From 1998d89f84fe9c039d6f6360357eab9c0aea9cb7 Mon Sep 17 00:00:00 2001 From: Daeng Deni Mardaeni Date: Sat, 17 May 2025 13:48:11 +0700 Subject: [PATCH] refactor(basicdata): optimasi autentikasi dan pengelolaan user di controller - Memindahkan autentikasi user dari metode `getUser` ke properti `user` di konstruktor controller. - Mengganti semua pemanggilan metode `getUser` dengan properti `$this->user`. - Memastikan validasi hak akses user menggunakan properti `$this->user` di seluruh fungsi controller: - `BranchController` - `CurrencyController` - `HolidayCalendarController`. - Menghapus rute restore yang tidak digunakan pada Branch dan Currency. - Menggunakan `Route::resource` untuk HolidayCalendarController agar lebih ringkas. - Menambahkan dependensi `use Illuminate\Support\Facades\Auth` pada HolidayCalendarController demi konsistensi autentikasi. Perubahan ini bertujuan untuk menyederhanakan pengelolaan user dan meningkatkan konsistensi autentikasi dalam modul. Signed-off-by: Daeng Deni Mardaeni --- app/Http/Controllers/BranchController.php | 39 +++++--------- app/Http/Controllers/CurrencyController.php | 39 +++++--------- .../Controllers/HolidayCalendarController.php | 51 +++++++++---------- routes/web.php | 9 +--- 4 files changed, 50 insertions(+), 88 deletions(-) diff --git a/app/Http/Controllers/BranchController.php b/app/Http/Controllers/BranchController.php index 1271096..ca07f0f 100644 --- a/app/Http/Controllers/BranchController.php +++ b/app/Http/Controllers/BranchController.php @@ -12,21 +12,16 @@ class BranchController extends Controller { - /** - * Get the authenticated user. - * - * @return \Illuminate\Contracts\Auth\Authenticatable|null - */ - protected function getUser() - { - return \Illuminate\Support\Facades\Auth::guard('web')->user(); + protected $user; + + public function __construct(){ + $this->user = auth()->user(); } public function index() { // Check if the authenticated user has the required permission to view branches - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.read')) { + if (is_null($this->user) || !$this->user->can('basic-data.read')) { abort(403, 'Sorry! You are not allowed to view branches.'); } @@ -36,8 +31,7 @@ public function store(BranchRequest $request) { // Check if the authenticated user has the required permission to create branches - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.create')) { + if (is_null($this->user) || !$this->user->can('basic-data.create')) { abort(403, 'Sorry! You are not allowed to create branches.'); } @@ -61,8 +55,7 @@ public function create() { // Check if the authenticated user has the required permission to create branches - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.create')) { + if (is_null($this->user) || !$this->user->can('basic-data.create')) { abort(403, 'Sorry! You are not allowed to create branches.'); } @@ -72,8 +65,7 @@ public function edit($id) { // Check if the authenticated user has the required permission to update branches - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.update')) { + if (is_null($this->user) || !$this->user->can('basic-data.update')) { abort(403, 'Sorry! You are not allowed to update branches.'); } @@ -84,8 +76,7 @@ public function update(BranchRequest $request, $id) { // Check if the authenticated user has the required permission to update branches - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.update')) { + if (is_null($this->user) || !$this->user->can('basic-data.update')) { abort(403, 'Sorry! You are not allowed to update branches.'); } @@ -110,8 +101,7 @@ public function destroy($id) { // Check if the authenticated user has the required permission to delete branches - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.delete')) { + if (is_null($this->user) || !$this->user->can('basic-data.delete')) { return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete branches.'], 403); } @@ -129,8 +119,7 @@ public function deleteMultiple(Request $request) { // Check if the authenticated user has the required permission to delete branches - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.delete')) { + if (is_null($this->user) || !$this->user->can('basic-data.delete')) { return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete branches.'], 403); } @@ -142,8 +131,7 @@ public function dataForDatatables(Request $request) { // Check if the authenticated user has the required permission to view branches - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.read')) { + if (is_null($this->user) || !$this->user->can('basic-data.read')) { return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view branches.'], 403); } @@ -205,8 +193,7 @@ public function export() { // Check if the authenticated user has the required permission to export branches - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.export')) { + if (is_null($this->user) || !