daengdeni/basicdata
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat(basicdata): tambah otorisasi berbasis peran dan pengujian pada BranchController

Browse Source 
- Implementasi otorisasi berbasis peran untuk seluruh aksi di BranchController seperti index, create, store, edit, update, delete, dan export.
- Tambahan utilitas `getUser` untuk mendapatkan pengguna yang diautentikasi dan mempermudah pengecekan otorisasi.
- Semua aksi pada controller sekarang memeriksa izin pengguna sebelum melanjutkan:
  - `basic-data.read` untuk melihat data.
  - `basic-data.create` untuk membuat cabang baru.
  - `basic-data.update` untuk memperbarui data cabang.
  - `basic-data.delete` untuk menghapus data cabang.
  - `basic-data.export` untuk mengekspor data cabang.
- Penyesuaian pada view:
  - Tombol aksi seperti `Save`, `Delete Selected`, dan `Export to Excel` hanya tampil jika pengguna memiliki izin terkait.
- Tambahan pengujian (unit test) pada `BranchControllerTest` untuk memastikan logika otorisasi:
  - Pengguna dengan izin dapat melakukan aksi sesuai dengan perannya.
  - Pengguna tanpa izin mendapatkan respon 403 atau dicegah melakukan aksi tertentu.
- Update logika tombol aksi di datatables untuk mendukung pengecekan izin sebelum menampilkan opsi edit/hapus.
- Update respons JSON dalam aksi hapus tunggal dan hapus banyak untuk kejelasan struktur pesan.

Commit ini mengamankan BranchController dari akses tak sah dan meningkatkan fleksibilitas sistem terkait kendali peran dan izin.

Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
This commit is contained in:
Daeng Deni Mardaeni
2025-05-17 11:32:06 +07:00
parent 32e620299b
commit 52b48263a2
4 changed files with 377 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
app/Http/Controllers/BranchController.php
View File

@@ -12,15 +12,35 @@
class BranchController extends Controller class BranchController extends Controller
{ {
public $user; /**
* Get the authenticated user.
*
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
protected function getUser()
{
return \Illuminate\Support\Facades\Auth::guard('web')->user();
}
public function index() public function index()
{ {
// Check if the authenticated user has the required permission to view branches
$user = $this->getUser();
if (is_null($user) || !$user->can('basic-data.read')) {
abort(403, 'Sorry! You are not allowed to view branches.');
}
return view('basicdata::branch.index'); return view('basicdata::branch.index');
} }
public function store(BranchRequest $request) public function store(BranchRequest $request)
{ {
// Check if the authenticated user has the required permission to create branches
$user = $this->getUser();
if (is_null($user) || !$user->can('basic-data.create')) {
abort(403, 'Sorry! You are not allowed to create branches.');
}
$validate = $request->validated(); $validate = $request->validated();
if ($validate) { if ($validate) {
@@ -40,17 +60,35 @@
public function create() public function create()
{ {
// Check if the authenticated user has the required permission to create branches
$user = $this->getUser();
if (is_null($user) || !$user->can('basic-data.create')) {
abort(403, 'Sorry! You are not allowed to create branches.');
}
return view('basicdata::branch.create'); return view('basicdata::branch.create');
} }
public function edit($id) public function edit($id)
{ {
// Check if the authenticated user has the required permission to update branches
$user = $this->getUser();
if (is_null($user) || !$user->can('basic-data.update')) {
abort(403, 'Sorry! You are not allowed to update branches.');
}
$branch = Branch::find($id); $branch = Branch::find($id);
return view('basicdata::branch.create', compact('branch')); return view('basicdata::branch.create', compact('branch'));
} }
public function update(BranchRequest $request, $id) public function update(BranchRequest $request, $id)
{ {
// Check if the authenticated user has the required permission to update branches
$user = $this->getUser();
if (is_null($user) || !$user->can('basic-data.update')) {
abort(403, 'Sorry! You are not allowed to update branches.');
}
$validate = $request->validated(); $validate = $request->validated();
if ($validate) { if ($validate) {
@@ -71,28 +109,42 @@
public function destroy($id) public function destroy($id)
{ {
// Check if the authenticated user has the required permission to delete branches
$user = $this->getUser();
if (is_null($user) || !$user->can('basic-data.delete')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete branches.'], 403);
}
try { try {
// Delete from database // Delete from database
$branch = Branch::find($id); $branch = Branch::find($id);
$branch->delete(); $branch->delete();
echo json_encode(['success' => true, 'message' => 'Branch deleted successfully']); return response()->json(['success' => true, 'message' => 'Branch deleted successfully']);
} catch (Exception $e) { } catch (Exception $e) {
echo json_encode(['success' => false, 'message' => 'Failed to delete branch']); return response()->json(['success' => false, 'message' => 'Failed to delete branch']);
} }
} }
public function deleteMultiple(Request $request) public function deleteMultiple(Request $request)
{ {
// Check if the authenticated user has the required permission to delete branches
$user = $this->getUser();
if (is_null($user) || !$user->can('basic-data.delete')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete branches.'], 403);
}
$ids = $request->input('ids'); $ids = $request->input('ids');
Branch::whereIn('id', $ids)->delete(); Branch::whereIn('id', $ids)->delete();
return response()->json(['message' => 'Branches deleted successfully']); return response()->json(['success' => true, 'message' => 'Branches deleted successfully']);
} }
public function dataForDatatables(Request $request) public function dataForDatatables(Request $request)
{ {
if (is_null($this->user) || !$this->user->can('branch.view')) { // Check if the authenticated user has the required permission to view branches
//abort(403, 'Sorry! You are not allowed to view users.'); $user = $this->getUser();
if (is_null($user) || !$user->can('basic-data.read')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view branches.'], 403);
} }
// Retrieve data from the database // Retrieve data from the database
@@ -152,6 +204,12 @@
public function export() public function export()
{ {
// Check if the authenticated user has the required permission to export branches
$user = $this->getUser();
if (is_null($user) || !$user->can('basic-data.export')) {
abort(403, 'Sorry! You are not allowed to export branches.');
}
return Excel::download(new BranchExport, 'branch.xlsx'); return Excel::download(new BranchExport, 'branch.xlsx');
} }
} }

