chore: adiciona middleware em rotas que nao tinham

database/seeders/PermissionSeeder.php

@@ -23,7 +23,7 @@ public function run(): void
             ],
             [
                 "scope"       => "franchisee",
-                "description" => "Franchisee",
+                "description" => "Franqueados",
                 "bits"        => Permission::MENU | Permission::VIEW,
                 "children"    => [
                     [
@@ -32,8 +32,15 @@ public function run(): void
                         "bits"        => Permission::ALL_PERMS,
                         "children"    => [],
                     ],
+                    [
+                        "scope"       => "franchisee-unit",
+                        "description" => "Unidades do Franqueado",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
                 ],
             ],
+            // Pacotes / Aulas
             [
                 "scope"       => "class-package",
                 "description" => "Pacotes (Franqueadora)",
@@ -46,6 +53,57 @@ public function run(): void
                 "bits"        => Permission::ALL_PERMS,
                 "children"    => [],
             ],
+            [
+                "scope"       => "class-package-franchisee",
+                "description" => "Pacotes (Franqueado)",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [],
+            ],
+            [
+                "scope"       => "class",
+                "description" => "Aulas",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [
+                    [
+                        "scope"       => "class-attendance",
+                        "description" => "Frequência de Aulas",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                ],
+            ],
+            [
+                "scope"       => "modality",
+                "description" => "Modalidades",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [],
+            ],
+            // Alunos
+            [
+                "scope"       => "student",
+                "description" => "Alunos",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [
+                    [
+                        "scope"       => "student-history",
+                        "description" => "Histórico de Alunos",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "student-media",
+                        "description" => "Mídias de Alunos",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "student-responsible",
+                        "description" => "Responsáveis de Alunos",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                ],
+            ],
             [
                 "scope"       => "student-contract",
                 "description" => "Contratos de Alunos",
@@ -54,10 +112,216 @@ public function run(): void
             ],
             [
                 "scope"       => "media",
-                "description" => "Mídias de Alunos",
+                "description" => "Mídias",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [],
+            ],
+            // Kanban
+            [
+                "scope"       => "kanban",
+                "description" => "Kanban",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [
+                    [
+                        "scope"       => "kanban-status",
+                        "description" => "Status do Kanban",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "kanban-movement",
+                        "description" => "Movimentos do Kanban",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                ],
+            ],
+            // Suporte
+            [
+                "scope"       => "support-ticket",
+                "description" => "Chamados de Suporte",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [
+                    [
+                        "scope"       => "support-status",
+                        "description" => "Status de Suporte",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "support-movement",
+                        "description" => "Movimentos de Suporte",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                ],
+            ],
+            // Notificações
+            [
+                "scope"       => "notification",
+                "description" => "Notificações",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [
+                    [
+                        "scope"       => "notification-recipient",
+                        "description" => "Destinatários de Notificações",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                ],
+            ],
+            // Produtos / Inventário
+            [
+                "scope"       => "product",
+                "description" => "Produtos",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [
+                    [
+                        "scope"       => "product-kit",
+                        "description" => "Kits de Produtos",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "product-movement",
+                        "description" => "Movimentação de Produtos",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "product-order",
+                        "description" => "Pedidos de Produtos",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [
+                            [
+                                "scope"       => "product-order-item",
+                                "description" => "Itens de Pedido de Produtos",
+                                "bits"        => Permission::ALL_PERMS,
+                                "children"    => [],
+                            ],
+                        ],
+                    ],
+                ],
+            ],
+            [
+                "scope"       => "franchisor-inventory",
+                "description" => "Estoque (Franqueadora)",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [],
+            ],
+            [
+                "scope"       => "franchisee-inventory",
+                "description" => "Estoque (Franqueado)",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [],
+            ],
+            // Fornecedores / Pagamentos
+            [
+                "scope"       => "supplier",
+                "description" => "Fornecedores",
                 "bits"        => Permission::ALL_PERMS,
                 "children"    => [],
             ],
+            [
+                "scope"       => "payment-method",
+                "description" => "Formas de Pagamento",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [],
+            ],
+            // Financeiro
+            [
