From f3b2c3e01840e1cc2e92a7cbb24777654a7441b1 Mon Sep 17 00:00:00 2001
From: sky121113 <sky121113@gmail.com>
Date: Mon, 30 Mar 2026 15:30:46 +0800
Subject: [PATCH] =?UTF-8?q?[FIX]=20=E9=81=B7=E7=A7=BB=E6=A9=9F=E5=8F=B0?=
 =?UTF-8?q?=E6=8E=88=E6=AC=8A=E7=82=BA=E7=8D=A8=E7=AB=8B=E6=A8=A1=E7=B5=84?=
 =?UTF-8?q?=EF=BC=9A=E4=BF=AE=E5=BE=A9=E8=AE=8A=E6=95=B8=E5=91=BD=E5=90=8D?=
 =?UTF-8?q?=E3=80=81=E8=A3=9C=E9=BD=8A=E5=A4=9A=E8=AA=9E=E7=B3=BB=E4=B8=A6?=
 =?UTF-8?q?=E5=BC=B7=E5=8C=96=E5=A4=9A=E7=A7=9F=E6=88=B6=E6=95=B8=E6=93=9A?=
 =?UTF-8?q?=E9=9A=94=E9=9B=A2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../MachineSettingController.php              |  75 +----
 .../Machine/MachinePermissionController.php   | 115 +++++++
 .../Admin/PermissionController.php            |  20 +-
 app/Models/System/User.php                    |   2 +
 ..._30_144031_add_is_admin_to_roles_table.php |  36 +++
 ...5939_move_is_admin_from_roles_to_users.php |  57 ++++
 ...x_user_is_admin_flag_for_deleted_users.php |  48 +++
 database/seeders/RoleSeeder.php               |   2 +
 lang/en.json                                  |   5 +-
 lang/ja.json                                  |   5 +-
 lang/zh_TW.json                               |   7 +-
 .../basic-settings/machines/index.blade.php   | 255 +---------------
 .../admin/machines/permissions.blade.php      | 285 ++++++++++++++++++
 .../admin/permission/roles-edit.blade.php     |   2 +-
 .../layouts/partials/sidebar-menu.blade.php   |   7 +
 routes/web.php                                |   9 +-
 16 files changed, 592 insertions(+), 338 deletions(-)
 create mode 100644 app/Http/Controllers/Admin/Machine/MachinePermissionController.php
 create mode 100644 database/migrations/2026_03_30_144031_add_is_admin_to_roles_table.php
 create mode 100644 database/migrations/2026_03_30_145939_move_is_admin_from_roles_to_users.php
 create mode 100644 database/migrations/2026_03_30_150252_fix_user_is_admin_flag_for_deleted_users.php
 create mode 100644 resources/views/admin/machines/permissions.blade.php

diff --git a/app/Http/Controllers/Admin/BasicSettings/MachineSettingController.php b/app/Http/Controllers/Admin/BasicSettings/MachineSettingController.php
index 7275938..36b2403 100644
--- a/app/Http/Controllers/Admin/BasicSettings/MachineSettingController.php
+++ b/app/Http/Controllers/Admin/BasicSettings/MachineSettingController.php
@@ -14,7 +14,6 @@ use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Str;
 
 use Illuminate\Support\Facades\Log;
-use App\Models\System\User;
 
 class MachineSettingController extends AdminController
 {
@@ -46,18 +45,8 @@ class MachineSettingController extends AdminController
         }
         $models_list = $modelQuery->latest()->paginate($per_page)->withQueryString();
 
-        // 3. 處理使用者清單 (Accounts Tab - 授權帳號)
-        $userQuery = User::query()->with('machines')->whereNotNull('company_id'); // 僅列出租戶帳號以供分配
-        if ($tab === 'accounts' && $search) {
-            $userQuery->where(function ($q) use ($search) {
-                $q->where('name', 'like', "%{$search}%")
-                  ->orWhere('username', 'like', "%{$search}%")
-                  ->orWhere('email', 'like', "%{$search}%");
-            });
-        }
-        $users_list = $userQuery->latest()->paginate($per_page)->withQueryString();
 
-        // 4. 基礎下拉資料 (用於新增/編輯機台的彈窗)
+        // 3. 基礎下拉資料 (用於新增/編輯機台的彈窗)
         $models = MachineModel::select('id', 'name')->get();
         $paymentConfigs = PaymentConfig::select('id', 'name')->get();
         $companies = \App\Models\System\Company::select('id', 'name', 'code')->get();
@@ -65,7 +54,6 @@ class MachineSettingController extends AdminController
         return view('admin.basic-settings.machines.index', compact(
             'machines', 
             'models_list', 
-            'users_list',
             'models', 
             'paymentConfigs', 
             'companies',
@@ -222,66 +210,5 @@ class MachineSettingController extends AdminController
         ]);
     }
 
-    /**
-     * AJAX: 取得特定帳號的機台分配狀態 (從 MachineController 遷移)
-     */
-    public function getAccountMachines(User $user): \Illuminate\Http\JsonResponse
-    {
-        $currentUser = auth()->user();
 
-        // 安全檢查：只能操作自己公司的帳號（除非是系統管理員）
-        if (!$currentUser->isSystemAdmin() && $user->company_id !== $currentUser->company_id) {
-            return response()->json(['error' => 'Unauthorized'], 403);
-        }
-
-        // 取得該使用者所屬公司之所有機台
-        $machines = Machine::where('company_id', $user->company_id)
-            ->get(['id', 'name', 'serial_no']);
-            
-        $assignedIds = $user->machines()->pluck('machines.id')->toArray();
-
-        return response()->json([
-            'user' => $user,
-            'machines' => $machines,
-            'assigned_ids' => $assignedIds
-        ]);
-    }
-
-    /**
-     * AJAX: 儲存特定帳號的機台分配 (從 MachineController 遷移)
-     */
-    public function syncAccountMachines(Request $request, User $user): \Illuminate\Http\JsonResponse
-    {
-        $currentUser = auth()->user();
-
-        // 安全檢查
-        if (!$currentUser->isSystemAdmin() && $user->company_id !== $currentUser->company_id) {
-            return response()->json(['error' => 'Unauthorized'], 403);
-        }
-
-        $request->validate([
-            'machine_ids' => 'nullable|array',
-            'machine_ids.*' => 'exists:machines,id'
-        ]);
-
-        // 加固驗證：確保所有機台 ID 都屬於該使用者的公司
-        if ($request->has('machine_ids')) {
-            $machineIds = array_unique($request->machine_ids);
-            $validCount = Machine::where('company_id', $user->company_id)
-                ->whereIn('id', $machineIds)
-                ->count();
-            
-            if ($validCount !== count($machineIds)) {
-                return response()->json(['error' => 'Invalid machine IDs provided.'], 422);
-            }
-        }
-
-        $user->machines()->sync($request->machine_ids ?? []);
-
-        return response()->json([
-            'success' => true, 
-            'message' => __('Permissions updated successfully'),
-            'assigned_machines' => $user->machines()->select('machines.id', 'machines.name', 'machines.serial_no')->get()
-        ]);
-    }
 }
diff --git a/app/Http/Controllers/Admin/Machine/MachinePermissionController.php b/app/Http/Controllers/Admin/Machine/MachinePermissionController.php
new file mode 100644
index 0000000..7a75699
--- /dev/null
+++ b/app/Http/Controllers/Admin/Machine/MachinePermissionController.php
@@ -0,0 +1,115 @@
+<?php
+
+namespace App\Http\Controllers\Admin\Machine;
+
+use App\Http\Controllers\Admin\AdminController;
+use App\Models\Machine\Machine;
+use App\Models\System\User;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Log;
+
+class MachinePermissionController extends AdminController
+{
+    /**
+     * 顯示機台權限管理列表
+     */
+    public function index(Request $request): View
+    {
+        $per_page = $request->input('per_page', 10);
+        $search = $request->input('search');
+
+        $currentUser = auth()->user();
+
+        // 僅列出租戶中具有「is_admin」標記的角色帳號以供分配
+        $userQuery = User::query()
+            ->with(['machines' => function($query) {
+                $query->withoutGlobalScope('machine_access')
+                      ->select('machines.id', 'machines.name', 'machines.serial_no');
+            }])
+            ->whereNotNull('company_id');
+
+        // 非系統管理員僅能看到同公司的帳號 (因 User Model 排除 TenantScoped 全域過濾，需手動注入)
+        if (!$currentUser->isSystemAdmin()) {
+            $userQuery->where('company_id', $currentUser->company_id);
+        }
+
+        if ($search) {
+            $userQuery->where(function ($q) use ($search) {
+                $q->where('name', 'like', "%{$search}%")
+                  ->orWhere('username', 'like', "%{$search}%")
+                  ->orWhere('email', 'like', "%{$search}%");
+            });
+        }
+
+        $users_list = $userQuery->latest()->paginate($per_page)->withQueryString();
+
+        return view('admin.machines.permissions', compact('users_list'));
+    }
+
+    /**
+     * AJAX: 取得特定帳號的機台分配狀態
+     */
+    public function getAccountMachines(User $user): JsonResponse
+    {
+        $currentUser = auth()->user();
+
+        // 安全檢查：只能操作自己公司的帳號（除非是系統管理員）
+        if (!$currentUser->isSystemAdmin() && $user->company_id !== $currentUser->company_id) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        // 取得該使用者所屬公司之所有機台 (忽略個別帳號的 machine_access 限制，以公司為單位顯示)
+        $machines = Machine::withoutGlobalScope('machine_access')
+            ->where('company_id', $user->company_id)
+            ->get(['id', 'name', 'serial_no']);
+            
+        $assignedIds = $user->machines()->pluck('machines.id')->toArray();
+
+        return response()->json([
+            'user' => $user,
+            'machines' => $machines,
+            'assigned_ids' => $assignedIds
+        ]);
+    }
+
+    /**
+     * AJAX: 儲存特定帳號的機台分配
+     */
+    public function syncAccountMachines(Request $request, User $user): JsonResponse
+    {
+        $currentUser = auth()->user();
+
+        // 安全檢查
+        if (!$currentUser->isSystemAdmin() && $user->company_id !== $currentUser->company_id) {
+            return response()->json(['error' => 'Unauthorized'], 403);
+        }
+
+        $request->validate([
+            'machine_ids' => 'nullable|array',
+            'machine_ids.*' => 'exists:machines,id'
+        ]);
+
+        // 加固驗證：確保所有機台 ID 都屬於該使用者的公司 (使用 withoutGlobalScope 避免管理員自身權限影響驗證邏輯)
+        if ($request->has('machine_ids')) {
+            $machineIds = array_unique($request->machine_ids);
+            $validCount = Machine::withoutGlobalScope('machine_access')
+                ->where('company_id', $user->company_id)
+                ->whereIn('id', $machineIds)
+                ->count();
+            
+            if ($validCount !== count($machineIds)) {
+                return response()->json(['error' => 'Invalid machine IDs provided.'], 422);
+            }
+        }
+
+        $user->machines()->sync($request->machine_ids ?? []);
+
+        return response()->json([
+            'success' => true, 
+            'message' => __('Permissions updated successfully'),
+            'assigned_machines' => $user->machines()->select('machines.id', 'machines.name', 'machines.serial_no')->get()
+        ]);
+    }
+}
diff --git a/app/Http/Controllers/Admin/PermissionController.php b/app/Http/Controllers/Admin/PermissionController.php
index ce5e0f6..7463914 100644
--- a/app/Http/Controllers/Admin/PermissionController.php
+++ b/app/Http/Controllers/Admin/PermissionController.php
@@ -195,11 +195,13 @@ class PermissionController extends Controller
 