16
resources/views/branch/create.blade.php
View File

@@ -47,9 +47,19 @@
</div> </div>
</div> </div>
<div class="flex justify-end"> <div class="flex justify-end">
<button type="submit" class="btn btn-primary"> @if(isset($branch->id))
Save @can('basic-data.update')
</button> <button type="submit" class="btn btn-primary">
Save
</button>
@endcan
@else
@can('basic-data.create')
<button type="submit" class="btn btn-primary">
Save
</button>
@endcan
@endif
</div> </div>
</div> </div>
</div> </div>

27
resources/views/branch/index.blade.php
View File

@@ -19,9 +19,15 @@
</div> </div>
<div class="flex flex-wrap gap-2.5"> <div class="flex flex-wrap gap-2.5">
<div class="h-[24px] border border-r-gray-200"></div> <div class="h-[24px] border border-r-gray-200"></div>
@can('basic-data.export')
<a class="btn btn-sm btn-light" href="{{ route('basicdata.branch.export') }}"> Export to Excel </a> <a class="btn btn-sm btn-light" href="{{ route('basicdata.branch.export') }}"> Export to Excel </a>
@endcan
@can('basic-data.create')
<a class="btn btn-sm btn-primary" href="{{ route('basicdata.branch.create') }}"> Tambah Cabang </a> <a class="btn btn-sm btn-primary" href="{{ route('basicdata.branch.create') }}"> Tambah Cabang </a>
@endcan
@can('basic-data.delete')
<button class="btn btn-sm btn-danger hidden" id="deleteSelected" onclick="deleteSelectedRows()">Delete Selected</button> <button class="btn btn-sm btn-danger hidden" id="deleteSelected" onclick="deleteSelectedRows()">Delete Selected</button>
@endcan
</div> </div>
</div> </div>
</div> </div>
@@ -165,14 +171,22 @@
actions: { actions: {
title: 'Status', title: 'Status',
render: (item, data) => { render: (item, data) => {
return `<div class="flex flex-nowrap justify-center"> let html = `<div class="flex flex-nowrap justify-center">`;
<a class="btn btn-sm btn-icon btn-clear btn-info" href="basic-data/cabang/${data.id}/edit">
@can('basic-data.update')
html += `<a class="btn btn-sm btn-icon btn-clear btn-info" href="basic-data/cabang/${data.id}/edit">
<i class="ki-outline ki-notepad-edit"></i> <i class="ki-outline ki-notepad-edit"></i>
</a> </a>`;
<a onclick="deleteData(${data.id})" class="delete btn btn-sm btn-icon btn-clear btn-danger"> @endcan
@can('basic-data.delete')
html += `<a onclick="deleteData(${data.id})" class="delete btn btn-sm btn-icon btn-clear btn-danger">
<i class="ki-outline ki-trash"></i> <i class="ki-outline ki-trash"></i>
</a> </a>`;
</div>`; @endcan
html += `</div>`;
return html;
}, },
} }
}, },
@@ -213,4 +227,3 @@
window.dataTable = dataTable; window.dataTable = dataTable;
</script> </script>
@endpush @endpush