+                "scope"       => "financial",
+                "description" => "Financeiro",
+                "bits"        => Permission::MENU | Permission::VIEW,
+                "children"    => [
+                    [
+                        "scope"       => "financial-account-payable",
+                        "description" => "Contas a Pagar",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "financial-account-receive",
+                        "description" => "Contas a Receber",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "financial-invoice",
+                        "description" => "Notas Fiscais",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "financial-plan-account",
+                        "description" => "Plano de Contas",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                ],
+            ],
+            // Tesouraria
+            [
+                "scope"       => "treasury",
+                "description" => "Tesouraria",
+                "bits"        => Permission::MENU | Permission::VIEW,
+                "children"    => [
+                    [
+                        "scope"       => "treasury-account",
+                        "description" => "Contas de Tesouraria",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "treasury-imports",
+                        "description" => "Importações de Tesouraria",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [
+                            [
+                                "scope"       => "treasury-import-line",
+                                "description" => "Linhas de Importação",
+                                "bits"        => Permission::ALL_PERMS,
+                                "children"    => [],
+                            ],
+                        ],
+                    ],
+                    [
+                        "scope"       => "treasury-launch",
+                        "description" => "Lançamentos de Tesouraria",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                ],
+            ],
+            // Integrações
+            [
+                "scope"       => "integrations",
+                "description" => "Integrações",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [
+                    [
+                        "scope"       => "integration-variable",
+                        "description" => "Variáveis de Integração",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                ],
+            ],
+            // Feriados
+            [
+                "scope"       => "holiday",
+                "description" => "Feriados",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [
+                    [
+                        "scope"       => "base-holiday",
+                        "description" => "Feriados Base",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                ],
+            ],
+            // TBR
             [
                 "scope"       => "tbr",
                 "description" => "TBR",
@@ -87,6 +351,24 @@ public function run(): void
                         "bits"        => Permission::ALL_PERMS,
                         "children"    => [],
                     ],
+                    [
+                        "scope"       => "franchisee-royalties-bracket",
+                        "description" => "Faixas de Royalties do Franqueado",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "franchisee-fnm-bracket",
+                        "description" => "Faixas de FNM do Franqueado",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "franchisee-maintenance-bracket",
+                        "description" => "Faixas de Manutenção do Franqueado",
+                        "bits"        => Permission::ALL_PERMS,
+                        "children"    => [],
+                    ],
                     [
                         "scope"       => "tbr-calculation",
                         "description" => "Cálculo de TBR",
@@ -107,6 +389,7 @@ public function run(): void
                     ],
                 ],
             ],
+            // Configurações
             [
                 "scope"       => "config",
                 "description" => "Configurações",
@@ -114,36 +397,49 @@ public function run(): void
                 "children"    => [
                     [
                         "scope"       => "config.user",
-                        "description" => "Configurações de Usuários",
+                        "description" => "Usuários",
+                        "bits"        => Permission::CRUD,
+                        "children"    => [],
+                    ],
+                    [
+                        "scope"       => "config.user-type",
+                        "description" => "Tipos de Usuário",
                         "bits"        => Permission::CRUD,
                         "children"    => [],
                     ],
                     [
                         "scope"       => "config.permission",
-                        "description" => "Configurações de Permissões",
+                        "description" => "Permissões",
                         "bits"        => Permission::CRUD,
                         "children"    => [],
                     ],
                     [
                         "scope"       => "config.city",
-                        "description" => "Configurações de Cidades",
+                        "description" => "Cidades",
                         "bits"        => Permission::CRUD,
                         "children"    => [],
                     ],
                     [
                         "scope"       => "config.country",
-                        "description" => "Configurações de Países",
+                        "description" => "Países",
                         "bits"        => Permission::CRUD,
                         "children"    => [],
                     ],
                     [
                         "scope"       => "config.state",
-                        "description" => "Configurações de Estados",
+                        "description" => "Estados",
                         "bits"        => Permission::CRUD,
                         "children"    => [],
                     ],
                 ],
             ],
+            // Unidade — escopos adicionais usados em subrotas de unit
+            [
+                "scope"       => "unit-user",
+                "description" => "Usuários da Unidade",
+                "bits"        => Permission::ALL_PERMS,
+                "children"    => [],
+            ],
         ];
 