         $is_system = auth()->user()->isSystemAdmin() ? $request->boolean('is_system') : $role->is_system;
 
-        $role->update([
+        $updateData = [
             'name' => $validated['name'],
             'is_system' => $is_system,
             'company_id' => $is_system ? null : $role->company_id,
-        ]);
+        ];
+
+        $role->update($updateData);
 
         $perms = $validated['permissions'] ?? [];
 
@@ -363,6 +365,7 @@ class PermissionController extends Controller
             'status' => $validated['status'],
             'company_id' => $company_id,
             'phone' => $validated['phone'] ?? null,
+            'is_admin' => (auth()->user()->isSystemAdmin() && !empty($validated['company_id'])),
         ]);
 
         $user->assignRole($role);
@@ -430,6 +433,18 @@ class PermissionController extends Controller
             'phone' => $validated['phone'] ?? null,
         ];
 
+        // 只有系統管理員在編輯租戶帳號時，且該帳號原本不是管理員，才可能觸發標記（視需求而定）
+        // 這裡我們維持 storeAccount 的邏輯：如果是系統管理員幫公司「開站」或「首配」，才自動標記
+        // 為求嚴謹，我們檢查該公司是否已經有 is_admin，如果沒有，當前這個人可以是第一個
+        if (auth()->user()->isSystemAdmin() && !empty($validated['company_id']) && !$user->is_admin) {
+            $hasAdmin = \App\Models\System\User::where('company_id', $validated['company_id'])
+                ->where('is_admin', true)
+                ->exists();
+            if (!$hasAdmin) {
+                $updateData['is_admin'] = true;
+            }
+        }
+
         if (auth()->user()->isSystemAdmin()) {
             // 防止超級管理員不小心把自己綁定到租客公司或降級
             if ($user->id === auth()->id()) {
@@ -459,6 +474,7 @@ class PermissionController extends Controller
                     'guard_name' => 'web',
                     'company_id' => $target_company_id,
                     'is_system' => false,
+                    'is_admin' => true,
                 ]);
                 $newRole->syncPermissions($roleObj->getPermissionNames());
                 $roleObj = $newRole;
diff --git a/app/Models/System/User.php b/app/Models/System/User.php
index 26ac998..7c0fac3 100644
--- a/app/Models/System/User.php
+++ b/app/Models/System/User.php
@@ -31,6 +31,7 @@ class User extends Authenticatable
         'avatar',
         'role',
         'status',
+        'is_admin',
     ];
 
     /**
@@ -51,6 +52,7 @@ class User extends Authenticatable
     protected $casts = [
         'email_verified_at' => 'datetime',
         'password' => 'hashed',
+        'is_admin' => 'boolean',
     ];
 
