From 52b48263a27784aa035c570f6a6c56d359c0fa97 Mon Sep 17 00:00:00 2001 From: Daeng Deni Mardaeni Date: Sat, 17 May 2025 11:32:06 +0700 Subject: [PATCH] feat(basicdata): tambah otorisasi berbasis peran dan pengujian pada BranchController - Implementasi otorisasi berbasis peran untuk seluruh aksi di BranchController seperti index, create, store, edit, update, delete, dan export. - Tambahan utilitas `getUser` untuk mendapatkan pengguna yang diautentikasi dan mempermudah pengecekan otorisasi. - Semua aksi pada controller sekarang memeriksa izin pengguna sebelum melanjutkan: - `basic-data.read` untuk melihat data. - `basic-data.create` untuk membuat cabang baru. - `basic-data.update` untuk memperbarui data cabang. - `basic-data.delete` untuk menghapus data cabang. - `basic-data.export` untuk mengekspor data cabang. - Penyesuaian pada view: - Tombol aksi seperti `Save`, `Delete Selected`, dan `Export to Excel` hanya tampil jika pengguna memiliki izin terkait. - Tambahan pengujian (unit test) pada `BranchControllerTest` untuk memastikan logika otorisasi: - Pengguna dengan izin dapat melakukan aksi sesuai dengan perannya. - Pengguna tanpa izin mendapatkan respon 403 atau dicegah melakukan aksi tertentu. - Update logika tombol aksi di datatables untuk mendukung pengecekan izin sebelum menampilkan opsi edit/hapus. - Update respons JSON dalam aksi hapus tunggal dan hapus banyak untuk kejelasan struktur pesan. Commit ini mengamankan BranchController dari akses tak sah dan meningkatkan fleksibilitas sistem terkait kendali peran dan izin. Signed-off-by: Daeng Deni Mardaeni --- app/Http/Controllers/BranchController.php | 70 +++++- resources/views/branch/create.blade.php | 16 +- resources/views/branch/index.blade.php | 27 ++- tests/Feature/BranchControllerTest.php | 280 ++++++++++++++++++++++ 4 files changed, 377 insertions(+), 16 deletions(-) create mode 100644 tests/Feature/BranchControllerTest.php diff --git a/app/Http/Controllers/BranchController.php b/app/Http/Controllers/BranchController.php index b1c070f..1271096 100644 --- a/app/Http/Controllers/BranchController.php +++ b/app/Http/Controllers/BranchController.php @@ -12,15 +12,35 @@ class BranchController extends Controller { - public $user; + /** + * Get the authenticated user. + * + * @return \Illuminate\Contracts\Auth\Authenticatable|null + */ + protected function getUser() + { + return \Illuminate\Support\Facades\Auth::guard('web')->user(); + } public function index() { + // Check if the authenticated user has the required permission to view branches + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.read')) { + abort(403, 'Sorry! You are not allowed to view branches.'); + } + return view('basicdata::branch.index'); } public function store(BranchRequest $request) { + // Check if the authenticated user has the required permission to create branches + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.create')) { + abort(403, 'Sorry! You are not allowed to create branches.'); + } + $validate = $request->validated(); if ($validate) { @@ -40,17 +60,35 @@ public function create() { + // Check if the authenticated user has the required permission to create branches + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.create')) { + abort(403, 'Sorry! You are not allowed to create branches.'); + } + return view('basicdata::branch.create'); } public function edit($id) { + // Check if the authenticated user has the required permission to update branches + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.update')) { + abort(403, 'Sorry! You are not allowed to update branches.'); + } + $branch = Branch::find($id); return view('basicdata::branch.create', compact('branch')); } public function update(BranchRequest $request, $id) { + // Check if the authenticated user has the required permission to update branches + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.update')) { + abort(403, 'Sorry! You are not allowed to update branches.'); + } + $validate = $request->validated(); if ($validate) { @@ -71,28 +109,42 @@ public function destroy($id) { + // Check if the authenticated user has the required permission to delete branches + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.delete')) { + return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete branches.'], 403); + } + try { // Delete from