         $this->createPermissionsAndChildren(permissions: $permissions);
@@ -151,9 +447,6 @@ public function run(): void
 
     /**
      * Recursively creates or updates permissions and handles nesting.
-     *
-     * @param array $permissions The array of permission data.
-     * @param Permission|null $parent The parent Permission object (for nested sets).
      */
     private function createPermissionsAndChildren(
         array $permissions,

database/seeders/UserTypePermissionSeeder.php

@@ -21,10 +21,99 @@ public function run(): void
                     foreach ($allPermissions as $scope => $perm) {
                         $dataToSync[] = [
                             'scope' => $scope,
-                            'bits'  => $perm->bits
+                            'bits'  => $perm->bits,
                         ];
                     }
                     break;
+
+                case UserTypeEnum::ADMIN_FRANCHISEE:
+                    $dataToSync = [
+                        // Dashboard
+                        ['scope' => 'dashboard',                        'bits' => Permission::VIEW | Permission::MENU],
+
+                        // Franqueado — visualiza o próprio, gerencia suas unidades
+                        ['scope' => 'franchisee',                       'bits' => Permission::VIEW | Permission::MENU],
+                        ['scope' => 'unit',                             'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'franchisee-unit',                  'bits' => Permission::VIEW],
+
+                        // Pacotes — visualiza os disponibilizados pela franqueadora
+                        ['scope' => 'class-package',                    'bits' => Permission::VIEW | Permission::MENU],
+                        ['scope' => 'class-package-unit',               'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'class-package-franchisee',         'bits' => Permission::VIEW],
+
+                        // Aulas
+                        ['scope' => 'class',                            'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'class-attendance',                 'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'modality',                         'bits' => Permission::VIEW],
+
+                        // Alunos
+                        ['scope' => 'student',                          'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'student-contract',                 'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'student-history',                  'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'student-media',                    'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'student-responsible',              'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'media',                            'bits' => Permission::ALL_PERMS],
+
+                        // Kanban
+                        ['scope' => 'kanban',                           'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'kanban-status',                    'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'kanban-movement',                  'bits' => Permission::ALL_PERMS],
+
+                        // Suporte
+                        ['scope' => 'support-ticket',                   'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'support-movement',                 'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'support-status',                   'bits' => Permission::VIEW],
+
+                        // Notificações
+                        ['scope' => 'notification',                     'bits' => Permission::VIEW],
+
+                        // Produtos / Estoque
+                        ['scope' => 'product',                          'bits' => Permission::VIEW],
+                        ['scope' => 'product-kit',                      'bits' => Permission::VIEW],
+                        ['scope' => 'product-order',                    'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'product-order-item',               'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'franchisee-inventory',             'bits' => Permission::ALL_PERMS],
+
+                        // Financeiro (gestão da unidade)
+                        ['scope' => 'financial',                        'bits' => Permission::VIEW | Permission::MENU],
+                        ['scope' => 'financial-account-payable',        'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'financial-account-receive',        'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'financial-invoice',                'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'financial-plan-account',           'bits' => Permission::VIEW],
+
+                        // Tesouraria
+                        ['scope' => 'treasury',                         'bits' => Permission::VIEW | Permission::MENU],
+                        ['scope' => 'treasury-account',                 'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'treasury-imports',                 'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'treasury-import-line',             'bits' => Permission::ALL_PERMS],
+                        ['scope' => 'treasury-launch',                  'bits' => Permission::ALL_PERMS],
+
+                        // Formas de pagamento e fornecedores (só visualiza)
+                        ['scope' => 'payment-method',                   'bits' => Permission::VIEW],
+                        ['scope' => 'supplier',                         'bits' => Permission::VIEW],
+
+                        // TBR — apenas visualiza o que diz respeito ao franqueado
+                        ['scope' => 'franchisee-tbr',                   'bits' => Permission::VIEW],
+                        ['scope' => 'franchisee-royalties-bracket',     'bits' => Permission::VIEW],
+                        ['scope' => 'franchisee-fnm-bracket',           'bits' => Permission::VIEW],
+                        ['scope' => 'franchisee-maintenance-bracket',   'bits' => Permission::VIEW],
+                        ['scope' => 'inhabitant-classification',        'bits' => Permission::VIEW],
+                        ['scope' => 'unit-inhabitant-classification',   'bits' => Permission::ALL_PERMS],
+
+                        // Usuários da unidade
+                        ['scope' => 'unit-user',                        'bits' => Permission::ALL_PERMS],
+
+                        // Feriados (visualiza)
+                        ['scope' => 'holiday',                          'bits' => Permission::VIEW],
+
+                        // Configurações básicas (apenas leitura de endereço)
+                        ['scope' => 'config.city',                      'bits' => Permission::VIEW],
+                        ['scope' => 'config.country',                   'bits' => Permission::VIEW],
+                        ['scope' => 'config.state',                     'bits' => Permission::VIEW],
+                        ['scope' => 'config.user',                      'bits' => Permission::VIEW | Permission::EDIT],
+                    ];
+                    break;
+
                 case UserTypeEnum::USER:
                     $dataToSync = [
                         ['scope' => 'dashboard',                        'bits' => Permission::VIEW],
@@ -43,12 +132,14 @@ public function run(): void
                         ['scope' => 'media',                            'bits' => Permission::ALL_PERMS],
                     ];
                     break;
+
                 case UserTypeEnum::GUEST:
                     $dataToSync = [
                         ['scope' => 'config.user', 'bits' => Permission::VIEW],
                     ];
                     break;
             }
+
             if (!empty($dataToSync)) {
                 $this->seedUserTypePermissions($dataToSync, $userType->value, $allPermissions);
             }
@@ -67,7 +158,7 @@ private function seedUserTypePermissions(array $permissionDataList, string $user
                         'permission_id' => $permissionModel->id,
                     ],
                     [
-                        'bits' => $data['bits']
+                        'bits' => $data['bits'],
                     ]
                 );
             }