     /**
diff --git a/database/migrations/2026_03_30_144031_add_is_admin_to_roles_table.php b/database/migrations/2026_03_30_144031_add_is_admin_to_roles_table.php
new file mode 100644
index 0000000..0d7213e
--- /dev/null
+++ b/database/migrations/2026_03_30_144031_add_is_admin_to_roles_table.php
@@ -0,0 +1,36 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Support\Facades\DB;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('roles', function (Blueprint $table) {
+            $table->boolean('is_admin')->default(false)->after('is_system');
+        });
+
+        // 資料遷移：將所有租戶中名稱為「管理員」的角色標示為 is_admin = true
+        // 這樣既有的授權篩選才不會斷掉
+        DB::table('roles')
+            ->whereNotNull('company_id')
+            ->where('name', '管理員')
+            ->update(['is_admin' => true]);
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('roles', function (Blueprint $table) {
+            $table->dropColumn('is_admin');
+        });
+    }
+};
diff --git a/database/migrations/2026_03_30_145939_move_is_admin_from_roles_to_users.php b/database/migrations/2026_03_30_145939_move_is_admin_from_roles_to_users.php
new file mode 100644
index 0000000..01ff242
--- /dev/null
+++ b/database/migrations/2026_03_30_145939_move_is_admin_from_roles_to_users.php
@@ -0,0 +1,57 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Support\Facades\DB;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        // 1. 從 roles 移除 is_admin
+        if (Schema::hasColumn('roles', 'is_admin')) {
+            Schema::table('roles', function (Blueprint $table) {
+                $table->dropColumn('is_admin');
+            });
+        }
+
+        // 2. 在 users 新增 is_admin
+        Schema::table('users', function (Blueprint $table) {
+            $table->boolean('is_admin')->default(false)->after('status');
+        });
+
+        // 3. 資料遷移：針對現有租戶，將每一家公司最先建立的帳號（或是目前名稱為管理員角色的人）標記為 is_admin = true
+        // 取得所有租戶公司 ID
+        $companyIds = DB::table('companies')->pluck('id');
+
+        foreach ($companyIds as $companyId) {
+            // 優先找該公司 ID 最小的 user (通常是第一個建立的)
+            $userId = DB::table('users')
+                ->where('company_id', $companyId)
+                ->orderBy('id', 'asc')
+                ->value('id');
+
+            if ($userId) {
+                DB::table('users')->where('id', $userId)->update(['is_admin' => true]);
+            }
+        }
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('is_admin');
+        });
+
+        Schema::table('roles', function (Blueprint $table) {
+            $table->boolean('is_admin')->default(false)->after('is_system');
+        });
+    }
+};
diff --git a/database/migrations/2026_03_30_150252_fix_user_is_admin_flag_for_deleted_users.php b/database/migrations/2026_03_30_150252_fix_user_is_admin_flag_for_deleted_users.php
new file mode 100644
index 0000000..f24d4e3
--- /dev/null
+++ b/database/migrations/2026_03_30_150252_fix_user_is_admin_flag_for_deleted_users.php
@@ -0,0 +1,48 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Support\Facades\DB;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        // 1. 先將所有已刪除帳號的 is_admin 全部歸零，確保不會標記在「看不到的人」身上
+        DB::table('users')->whereNotNull('deleted_at')->update(['is_admin' => false]);
+
+        // 2. 針對每一家公司，重新撈取「目前還存活 (deleted_at is null)」的最早建立帳號
+        $companyIds = DB::table('companies')->pluck('id');
+
+        foreach ($companyIds as $companyId) {
+            // 找該公司中，目前 ID 最小且「尚未被刪除」的 User
+            $userId = DB::table('users')
+                ->where('company_id', $companyId)
+                ->whereNull('deleted_at')
+                ->orderBy('id', 'asc')
+                ->value('id');
+
+            if ($userId) {
+                // 將該帳號設為管理員，並確保該公司其它生存帳號如果是 true 的先清掉 (一對一標記)
+                DB::table('users')
+                    ->where('company_id', $companyId)
+                    ->where('id', '!=', $userId)
+                    ->update(['is_admin' => false]);
+
+                DB::table('users')->where('id', $userId)->update(['is_admin' => true]);
+            }
+        }
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        // 基本上這是資料修正，回復也不太有意義
+    }
+};
diff --git a/database/seeders/RoleSeeder.php b/database/seeders/RoleSeeder.php
index 89d7239..363d985 100644
--- a/database/seeders/RoleSeeder.php
+++ b/database/seeders/RoleSeeder.php
@@ -22,6 +22,7 @@ class RoleSeeder extends Seeder
             'menu.members',
             'menu.machines',
             'menu.machines.list',
+            'menu.machines.permissions',
             'menu.machines.utilization',
             'menu.machines.maintenance',
             'menu.app',
@@ -68,6 +69,7 @@ class RoleSeeder extends Seeder
             'menu.members',
             'menu.machines',
             'menu.machines.list',
+            'menu.machines.permissions',
             'menu.machines.utilization',
             'menu.machines.maintenance',
             'menu.app',
diff --git a/lang/en.json b/lang/en.json
index 4fec5b7..775ed05 100644
--- a/lang/en.json
+++ b/lang/en.json
@@ -324,6 +324,7 @@
     "Machine Model Settings": "Machine Model Settings",
     "Machine Name": "Machine Name",
     "Machine Permissions": "Machine Permissions",
+    "Manage machine access permissions": "Manage machine access permissions",
     "Machine Registry": "Machine Registry",
     "Machine Reports": "Machine Reports",
     "Machine Restart": "Machine Restart",
@@ -762,6 +763,7 @@
     "menu.machines": "Machine Management",
     "menu.machines.list": "Machine List",
     "menu.machines.maintenance": "Maintenance Records",
+    "menu.machines.permissions": "Machine Permissions",
     "menu.machines.utilization": "Utilization Rate",
     "menu.members": "Member Management",
     "menu.permission": "Permission Settings",
@@ -796,5 +798,6 @@
     "Authorize Btn": "Authorize",
     "Authorization updated successfully": "Authorization updated successfully",
     "Authorized Status": "Authorized",
-    "Unauthorized Status": "Unauthorized"
+    "Unauthorized Status": "Unauthorized",
+    "This is a system administrator role. Its name is locked to ensure system stability.": "This is a system administrator role. Its name is locked to ensure system stability."
 }
\ No newline at end of file
diff --git a/lang/ja.json b/lang/ja.json
index ca2e0c0..b1d6a61 100644
--- a/lang/ja.json
+++ b/lang/ja.json
@@ -320,6 +320,7 @@
     "Machine Model Settings": "機台型號設定",
     "Machine Name": "機台名",
     "Machine Permissions": "機台権限",
+    "Manage machine access permissions": "機台アクセス權限の管理",
     "Machine Registry": "機台登録",
     "Machine Reports": "機台レポート",
     "Machine Restart": "機台再起動",
@@ -764,6 +765,7 @@
     "menu.machines": "機台管理",
     "menu.machines.list": "機台リスト",
     "menu.machines.maintenance": "メンテナンス記録",
+    "menu.machines.permissions": "機台権限",
     "menu.machines.utilization": "稼働率",
     "menu.members": "会員管理",
     "menu.permission": "權限設定",
@@ -799,5 +801,6 @@
     "Authorized Machines Management": "認定機台管理",
     "Authorization updated successfully": "認証が更新されました",
     "Authorized Status": "認可済み",
-    "Unauthorized Status": "未認可"
+    "Unauthorized Status": "未認可",
+    "This is a system administrator role. Its name is locked to ensure system stability.": "これはシステム管理者ロールです。システムの安定性を確保するため、名称は固定されています。"
 }
\ No newline at end of file
diff --git a/lang/zh_TW.json b/lang/zh_TW.json
index 7041710..8f3aa72 100644
--- a/lang/zh_TW.json
+++ b/lang/zh_TW.json
@@ -331,7 +331,8 @@
     "Machine Model": "機台型號",
     "Machine Model Settings": "機台型號設定",
     "Machine Name": "機台名稱",
-    "Machine Permissions": "授權機台",
+    "Machine Permissions": "機台權限",
+    "Manage machine access permissions": "管理機台存取權限",
     "Machine Registry": "機台清冊",
     "Machine Reports": "機台報表",
     "Machine Restart": "機台重啟",
@@ -787,6 +788,7 @@
     "menu.machines": "機台管理",
     "menu.machines.list": "機台列表",
     "menu.machines.maintenance": "維修管理單",
+    "menu.machines.permissions": "機台權限",
     "menu.machines.utilization": "機台嫁動率",
     "menu.members": "會員管理",
     "menu.permission": "權限設定",
@@ -821,5 +823,6 @@
     "Authorize Btn": "授權",
     "Authorization updated successfully": "授權更新成功",
     "Authorized Status": "已授權",
-    "Unauthorized Status": "未授權"
+    "Unauthorized Status": "未授權",
+    "This is a system administrator role. Its name is locked to ensure system stability.": "這是系統管理員角色，名稱已鎖定以確保系統穩定性。"
 }
\ No newline at end of file
diff --git a/resources/views/admin/basic-settings/machines/index.blade.php b/resources/views/admin/basic-settings/machines/index.blade.php
index 1cd30e1..eed8012 100644
--- a/resources/views/admin/basic-settings/machines/index.blade.php
+++ b/resources/views/admin/basic-settings/machines/index.blade.php
@@ -114,70 +114,6 @@
             window.dispatchEvent(new CustomEvent('toast', { detail: { message: '{{ __('Error processing request') }}', type: 'error' } }));
         });
     },
-    // Machine Permissions (Migrated from Account Management)
-    showPermissionModal: false,
-    isPermissionsLoading: false,
-    targetUserId: null,
-    targetUserName: '',
-    allMachines: [],
-    allMachinesCount: 0,
-    permissions: {},
-    openPermissionModal(user) {
-        this.targetUserId = user.id;
-        this.targetUserName = user.name;
-        this.showPermissionModal = true;
-        this.isPermissionsLoading = true;
-        this.permissions = {};
-        this.allMachines = [];
-        this.permissionSearchQuery = '';
-
-        fetch(`/admin/basic-settings/machines/permissions/accounts/${user.id}`)
-            .then(res => res.json())
-            .then(data => {
-                if (data.machines) {
-                    this.allMachines = data.machines;
-                    this.allMachinesCount = data.machines.length;
-                    const tempPermissions = {};
-                    data.machines.forEach(m => {
-                        tempPermissions[m.id] = (data.assigned_ids || []).includes(m.id);
-                    });
-                    this.permissions = tempPermissions;
-                }
-            })
-            .catch(e => {
-                window.dispatchEvent(new CustomEvent('toast', { detail: { message: '{{ __('Failed to load permissions') }}', type: 'error' } }));
-            })
-            .finally(() => {
-                this.isPermissionsLoading = false;
-            });
-    },
-    togglePermission(machineId) {
-        this.permissions = { ...this.permissions, [machineId]: !this.permissions[machineId] };
-    },
-    savePermissions() {
-        const machineIds = Object.keys(this.permissions).filter(id => this.permissions[id]);
-        
-        fetch(`/admin/basic-settings/machines/permissions/accounts/${this.targetUserId}`, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'X-CSRF-TOKEN': document.querySelector('meta[name=\'csrf-token\']').content,
-                'Accept': 'application/json'
-            },
-            body: JSON.stringify({ machine_ids: machineIds })
-        })
-        .then(res => res.json())
-        .then(data => {
-            if (data.success) {
-                window.dispatchEvent(new CustomEvent('toast', { detail: { message: data.message, type: 'success' } }));
-                setTimeout(() => window.location.reload(), 500);
-            } else {
-                throw new Error(data.error || 'Update failed');
-            }
-        })
-        .catch(e => {
-            window.dispatchEvent(new CustomEvent('toast', { detail: { message: e.message, type: 'error' } }));
-        });
     }
 }" @execute-regenerate.window="executeRegeneration($event.detail)">
     <!-- 1. Header Area -->
@@ -216,10 +152,6 @@
             class="px-8 py-3 rounded-xl text-sm font-black uppercase tracking-widest transition-all {{ $tab === 'models' ? 'bg-white dark:bg-slate-800 text-cyan-600 dark:text-cyan-400 shadow-sm shadow-cyan-500/10' : 'text-slate-400 hover:text-slate-600 dark:hover:text-slate-200' }}">
             {{ __('Models') }}
         </a>
-        <a href="{{ route('admin.basic-settings.machines.index', ['tab' => 'accounts']) }}"
-            class="px-8 py-3 rounded-xl text-sm font-black uppercase tracking-widest transition-all {{ $tab === 'accounts' ? 'bg-white dark:bg-slate-800 text-cyan-600 dark:text-cyan-400 shadow-sm shadow-cyan-500/10' : 'text-slate-400 hover:text-slate-600 dark:hover:text-slate-200' }}">
-            {{ __('Authorized Accounts Tab') }}
-        </a>
     </div>
 
