Cleaned up access views.

Added ability to give roles 'all' permissions.
Administrator has all permissions by default and is unchangeable.
Removed administrator_forced flag in access config.
Updated read me.

app/Repositories/Backend/Role/EloquentRoleRepository.php

@@ -56,20 +56,29 @@ public function getAllRoles($order_by = 'id', $sort = 'asc', $withPermissions =
 	 * @throws GeneralException
 	 */
 	public function create($input, $permissions) {
-		if (Role::where('name', '=', $input['name'])->first())
+		if (Role::where('name', $input['name'])->first())
 			throw new GeneralException('That role already exists. Please choose a different name.');
 
-		//See if the role must contain a permission as per config
-		if (config('access.roles.role_must_contain_permission') && count($permissions['role_permissions']) == 0)
-			throw new GeneralException('You must select at least one permission for this role.');
+		//See if the role has all access
+		$all = $input['associated-permissions'] == "all" ? true : false;
+
+		//This config is only required if all is false
+		if (! $all)
+			//See if the role must contain a permission as per config
+			if (config('access.roles.role_must_contain_permission') && count($permissions['role_permissions']) == 0)
+				throw new GeneralException('You must select at least one permission for this role.');
 
 		$role = new Role;
 		$role->name = $input['name'];
 
+		//See if this role has all permissions and set the flag on the role
+		$role->all = $all;
+
 		if ($role->save()) {
-			//Attach permissions
-			if (count($permissions['role_permissions']) > 0)
-				$role->attachPermissions($permissions['role_permissions']);
+			if (! $all)
+				//Attach permissions if the role does not have all access
+				if (count($permissions['role_permissions']) > 0)
+					$role->attachPermissions($permissions['role_permissions']);
 
 			return true;
 		}
@@ -87,18 +96,31 @@ public function create($input, $permissions) {
 	public function update($id, $input, $permissions) {
 		$role = $this->findOrThrowException($id);
 
-		//Validate
-		if (strlen($input['name']) == 0)
-			throw new GeneralException('You must specify the role name.');
+		//See if the role has all access, administrator always has all access
+		if ($role->id == 1)
+			$all = true;
+		else
+			$all = $input['associated-permissions'] == "all" ? true : false;
 
-		//See if the role must contain a permission as per config
-		if (config('access.roles.role_must_contain_permission') && count($permissions['role_permissions']) == 0)
-			throw new GeneralException('You must select at least one permission for this role.');
+		//This config is only required if all is false
+		if (! $all)
+			//See if the role must contain a permission as per config
+			if (config('access.roles.role_must_contain_permission') && count($permissions['role_permissions']) == 0)
+				throw new GeneralException('You must select at least one permission for this role.');
 
 		$role->name = $input['name'];
 
+		//See if this role has all permissions and set the flag on the role
+		$role->all = $all;
+
 		if ($role->save()) {
-			$role->savePermissions($permissions['role_permissions']);
+			//If role has all access detach all permissions because theyre not needed
+			if ($all)
+				$role->permissions()->sync([]);
+			else
+				//Attach permissions if the role does not have all access
+				$role->savePermissions($permissions['role_permissions']);
+
 			return true;
 		}
 

app/Services/Access/Traits/UserHasRole.php

@@ -94,6 +94,10 @@ public function hasRoles($roles, $needsAll) {
 	public function can($nameorId)
 	{
 		foreach ($this->roles as $role) {
+			//See if role has all permissions
+			if ($role->all)
+				return true;
+
 			// Validate against the Permission table
 			foreach ($role->permissions as $perm) {
 

config/access.php

@@ -71,13 +71,7 @@
 		/*
 		 * Whether a role must contain a permission or can be used standalone
 		 */
-		'role_must_contain_permission' => true,
-
-		/*
-		 * Whether or not the administrator role must possess every permission
-		 * Works in unison with permissions.permission_must_contain_role
-		 */
-		'administrator_forced' => false,
+		'role_must_contain_permission' => false
 	],
 
 	/*

database/migrations/2015_04_30_170442_setup_access_tables.php

@@ -20,6 +20,7 @@ public function up()
 		Schema::create(config('access.roles_table'), function ($table) {
 			$table->increments('id')->unsigned();
 			$table->string('name')->unique();
+			$table->boolean('all')->default(false);
 			$table->timestamps();
 		});
 

database/seeds/Access/PermissionTableSeeder.php

@@ -22,6 +22,8 @@ public function run() {
 			DB::statement("TRUNCATE TABLE ".config('access.permission_user_table')." CASCADE");
 		}
 
+		//Don't need to assign any permissions to administrator because the all flag is set to true
+
 		$permission_model = config('access.permission');
 		$viewBackend = new $permission_model;
 		$viewBackend->name = 'view_backend';
@@ -31,34 +33,6 @@ public function run() {
 		$viewBackend->updated_at = Carbon::now();
 		$viewBackend->save();
 
-		//Find the first role (admin) give it all permissions
-		$role_model = config('access.role');
-		$role_model = new $role_model;
-		$admin = $role_model::first();
-		$admin->permissions()->sync(
-			[
-				$viewBackend->id,
-			]
-		);
-
-		$permission_model = config('access.permission');
-		$userOnlyPermission = new $permission_model;
-		$userOnlyPermission->name = 'user_only_permission';
-		$userOnlyPermission->display_name = 'Test User Only Permission';
-		$userOnlyPermission->system = false;
-		$userOnlyPermission->created_at = Carbon::now();
-		$userOnlyPermission->updated_at = Carbon::now();
-		$userOnlyPermission->save();
-
-		$user_model = config('auth.model');
-		$user_model = new $user_model;
-		$user = $user_model::find(2);
-		$user->permissions()->sync(
-			[
-				$userOnlyPermission->id,
-			]
-		);
-
 		if(env('DB_DRIVER') == 'mysql')
 			DB::statement('SET FOREIGN_KEY_CHECKS=1;');
 	}

database/seeds/Access/RoleTableSeeder.php

@@ -20,6 +20,7 @@ public function run() {
 		$role_model = config('access.role');
 		$admin = new $role_model;
 		$admin->name = 'Administrator';
+		$admin->all = true;
 		$admin->created_at = Carbon::now();
 		$admin->updated_at = Carbon::now();
 		$admin->save();