From cf120c035ec8849f771bc90fed6b7e79ff99ca63 Mon Sep 17 00:00:00 2001
From: Daeng Deni Mardaeni <ddeni05@gmail.com>
Date: Sun, 22 Jun 2025 18:59:13 +0700
Subject: [PATCH] feat(logs): tambahkan validasi akses pengguna dan seeder izin
 untuk Audit dan System Logs

- Memperbarui `AuditLogsController`:
  - Menambahkan validasi akses pengguna untuk memastikan pengguna hanya dapat melihat log audit jika memiliki izin 'audit-logs.read'.
  - Menambahkan properti `$user` dalam konstruktor untuk otorisasi.
- Memperbarui `SystemLogsController`:
  - Menambahkan validasi akses pengguna untuk memastikan pengguna hanya dapat melihat log sistem jika memiliki izin 'system-logs.read'.
  - Menambahkan properti `$user` dalam konstruktor untuk otorisasi.
- Menambahkan `PermissionSeeder`:
  - Membuat seeder untuk menginisialisasi izin terkait log, termasuk `system-logs` dan `audit-logs`.
  - Menyertakan izin CRUD lengkap (`create`, `read`, `update`, `delete`, dll.) untuk masing-masing grup.
- Memperbarui `LogsDatabaseSeeder`:
  - Mendaftarkan `PermissionSeeder` dalam daftar pemanggilan untuk migrasi izin saat seeding.

Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
---
 app/Http/Controllers/AuditLogsController.php  | 18 ++++++-
 app/Http/Controllers/SystemLogsController.php | 12 +++++
 database/seeders/LogsDatabaseSeeder.php       |  4 +-
 database/seeders/PermissionSeeder.php         | 51 +++++++++++++++++++
 resources/views/layouts/master.blade.php      | 29 -----------
 5 files changed, 83 insertions(+), 31 deletions(-)
 create mode 100644 database/seeders/PermissionSeeder.php
 delete mode 100644 resources/views/layouts/master.blade.php

diff --git a/app/Http/Controllers/AuditLogsController.php b/app/Http/Controllers/AuditLogsController.php
index f8d7d78..b96777d 100644
--- a/app/Http/Controllers/AuditLogsController.php
+++ b/app/Http/Controllers/AuditLogsController.php
@@ -9,16 +9,33 @@
 
     class AuditLogsController extends Controller
     {
+        protected $user;
+
+        public function __construct()
+        {
+            $this->user = Auth::guard('web')->user();
+        }
+
         /**
          * Display a listing of the resource.
          */
         public function index()
         {
+            // Check if the authenticated user has the required permission to view audit logs
+            if (is_null($this->user) || !$this->user->can('audit-logs.read')) {
+                abort(403, 'Sorry! You are not allowed to view audit logs.');
+            }
+
             return view('logs::audit');
         }
 
         public function datatable(Request $request)
         {
+            // Check if the authenticated user has the required permission to view audit logs
+            if (is_null($this->user) || !$this->user->can('audit-logs.read')) {
+                abort(403, 'Sorry! You are not allowed to view audit logs.');
+            }
+
             // Retrieve data from the database
             $query = Activity::query();
 
@@ -97,6 +114,5 @@
                 'totalCount'      => $filteredRecords,
                 'data'            => $data,
             ]);
-
         }
     }
diff --git a/app/Http/Controllers/SystemLogsController.php b/app/Http/Controllers/SystemLogsController.php
index fcd157b..9b8b408 100644
--- a/app/Http/Controllers/SystemLogsController.php
+++ b/app/Http/Controllers/SystemLogsController.php
@@ -10,10 +10,12 @@ use Jackiedo\LogReader\LogReader;
 class SystemLogsController extends Controller
 {
     protected $reader;
+    protected $user;
 
     public function __construct(LogReader $reader)
     {
         $this->reader = $reader;
+        $this->user = Auth::guard('web')->user();
     }
 