     <!-- 2. Main Content Card -->
@@ -237,7 +169,7 @@
                     </svg>
                 </span>
                 <input type="text" name="search" value="{{ request('search') }}"
-                    placeholder="{{ $tab === 'machines' ? __('Search machines...') : ($tab === 'models' ? __('Search models...') : __('Search accounts...')) }}"
+                    placeholder="{{ $tab === 'machines' ? __('Search machines...') : __('Search models...') }}"
                     class="luxury-input py-2.5 pl-12 pr-6 block w-64">
             </form>
         </div>
@@ -388,81 +320,7 @@
         {{ $machines->appends(['tab' => 'machines'])->links('vendor.pagination.luxury') }}
     </div>
 
-    @elseif($tab === 'accounts')
-    <!-- Accounts Table (Machine Selection Interface) -->
-    <div class="overflow-x-auto">
-        <table class="w-full text-left border-separate border-spacing-y-0">
-            <thead>
-                <tr class="bg-slate-50/50 dark:bg-slate-900/10">
-                    <th class="px-6 py-4 text-xs font-bold text-slate-500 dark:text-slate-400 uppercase tracking-[0.15em] border-b border-slate-100 dark:border-slate-800">
-                        {{ __('Account Info') }}</th>
-                    <th class="px-6 py-4 text-xs font-bold text-slate-500 dark:text-slate-400 uppercase tracking-[0.15em] border-b border-slate-100 dark:border-slate-800">
-                        {{ __('Affiliation') }}</th>
-                    <th class="px-6 py-4 text-xs font-bold text-slate-500 dark:text-slate-400 uppercase tracking-[0.15em] border-b border-slate-100 dark:border-slate-800 text-center">
-                        {{ __('Authorized Machines') }}</th>
-                    <th class="px-6 py-4 text-xs font-bold text-slate-500 dark:text-slate-400 uppercase tracking-[0.15em] border-b border-slate-100 dark:border-slate-800 text-right">
-                        {{ __('Action') }}</th>
-                </tr>
-            </thead>
-            <tbody class="divide-y divide-slate-50 dark:divide-slate-800/80">
-                @forelse($users_list as $user)
-                <tr class="group hover:bg-slate-50/80 dark:hover:bg-slate-800/40 transition-all duration-300">
-                    <td class="px-6 py-6 font-display">
-                        <div class="flex items-center gap-4">
-                            <div class="w-10 h-10 rounded-xl bg-slate-100 dark:bg-slate-800 flex items-center justify-center text-slate-400 border border-slate-200 dark:border-slate-700">
-                                <svg class="size-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" d="M15.75 6a3.75 3.75 0 1 1-7.5 0 3.75 3.75 0 0 1 7.5 0ZM4.501 20.118a7.5 7.5 0 0 1 14.998 0A17.933 17.933 0 0 1 12 21.75c-2.676 0-5.216-.584-7.499-1.632Z" />
-                                </svg>
-                            </div>
-                            <div class="flex flex-col">
-                                <span class="text-base font-extrabold text-slate-800 dark:text-slate-100 group-hover:text-cyan-600 dark:group-hover:text-cyan-400 transition-colors">{{ $user->name }}</span>
-                                <span class="text-xs font-mono font-bold text-slate-500 tracking-widest uppercase">{{ $user->username }}</span>
-                            </div>
-                        </div>
-                    </td>
-                    <td class="px-6 py-6">
-                        <span class="px-2.5 py-1 rounded-lg text-xs font-bold border border-sky-100 dark:border-sky-900/30 bg-sky-50 dark:bg-sky-900/20 text-sky-600 dark:text-sky-400 tracking-widest uppercase">
-                            {{ $user->company->name ?? __('System') }}
-                        </span>
-                    </td>
-                    <td class="px-6 py-6">
-                        <div class="flex flex-wrap gap-2 justify-center lg:justify-start max-w-[400px] mx-auto lg:mx-0">
-                            @forelse($user->machines as $m)
-                                <div class="flex flex-col px-4 py-2.5 rounded-xl bg-slate-50 dark:bg-slate-800/40 border border-slate-100 dark:border-white/5 hover:border-cyan-500/30 transition-all duration-300 shadow-sm">
-                                    <span class="text-xs font-black text-slate-700 dark:text-slate-200 leading-tight">{{ $m->name }}</span>
-                                    <span class="text-[10px] font-mono font-bold text-cyan-500 tracking-tighter mt-1">{{ $m->serial_no }}</span>
-                                </div>
-                            @empty
-                                <div class="w-full text-center lg:text-left">
-                                    <span class="text-[10px] font-black text-slate-400 dark:text-slate-500 uppercase tracking-widest opacity-40 italic">-- {{ __('None') }} --</span>
-                                </div>
-                            @endforelse
-                        </div>
-                    </td>
-                    <td class="px-6 py-6 text-right">
-                        <button @click="openPermissionModal({{ json_encode(['id' => $user->id, 'name' => $user->name]) }})" 
-                                class="inline-flex items-center gap-2 px-4 py-2 rounded-xl bg-cyan-500/10 text-cyan-600 dark:text-cyan-400 hover:bg-cyan-500 hover:text-white transition-all duration-300 text-xs font-black uppercase tracking-widest shadow-sm shadow-cyan-500/5 group/auth">
-                            <svg class="w-3.5 h-3.5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 00-2 2zm10-10V7a4 4 0 00-8 0v4h8z" /></svg>
-                            <span>{{ __('Authorize Btn') }}</span>
-                        </button>
-                    </td>
-                </tr>
-                @empty
-                <tr>
-                    <td colspan="4" class="px-6 py-24 text-center">
-                        <div class="flex flex-col items-center gap-3 opacity-20">
-                            <svg class="size-16" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M17 21v-2a4 4 0 00-4-4H5a4 4 0 00-4 4v2m16-10a4 4 0 11-8 0 4 4 0 018 0zM23 21v-2a4 4 0 00-3-3.87m-4-12a4 4 0 010 7.75" /></svg>
-                            <p class="text-slate-400 font-extrabold tracking-widest uppercase text-xs">{{ __('No accounts found') }}</p>
-                        </div>
-                    </td>
-                </tr>
-                @endforelse
-            </tbody>
-        </table>
-    </div>
-    <div class="mt-8 border-t border-slate-100/50 dark:border-slate-800/50 pt-6">
-        {{ $users_list->appends(['tab' => 'accounts'])->links('vendor.pagination.luxury') }}
-    </div>
+
 
