Implement RBAC (only built in roles) (#15212)

* Install bouncer

* Seeder and level migration

* Display and edit roles

* remove unused deluser page

* Update Radius and SSO to assign roles

* update AlertUtil direct level check to use roles instead

* rewrite ircbot auth handling

* Remove legacy auth getUserlist and getUserlevel methods, add getRoles
Set roles in LegacyUserProvider

* Small cleanups

* centralize role sync code
show roles on user preferences page

* VueSelect component WIP and a little docs

* WIP

* SelectControllers id and text fields.

* LibrenmsSelect component extracted from SettingSelectDynamic

* Handle multiple selections

* allow type coercion

* full width settings

* final style adjustments

* Final compiled assets update

* Style fixes

* Fix SSO tests

* Lint cleanups

* small style fix

* don't use json yet

* Update baseline for usptream package issues

* Change schema, not 100% sure it is correct
not sure why xor doesn't work

database/factories/RoleFactory.php

@@ -0,0 +1,42 @@
+<?php
+/*
+ * RoleFactory.php
+ *
+ * -Description-
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package    LibreNMS
+ * @link       http://librenms.org
+ * @copyright  2023 Tony Murray
+ * @author     Tony Murray <murraytony@gmail.com>
+ */
+
+namespace Database\Factories;
+
+use Illuminate\Database\Eloquent\Factories\Factory;
+use Silber\Bouncer\Database\Role;
+
+class RoleFactory extends Factory
+{
+    protected $model = Role::class;
+
+    public function definition()
+    {
+        return [
+            'name' => $this->faker->text(),
+            'title' => $this->faker->text(),
+        ];
+    }
+}

database/factories/UserFactory.php

@@ -2,10 +2,10 @@
 
 namespace Database\Factories;
 
-use App\Models\User;
 use Illuminate\Database\Eloquent\Factories\Factory;
+use Silber\Bouncer\BouncerFacade as Bouncer;
 
-/** @extends Factory<User> */
+/** @extends Factory<\App\Models\User> */
 class UserFactory extends Factory
 {
     /**
@@ -21,25 +21,23 @@ class UserFactory extends Factory
             'realname' => $this->faker->name(),
             'email' => $this->faker->safeEmail(),
             'password' => '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi', // password
-            'level' => 1,
         ];
     }
 
     public function admin()
     {
-        return $this->state(function () {
-            return [
-                'level' => '10',
-            ];
+        return $this->afterCreating(function ($user) {
+            Bouncer::allow('admin')->everything();
+            $user->assign('admin');
         });
     }
 
     public function read()
     {
-        return $this->state(function () {
-            return [
-                'level' => '5',
-            ];
+        return $this->afterCreating(function ($user) {
+            Bouncer::allow(Bouncer::role()->firstOrCreate(['name' => 'global-read'], ['title' => 'Global Read']))
+                ->to('viewAny', '*', []);
+            $user->assign('global-read');
         });
     }
 }