refactor(basicdata): optimasi autentikasi dan pengelolaan user di controller
- Memindahkan autentikasi user dari metode `getUser` ke properti `user` di konstruktor controller. - Mengganti semua pemanggilan metode `getUser` dengan properti `$this->user`. - Memastikan validasi hak akses user menggunakan properti `$this->user` di seluruh fungsi controller: - `BranchController` - `CurrencyController` - `HolidayCalendarController`. - Menghapus rute restore yang tidak digunakan pada Branch dan Currency. - Menggunakan `Route::resource` untuk HolidayCalendarController agar lebih ringkas. - Menambahkan dependensi `use Illuminate\Support\Facades\Auth` pada HolidayCalendarController demi konsistensi autentikasi. Perubahan ini bertujuan untuk menyederhanakan pengelolaan user dan meningkatkan konsistensi autentikasi dalam modul. Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
This commit is contained in:
Daeng Deni Mardaeni
@@ -12,21 +12,16 @@
|
||||
|
||||
class BranchController extends Controller
|
||||
{
|
||||
/**
|
||||
* Get the authenticated user.
|
||||
*
|
||||
* @return \Illuminate\Contracts\Auth\Authenticatable|null
|
||||
*/
|
||||
protected function getUser()
|
||||
{
|
||||
return \Illuminate\Support\Facades\Auth::guard('web')->user();
|
||||
protected $user;
|
||||
|
||||
public function __construct(){
|
||||
$this->user = auth()->user();
|
||||
}
|
||||
|
||||
public function index()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to view branches
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.read')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.read')) {
|
||||
abort(403, 'Sorry! You are not allowed to view branches.');
|
||||
}
|
||||
|
||||
@@ -36,8 +31,7 @@
|
||||
public function store(BranchRequest $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to create branches
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.create')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.create')) {
|
||||
abort(403, 'Sorry! You are not allowed to create branches.');
|
||||
}
|
||||
|
||||
@@ -61,8 +55,7 @@
|
||||
public function create()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to create branches
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.create')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.create')) {
|
||||
abort(403, 'Sorry! You are not allowed to create branches.');
|
||||
}
|
||||
|
||||
@@ -72,8 +65,7 @@
|
||||
public function edit($id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to update branches
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.update')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.update')) {
|
||||
abort(403, 'Sorry! You are not allowed to update branches.');
|
||||
}
|
||||
|
||||
@@ -84,8 +76,7 @@
|
||||
public function update(BranchRequest $request, $id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to update branches
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.update')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.update')) {
|
||||
abort(403, 'Sorry! You are not allowed to update branches.');
|
||||
}
|
||||
|
||||
@@ -110,8 +101,7 @@
|
||||
public function destroy($id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to delete branches
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.delete')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.delete')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete branches.'], 403);
|
||||
}
|
||||
|
||||
@@ -129,8 +119,7 @@
|
||||
public function deleteMultiple(Request $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to delete branches
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.delete')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.delete')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete branches.'], 403);
|
||||
}
|
||||
|
||||
@@ -142,8 +131,7 @@
|
||||
public function dataForDatatables(Request $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to view branches
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.read')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.read')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view branches.'], 403);
|
||||
}
|
||||
|
||||
@@ -205,8 +193,7 @@
|
||||
public function export()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to export branches
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.export')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.export')) {
|
||||
abort(403, 'Sorry! You are not allowed to export branches.');
|
||||
}
|
||||
|
||||
|
||||
@@ -12,21 +12,16 @@
|
||||
|
||||
class CurrencyController extends Controller
|
||||
{
|
||||
/**
|
||||
* Get the authenticated user.