     @else
     <!-- Model Table -->
@@ -1167,116 +1025,7 @@
     />
 
 
-    <!-- 5. Machine Permissions Modal (Migrated) -->
-    <template x-teleport='body'>
-        <div x-show='showPermissionModal' class='fixed inset-0 z-[160] overflow-y-auto' x-cloak>
-            <div class='flex items-center justify-center min-h-screen px-4 pt-4 pb-20 text-center sm:block sm:p-0'>
-                <div x-show='showPermissionModal' @click='showPermissionModal = false'
-                    x-transition:enter='ease-out duration-300' x-transition:enter-start='opacity-0'
-                    x-transition:enter-end='opacity-100' x-transition:leave='ease-in duration-200'
-                    x-transition:leave-start='opacity-100' x-transition:leave-end='opacity-0'
-                    class='fixed inset-0 bg-slate-900/60 backdrop-blur-sm transition-opacity'></div>
-                
-                <span class='hidden sm:inline-block sm:align-middle sm:h-screen'>&#8203;</span>
 
-                <div x-show='showPermissionModal'
-                    x-transition:enter='ease-out duration-300'
-                    x-transition:enter-start='opacity-0 translate-y-4 sm:translate-y-0 sm:scale-95'
-                    x-transition:enter-end='opacity-100 translate-y-0 sm:scale-100'
-                    x-transition:leave='ease-in duration-200'
-                    x-transition:leave-start='opacity-100 translate-y-0 sm:scale-100'
-                    x-transition:leave-end='opacity-0 translate-y-4 sm:translate-y-0 sm:scale-95'
-                    class='inline-block px-8 py-10 text-left align-bottom transition-all transform luxury-card rounded-3xl dark:bg-slate-900 border-slate-200/50 dark:border-slate-700/50 shadow-2xl sm:my-8 sm:align-middle sm:max-w-4xl sm:w-full overflow-hidden animate-luxury-in'>
-                    
-                    <div class='flex justify-between items-center mb-8'>
-                        <div>
-                            <h3 class='text-2xl font-black text-slate-800 dark:text-white font-display tracking-tight'>{{ __('Authorized Machines Management') }}</h3>
-                            <div class='flex items-center gap-2 mt-1'>
-                                <span class='text-[10px] font-black text-slate-400 uppercase tracking-[0.2em]'>{{ __('Account') }}:</span>
-                                <span class='text-xs font-bold text-cyan-500 uppercase tracking-widest' x-text='targetUserName'></span>
-                            </div>
-                        </div>
-                        <button @click='showPermissionModal = false' class='text-slate-400 hover:text-slate-600 dark:hover:text-slate-200 transition-colors bg-slate-50 dark:bg-slate-800 p-2 rounded-xl'>
-                            <svg class='size-6' fill='none' stroke='currentColor' viewBox='0 0 24 24'><path stroke-linecap='round' stroke-linejoin='round' stroke-width='2.5' d='M6 18L18 6M6 6l12 12' /></svg>
-                        </button>
-                    </div>
-
-                    <div class='relative min-h-[400px]'>
-                        <div class='mb-6'>
-                            <div class='relative group'>
-                                <span class='absolute inset-y-0 left-0 flex items-center pl-4 pointer-events-none z-10'>
-                                    <svg class='size-4 text-slate-400 group-focus-within:text-cyan-500 transition-colors' viewBox='0 0 24 24' fill='none' stroke='currentColor' stroke-width='2.5' stroke-linecap='round' stroke-linejoin='round'>
-                                        <circle cx='11' cy='11' r='8'></circle>
-                                        <line x1='21' y1='21' x2='16.65' y2='16.65'></line>
-                                    </svg>
-                                </span>
-                                <input type='text' x-model='permissionSearchQuery' placeholder='{{ __("Search machines...") }}' 
-                                    class='luxury-input py-3 pl-12 pr-6 block w-full text-sm' @click.stop>
-                            </div>
-                        </div>
-
-                        <template x-if='isPermissionsLoading'>
-                            <div class='absolute inset-0 flex items-center justify-center bg-white/50 dark:bg-slate-900/50 backdrop-blur-sm z-10 rounded-2xl'>
-                                <div class='flex flex-col items-center gap-3'>
-                                    <div class='w-10 h-10 border-4 border-cyan-500/20 border-t-cyan-500 rounded-full animate-spin'></div>
-                                    <span class='text-[10px] font-black text-cyan-600 dark:text-cyan-400 uppercase tracking-[0.2em] animate-pulse'>{{ __('Syncing Permissions...') }}</span>
-                                </div>
-                            </div>
-                        </template>
-
-                        <div class='grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4 max-h-[450px] overflow-y-auto pr-2 custom-scrollbar p-1'>
-                            <template x-for='machine in allMachines.filter(m => !permissionSearchQuery || m.name.toLowerCase().includes(permissionSearchQuery.toLowerCase()) || m.serial_no.toLowerCase().includes(permissionSearchQuery.toLowerCase()))' :key='machine.id'>
-                                <div @click='togglePermission(machine.id)'
-                                    :class='permissions[machine.id] ? "border-cyan-500 bg-cyan-500/5 dark:bg-cyan-500/10 ring-1 ring-cyan-500/20" : "border-slate-100 dark:border-slate-800 hover:border-slate-300 dark:hover:border-slate-600"'
-                                    class='p-4 rounded-2xl border-2 cursor-pointer transition-all duration-300 group relative overflow-hidden shadow-sm hover:shadow-md'>
-                                    <div class='flex flex-col relative z-10'>
-                                        <div class='flex items-center gap-2'>
-                                            <div class='size-2 rounded-full' :class='permissions[machine.id] ? "bg-cyan-500" : "bg-slate-300 dark:bg-slate-700"'></div>
-                                            <span class='text-sm font-extrabold truncate' :class='permissions[machine.id] ? "text-cyan-600 dark:text-cyan-400" : "text-slate-700 dark:text-slate-300"' 
-                                                x-text='machine.name'></span>
-                                        </div>
-                                        <span class='text-[10px] font-mono font-bold text-slate-400 mt-2 tracking-widest uppercase' 
-                                            x-text='machine.serial_no'></span>
-                                    </div>
-                                    <div class='absolute -right-2 -bottom-2 opacity-[0.03] text-slate-900 dark:text-white pointer-events-none group-hover:scale-110 transition-transform duration-700'>
-                                        <svg class='size-20' fill='currentColor' viewBox='0 0 24 24'>
-                                            <path d='M5 2h14c1.1 0 2 .9 2 2v16c0 1.1-.9 2-2 2H5c-1.1 0-2-.9-2-2V4c0-1.1.9-2 2-2zm0 2v16h14V4H5zm3 3h8v6H8V7zm0 8h3v2H8v-2zm5 0h3v2h-3v-2z'/>
-                                        </svg>
-                                    </div>
-                                    <div class='absolute top-4 right-4 animate-luxury-in' x-show='permissions[machine.id]'>
-                                        <div class='size-5 rounded-full bg-cyan-500 flex items-center justify-center shadow-lg shadow-cyan-500/30'>
-                                            <svg class='size-3 text-white' fill='none' stroke='currentColor' viewBox='0 0 24 24'><path stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='M5 13l4 4L19 7' /></svg>
-                                        </div>
-                                    </div>
-                                </div>
-                            </template>
-                        </div>
-                    </div>
-
-                    <div class='flex flex-col sm:flex-row justify-between items-center mt-10 pt-8 border-t border-slate-100 dark:border-slate-800 gap-6'>
-                        <div class='flex items-center gap-3'>
-                            <div class='flex -space-x-2'>
-                                <template x-for='i in Math.min(3, Object.values(permissions).filter(v => v).length)' :key='i'>
-                                    <div class='size-6 rounded-full border-2 border-white dark:border-slate-900 bg-cyan-500 flex items-center justify-center'>
-                                        <svg class='size-3 text-white' fill='currentColor' viewBox='0 0 24 24'><path d='M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm-1 14.5v-9l6 4.5-6 4.5z'/></svg>
-                                    </div>
-                                </template>
-                            </div>
-                            <p class='text-[10px] font-black text-slate-400 uppercase tracking-[0.2em]'>
-                                {{ __('Selection') }}: <span class='text-cyan-500 text-xs' x-text='Object.values(permissions).filter(v => v).length'></span> / <span x-text='allMachines?.length || 0'></span> {{ __('Devices') }}
-                            </p>
-                        </div>
-                        <div class='flex gap-4 w-full sm:w-auto'>
-                            <button @click='showPermissionModal = false' class='flex-1 sm:flex-none btn-luxury-ghost px-8'>{{ __('Cancel') }}</button>
-                            <button @click='savePermissions()' class='flex-1 sm:flex-none btn-luxury-primary px-12' :disabled='isPermissionsLoading'>
-                                <span>{{ __('Update Authorization') }}</span>
-                            </button>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </template>
 </div>
 
