Add shared-device role to allow accounts to bypass authentication checks

app/Util/CasUser.php

@@ -39,6 +39,12 @@ public static function createOrUpdate(): User
             Cas::setAttributes($masq_attrs);
         }
 
+        $existing_user = User::where('uid', Cas::user())->first();
+
+        if ($existing_user !== null && $existing_user->hasRole('shared-device')) {
+            return $existing_user;
+        }
+
         if (config('features.sandbox-mode') !== true) {
             foreach ($attrs as $attr) {
                 if (

database/migrations/2024_09_08_203808_add_shared_device_role.php

@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Spatie\Permission\Models\Permission;
+use Spatie\Permission\Models\Role;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        app()['cache']->forget('spatie.permission.cache');
+
+        $create_attendance = Permission::firstOrCreate(['name' => 'create-attendance']);
+        $read_events = Permission::firstOrCreate(['name' => 'read-events']);
+        $read_teams = Permission::firstOrCreate(['name' => 'read-teams']);
+        $read_teams_hidden = Permission::firstOrCreate(['name' => 'read-teams-hidden']);
+        $read_users = Permission::firstOrCreate(['name' => 'read-users']);
+
+        $shared_device = Role::firstOrCreate(['name' => 'shared-device']);
+
+        $shared_device->givePermissionTo($create_attendance);
+        $shared_device->givePermissionTo($read_events);
+        $shared_device->givePermissionTo($read_teams);
+        $shared_device->givePermissionTo($read_teams_hidden);
+        $shared_device->givePermissionTo($read_users);
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        app()['cache']->forget('spatie.permission.cache');
+
+        Role::where('name', 'shared-device')->delete();
+    }
+};