|
||||
*
|
||||
* @return \Illuminate\Contracts\Auth\Authenticatable|null
|
||||
*/
|
||||
protected function getUser()
|
||||
{
|
||||
return \Illuminate\Support\Facades\Auth::guard('web')->user();
|
||||
protected $user;
|
||||
|
||||
public function __construct(){
|
||||
$this->user = auth()->user();
|
||||
}
|
||||
|
||||
public function index()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to view currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.read')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.read')) {
|
||||
abort(403, 'Sorry! You are not allowed to view currencies.');
|
||||
}
|
||||
|
||||
@@ -36,8 +31,7 @@
|
||||
public function store(CurrencyRequest $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to create currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.create')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.create')) {
|
||||
abort(403, 'Sorry! You are not allowed to create currencies.');
|
||||
}
|
||||
|
||||
@@ -61,8 +55,7 @@
|
||||
public function create()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to create currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.create')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.create')) {
|
||||
abort(403, 'Sorry! You are not allowed to create currencies.');
|
||||
}
|
||||
|
||||
@@ -72,8 +65,7 @@
|
||||
public function edit($id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to update currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.update')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.update')) {
|
||||
abort(403, 'Sorry! You are not allowed to update currencies.');
|
||||
}
|
||||
|
||||
@@ -84,8 +76,7 @@
|
||||
public function update(CurrencyRequest $request, $id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to update currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.update')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.update')) {
|
||||
abort(403, 'Sorry! You are not allowed to update currencies.');
|
||||
}
|
||||
|
||||
@@ -110,8 +101,7 @@
|
||||
public function destroy($id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to delete currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.delete')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.delete')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete currencies.'], 403);
|
||||
}
|
||||
|
||||
@@ -129,8 +119,7 @@
|
||||
public function deleteMultiple(Request $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to delete currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.delete')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.delete')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete currencies.'], 403);
|
||||
}
|
||||
|
||||
@@ -142,8 +131,7 @@
|
||||
public function dataForDatatables(Request $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to view currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.read')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.read')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view currencies.'], 403);
|
||||
}
|
||||
|
||||
@@ -206,8 +194,7 @@
|
||||
public function export()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to export currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.export')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.export')) {
|
||||
abort(403, 'Sorry! You are not allowed to export currencies.');
|
||||
}
|
||||
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
use App\Http\Controllers\Controller;
|
||||
use Exception;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Maatwebsite\Excel\Facades\Excel;
|
||||
use Modules\Basicdata\Exports\HolidayCalendarExport;
|
||||
use Modules\Basicdata\Http\Requests\HolidayCalendarRequest;
|
||||
@@ -12,32 +13,27 @@
|
||||
|
||||
class HolidayCalendarController extends Controller
|
||||
{
|
||||
/**
|
||||
* Get the authenticated user.
|
||||
*
|
||||
* @return \Illuminate\Contracts\Auth\Authenticatable|null
|
||||
*/
|
||||
protected function getUser()
|
||||
{
|
||||
return \Illuminate\Support\Facades\Auth::guard('web')->user();
|
||||
protected $user;
|
||||
|
||||
public function __construct(){
|
||||
$this->user = auth()->user();
|
||||
}
|
||||
|
||||
public function index()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to view holiday calendars
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.read')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.read')) {
|
||||
abort(403, 'Sorry! You are not allowed to view holiday calendars.');
|
||||
}
|
||||
|
||||
return view('basicdata::holidaycalendar.index');
|
||||
}
|
||||
|
||||
|
||||
public function store(HolidayCalendarRequest $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to create holiday calendars
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.create')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.create')) {
|
||||
abort(403, 'Sorry! You are not allowed to create holiday calendars.');
|
||||
}
|
||||
|
||||
@@ -61,8 +57,7 @@
|
||||
public function create()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to create holiday calendars
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.create')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.create')) {
|
||||
abort(403, 'Sorry! You are not allowed to create holiday calendars.');
|
||||
}
|
||||
|
||||
@@ -72,8 +67,7 @@
|
||||
public function edit($id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to update holiday calendars
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.update')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.update')) {
|
||||
abort(403, 'Sorry! You are not allowed to update holiday calendars.');
|
||||
}
|
||||
|
||||
@@ -84,8 +78,7 @@
|
||||
public function update(HolidayCalendarRequest $request, $id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to update holiday calendars
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.update')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.update')) {
|
||||
abort(403, 'Sorry! You are not allowed to update holiday calendars.');
|
||||
}
|
||||
|
||||
@@ -113,8 +106,7 @@
|
||||
public function destroy($id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to delete holiday calendars
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.delete')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.delete')) {
|
||||
abort(403, 'Sorry! You are not allowed to delete holiday calendars.');
|
||||
}
|
||||
|
||||
@@ -135,9 +127,11 @@
|
||||
public function deleteMultiple(Request $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to delete holiday calendars
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.delete')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete holiday calendars.'], 403);
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.delete')) {
|
||||
return response()->json([
|
||||
'success' => false,
|
||||
'message' => 'Sorry! You are not allowed to delete holiday calendars.'