 @endsection
\ No newline at end of file
diff --git a/resources/views/admin/machines/permissions.blade.php b/resources/views/admin/machines/permissions.blade.php
new file mode 100644
index 0000000..785205e
--- /dev/null
+++ b/resources/views/admin/machines/permissions.blade.php
@@ -0,0 +1,285 @@
+@extends('layouts.admin')
+
+@section('content')
+<div class="space-y-6 pb-20" x-data="{ 
+    permissionSearchQuery: '',
+    showPermissionModal: false,
+    isPermissionsLoading: false,
+    targetUserId: null,
+    targetUserName: '',
+    allMachines: [],
+    allMachinesCount: 0,
+    permissions: {},
+    openPermissionModal(user) {
+        this.targetUserId = user.id;
+        this.targetUserName = user.name;
+        this.showPermissionModal = true;
+        this.isPermissionsLoading = true;
+        this.permissions = {};
+        this.allMachines = [];
+        this.permissionSearchQuery = '';
+
+        fetch(`/admin/machines/permissions/accounts/${user.id}`)
+            .then(res => res.json())
+            .then(data => {
+                if (data.machines) {
+                    this.allMachines = data.machines;
+                    this.allMachinesCount = data.machines.length;
+                    const tempPermissions = {};
+                    data.machines.forEach(m => {
+                        tempPermissions[m.id] = (data.assigned_ids || []).includes(m.id);
+                    });
+                    this.permissions = tempPermissions;
+                }
+            })
+            .catch(e => {
+                window.dispatchEvent(new CustomEvent('toast', { detail: { message: '{{ __('Failed to load permissions') }}', type: 'error' } }));
+            })
+            .finally(() => {
+                this.isPermissionsLoading = false;
+            });
+    },
+    togglePermission(machineId) {
+        this.permissions = { ...this.permissions, [machineId]: !this.permissions[machineId] };
+    },
+    savePermissions() {
+        const machineIds = Object.keys(this.permissions).filter(id => this.permissions[id]);
+        
+        fetch(`/admin/machines/permissions/accounts/${this.targetUserId}`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'X-CSRF-TOKEN': document.querySelector('meta[name=\'csrf-token\']').content,
+                'Accept': 'application/json'
+            },
+            body: JSON.stringify({ machine_ids: machineIds })
+        })
+        .then(res => res.json())
+        .then(data => {
+            if (data.success) {
+                window.dispatchEvent(new CustomEvent('toast', { detail: { message: data.message, type: 'success' } }));
+                setTimeout(() => window.location.reload(), 500);
+            } else {
+                throw new Error(data.error || 'Update failed');
+            }
+        })
+        .catch(e => {
+            window.dispatchEvent(new CustomEvent('toast', { detail: { message: e.message, type: 'error' } }));
+        });
+    }
+}">
+    <!-- 1. Header Area -->
+    <div class="flex flex-col md:flex-row md:items-center md:justify-between gap-4">
+        <div>
+            <h1 class="text-3xl font-black text-slate-800 dark:text-white tracking-tight font-display">{{ __('Machine Permissions') }}</h1>
+            <p class="text-sm font-bold text-slate-500 dark:text-slate-400 mt-1 uppercase tracking-widest">{{
+                __('Manage machine access permissions') }}</p>
+        </div>
+    </div>
+
+    <!-- 2. Main Content Card -->
+    <div class="luxury-card rounded-3xl p-8 animate-luxury-in">
+        <!-- Toolbar & Filters -->
+        <div class="flex items-center justify-between mb-8">
+            <form method="GET" action="{{ route('admin.machines.permissions') }}" class="relative group">
+                <span class="absolute inset-y-0 left-0 flex items-center pl-4 pointer-events-none z-10">
+                    <svg class="h-4 w-4 text-slate-400 group-focus-within:text-cyan-500 transition-colors"
+                        viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round"
+                        stroke-linejoin="round">
+                        <circle cx="11" cy="11" r="8"></circle>
+                        <line x1="21" y1="21" x2="16.65" y2="16.65"></line>
+                    </svg>
+                </span>
+                <input type="text" name="search" value="{{ request('search') }}"
+                    placeholder="{{ __('Search accounts...') }}"
+                    class="luxury-input py-2.5 pl-12 pr-6 block w-64">
+            </form>
+        </div>
+
+        <div class="overflow-x-auto">
+            <table class="w-full text-left border-separate border-spacing-y-0">
+                <thead>
+                    <tr class="bg-slate-50/50 dark:bg-slate-900/10">
+                        <th class="px-6 py-4 text-xs font-bold text-slate-500 dark:text-slate-400 uppercase tracking-[0.15em] border-b border-slate-100 dark:border-slate-800">
+                            {{ __('Account Info') }}</th>
+                        <th class="px-6 py-4 text-xs font-bold text-slate-500 dark:text-slate-400 uppercase tracking-[0.15em] border-b border-slate-100 dark:border-slate-800">
+                            {{ __('Company Name') }}</th>
+                        <th class="px-6 py-4 text-xs font-bold text-slate-500 dark:text-slate-400 uppercase tracking-[0.15em] border-b border-slate-100 dark:border-slate-800 text-center">
+                            {{ __('Authorized Machines') }}</th>
+                        <th class="px-6 py-4 text-xs font-bold text-slate-500 dark:text-slate-400 uppercase tracking-[0.15em] border-b border-slate-100 dark:border-slate-800 text-right">
+                            {{ __('Action') }}</th>
+                    </tr>
+                </thead>
+                <tbody class="divide-y divide-slate-50 dark:divide-slate-800/80">
+                    @forelse($users_list as $user)
+                    <tr class="group hover:bg-slate-50/80 dark:hover:bg-slate-800/40 transition-all duration-300">
+                        <td class="px-6 py-6 font-display">
+                            <div class="flex items-center gap-4">
+                                <div class="w-10 h-10 rounded-xl bg-slate-100 dark:bg-slate-800 flex items-center justify-center text-slate-400 border border-slate-200 dark:border-slate-700">
+                                    <svg class="size-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" d="M15.75 6a3.75 3.75 0 1 1-7.5 0 3.75 3.75 0 0 1 7.5 0ZM4.501 20.118a7.5 7.5 0 0 1 14.998 0A17.933 17.933 0 0 1 12 21.75c-2.676 0-5.216-.584-7.499-1.632Z" />
+                                    </svg>
+                                </div>
+                                <div class="flex flex-col">
+                                    <span class="text-base font-extrabold text-slate-800 dark:text-slate-100 group-hover:text-cyan-600 dark:group-hover:text-cyan-400 transition-colors">{{ $user->name }}</span>
+                                    <span class="text-xs font-mono font-bold text-slate-500 tracking-widest uppercase">{{ $user->username }}</span>
+                                </div>
+                            </div>
+                        </td>
+                        <td class="px-6 py-6">
+                            <span class="px-2.5 py-1 rounded-lg text-xs font-bold border border-sky-100 dark:border-sky-900/30 bg-sky-50 dark:bg-sky-900/20 text-sky-600 dark:text-sky-400 tracking-widest uppercase">
+                                {{ $user->company->name ?? __('System') }}
+                            </span>
+                        </td>
+                        <td class="px-6 py-6">
+                            <div class="flex flex-wrap gap-2 justify-center lg:justify-start max-w-[400px] mx-auto lg:mx-0">
+                                @forelse($user->machines as $m)
+                                    <div class="flex flex-col px-4 py-2.5 rounded-xl bg-slate-50 dark:bg-slate-800/40 border border-slate-100 dark:border-white/5 hover:border-cyan-500/30 transition-all duration-300 shadow-sm">
+                                        <span class="text-xs font-black text-slate-700 dark:text-slate-200 leading-tight">{{ $m->name }}</span>
+                                        <span class="text-[10px] font-mono font-bold text-cyan-500 tracking-tighter mt-1">{{ $m->serial_no }}</span>
+                                    </div>
+                                @empty
+                                    <div class="w-full text-center lg:text-left">
+                                        <span class="text-[10px] font-black text-slate-400 dark:text-slate-500 uppercase tracking-widest opacity-40 italic">-- {{ __('None') }} --</span>
+                                    </div>
+                                @endforelse
+                            </div>
+                        </td>
+                        <td class="px-6 py-6 text-right">
+                            <button @click="openPermissionModal({{ json_encode(['id' => $user->id, 'name' => $user->name]) }})" 
+                                    class="inline-flex items-center gap-2 px-4 py-2 rounded-xl bg-cyan-500/10 text-cyan-600 dark:text-cyan-400 hover:bg-cyan-500 hover:text-white transition-all duration-300 text-xs font-black uppercase tracking-widest shadow-sm shadow-cyan-500/5 group/auth">
+                                <svg class="w-3.5 h-3.5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 00-2 2zm10-10V7a4 4 0 00-8 0v4h8z" /></svg>
+                                <span>{{ __('Authorize') }}</span>
+                            </button>
+                        </td>
+                    </tr>
+                    @empty
+                    <tr>
+                        <td colspan="4" class="px-6 py-24 text-center">
+                            <div class="flex flex-col items-center gap-3 opacity-20">
+                                <svg class="size-16" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M17 21v-2a4 4 0 00-4-4H5a4 4 0 00-4 4v2m16-10a4 4 0 11-8 0 4 4 0 018 0zM23 21v-2a4 4 0 00-3-3.87m-4-12a4 4 0 010 7.75" /></svg>
+                                <p class="text-slate-400 font-extrabold tracking-widest uppercase text-xs">{{ __('No accounts found') }}</p>
+                            </div>
+                        </td>
+                    </tr>
+                    @endforelse
+                </tbody>
+            </table>
+        </div>
+        <div class="mt-8 border-t border-slate-100/50 dark:border-slate-800/50 pt-6">
+            {{ $users_list->links('vendor.pagination.luxury') }}
+        </div>
+    </div>
+
+    <!-- Machine Permissions Modal -->
+    <template x-teleport='body'>
+        <div x-show='showPermissionModal' class='fixed inset-0 z-[160] overflow-y-auto' x-cloak>
+            <div class='flex items-center justify-center min-h-screen px-4 pt-4 pb-20 text-center sm:block sm:p-0'>
+                <div x-show='showPermissionModal' @click='showPermissionModal = false'
+                    x-transition:enter='ease-out duration-300' x-transition:enter-start='opacity-0'
+                    x-transition:enter-end='opacity-100' x-transition:leave='ease-in duration-200'
+                    x-transition:leave-start='opacity-100' x-transition:leave-end='opacity-0'
+                    class='fixed inset-0 bg-slate-900/60 backdrop-blur-sm transition-opacity'></div>
+                
+                <span class='hidden sm:inline-block sm:align-middle sm:h-screen'>&#8203;</span>
+
+                <div x-show='showPermissionModal'
+                    x-transition:enter='ease-out duration-300'
+                    x-transition:enter-start='opacity-0 translate-y-4 sm:translate-y-0 sm:scale-95'
+                    x-transition:enter-end='opacity-100 translate-y-0 sm:scale-100'
+                    x-transition:leave='ease-in duration-200'
+                    x-transition:leave-start='opacity-100 translate-y-0 sm:scale-100'
+                    x-transition:leave-end='opacity-0 translate-y-4 sm:translate-y-0 sm:scale-95'
+                    class='inline-block px-8 py-10 text-left align-bottom transition-all transform luxury-card rounded-3xl dark:bg-slate-900 border-slate-200/50 dark:border-slate-700/50 shadow-2xl sm:my-8 sm:align-middle sm:max-w-4xl sm:w-full overflow-hidden animate-luxury-in'>
+                    
+                    <div class='flex justify-between items-center mb-8'>
+                        <div>
+                            <h3 class='text-2xl font-black text-slate-800 dark:text-white font-display tracking-tight'>{{ __('Authorized Machines Management') }}</h3>
+                            <div class='flex items-center gap-2 mt-1'>
+                                <span class='text-[10px] font-black text-slate-400 uppercase tracking-[0.2em]'>{{ __('Account') }}:</span>
+                                <span class='text-xs font-bold text-cyan-500 uppercase tracking-widest' x-text='targetUserName'></span>
+                            </div>
+                        </div>
+                        <button @click='showPermissionModal = false' class='text-slate-400 hover:text-slate-600 dark:hover:text-slate-200 transition-colors bg-slate-50 dark:bg-slate-800 p-2 rounded-xl'>
+                            <svg class='size-6' fill='none' stroke='currentColor' viewBox='0 0 24 24'><path stroke-linecap='round' stroke-linejoin='round' stroke-width='2.5' d='M6 18L18 6M6 6l12 12' /></svg>
+                        </button>
+                    </div>
+
+                    <div class='relative min-h-[400px]'>
+                        <div class='mb-6'>
+                            <div class='relative group'>
+                                <span class='absolute inset-y-0 left-0 flex items-center pl-4 pointer-events-none z-10'>
+                                    <svg class='size-4 text-slate-400 group-focus-within:text-cyan-500 transition-colors' viewBox='0 0 24 24' fill='none' stroke='currentColor' stroke-width='2.5' stroke-linecap='round' stroke-linejoin='round'>
+                                        <circle cx='11' cy='11' r='8'></circle>
+                                        <line x1='21' y1='21' x2='16.65' y2='16.65'></line>
+                                    </svg>
+                                </span>
+                                <input type='text' x-model='permissionSearchQuery' placeholder='{{ __("Search machines...") }}' 
+                                    class='luxury-input py-3 pl-12 pr-6 block w-full text-sm' @click.stop>
+                            </div>
+                        </div>
+
+                        <template x-if='isPermissionsLoading'>
+                            <div class='absolute inset-0 flex items-center justify-center bg-white/50 dark:bg-slate-900/50 backdrop-blur-sm z-10 rounded-2xl'>
+                                <div class='flex flex-col items-center gap-3'>
+                                    <div class='w-10 h-10 border-4 border-cyan-500/20 border-t-cyan-500 rounded-full animate-spin'></div>
+                                    <span class='text-[10px] font-black text-cyan-600 dark:text-cyan-400 uppercase tracking-[0.2em] animate-pulse'>{{ __('Syncing Permissions...') }}</span>
+                                </div>
+                            </div>
+                        </template>
+
+                        <div class='grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4 max-h-[450px] overflow-y-auto pr-2 custom-scrollbar p-1'>
+                            <template x-for='machine in allMachines.filter(m => !permissionSearchQuery || m.name.toLowerCase().includes(permissionSearchQuery.toLowerCase()) || m.serial_no.toLowerCase().includes(permissionSearchQuery.toLowerCase()))' :key='machine.id'>
+                                <div @click='togglePermission(machine.id)'
+                                    :class='permissions[machine.id] ? "border-cyan-500 bg-cyan-500/5 dark:bg-cyan-500/10 ring-1 ring-cyan-500/20" : "border-slate-100 dark:border-slate-800 hover:border-slate-300 dark:hover:border-slate-600"'
+                                    class='p-4 rounded-2xl border-2 cursor-pointer transition-all duration-300 group relative overflow-hidden shadow-sm hover:shadow-md'>
+                                    <div class='flex flex-col relative z-10'>
+                                        <div class='flex items-center gap-2'>
+                                            <div class='size-2 rounded-full' :class='permissions[machine.id] ? "bg-cyan-500" : "bg-slate-300 dark:bg-slate-700"'></div>
+                                            <span class='text-sm font-extrabold truncate' :class='permissions[machine.id] ? "text-cyan-600 dark:text-cyan-400" : "text-slate-700 dark:text-slate-300"' 
+                                                x-text='machine.name'></span>
+                                        </div>
+                                        <span class='text-[10px] font-mono font-bold text-slate-400 mt-2 tracking-widest uppercase' 
+                                            x-text='machine.serial_no'></span>
+                                    </div>
+                                    <div class='absolute -right-2 -bottom-2 opacity-[0.03] text-slate-900 dark:text-white pointer-events-none group-hover:scale-110 transition-transform duration-700'>
+                                        <svg class='size-20' fill='currentColor' viewBox='0 0 24 24'>
+                                            <path d='M5 2h14c1.1 0 2 .9 2 2v16c0 1.1-.9 2-2 2H5c-1.1 0-2-.9-2-2V4c0-1.1.9-2 2-2zm0 2v16h14V4H5zm3 3h8v6H8V7zm0 8h3v2H8v-2zm5 0h3v2h-3v-2z'/>
+                                        </svg>
+                                    </div>
+                                    <div class='absolute top-4 right-4 animate-luxury-in' x-show='permissions[machine.id]'>
+                                        <div class='size-5 rounded-full bg-cyan-500 flex items-center justify-center shadow-lg shadow-cyan-500/30'>
+                                            <svg class='size-3 text-white' fill='none' stroke='currentColor' viewBox='0 0 24 24'><path stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='M5 13l4 4L19 7' /></svg>
+                                        </div>
+                                    </div>
+                                </div>
+                            </template>
+                        </div>
+                    </div>
+
+                    <div class='flex flex-col sm:flex-row justify-between items-center mt-10 pt-8 border-t border-slate-100 dark:border-slate-800 gap-6'>
+                        <div class='flex items-center gap-3'>
+                            <div class='flex -space-x-2'>
+                                <template x-for='i in Math.min(3, Object.values(permissions).filter(v => v).length)' :key='i'>
+                                    <div class='size-6 rounded-full border-2 border-white dark:border-slate-900 bg-cyan-500 flex items-center justify-center'>
+                                        <svg class='size-3 text-white' fill='currentColor' viewBox='0 0 24 24'><path d='M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm-1 14.5v-9l6 4.5-6 4.5z'/></svg>
+                                    </div>
+                                </template>
+                            </div>
+                            <p class='text-[10px] font-black text-slate-400 uppercase tracking-[0.2em]'>
+                                {{ __('Selection') }}: <span class='text-cyan-500 text-xs' x-text='Object.values(permissions).filter(v => v).length'></span> / <span x-text='allMachines?.length || 0'></span> {{ __('Devices') }}
+                            </p>
+                        </div>
+                        <div class='flex gap-4 w-full sm:w-auto'>
+                            <button @click='showPermissionModal = false' class='flex-1 sm:flex-none btn-luxury-ghost px-8'>{{ __('Cancel') }}</button>
+                            <button @click='savePermissions()' class='flex-1 sm:flex-none btn-luxury-primary px-12' :disabled='isPermissionsLoading'>
+                                <span>{{ __('Update Authorization') }}</span>
+                            </button>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </template>
+</div>
+@endsection
diff --git a/resources/views/admin/permission/roles-edit.blade.php b/resources/views/admin/permission/roles-edit.blade.php
index 422ca84..3c3272c 100644
--- a/resources/views/admin/permission/roles-edit.blade.php
+++ b/resources/views/admin/permission/roles-edit.blade.php
@@ -140,7 +140,7 @@
                     <div class="space-y-2">
                         <label class="text-[11px] font-black text-slate-400 uppercase tracking-widest pl-1">{{ __('Role Name') }}</label>
                         <input type="text" name="name" value="{{ old('name', $role->name) }}" required 
-                            class="luxury-input w-full @error('name') border-rose-500 @enderror" 
+                            class="luxury-input w-full @error('name') border-rose-500 @enderror @if($role->name === 'super-admin') bg-slate-50 dark:bg-slate-800/50 cursor-not-allowed @endif" 
                             placeholder="{{ __('Enter role name') }}"
                             {{ $role->name === 'super-admin' ? 'readonly' : '' }}>
                         @error('name')
diff --git a/resources/views/layouts/partials/sidebar-menu.blade.php b/resources/views/layouts/partials/sidebar-menu.blade.php
index a6393c8..0c2efe8 100644
--- a/resources/views/layouts/partials/sidebar-menu.blade.php
+++ b/resources/views/layouts/partials/sidebar-menu.blade.php
@@ -64,6 +64,13 @@
             </a></li>
             @endcan
 
