diff --git a/app/Exports/CurrencyExport.php b/app/Exports/CurrencyExport.php index 3492a67..fa79a92 100644 --- a/app/Exports/CurrencyExport.php +++ b/app/Exports/CurrencyExport.php @@ -6,7 +6,7 @@ use Maatwebsite\Excel\Concerns\WithColumnFormatting; use Maatwebsite\Excel\Concerns\WithHeadings; use Maatwebsite\Excel\Concerns\WithMapping; - use Modules\Lpj\Models\Currency; + use Modules\Basicdata\Models\Currency; use PhpOffice\PhpSpreadsheet\Style\NumberFormat; class CurrencyExport implements WithColumnFormatting, WithHeadings, FromCollection, withMapping diff --git a/app/Http/Controllers/CurrencyController.php b/app/Http/Controllers/CurrencyController.php index 2924a82..eb42ac3 100644 --- a/app/Http/Controllers/CurrencyController.php +++ b/app/Http/Controllers/CurrencyController.php @@ -12,15 +12,35 @@ class CurrencyController extends Controller { - public $user; + /** + * Get the authenticated user. + * + * @return \Illuminate\Contracts\Auth\Authenticatable|null + */ + protected function getUser() + { + return \Illuminate\Support\Facades\Auth::guard('web')->user(); + } public function index() { + // Check if the authenticated user has the required permission to view currencies + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.read')) { + abort(403, 'Sorry! You are not allowed to view currencies.'); + } + return view('basicdata::currency.index'); } public function store(CurrencyRequest $request) { + // Check if the authenticated user has the required permission to create currencies + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.create')) { + abort(403, 'Sorry! You are not allowed to create currencies.'); + } + $validate = $request->validated(); if ($validate) { @@ -40,17 +60,35 @@ public function create() { + // Check if the authenticated user has the required permission to create currencies + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.create')) { + abort(403, 'Sorry! You are not allowed to create currencies.'); + } + return view('basicdata::currency.create'); } public function edit($id) { + // Check if the authenticated user has the required permission to update currencies + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.update')) { + abort(403, 'Sorry! You are not allowed to update currencies.'); + } + $currency = Currency::find($id); return view('basicdata::currency.create', compact('currency')); } public function update(CurrencyRequest $request, $id) { + // Check if the authenticated user has the required permission to update currencies + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.update')) { + abort(403, 'Sorry! You are not allowed to update currencies.'); + } + $validate = $request->validated(); if ($validate) { @@ -71,28 +109,42 @@ public function destroy($id) { + // Check if the authenticated user has the required permission to delete currencies + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.delete')) { + return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete currencies.'], 403); + } + try { // Delete from database $currency = Currency::find($id); $currency->delete(); - echo json_encode(['success' => true, 'message' => 'Currency deleted successfully']); + return response()->json(['success' => true, 'message' => 'Currency deleted successfully']); } catch (Exception $e) { - echo json_encode(['success' => false, 'message' => 'Failed to delete currency']); + return response()->json(['success' => false, 'message' => 'Failed to delete currency']); } } public function deleteMultiple(Request $request) { + // Check if the authenticated user has the required permission to delete currencies + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.delete')) { + return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete currencies.'], 403); + } + $ids = $request->input('ids'); Currency::whereIn('id', $ids)->delete(); - return response()->json(['message' => 'Currencies deleted successfully']); + return response()->json(['success' => true, 'message' => 'Currencies deleted successfully']); } public function dataForDatatables(Request $request) { - if (is_null($this->user) || !