database $branch = Branch::find($id); $branch->delete(); - echo json_encode(['success' => true, 'message' => 'Branch deleted successfully']); + return response()->json(['success' => true, 'message' => 'Branch deleted successfully']); } catch (Exception $e) { - echo json_encode(['success' => false, 'message' => 'Failed to delete branch']); + return response()->json(['success' => false, 'message' => 'Failed to delete branch']); } } public function deleteMultiple(Request $request) { + // Check if the authenticated user has the required permission to delete branches + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.delete')) { + return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete branches.'], 403); + } + $ids = $request->input('ids'); Branch::whereIn('id', $ids)->delete(); - return response()->json(['message' => 'Branches deleted successfully']); + return response()->json(['success' => true, 'message' => 'Branches deleted successfully']); } public function dataForDatatables(Request $request) { - if (is_null($this->user) || !$this->user->can('branch.view')) { - //abort(403, 'Sorry! You are not allowed to view users.'); + // Check if the authenticated user has the required permission to view branches + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.read')) { + return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view branches.'], 403); } // Retrieve data from the database @@ -152,6 +204,12 @@ public function export() { + // Check if the authenticated user has the required permission to export branches + $user = $this->getUser(); + if (is_null($user) || !$user->can('basic-data.export')) { + abort(403, 'Sorry! You are not allowed to export branches.'); + } + return Excel::download(new BranchExport, 'branch.xlsx'); } } diff --git a/resources/views/branch/create.blade.php b/resources/views/branch/create.blade.php index f9cb3b7..93dcfa5 100644 --- a/resources/views/branch/create.blade.php +++ b/resources/views/branch/create.blade.php @@ -47,9 +47,19 @@
- + @if(isset($branch->id)) + @can('basic-data.update') + + @endcan + @else + @can('basic-data.create') + + @endcan + @endif
diff --git a/resources/views/branch/index.blade.php b/resources/views/branch/index.blade.php index 54e24d2..af36573 100644 --- a/resources/views/branch/index.blade.php +++ b/resources/views/branch/index.blade.php @@ -19,9 +19,15 @@
+ @can('basic-data.export') Export to Excel + @endcan + @can('basic-data.create') Tambah Cabang + @endcan + @can('basic-data.delete') + @endcan
@@ -165,14 +171,22 @@ actions: { title: 'Status', render: (item, data) => { - return `
- + let html = `
`; + + @can('basic-data.update') + html += ` - - + `; + @endcan + + @can('basic-data.delete') + html += ` - -
`; + `; + @endcan + + html += `
`; + return html; }, } }, @@ -213,4 +227,3 @@ window.dataTable = dataTable; @endpush - diff --git a/tests/Feature/BranchControllerTest.php b/tests/Feature/BranchControllerTest.php new file mode 100644 index 0000000..d6c4eb7 --- /dev/null +++ b/tests/Feature/BranchControllerTest.php @@ -0,0 +1,280 @@ + 'basic-data', + 'slug' => 'basic-data' + ]); + + // Create permissions with permission_group_id + Permission::create([ + 'name' => 'basic-data.create', + 'guard_name' => 'web', + 'permission_group_id' => $permissionGroup->id + ]); + Permission::create([ + 'name' => 'basic-data.read', + 'guard_name' => 'web', + 'permission_group_id' => $permissionGroup->id + ]); + Permission::create([ + 'name' => 'basic-data.update', + 'guard_name' => 'web', + 'permission_group_id' => $permissionGroup->id + ]); + Permission::create([ + 'name' => 'basic-data.delete', + 'guard_name' => 'web', + 'permission_group_id' => $permissionGroup->id + ]); + Permission::create([ + 'name' => 'basic-data.export', + 'guard_name' => 'web', + 'permission_group_id' => $permissionGroup->id + ]); + + // Create admin role with all permissions + $this->adminRole = Role::create(['name' => 'admin', 'guard_name' => 'web']); + $this->adminRole->givePermissionTo(Permission::all()); + + // Create a user with admin role + $this->user = User::factory()->create(); + $this->user->assignRole($this->adminRole); + + // Create a branch for testing + $this->branch = Branch::create([ + 'code' => 'TEST', + 'name' => 'Test Branch' + ]); + } + + #[Test] + public function user_with_permission_can_view_branches_index() + { + $response = $this->actingAs($this->user) + ->get(route('basicdata.branch.index')); + + $response->assertStatus(200); + } + + #[Test] + public function user_without_permission_cannot_view_branches_index() + { + // Create a role without permissions + $role = Role::create(['name' => 'viewer', 'guard_name' => 'web']); + + // Create a user with the viewer role + $user = User::factory()->create(); + $user->assignRole($role); + + $response = $this->actingAs($user) + ->get(route('basicdata.branch.index')); + + $response->assertStatus(403); + } + + #[Test] + public function user_with_permission_can_create_branch() + { + $response = $this->actingAs($this->user) + ->get(route('basicdata.branch.create')); + + $response->assertStatus(200); + } + + #[Test] + public function user_without_permission_cannot_create_branch() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $response = $this->actingAs($user) + ->get(route('basicdata.branch.create')); + + $response->assertStatus(403); + } + + #[Test] + public function user_with_permission_can_store_branch() + { + $branchData = [ + 'code' => 'NEW', + 'name' => 'New Branch' + ]; + + $response = $this->actingAs($this->user) + ->post(route('basicdata.branch.store'), $branchData); + + $response->assertRedirect(route('basicdata.branch.index')); + $this->assertDatabaseHas('branches', $branchData); + } + + #[Test] + public function user_without_permission_cannot_store_branch() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $branchData = [ + 'code' => 'NEW', + 'name' => 'New Branch' + ]; + + $response = $this->actingAs($user) + ->post(route('basicdata.branch.store'), $branchData); + + $response->assertStatus(403); + $this->assertDatabaseMissing('branches', $branchData); + } + + #[Test] + public function user_with_permission_can_edit_branch() + { + $response = $this->actingAs($this->user) + ->get(route('basicdata.branch.edit', $this->branch->id)); + + $response->assertStatus(200); + } + + #[Test] + public function user_without_permission_cannot_edit_branch() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $response = $this->actingAs($user) + ->get(route('basicdata.branch.edit', $this->branch->id)); + + $response->assertStatus(403); + } + + #[Test] + public function user_with_permission_can_update_branch() + { + $updatedData = [ + 'code' => 'UPD', + 'name' => 'Updated Branch' + ]; + + $response = $this->actingAs($this->user) + ->put(route('basicdata.branch.update', $this->branch->id), $updatedData); + + $response->assertRedirect(route('basicdata.branch.index')); + $this->assertDatabaseHas('branches', $updatedData); + } + + #[Test] + public function user_without_permission_cannot_update_branch() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $updatedData = [ + 'code' => 'UPD', + 'name' => 'Updated Branch' + ]; + + $response = $this->actingAs($user) + ->put(route('basicdata.branch.update', $this->branch->id), $updatedData); + + $response->assertStatus(403); + $this->assertDatabaseMissing('branches', $updatedData); + } + + #[Test] + public function user_with_permission_can_delete_branch() + { + $response = $this->actingAs($this->user) + ->delete(route('basicdata.branch.destroy', $this->branch->id)); + + $response->assertJson(['success' => true]); + $this->assertSoftDeleted($this->branch); + } + + #[Test] + public function user_without_permission_cannot_delete_branch() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $response = $this->actingAs($user) + ->delete(route('basicdata.branch.destroy', $this->branch->id)); + + $response->assertStatus(403); + $this->assertDatabaseHas('branches', ['id' => $this->branch->id, 'deleted_at' => null]); + } + + #[Test] + public function user_with_permission_can_export_branches() + { + $response = $this->actingAs($this->user) + ->get(route('basicdata.branch.export')); + + $response->assertStatus(200); + } + + #[Test] + public function user_without_permission_cannot_export_branches() + { + // Create a role with only read permission + $role = Role::create(['name' => 'reader', 'guard_name' => 'web']); + $role->givePermissionTo('basic-data.read'); + + // Create a user with the reader role + $user = User::factory()->create(); + $user->assignRole($role); + + $response = $this->actingAs($user) + ->get(route('basicdata.branch.export')); + + $response->assertStatus(403); + } +}