feat(currency): implement role-based access control, exports, and tests for currency management
- Menambahkan validasi Role-based Access Control (RBAC) untuk tindakan CRUD mata uang: 1. Validasi untuk `read`, `create`, `update`, dan `delete` pada CurrencyController. 2. Menambahkan metode `getUser()` untuk memperoleh user terautentikasi. 3. Menangani respon dengan HTTP status `403 Forbidden` jika tidak memiliki izin. - Memperbaiki rute dan logika `store` serta `update`: 1. Validasi terhadap atribut `code` disesuaikan dengan skenario update (menggunakan ID). 2. Menambahkan metode `authorize()` pada CurrencyRequest untuk memastikan izin aksi sesuai role (CRUD spesifik). - Perubahan pada view blade: 1. Menambahkan validasi izin sebelum rendering tombol `Tambah`, `Hapus`, `Export`, dan `Edit`. 2. Menambahkan logika dinamis untuk izin terkait. - Tambahan logika pada export ke Excel: 1. Validasi izin untuk `basic-data.export` sebelum mengunduh file. - Test Feature dengan PHPUnit: 1. Menambahkan test coverage untuk tindakan CRUD, validasi izin role, dan ekspor data. 2. Menggunakan database segar dengan RefreshDatabase. - Refactor penggunaan model Currency di `CurrencyExport` agar sesuai namespace setelah modifikasi. - Respon di `destroy` dan `deleteMultiple` dikembalikan dalam format JSON untuk standardisasi. - Memastikan test mencakup berbagai skenario: 1. User dengan izin vs tanpa izin. 2. Operasi data valid dan tidak valid. Penyesuaian ini meningkatkan keamanan dan manajemen peran pada modul Currency, serta memastikan pengujian yang mendalam terhadap semua fitur baru. Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
This commit is contained in:
Daeng Deni Mardaeni
@@ -6,7 +6,7 @@
|
||||
use Maatwebsite\Excel\Concerns\WithColumnFormatting;
|
||||
use Maatwebsite\Excel\Concerns\WithHeadings;
|
||||
use Maatwebsite\Excel\Concerns\WithMapping;
|
||||
use Modules\Lpj\Models\Currency;
|
||||
use Modules\Basicdata\Models\Currency;
|
||||
use PhpOffice\PhpSpreadsheet\Style\NumberFormat;
|
||||
|
||||
class CurrencyExport implements WithColumnFormatting, WithHeadings, FromCollection, withMapping
|
||||
|
||||
@@ -12,15 +12,35 @@
|
||||
|
||||
class CurrencyController extends Controller
|
||||
{
|
||||
public $user;
|
||||
/**
|
||||
* Get the authenticated user.
|
||||
*
|
||||
* @return \Illuminate\Contracts\Auth\Authenticatable|null
|
||||
*/
|
||||
protected function getUser()
|
||||
{
|
||||
return \Illuminate\Support\Facades\Auth::guard('web')->user();
|
||||
}
|
||||
|
||||
public function index()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to view currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.read')) {
|
||||
abort(403, 'Sorry! You are not allowed to view currencies.');
|
||||
}
|
||||
|
||||
return view('basicdata::currency.index');
|
||||
}
|
||||
|
||||
public function store(CurrencyRequest $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to create currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.create')) {
|
||||
abort(403, 'Sorry! You are not allowed to create currencies.');
|
||||
}
|
||||
|
||||
$validate = $request->validated();
|
||||
|
||||
if ($validate) {
|
||||
@@ -40,17 +60,35 @@
|
||||
|
||||
public function create()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to create currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.create')) {
|
||||
abort(403, 'Sorry! You are not allowed to create currencies.');
|
||||
}
|
||||
|
||||
return view('basicdata::currency.create');
|
||||
}
|
||||
|
||||
public function edit($id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to update currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.update')) {
|
||||
abort(403, 'Sorry! You are not allowed to update currencies.');
|
||||
}
|
||||
|
||||
$currency = Currency::find($id);
|
||||
return view('basicdata::currency.create', compact('currency'));
|
||||
}
|
||||
|
||||
public function update(CurrencyRequest $request, $id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to update currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.update')) {
|
||||
abort(403, 'Sorry! You are not allowed to update currencies.');
|
||||
}
|
||||
|
||||
$validate = $request->validated();
|
||||
|
||||
if ($validate) {
|
||||
@@ -71,28 +109,42 @@
|
||||
|
||||
public function destroy($id)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to delete currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.delete')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete currencies.'], 403);
|
||||
}
|
||||
|
||||
try {
|
||||
// Delete from database
|
||||
$currency = Currency::find($id);
|
||||
$currency->delete();
|
||||
|
||||
echo json_encode(['success' => true, 'message' => 'Currency deleted successfully']);
|
||||
return response()->json(['success' => true, 'message' => 'Currency deleted successfully']);
|
||||
} catch (Exception $e) {
|
||||
echo json_encode(['success' => false, 'message' => 'Failed to delete currency']);
|
||||
return response()->json(['success' => false, 'message' => 'Failed to delete currency']);
|
||||
}
|
||||
}
|
||||
|
||||
public function deleteMultiple(Request $request)
|
||||
{
|
||||
// Check if the authenticated user has the required permission to delete currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.delete')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete currencies.'], 403);
|
||||
}
|
||||
|
||||
$ids = $request->input('ids');
|
||||
Currency::whereIn('id', $ids)->delete();
|
||||
return response()->json(['message' => 'Currencies deleted successfully']);
|
||||
return response()->json(['success' => true, 'message' => 'Currencies deleted successfully']);
|
||||
}
|
||||
|
||||
public function dataForDatatables(Request $request)
|
||||
{
|
||||
if (is_null($this->user) || !$this->user->can('currency.view')) {
|
||||
//abort(403, 'Sorry! You are not allowed to view users.');
|
||||
// Check if the authenticated user has the required permission to view currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.read')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view currencies.'], 403);
|
||||
}
|
||||
|
||||
// Retrieve data from the database
|
||||
@@ -153,6 +205,12 @@
|
||||
|
||||
public function export()
|
||||
{
|
||||
// Check if the authenticated user has the required permission to export currencies
|
||||
$user = $this->getUser();
|
||||
if (is_null($user) || !$user->can('basic-data.export')) {
|
||||
abort(403, 'Sorry! You are not allowed to export currencies.');
|
||||
}
|
||||
|
||||
return Excel::download(new CurrencyExport, 'currency.xlsx');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,7 +23,8 @@
|
||||
];
|
||||
|
||||
if ($this->method() == 'PUT') {
|
||||
$rules['code'] = 'required|string|max:3|unique:currencies,code,' . $this->id;
|
||||
$id = $this->id ? (int)$this->id : null;
|
||||
$rules['code'] = 'required|string|max:3|unique:currencies,code,' . $id;
|
||||
} else {
|
||||
$rules['code'] = 'required|string|max:3|unique:currencies,code';
|
||||
}
|
||||
@@ -37,6 +38,14 @@
|
||||
public function authorize()
|
||||
: bool
|
||||
{
|
||||
$user = auth()->guard('web')->user();
|
||||
|
||||
if ($this->method() == 'PUT') {
|
||||
return $user && $user->can('basic-data.update');
|
||||
} elseif ($this->method() == 'POST') {
|
||||
return $user && $user->can('basic-data.create');
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user