     /**
@@ -21,10 +23,20 @@ class SystemLogsController extends Controller
      */
     public function index()
     {
+        // Check if the authenticated user has the required permission to view system logs
+        if (is_null($this->user) || !$this->user->can('system-logs.read')) {
+            abort(403, 'Sorry! You are not allowed to view system logs.');
+        }
+
         return view('logs::system');
     }
 
     public function datatable(Request $request){
+        // Check if the authenticated user has the required permission to view system logs
+        if (is_null($this->user) || !$this->user->can('system-logs.read')) {
+            abort(403, 'Sorry! You are not allowed to view system logs.');
+        }
+
         $data = collect();
         $this->reader->setLogPath(storage_path('logs'));
         try {
diff --git a/database/seeders/LogsDatabaseSeeder.php b/database/seeders/LogsDatabaseSeeder.php
index 33733bf..d3917c4 100644
--- a/database/seeders/LogsDatabaseSeeder.php
+++ b/database/seeders/LogsDatabaseSeeder.php
@@ -11,6 +11,8 @@ class LogsDatabaseSeeder extends Seeder
      */
     public function run(): void
     {
-        // $this->call([]);
+        $this->call([
+            PermissionSeeder::class
+        ]);
     }
 }
diff --git a/database/seeders/PermissionSeeder.php b/database/seeders/PermissionSeeder.php
new file mode 100644
index 0000000..350aa06
--- /dev/null
+++ b/database/seeders/PermissionSeeder.php
@@ -0,0 +1,51 @@
+<?php
+
+    namespace Modules\Logs\Database\Seeders;
+
+    use Illuminate\Database\Seeder;
+    use Illuminate\Support\Str;
+    use Modules\Usermanagement\Models\PermissionGroup;
+
+    class PermissionSeeder extends Seeder
+    {
+        /**
+         * Run the database seeds.
+         */
+        public function run()
+        {
+            $data = $this->data();
+
+            foreach ($data as $value) {
+                $group = PermissionGroup::updateOrCreate([
+                    'name'       => $value['name'],
+                    'slug'       => Str::slug($value['name'])
+                ]);
+
+                foreach ($this->crudActions($group->name) as $action) {
+                    $data[] = ['name' => $action, 'group' => $group->id];
+                }
+            }
+        }
+
+        public function data()
+        {
+            return [
+                ['name' => 'system-logs'],
+                ['name' => 'audit-logs'],
+            ];
+        }
+
+        public function crudActions($name)
+        {
+            $actions = [];
+            // list of permission actions
+            $crud = ['create', 'read', 'update', 'delete','export', 'authorize', 'report','restore'];
+
+
+            foreach ($crud as $value) {
+                $actions[] = $name . '.' . $value;
+            }
+
+            return $actions;
+        }
+    }
diff --git a/resources/views/layouts/master.blade.php b/resources/views/layouts/master.blade.php
deleted file mode 100644
index 9ef4060..0000000
--- a/resources/views/layouts/master.blade.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<!DOCTYPE html>
-<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
-
-<head>
-    <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <meta name="csrf-token" content="{{ csrf_token() }}">
-    <meta http-equiv="X-UA-Compatible" content="IE=edge">
-
-    <title>Logs Module - {{ config('app.name', 'Laravel') }}</title>
-
-    <meta name="description" content="{{ $description ?? '' }}">
-    <meta name="keywords" content="{{ $keywords ?? '' }}">
-    <meta name="author" content="{{ $author ?? '' }}">
-
-    <!-- Fonts -->
-    <link rel="preconnect" href="https://fonts.bunny.net">
-    <link href="https://fonts.bunny.net/css?family=figtree:400,500,600&display=swap" rel="stylesheet" />
-
-    {{-- Vite CSS --}}
-    {{-- {{ module_vite('build-logs', 'resources/assets/sass/app.scss') }} --}}
-</head>
-
-<body>
-    @yield('content')
-
-    {{-- Vite JS --}}
-    {{-- {{ module_vite('build-logs', 'resources/assets/js/app.js') }} --}}
-</body>