$this->user->can('basic-data.export')) { abort(403, 'Sorry! You are not allowed to export branches.'); } diff --git a/app/Http/Controllers/CurrencyController.php b/app/Http/Controllers/CurrencyController.php index eb42ac3..6fc6212 100644 --- a/app/Http/Controllers/CurrencyController.php +++ b/app/Http/Controllers/CurrencyController.php @@ -12,21 +12,16 @@ class CurrencyController extends Controller { - /** - * Get the authenticated user. - * - * @return \Illuminate\Contracts\Auth\Authenticatable|null - */ - protected function getUser() - { - return \Illuminate\Support\Facades\Auth::guard('web')->user(); + protected $user; + + public function __construct(){ + $this->user = auth()->user(); } public function index() { // Check if the authenticated user has the required permission to view currencies - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.read')) { + if (is_null($this->user) || !$this->user->can('basic-data.read')) { abort(403, 'Sorry! You are not allowed to view currencies.'); } @@ -36,8 +31,7 @@ public function store(CurrencyRequest $request) { // Check if the authenticated user has the required permission to create currencies - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.create')) { + if (is_null($this->user) || !$this->user->can('basic-data.create')) { abort(403, 'Sorry! You are not allowed to create currencies.'); } @@ -61,8 +55,7 @@ public function create() { // Check if the authenticated user has the required permission to create currencies - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.create')) { + if (is_null($this->user) || !$this->user->can('basic-data.create')) { abort(403, 'Sorry! You are not allowed to create currencies.'); } @@ -72,8 +65,7 @@ public function edit($id) { // Check if the authenticated user has the required permission to update currencies - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.update')) { + if (is_null($this->user) || !$this->user->can('basic-data.update')) { abort(403, 'Sorry! You are not allowed to update currencies.'); } @@ -84,8 +76,7 @@ public function update(CurrencyRequest $request, $id) { // Check if the authenticated user has the required permission to update currencies - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.update')) { + if (is_null($this->user) || !$this->user->can('basic-data.update')) { abort(403, 'Sorry! You are not allowed to update currencies.'); } @@ -110,8 +101,7 @@ public function destroy($id) { // Check if the authenticated user has the required permission to delete currencies - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.delete')) { + if (is_null($this->user) || !$this->user->can('basic-data.delete')) { return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete currencies.'], 403); } @@ -129,8 +119,7 @@ public function deleteMultiple(Request $request) { // Check if the authenticated user has the required permission to delete currencies - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.delete')) { + if (is_null($this->user) || !$this->user->can('basic-data.delete')) { return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete currencies.'], 403); } @@ -142,8 +131,7 @@ public function dataForDatatables(Request $request) { // Check if the authenticated user has the required permission to view currencies - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.read')) { + if (is_null($this->user) || !$this->user->can('basic-data.read')) { return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view currencies.'], 403); } @@ -206,8 +194,7 @@ public function export() { // Check if the authenticated user has the required permission to export currencies - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.export')) { + if (is_null($this->user) || !$this->user->can('basic-data.export')) { abort(403, 'Sorry! You are not allowed to export currencies.'); } diff --git a/app/Http/Controllers/HolidayCalendarController.php b/app/Http/Controllers/HolidayCalendarController.php index f7a1af8..197a234 100644 --- a/app/Http/Controllers/HolidayCalendarController.php +++ b/app/Http/Controllers/HolidayCalendarController.php @@ -5,6 +5,7 @@ use App\Http\Controllers\Controller; use Exception; use Illuminate\Http\Request; + use Illuminate\Support\Facades\Auth; use Maatwebsite\Excel\Facades\Excel; use Modules\Basicdata\Exports\HolidayCalendarExport; use Modules\Basicdata\Http\Requests\HolidayCalendarRequest; @@ -12,32 +13,27 @@ class HolidayCalendarController extends Controller { - /** - * Get the authenticated user. - * - * @return \Illuminate\Contracts\Auth\Authenticatable|null - */ - protected function getUser() - { - return \Illuminate\Support\Facades\Auth::guard('web')->user(); + protected $user; + + public function __construct(){ + $this->user = auth()->user(); } public function index() { // Check if the authenticated user has the required permission to view holiday calendars - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.read')) { + if (is_null($this->user) || !$this->user->can('basic-data.read')) { abort(403, 'Sorry! You are not allowed to view holiday calendars.'); } return view('basicdata::holidaycalendar.index'); } + public function store(HolidayCalendarRequest $request) { // Check if the authenticated user has the required permission to create holiday calendars - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.create')) { + if (is_null($this->user) || !