[FEAT] 優化部署流程：加入 RoleSeeder 與 AdminUserSeeder，並實作權限系統基礎架構與多租戶隔離機制

app/Models/System/User.php

@@ -8,9 +8,11 @@ use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Laravel\Sanctum\HasApiTokens;
 
+use Spatie\Permission\Traits\HasRoles;
+
 class User extends Authenticatable
 {
-    use HasApiTokens, HasFactory, Notifiable;
+    use HasApiTokens, HasFactory, Notifiable, HasRoles;
 
     /**
      * The attributes that are mass assignable.
@@ -18,6 +20,7 @@ class User extends Authenticatable
      * @var array<int, string>
      */
     protected $fillable = [
+        'company_id',
         'username',
         'name',
         'email',
@@ -25,6 +28,7 @@ class User extends Authenticatable
         'phone',
         'avatar',
         'role',
+        'status',
     ];
 
     /**
@@ -56,14 +60,26 @@ class User extends Authenticatable
     }
 
     /**
-     * Get the user's avatar URL.
+     * Get the company that owns the user.
      */
-    public function getAvatarUrlAttribute(): string
+    public function company()
     {
-        if ($this->avatar) {
-            return asset('storage/' . $this->avatar);
-        }
+        return $this->belongsTo(Company::class);
+    }
 
-        return "https://ui-avatars.com/api/?name=" . urlencode($this->name) . "&background=0D8ABC&color=fff";
+    /**
+     * Check if the user is a system administrator.
+     */
+    public function isSystemAdmin(): bool
+    {
+        return is_null($this->company_id);
+    }
+
+    /**
+     * Check if the user belongs to a tenant.
+     */
+    public function isTenant(): bool
+    {
+        return !is_null($this->company_id);
     }
 }