$this->user->can('currency.view')) { - //abort(403, 'Sorry! You are not allowed to view users.'); + // Check if the authenticated user has the required permission to view currencies + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.read')) { + return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view currencies.'], 403); } // Retrieve data from the database @@ -153,6 +205,12 @@ public function export() { + // Check if the authenticated user has the required permission to export currencies + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.export')) { + abort(403, 'Sorry! You are not allowed to export currencies.'); + } + return Excel::download(new CurrencyExport, 'currency.xlsx'); } } diff --git a/app/Http/Requests/CurrencyRequest.php b/app/Http/Requests/CurrencyRequest.php index 247796a..2868727 100644 --- a/app/Http/Requests/CurrencyRequest.php +++ b/app/Http/Requests/CurrencyRequest.php @@ -23,7 +23,8 @@ ]; if ($this->method() == 'PUT') { - $rules['code'] = 'required|string|max:3|unique:currencies,code,' . $this->id; + $id = $this->id ? (int)$this->id : null; + $rules['code'] = 'required|string|max:3|unique:currencies,code,' . $id; } else { $rules['code'] = 'required|string|max:3|unique:currencies,code'; } @@ -37,6 +38,14 @@ public function authorize() : bool { + $user = auth()->guard('web')->user(); + + if ($this->method() == 'PUT') { + return $user && $user->can('basic-data.update'); + } elseif ($this->method() == 'POST') { + return $user && $user->can('basic-data.create'); + } + return true; } } diff --git a/resources/views/currency/create.blade.php b/resources/views/currency/create.blade.php index 5b1c3e8..a9f973a 100644 --- a/resources/views/currency/create.blade.php +++ b/resources/views/currency/create.blade.php @@ -6,75 +6,83 @@ @section('content')
- @if(isset($currency->id)) -
+ + @csrf + @if(isset($currency->id)) @method('PUT') - @else - - @endif - @csrf -
-
-

- {{ isset($currency->id) ? 'Edit' : 'Tambah' }} Currency -

-
- Back -
-
-
-
- -
- - @error('code') - {{ $message }} - @enderror -
-
-
- -
- - @error('name') - {{ $message }} - @enderror -
-
-
- -
- - @error('symbol') - {{ $message }} - @enderror -
-
-
- -
- - @error('decimal_places') - {{ $message }} - @enderror -
-
-
- -
-
+ @endif +
+
+

+ {{ isset($currency->id) ? 'Edit' : 'Tambah' }} Currency +

+
+ Back +
+
+
+
+ +
+ + @error('code') + {{ $message }} + @enderror
- +
+
+ +
+ + @error('name') + {{ $message }} + @enderror +
+
+
+ +
+ + @error('symbol') + {{ $message }} + @enderror +
+
+
+ +
+ + @error('decimal_places') + {{ $message }} + @enderror +
+
+
+ @if(isset($currency->id)) + @can('basic-data.update') + + @endcan + @else + @can('basic-data.create') + + @endcan + @endif +
+
+
+
@endsection diff --git a/resources/views/currency/index.blade.php b/resources/views/currency/index.blade.php index 63a0cad..debadd8 100644 --- a/resources/views/currency/index.blade.php +++ b/resources/views/currency/index.blade.php @@ -19,9 +19,15 @@
+ @can('basic-data.export') Export to Excel + @endcan + @can('basic-data.create') Tambah Mata Uang + @endcan + @can('basic-data.delete') + @endcan
@@ -178,14 +184,22 @@ actions: { title: 'Status', render: (item, data) => { - return `
- + let html = `
`; + + @can('basic-data.update') + html += ` - - + `; + @endcan + + @can('basic-data.delete') + html += ` - -
`; + `; + @endcan + + html += `
`; + return html; }, } }, @@ -227,4 +241,3 @@ window.dataTable = dataTable; @endpush - diff --git a/tests/Feature/CurrencyControllerTest.php b/tests/Feature/CurrencyControllerTest.php new file mode 100644 index 0000000..7318bf9 --- /dev/null +++ b/tests/Feature/CurrencyControllerTest.php @@ -0,0 +1,320 @@ + 'basic-data', + 'slug' => 'basic-data' + ]); + + // Create permissions with permission_group_id + Permission::create([ + 'name' => 'basic-data.create', + 'guard_name' => 'web', + 'permission_group_id' => $permissionGroup->id + ]); + Permission::create([ + 'name' => 'basic-data.read', + 'guard_name' => 'web', + 'permission_group_id' => $permissionGroup->id + ]); + Permission::create([ + 'name' => 'basic-data.update', + 'guard_name' => 'web', + 'permission_group_id' => $permissionGroup->id + ]); + Permission::create([ + 'name' => 'basic-data.delete', + 'guard_name' => 'web', + 'permission_group_id' => $permissionGroup->id + ]); + Permission::create([ + 'name' => 'basic-data.export', + 'guard_name' => 'web', + 'permission_group_id' => $permissionGroup->id + ]); + + // Create admin role with all permissions + $this->adminRole = Role::create(['name' => 'admin', 'guard_name' => 'web']); + $this->adminRole->givePermissionTo(Permission::all()); + + // Create a user with admin role + $this->user = User::factory()->create(); + $this->user->assignRole($this->adminRole); + + // Create a currency for testing + $this->currency = Currency::create([ + 'code' => 'USD', + 'name' => 'US Dollar', + 'symbol' => '$', + 'decimal_places' => 2, + 'created_by' => null, + 'updated_by' => null, + 'deleted_by' => null, + 'authorized_by' => null + ]); + } + + #[Test] + public function user_with_permission_can_view_currencies_index() + { + $response = $this->actingAs($this->user) + ->get(route('basicdata.currency.index')); + + $response->assertStatus(200); + } + + #[Test] + public function user_without_permission_cannot_view_currencies_index() + { + // Create a role without permissions + $role = Role::create(['name' => 'viewer', 'guard_name' => 'web']); + + // Create a user with the viewer role + $user = User::factory()->create(); + $user->assignRole($role); + + $response = $this->actingAs($user) + ->get(route('basicdata.currency.index')); + + $response->assertStatus(403); + } + + #[Test] + public function user_with_permission_can_create_currency() + { + $response = $this->actingAs($this->user) + ->get(route('basicdata.currency.create')); + + $response->assertStatus(200); + } + + #[Test] + public function user_without_permission_cannot_create_currency() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $response = $this->actingAs($user) + ->get(route('basicdata.currency.create')); + + $response->assertStatus(403); + } + + #[Test] + public function user_with_permission_can_store_currency() + { + $currencyData = [ + 'code' => 'EUR', + 'name' => 'Euro', + 'symbol' => '€', + 'decimal_places' => 2 + ]; + + $response = $this->actingAs($this->user) + ->post(route('basicdata.currency.store'), $currencyData); + + $response->assertRedirect(route('basicdata.currency.index')); + + // Only check the fields we're explicitly setting + $this->assertDatabaseHas('currencies', [ + 'code' => 'EUR', + 'name' => 'Euro', + 'symbol' => '€', + 'decimal_places' => 2 + ]); + } + + #[Test] + public function user_without_permission_cannot_store_currency() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $currencyData = [ + 'code' => 'EUR', + 'name' => 'Euro', + 'symbol' => '€', + 'decimal_places' => 2 + ]; + + $response = $this->actingAs($user) + ->post(route('basicdata.currency.store'), $currencyData); + + $response->assertStatus(403); + $this->assertDatabaseMissing('currencies', [ + 'code' => 'EUR', + 'name' => 'Euro' + ]); + } + + #[Test] + public function user_with_permission_can_edit_currency() + { + $response = $this->actingAs($this->user) + ->get(route('basicdata.currency.edit', $this->currency->id)); + + $response->assertStatus(200); + } + + #[Test] + public function user_without_permission_cannot_edit_currency() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $response = $this->actingAs($user) + ->get(route('basicdata.currency.edit', $this->currency->id)); + + $response->assertStatus(403); + } + + #[Test] + public function user_with_permission_can_update_currency() + { + $updatedData = [ + 'id' => $this->currency->id, // Include the ID in the request + 'code' => 'GBP', + 'name' => 'British Pound', + 'symbol' => '£', + 'decimal_places' => 2 + ]; + + $response = $this->actingAs($this->user) + ->put(route('basicdata.currency.update', $this->currency->id), $updatedData); + + $response->assertRedirect(route('basicdata.currency.index')); + + // Only check the fields we're explicitly setting + $this->assertDatabaseHas('currencies', [ + 'id' => $this->currency->id, + 'code' => 'GBP', + 'name' => 'British Pound', + 'symbol' => '£', + 'decimal_places' => 2 + ]); + } + + #[Test] + public function user_without_permission_cannot_update_currency() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $updatedData = [ + 'id' => $this->currency->id, // Include the ID in the request + 'code' => 'GBP', + 'name' => 'British Pound', + 'symbol' => '£', + 'decimal_places' => 2 + ]; + + $response = $this->actingAs($user) + ->put(route('basicdata.currency.update', $this->currency->id), $updatedData); + + $response->assertStatus(403); + + // Verify the currency wasn't updated - check that it still has the original values + $this->assertDatabaseHas('currencies', [ + 'id' => $this->currency->id, + 'code' => 'USD', // Original value + 'name' => 'US Dollar' // Original value + ]); + } + + #[Test] + public function user_with_permission_can_delete_currency() + { + $response = $this->actingAs($this->user) + ->delete(route('basicdata.currency.destroy', $this->currency->id)); + + $response->assertJson(['success' => true]); + $this->assertSoftDeleted($this->currency); + } + + #[Test] + public function user_without_permission_cannot_delete_currency() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $response = $this->actingAs($user) + ->delete(route('basicdata.currency.destroy', $this->currency->id)); + + $response->assertStatus(403); + $this->assertDatabaseHas('currencies', ['id' => $this->currency->id, 'deleted_at' => null]); + } + + #[Test] + public function user_with_permission_can_export_currencies() + { + $response = $this->actingAs($this->user) + ->get(route('basicdata.currency.export')); + + $response->assertStatus(200); + } + + #[Test] + public function user_without_permission_cannot_export_currencies() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $response = $this->actingAs($user) + ->get(route('basicdata.currency.export')); + + $response->assertStatus(403); + } +}