From a3556e172d2252908be807dcca08dc8f9b0b3270 Mon Sep 17 00:00:00 2001
From: Jeremy Postlethwaite <jeremy.postlethwaite@gmail.com>
Date: Sat, 10 Feb 2024 20:42:52 -0800
Subject: [PATCH] GH-7

---
 README.md      | 63 ++++++++++++++++++++++++++++++++++++++++++++------
 composer.json  |  4 ++--
 src/Issuer.php | 19 +--------------
 3 files changed, 59 insertions(+), 27 deletions(-)

diff --git a/README.md b/README.md
index 41180ad..7eeb4ce 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,12 @@ composer require gammamatrix/playground-auth
 
 **NOTE:** This package is required by [Playground: Login Blade](https://github.com/gammamatrix/playground-login-blade)
 
+## `artisan about`
+
+Playground Auth provides information in the `artisan about` command.
+
+<img src="resources/docs/artisan-about-playground-auth.png" alt="screenshot of artisan about command with Playground Auth.">
+
 
 ## Configuration
 
@@ -30,7 +36,56 @@ See the contents of the published config file: [config/playground-auth.php](conf
 
 The default configuration utitlizes:
 - Sanctum with role based abilities
-- Users may have additional abilities in the model Playground\Models\User: `users.abilities`
+- Users may have additional abilities in the [`Playground\Models\User`](https://github.com/gammamatrix/playground/blob/develop/src/Models/User.php): `users.abilities`
+- The Playground user model uses a UUID primary key along with additional fields. See the [migration for `Playground\Models\User`](https://github.com/gammamatrix/playground/blob/develop/database/migrations-playground/2014_10_12_000000_create_users_table.php)
+
+## Abilities, Privileges, Roles and Sanctum
+
+Depending on your needs, there are multiple middleware, authentication and authorization options available.
+
+Abilities may be used with wildcards at multiple levels. Optionally, these abilities may be used with [Sanctum](https://laravel.com/docs/10.x/sanctum) for API Tokens.
+
+Here is an example of the configurable abilities:
+```php
+    'abilities' => [
+        'root' => [
+            '*',
+        ],
+        'admin' => [
+            'app:*',
+            'playground:*',
+            'playground-auth:*',
+            'playground-cms:*',
+            'playground-cms-resource:*',
+            'playground-matrix:*',
+            'playground-matrix-resource:*',
+        ],
+        'manager' => [
+            'app:view',
+
+            'playground:view',
+
+            'playground-auth:logout',
+            'playground-auth:reset-password',
+// ...
+        'user' => [
+            'app:view',
+// ...
+        ],
+        // No abilities for guests:
+        'guest' => [
+            'none',
+        ],
+        // Allow abilities for guests:
+        'guest' => [
+             'app:view',
+
+             'playground:view',
+
+             'playground-auth:logout',
+             'playground-auth:reset-password',
+// ...
+```
 
 ### Environment Variables
 
@@ -106,12 +161,6 @@ composer format
 composer test
 ```
 
-## `artisan about`
-
-Playground Auth provides information in the `artisan about` command.
-
-<img src="resources/docs/artisan-about-playground-auth.png" alt="screenshot of artisan about command with Playground Auth.">
-
 ## Changelog
 
 Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.
diff --git a/composer.json b/composer.json
index 28c04cc..9326299 100644
--- a/composer.json
+++ b/composer.json
@@ -22,10 +22,10 @@
     ],
     "require": {
         "php": "^8.1",
-        "gammamatrix/playground": "dev-develop|dev-master|^73.0"
+        "gammamatrix/playground": "dev-develop|dev-master|dev-feature/*|^73.0"
     },
     "require-dev": {
-        "gammamatrix/playground-test": "dev-develop|dev-master|^73.0"
+        "gammamatrix/playground-test": "dev-develop|dev-master|dev-feature/*|^73.0"
     },
     "minimum-stability": "dev",
     "prefer-stable": true,
diff --git a/src/Issuer.php b/src/Issuer.php
index 3719299..58203ed 100644
--- a/src/Issuer.php
+++ b/src/Issuer.php
@@ -4,7 +4,7 @@
  */
 namespace Playground\Auth;
 
-use Illuminate\Foundation\Auth\User as Authenticatable;
+use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Support\Carbon;
 // use Illuminate\Support\Facades\Auth;
 use Laravel\Sanctum\Contracts\HasApiTokens;
@@ -56,19 +56,6 @@ protected function abilitiesByGroup(string $group): array
     }
 
     /**
-     * TODO This should work with any kind of authentication system. Identify what is supported.
-     *
-     * Types:
-     * - User::$priviliges
-     * - User::hasPrivilige()
-     * - User::$roles
-     * - User::hasRole() - with string or array?
-     * - User::hasRoles()
-     * - Auth::user()?->currentAccessToken()?->can('app:*')
-     * - Auth::user()?->currentAccessToken()?->can($withPrivilege.':create')
-     *
-     * @experimental Subject to change
-     *
      * @return array<int, string>
      */
     protected function abilities(Authenticatable $user): array
@@ -219,10 +206,6 @@ public function sanctum(HasApiTokens $user): array
             $expiresAt = Carbon::parse($config['expires']);
         }
 
-        // dd([
-        //     '__METHOD__' => __METHOD__,
-        //     'createToken' => $user->createToken($name, $abilities, $expiresAt)->toArray(),
-        // ]);
         $tokens[$name] = $user->createToken(
             $name,
             $this->abilities($user)