+            @can('menu.machines.permissions')
+            <li><a class="flex items-center gap-x-3.5 py-2 px-2.5 text-sm transition-colors rounded-lg {{ request()->routeIs('admin.machines.permissions') ? 'text-slate-900 dark:text-white bg-slate-100 dark:bg-white/5' : 'text-slate-500 dark:text-slate-400 hover:text-slate-900 dark:hover:text-white' }}" href="{{ route('admin.machines.permissions') }}">
+                <svg xmlns="http://www.w3.org/2000/svg" class="w-4 h-4 shrink-0 transition-colors" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path stroke-linecap="round" stroke-linejoin="round" d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" /></svg>
+                {{ __('Machine Permissions') }}
+            </a></li>
+            @endcan
+
             @can('menu.machines.utilization')
             <li><a class="flex items-center gap-x-3.5 py-2 px-2.5 text-sm transition-colors rounded-lg {{ request()->routeIs('admin.machines.utilization') ? 'text-slate-900 dark:text-white bg-slate-100 dark:bg-white/5' : 'text-slate-500 dark:text-slate-400 hover:text-slate-900 dark:hover:text-white' }}" href="{{ route('admin.machines.utilization') }}">
                 <svg xmlns="http://www.w3.org/2000/svg" class="w-4 h-4 shrink-0 transition-colors" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path stroke-linecap="round" stroke-linejoin="round" d="M9 19v-6a2 2 0 00-2-2H5a2 2 0 00-2 2v6a2 2 0 002 2h2a2 2 0 002-2zm0 0V9a2 2 0 012-2h2a2 2 0 012 2v10m-6 0a2 2 0 002 2h2a2 2 0 002-2m0 0V5a2 2 0 012-2h2a2 2 0 012 2v14a2 2 0 01-2 2h-2a2 2 0 01-2-2z" /></svg>
diff --git a/routes/web.php b/routes/web.php
index b99f630..128cf31 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -37,7 +37,10 @@ Route::middleware(['auth', 'verified', 'tenant.access'])->prefix('admin')->name(
     Route::resource('gift-definitions', App\Http\Controllers\Admin\GiftDefinitionController::class)->except(['show', 'create', 'edit']);
 