routes/authRoutes/base_holiday.php

@@ -4,13 +4,13 @@
 use Illuminate\Support\Facades\Route;
 
 Route::controller(BaseHolidayController::class)->prefix('base-holiday')->group(function () {
-    Route::get('/', 'index');
+    Route::get('/', 'index')->middleware('permission:base-holiday,view');
 
-    Route::post('/', 'store');
+    Route::post('/', 'store')->middleware('permission:base-holiday,add');
 
-    Route::get('/{id}', 'show');
+    Route::get('/{id}', 'show')->middleware('permission:base-holiday,view');
 
-    Route::put('/{id}', 'update');
+    Route::put('/{id}', 'update')->middleware('permission:base-holiday,edit');
 
-    Route::delete('/{id}', 'destroy');
+    Route::delete('/{id}', 'destroy')->middleware('permission:base-holiday,delete');
 });

routes/authRoutes/class_package.php

@@ -4,10 +4,10 @@
 use App\Http\Controllers\ClassPackageController;
 
 Route::controller(ClassPackageController::class)->prefix('class-package')->group(function () {
-    Route::get('/', 'index');
-    Route::get('/by-unit', 'byUnit');
-    Route::post('/', 'store');
-    Route::get('/{id}', 'show');
-    Route::put('/{id}', 'update');
-    Route::delete('/{id}', 'destroy');
+    Route::get('/', 'index')->middleware('permission:class-package,view');
+    Route::get('/by-unit', 'byUnit')->middleware('permission:class-package,view');
+    Route::post('/', 'store')->middleware('permission:class-package,add');
+    Route::get('/{id}', 'show')->middleware('permission:class-package,view');
+    Route::put('/{id}', 'update')->middleware('permission:class-package,edit');
+    Route::delete('/{id}', 'destroy')->middleware('permission:class-package,delete');
 });

routes/authRoutes/class_package_unit.php

@@ -4,11 +4,11 @@
 use App\Http\Controllers\ClassPackageUnitController;
 
 Route::controller(ClassPackageUnitController::class)->prefix('class-package-unit')->group(function () {
-    Route::get('/', 'index');
-    Route::get('/visible', 'byUnit');
-    Route::post('/', 'store');
-    Route::get('/{id}', 'show');
-    Route::put('/{id}', 'update');
-    Route::patch('/{id}/toggle-visibility', 'toggleVisibility');
-    Route::delete('/{id}', 'destroy');
+    Route::get('/', 'index')->middleware('permission:class-package-unit,view');
+    Route::get('/visible', 'byUnit')->middleware('permission:class-package-unit,view');
+    Route::post('/', 'store')->middleware('permission:class-package-unit,add');
+    Route::get('/{id}', 'show')->middleware('permission:class-package-unit,view');
+    Route::put('/{id}', 'update')->middleware('permission:class-package-unit,edit');
+    Route::patch('/{id}/toggle-visibility', 'toggleVisibility')->middleware('permission:class-package-unit,edit');
+    Route::delete('/{id}', 'destroy')->middleware('permission:class-package-unit,delete');
 });

routes/authRoutes/holiday.php

@@ -4,13 +4,13 @@
 use App\Http\Controllers\HolidayController;
 
 Route::controller(HolidayController::class)->prefix('holiday')->group(function () {
-    Route::get('/', 'index');
+    Route::get('/', 'index')->middleware('permission:holiday,view');
 
-    Route::post('/', 'store');
+    Route::post('/', 'store')->middleware('permission:holiday,add');
 
-    Route::get('/{id}', 'show');
+    Route::get('/{id}', 'show')->middleware('permission:holiday,view');
 
