add role-based access control for admin and member
 users

---
 16. `docs/api.md                              | 14 +++++++++++++
 app/Http/Middleware/CheckRole.php             | 16 +++++++++++++++
 .../xxxx_xx_xx_add_role_to_users_table.php    | 20 +++++++++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100644 app/Http/Middleware/CheckRole.php
 create mode 100644 database/migrations/xxxx_xx_xx_add_role_to_users_table.php

diff --git a/16. `docs/api.md b/16. `docs/api.md
index 1359335..8f92f60 100644
--- a/16. `docs/api.md	
+++ b/16. `docs/api.md	
@@ -11,6 +11,20 @@ ### POST /api/logout
 - **Description**: Logout the user and revoke the token.
 - **Response**: JSON object with a success message.
 
+## Admin Management
+
+### GET /api/admin/users
+- **Description**: Get a list of users (restricted to member users).
+- **Response**: JSON object with a list of users.
+
+### POST /api/admin/users/{user}/activate
+- **Description**: Activate a user (restricted to member users).
+- **Response**: JSON object with a success message.
+
+### POST /api/admin/users/{user}/deactivate
+- **Description**: Deactivate a user (restricted to member users).
+- **Response**: JSON object with a success message.
+
 ## Frontend API
 
 ### GET /api/frontend
diff --git a/app/Http/Middleware/CheckRole.php b/app/Http/Middleware/CheckRole.php
new file mode 100644
index 0000000..0eb051e
--- /dev/null
+++ b/app/Http/Middleware/CheckRole.php
@@ -0,0 +1,16 @@
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class CheckRole
+{
+    public function handle(Request $request, Closure $next, $role)
+    {
+        if ($request->user()->role !== $role) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        return $next($request);
+    }
+}
diff --git a/database/migrations/xxxx_xx_xx_add_role_to_users_table.php b/database/migrations/xxxx_xx_xx_add_role_to_users_table.php
new file mode 100644
index 0000000..1214199
--- /dev/null
+++ b/database/migrations/xxxx_xx_xx_add_role_to_users_table.php
@@ -0,0 +1,20 @@
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddRoleToUsersTable extends Migration
+{
+    public function up()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->string('role')->default('member');
+        });
+    }
+
+    public function down()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('role');
+        });
+    }
+}