fix: permission sync was deactivating core permissions, not just module-owned ones

deactivateOrphaned() treated ALL is_system=1 permissions as module-owned.
Core seed permissions (users.view, tenants.view, etc.) are also is_system=1,
so they were incorrectly deactivated — breaking admin panel access.

Fix: scan all module manifests on disk (enabled or not) to build the set of
module-owned permission keys. Only deactivate permissions whose key appears
in that set. Core seed permissions are never touched.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-03-19 19:32:36 +01:00
parent e40cba23a1
commit 8cd21f3c8a
3 changed files with 151 additions and 66 deletions

View File

@@ -30,7 +30,8 @@ function modulePermissionsSyncRun(): int
static function (): int {
$synchronizer = new ModulePermissionSynchronizer(
app(ModuleRegistry::class),
app(PermissionRepository::class)
app(PermissionRepository::class),
moduleCliProjectRoot() . '/modules'
);
$result = $synchronizer->sync();