$this->user->can('basic-data.create')) { abort(403, 'Sorry! You are not allowed to create holiday calendars.'); } @@ -61,8 +57,7 @@ public function create() { // Check if the authenticated user has the required permission to create holiday calendars - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.create')) { + if (is_null($this->user) || !$this->user->can('basic-data.create')) { abort(403, 'Sorry! You are not allowed to create holiday calendars.'); } @@ -72,8 +67,7 @@ public function edit($id) { // Check if the authenticated user has the required permission to update holiday calendars - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.update')) { + if (is_null($this->user) || !$this->user->can('basic-data.update')) { abort(403, 'Sorry! You are not allowed to update holiday calendars.'); } @@ -84,8 +78,7 @@ public function update(HolidayCalendarRequest $request, $id) { // Check if the authenticated user has the required permission to update holiday calendars - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.update')) { + if (is_null($this->user) || !$this->user->can('basic-data.update')) { abort(403, 'Sorry! You are not allowed to update holiday calendars.'); } @@ -113,8 +106,7 @@ public function destroy($id) { // Check if the authenticated user has the required permission to delete holiday calendars - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.delete')) { + if (is_null($this->user) || !$this->user->can('basic-data.delete')) { abort(403, 'Sorry! You are not allowed to delete holiday calendars.'); } @@ -135,9 +127,11 @@ public function deleteMultiple(Request $request) { // Check if the authenticated user has the required permission to delete holiday calendars - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.delete')) { - return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete holiday calendars.'], 403); + if (is_null($this->user) || !$this->user->can('basic-data.delete')) { + return response()->json([ + 'success' => false, + 'message' => 'Sorry! You are not allowed to delete holiday calendars.' + ], 403); } $ids = $request->input('ids'); @@ -148,9 +142,11 @@ public function dataForDatatables(Request $request) { // Check if the authenticated user has the required permission to view holiday calendars - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.read')) { - return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view holiday calendars.'], 403); + if (is_null($this->user) || !$this->user->can('basic-data.read')) { + return response()->json([ + 'success' => false, + 'message' => 'Sorry! You are not allowed to view holiday calendars.' + ], 403); } // Retrieve data from the database @@ -212,8 +208,7 @@ public function export() { // Check if the authenticated user has the required permission to export holiday calendars - $user = $this->getUser(); - if (is_null($user) || !$user->can('basic-data.export')) { + if (is_null($this->user) || !$this->user->can('basic-data.export')) { abort(403, 'Sorry! You are not allowed to export holiday calendars.'); } diff --git a/routes/web.php b/routes/web.php index 0f2f311..9bf9310 100644 --- a/routes/web.php +++ b/routes/web.php @@ -19,7 +19,6 @@ Route::middleware(['auth'])->group(function () { Route::name('basicdata.')->prefix('basic-data')->group(function () { Route::name('currency.')->prefix('mata-uang')->group(function () { - Route::get('restore/{id}', [CurrencyController::class, 'restore'])->name('restore'); Route::get('datatables', [CurrencyController::class, 'dataForDatatables'])->name('datatables'); Route::get('export', [CurrencyController::class, 'export'])->name('export'); Route::post('delete-multiple', [CurrencyController::class, 'deleteMultiple'])->name('deleteMultiple'); @@ -39,7 +38,6 @@ Route::name('branch.')->prefix('cabang')->group(function () { - Route::get('restore/{id}', [BranchController::class, 'restore'])->name('restore'); Route::get('datatables', [BranchController::class, 'dataForDatatables'])->name('datatables'); Route::get('export', [BranchController::class, 'export'])->name('export'); Route::post('delete-multiple', [BranchController::class, 'deleteMultiple'])->name('deleteMultiple'); @@ -58,15 +56,10 @@ ]); Route::group(['prefix' => 'holidaycalendar', 'as' => 'holidaycalendar.'], function () { - Route::get('/', [HolidayCalendarController::class, 'index'])->name('index'); - Route::get('/create', [HolidayCalendarController::class, 'create'])->name('create'); - Route::post('/', [HolidayCalendarController::class, 'store'])->name('store'); - Route::get('/{id}/edit', [HolidayCalendarController::class, 'edit'])->name('edit'); - Route::put('/{id}', [HolidayCalendarController::class, 'update'])->name('update'); - Route::delete('/{id}', [HolidayCalendarController::class, 'destroy'])->name('destroy'); Route::get('/datatables', [HolidayCalendarController::class, 'dataForDatatables'])->name('datatables'); Route::get('/export', [HolidayCalendarController::class, 'export'])->name('export'); Route::post('delete-multiple', [HolidayCalendarController::class, 'deleteMultiple'])->name('deleteMultiple'); }); + Route::resource('holidaycalendar', HolidayCalendarController::class); }); });