-    Route::put('/{id}', 'update');
+    Route::put('/{id}', 'update')->middleware('permission:holiday,edit');
 
-    Route::delete('/{id}', 'destroy');
+    Route::delete('/{id}', 'destroy')->middleware('permission:holiday,delete');
 });

routes/authRoutes/inhabitant_classification.php

@@ -4,15 +4,15 @@
 use App\Http\Controllers\InhabitantClassificationController;
 
 Route::controller(InhabitantClassificationController::class)->prefix('inhabitant-classification')->group(function () {
-    Route::get('/all/select', 'selectList');
+    Route::get('/all/select', 'selectList')->middleware('permission:inhabitant-classification,view');
 
-    Route::get('/', 'index');
+    Route::get('/', 'index')->middleware('permission:inhabitant-classification,view');
 
-    Route::post('/', 'store');
+    Route::post('/', 'store')->middleware('permission:inhabitant-classification,add');
 
-    Route::get('/{id}', 'show');
+    Route::get('/{id}', 'show')->middleware('permission:inhabitant-classification,view');
 
-    Route::put('/{id}', 'update');
+    Route::put('/{id}', 'update')->middleware('permission:inhabitant-classification,edit');
 
-    Route::delete('/{id}', 'destroy');
+    Route::delete('/{id}', 'destroy')->middleware('permission:inhabitant-classification,delete');
 });

routes/authRoutes/media.php

@@ -4,13 +4,13 @@
 use App\Http\Controllers\MediaController;
 
 Route::controller(MediaController::class)->prefix('media')->group(function () {
-    Route::get('/', 'index');
+    Route::get('/', 'index')->middleware('permission:media,view');
 
-    Route::post('/', 'store');
+    Route::post('/', 'store')->middleware('permission:media,add');
 
-    Route::get('/{id}', 'show');
+    Route::get('/{id}', 'show')->middleware('permission:media,view');
 
-    Route::put('/{id}', 'update');
+    Route::put('/{id}', 'update')->middleware('permission:media,edit');
 
-    Route::delete('/{id}', 'destroy');
+    Route::delete('/{id}', 'destroy')->middleware('permission:media,delete');
 });

routes/authRoutes/student.php

@@ -4,17 +4,17 @@
 use App\Http\Controllers\StudentController;
 
 Route::controller(StudentController::class)->prefix('student')->group(function () {
-    Route::get('/franchisor/summary', 'franchisorSummary');
-    Route::get('/franchisor/active', 'franchisorActive');
-    Route::get('/franchisor/{id}', 'franchisorStudentDetail');
+    Route::get('/franchisor/summary', 'franchisorSummary')->middleware('permission:student,view');
+    Route::get('/franchisor/active', 'franchisorActive')->middleware('permission:student,view');
+    Route::get('/franchisor/{id}', 'franchisorStudentDetail')->middleware('permission:student,view');
 
-    Route::get('/', 'index');
+    Route::get('/', 'index')->middleware('permission:student,view');
 
-    Route::post('/', 'store');
+    Route::post('/', 'store')->middleware('permission:student,add');
 
-    Route::get('/{id}', 'show');
+    Route::get('/{id}', 'show')->middleware('permission:student,view');
 
-    Route::put('/{id}', 'update');
+    Route::put('/{id}', 'update')->middleware('permission:student,edit');
 
-    Route::delete('/{id}', 'destroy');
+    Route::delete('/{id}', 'destroy')->middleware('permission:student,delete');
 });

routes/authRoutes/student_contract.php

@@ -4,25 +4,25 @@
 use App\Http\Controllers\StudentContractController;
 
 Route::controller(StudentContractController::class)->prefix('student-contract')->group(function () {
-    Route::get('/franchisor/summary', 'franchisorSummary');
-    Route::get('/franchisor/frozen', 'franchisorFrozen');
-    Route::get('/franchisor/cancelled', 'franchisorCancelled');
+    Route::get('/franchisor/summary', 'franchisorSummary')->middleware('permission:student-contract,view');
+    Route::get('/franchisor/frozen', 'franchisorFrozen')->middleware('permission:student-contract,view');
+    Route::get('/franchisor/cancelled', 'franchisorCancelled')->middleware('permission:student-contract,view');
 
-    Route::get('/', 'index');
+    Route::get('/', 'index')->middleware('permission:student-contract,view');
 
-    Route::post('/', 'store');
+    Route::post('/', 'store')->middleware('permission:student-contract,add');
 