         Route::prefix('machines')->name('machines.')->group(function () {
-            // Route::get('/permissions', [App\Http\Controllers\Admin\MachineController::class , 'permissions'])->name('permissions'); // Merged into Sub-account Management
+            Route::get('/permissions', [App\Http\Controllers\Admin\Machine\MachinePermissionController::class, 'index'])->name('permissions')->middleware('can:menu.machines.permissions');
+            Route::get('/permissions/accounts/{user}', [App\Http\Controllers\Admin\Machine\MachinePermissionController::class, 'getAccountMachines'])->name('permissions.accounts.get');
+            Route::post('/permissions/accounts/{user}', [App\Http\Controllers\Admin\Machine\MachinePermissionController::class, 'syncAccountMachines'])->name('permissions.accounts.sync');
+
             Route::get('/utilization', [App\Http\Controllers\Admin\MachineController::class , 'utilization'])->name('utilization');
             Route::get('/utilization-ajax/{id?}', [App\Http\Controllers\Admin\MachineController::class, 'utilizationData'])->name('utilization-ajax');
             Route::get('/{machine}/slots-ajax', [App\Http\Controllers\Admin\MachineController::class, 'slotsAjax'])->name('slots-ajax');
@@ -186,9 +189,7 @@ Route::middleware(['auth', 'verified', 'tenant.access'])->prefix('admin')->name(
                 Route::post('/', [App\Http\Controllers\Admin\BasicSettings\MachineSettingController::class, 'store'])->name('store');
                 Route::post('/{machine}/regenerate-token', [App\Http\Controllers\Admin\BasicSettings\MachineSettingController::class, 'regenerateToken'])->name('regenerate-token');
 
-                // 權限管理 (從 MachineController 遷移)
-                Route::get('/permissions/accounts/{user}', [App\Http\Controllers\Admin\BasicSettings\MachineSettingController::class, 'getAccountMachines'])->name('permissions.accounts.get');
-                Route::post('/permissions/accounts/{user}', [App\Http\Controllers\Admin\BasicSettings\MachineSettingController::class, 'syncAccountMachines'])->name('permissions.accounts.sync');
+                Route::post('/{machine}/regenerate-token', [App\Http\Controllers\Admin\BasicSettings\MachineSettingController::class, 'regenerateToken'])->name('regenerate-token');
             });
 
             // 客戶金流設定