Merge pull request #146 from wri/fix/TM-833-new-framework

[TM-833] Allow creation of new frameworks without breaking existing API access.

app/Console/Commands/Migration/RolesMigrationCommand.php

@@ -52,7 +52,7 @@ public function handle()
 
         if (Role::where('name', 'admin-super')->count() === 0) {
             $role = Role::create(['name' => 'admin-super']);
-            $role->givePermissionTo(['framework-terrafund', 'framework-ppc', 'custom-forms-manage', 'users-manage', 'monitoring-manage', 'reports-manage']);
+            $role->givePermissionTo(['framework-terrafund', 'framework-ppc', 'framework-terrafund-enterprises', 'custom-forms-manage', 'users-manage', 'monitoring-manage', 'reports-manage']);
         }
 
         if (Role::where('name', 'admin-ppc')->count() === 0) {
@@ -62,14 +62,19 @@ public function handle()
 
         if (Role::where('name', 'admin-terrafund')->count() === 0) {
             $role = Role::create(['name' => 'admin-terrafund']);
-            $role->givePermissionTo(['framework-terrafund', 'custom-forms-manage', 'users-manage', 'monitoring-manage', 'reports-manage']);
+            $role->givePermissionTo(['framework-terrafund', 'framework-terrafund-enterprises', 'custom-forms-manage', 'users-manage', 'monitoring-manage', 'reports-manage']);
         }
 
         if (Role::where('name', 'project-developer')->count() === 0) {
             $role = Role::create(['name' => 'project-developer']);
             $role->givePermissionTo(['manage-own']);
         }
 
+        if (Role::where('name', 'greenhouse-service-account')->count() === 0) {
+            $role = Role::create(['name' => 'greenhouse-service-account']);
+            $role->givePermissionTo(['projects-read', 'polygons-manage', 'media-manage']);
+        }
+
         User::whereIn('role', ['user','admin', 'terrafund-admin'])->get()
             ->each(function (User $user) {
                 if ($user->primary_role == null) {

app/Http/Controllers/Traits/IsAdminIndex.php

@@ -33,7 +33,7 @@ protected function isolateAuthorizedFrameworks(QueryBuilder $query, string $tabl
             $query->where(function ($query) use ($tableName, $frameworkNames, $user) {
                 foreach ($frameworkNames as $framework) {
                     $frameworkPermission = 'framework-' . $framework;
-                    if ($user->hasPermissionTo($frameworkPermission)) {
+                    if ($user->can($frameworkPermission)) {
                         $query->orWhere("$tableName.framework_key", $framework);
                     }
                 }

app/Http/Controllers/V2/UpdateRequests/AdminIndexUpdateRequestsController.php

@@ -59,7 +59,7 @@ public function __invoke(Request $request): UpdateRequestsCollection
             $query->where(function ($query) use ($frameworkNames, $user) {
                 foreach ($frameworkNames as $framework) {
                     $frameworkPermission = 'framework-' . $framework;
-                    if ($user->hasPermissionTo($frameworkPermission)) {
+                    if ($user->can($frameworkPermission)) {
                         $query->orWhere('framework_key', $framework);
                     }
                 }

config/wri/permissions.php

@@ -3,6 +3,7 @@
 return [
     'framework-ppc' => 'Framework PPC',
     'framework-terrafund' => 'Framework Terrafund',
+    'framework-terrafund-enterprises' => 'Framework Terrafund Enterprises',
     'custom-forms-manage' => 'Manage custom forms',
     'users-manage' => 'Manage users',
     'monitoring-manage' => 'Manage monitoring',