-    Route::get('/{id}', 'show');
+    Route::get('/{id}', 'show')->middleware('permission:student-contract,view');
 
-    Route::put('/{id}', 'update');
+    Route::put('/{id}', 'update')->middleware('permission:student-contract,edit');
 
-    Route::post('/{id}/file', 'attachFile');
+    Route::post('/{id}/file', 'attachFile')->middleware('permission:student-contract,edit');
 
-    Route::post('/{id}/freeze', 'freeze');
+    Route::post('/{id}/freeze', 'freeze')->middleware('permission:student-contract,edit');
 
-    Route::post('/{id}/cancel', 'cancel');
+    Route::post('/{id}/cancel', 'cancel')->middleware('permission:student-contract,edit');
 
-    Route::post('/{id}/reactivate', 'reactivate');
+    Route::post('/{id}/reactivate', 'reactivate')->middleware('permission:student-contract,edit');
 
-    Route::delete('/{id}', 'destroy');
+    Route::delete('/{id}', 'destroy')->middleware('permission:student-contract,delete');
 });

routes/authRoutes/student_media.php

@@ -4,11 +4,11 @@
 use App\Http\Controllers\StudentMediaController;
 
 Route::controller(StudentMediaController::class)->prefix('student-media')->group(function () {
-    Route::get('/', 'index');
+    Route::get('/', 'index')->middleware('permission:student-media,view');
 
-    Route::post('/', 'store');
+    Route::post('/', 'store')->middleware('permission:student-media,add');
 
-    Route::put('/{id}', 'update');
+    Route::put('/{id}', 'update')->middleware('permission:student-media,edit');
 
-    Route::delete('/{id}', 'destroy');
+    Route::delete('/{id}', 'destroy')->middleware('permission:student-media,delete');
 });

routes/authRoutes/student_responsible.php

@@ -4,11 +4,11 @@
 use App\Http\Controllers\StudentResponsibleController;
 
 Route::controller(StudentResponsibleController::class)->group(function () {
-    Route::get('/student/{studentId}/responsible', 'getByStudent');
+    Route::get('/student/{studentId}/responsible', 'getByStudent')->middleware('permission:student-responsible,view');
 
-    Route::post('/student-responsible', 'store');
+    Route::post('/student-responsible', 'store')->middleware('permission:student-responsible,add');
 
-    Route::put('/student-responsible/{id}', 'update');
+    Route::put('/student-responsible/{id}', 'update')->middleware('permission:student-responsible,edit');
 
-    Route::delete('/student-responsible/{id}', 'destroy');
+    Route::delete('/student-responsible/{id}', 'destroy')->middleware('permission:student-responsible,delete');
 });

routes/authRoutes/user.php

@@ -4,17 +4,17 @@
 use App\Http\Controllers\UserController;
 
 Route::controller(UserController::class)->prefix('user')->group(function () {
+    // Rotas do próprio usuário autenticado — sem restrição de permissão específica
     Route::get('/current/auth', 'authUser');
-
     Route::put('/me', 'updateMe');
 
-    Route::get('/unit', 'indexByUnit');
-    Route::get('/all/types', 'getUserTypes');
+    Route::get('/unit', 'indexByUnit')->middleware('permission:config.user,view');
+    Route::get('/all/types', 'getUserTypes')->middleware('permission:config.user,view');
 
-    Route::get('/', 'index');
-    Route::post('/', 'store');
+    Route::get('/', 'index')->middleware('permission:config.user,view');
+    Route::post('/', 'store')->middleware('permission:config.user,add');
 
-    Route::get('/{id}', 'show');
-    Route::put('/{id}', 'update');
-    Route::delete('/{id}', 'destroy');
+    Route::get('/{id}', 'show')->middleware('permission:config.user,view');
+    Route::put('/{id}', 'update')->middleware('permission:config.user,edit');
+    Route::delete('/{id}', 'destroy')->middleware('permission:config.user,delete');
 });

routes/authRoutes/user_type.php

@@ -4,7 +4,7 @@
 use App\Http\Controllers\UserTypeController;
 
 Route::controller(UserTypeController::class)->prefix('user-type')->group(function () {
-    Route::get('/', 'index');
-    Route::post('/', 'store');
-    Route::delete('/{id}', 'destroy');
+    Route::get('/', 'index')->middleware('permission:config.user-type,view');
+    Route::post('/', 'store')->middleware('permission:config.user-type,add');
+    Route::delete('/{id}', 'destroy')->middleware('permission:config.user-type,delete');
 });