|
||||
], 403);
|
||||
}
|
||||
|
||||
$ids = $request->input('ids');
|
||||
@@ -148,9 +142,11 @@
|
||||
public function dataForDatatables(Request $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to view holiday calendars
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.read')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view holiday calendars.'], 403);
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.read')) {
|
||||
return response()->json([
|
||||
'success' => false,
|
||||
'message' => 'Sorry! You are not allowed to view holiday calendars.'
|
||||
], 403);
|
||||
}
|
||||
|
||||
// Retrieve data from the database
|
||||
@@ -212,8 +208,7 @@
|
||||
public function export()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to export holiday calendars
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.export')) {
|
||||
if (is_null($this->user) || !$this->user->can('basic-data.export')) {
|
||||
abort(403, 'Sorry! You are not allowed to export holiday calendars.');
|
||||
}
|
||||
|
||||
|
||||
@@ -19,7 +19,6 @@
|
||||
Route::middleware(['auth'])->group(function () {
|
||||
Route::name('basicdata.')->prefix('basic-data')->group(function () {
|
||||
Route::name('currency.')->prefix('mata-uang')->group(function () {
|
||||
Route::get('restore/{id}', [CurrencyController::class, 'restore'])->name('restore');
|
||||
Route::get('datatables', [CurrencyController::class, 'dataForDatatables'])->name('datatables');
|
||||
Route::get('export', [CurrencyController::class, 'export'])->name('export');
|
||||
Route::post('delete-multiple', [CurrencyController::class, 'deleteMultiple'])->name('deleteMultiple');
|
||||
@@ -39,7 +38,6 @@
|
||||
|
||||
|
||||
Route::name('branch.')->prefix('cabang')->group(function () {
|
||||
Route::get('restore/{id}', [BranchController::class, 'restore'])->name('restore');
|
||||
Route::get('datatables', [BranchController::class, 'dataForDatatables'])->name('datatables');
|
||||
Route::get('export', [BranchController::class, 'export'])->name('export');
|
||||
Route::post('delete-multiple', [BranchController::class, 'deleteMultiple'])->name('deleteMultiple');
|
||||
@@ -58,15 +56,10 @@
|
||||
]);
|
||||
|
||||
Route::group(['prefix' => 'holidaycalendar', 'as' => 'holidaycalendar.'], function () {
|
||||
Route::get('/', [HolidayCalendarController::class, 'index'])->name('index');
|
||||
Route::get('/create', [HolidayCalendarController::class, 'create'])->name('create');
|
||||
Route::post('/', [HolidayCalendarController::class, 'store'])->name('store');
|
||||
Route::get('/{id}/edit', [HolidayCalendarController::class, 'edit'])->name('edit');
|
||||
Route::put('/{id}', [HolidayCalendarController::class, 'update'])->name('update');
|
||||
Route::delete('/{id}', [HolidayCalendarController::class, 'destroy'])->name('destroy');
|
||||
Route::get('/datatables', [HolidayCalendarController::class, 'dataForDatatables'])->name('datatables');
|
||||
Route::get('/export', [HolidayCalendarController::class, 'export'])->name('export');
|
||||
Route::post('delete-multiple', [HolidayCalendarController::class, 'deleteMultiple'])->name('deleteMultiple');
|
||||
});
|
||||
Route::resource('holidaycalendar', HolidayCalendarController::class);
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user