280
tests/Feature/BranchControllerTest.php Normal file
View File

@@ -0,0 +1,280 @@
<?php
namespace Modules\Basicdata\Tests\Feature;
use Tests\TestCase;
use Modules\Basicdata\Models\Branch;
use Modules\Usermanagement\Models\User;
use Modules\Usermanagement\Models\Role;
use Modules\Usermanagement\Models\Permission;
use Modules\Usermanagement\Models\PermissionGroup;
use Illuminate\Foundation\Testing\RefreshDatabase;
use PHPUnit\Framework\Attributes\Test;
class BranchControllerTest extends TestCase
{
use RefreshDatabase;
protected $user;
protected $adminRole;
protected $branch;
protected function setUp(): void
{
parent::setUp();
// Create permission group first
$permissionGroup = PermissionGroup::create([
'name' => 'basic-data',
'slug' => 'basic-data'
]);
// Create permissions with permission_group_id
Permission::create([
'name' => 'basic-data.create',
'guard_name' => 'web',
'permission_group_id' => $permissionGroup->id
]);
Permission::create([
'name' => 'basic-data.read',
'guard_name' => 'web',
'permission_group_id' => $permissionGroup->id
]);
Permission::create([
'name' => 'basic-data.update',
'guard_name' => 'web',
'permission_group_id' => $permissionGroup->id
]);
Permission::create([
'name' => 'basic-data.delete',
'guard_name' => 'web',
'permission_group_id' => $permissionGroup->id
]);
Permission::create([
'name' => 'basic-data.export',
'guard_name' => 'web',
'permission_group_id' => $permissionGroup->id
]);
// Create admin role with all permissions
$this->adminRole = Role::create(['name' => 'admin', 'guard_name' => 'web']);
$this->adminRole->givePermissionTo(Permission::all());
// Create a user with admin role
$this->user = User::factory()->create();
$this->user->assignRole($this->adminRole);
// Create a branch for testing
$this->branch = Branch::create([
'code' => 'TEST',
'name' => 'Test Branch'
]);
}
#[Test]
public function user_with_permission_can_view_branches_index()
{
$response = $this->actingAs($this->user)
->get(route('basicdata.branch.index'));
$response->assertStatus(200);
}
#[Test]
public function user_without_permission_cannot_view_branches_index()
{
// Create a role without permissions
$role = Role::create(['name' => 'viewer', 'guard_name' => 'web']);
// Create a user with the viewer role
$user = User::factory()->create();
$user->assignRole($role);
$response = $this->actingAs($user)
->get(route('basicdata.branch.index'));
$response->assertStatus(403);
}
#[Test]
public function user_with_permission_can_create_branch()
{
$response = $this->actingAs($this->user)
->get(route('basicdata.branch.create'));
$response->assertStatus(200);
}
#[Test]
public function user_without_permission_cannot_create_branch()
{
// Create a role with only read permission
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
$role->givePermissionTo('basic-data.read');
// Create a user with the reader role
$user = User::factory()->create();
$user->assignRole($role);
$response = $this->actingAs($user)
->get(route('basicdata.branch.create'));
$response->assertStatus(403);
}
#[Test]
public function user_with_permission_can_store_branch()
{
$branchData = [
'code' => 'NEW',
'name' => 'New Branch'
];
$response = $this->actingAs($this->user)
->post(route('basicdata.branch.store'), $branchData);
$response->assertRedirect(route('basicdata.branch.index'));
$this->assertDatabaseHas('branches', $branchData);
}
#[Test]
public function user_without_permission_cannot_store_branch()
{
// Create a role with only read permission
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
$role->givePermissionTo('basic-data.read');
// Create a user with the reader role
$user = User::factory()->create();
$user->assignRole($role);
$branchData = [
'code' => 'NEW',
'name' => 'New Branch'
];
$response = $this->actingAs($user)
->post(route('basicdata.branch.store'), $branchData);
$response->assertStatus(403);
$this->assertDatabaseMissing('branches', $branchData);
}
#[Test]
public function user_with_permission_can_edit_branch()
{
$response = $this->actingAs($this->user)
->get(route('basicdata.branch.edit', $this->branch->id));
$response->assertStatus(200);
}
#[Test]
public function user_without_permission_cannot_edit_branch()
{
// Create a role with only read permission
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
$role->givePermissionTo('basic-data.read');
// Create a user with the reader role
$user = User::factory()->create();
$user->assignRole($role);
$response = $this->actingAs($user)
->get(route('basicdata.branch.edit', $this->branch->id));
$response->assertStatus(403);
}
#[Test]
public function user_with_permission_can_update_branch()
{
$updatedData = [
'code' => 'UPD',
'name' => 'Updated Branch'
];
$response = $this->actingAs($this->user)
->put(route('basicdata.branch.update', $this->branch->id), $updatedData);
$response->assertRedirect(route('basicdata.branch.index'));
$this->assertDatabaseHas('branches', $updatedData);
}
#[Test]
public function user_without_permission_cannot_update_branch()
{
// Create a role with only read permission
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
$role->givePermissionTo('basic-data.read');
// Create a user with the reader role
$user = User::factory()->create();
$user->assignRole($role);
$updatedData = [
'code' => 'UPD',
'name' => 'Updated Branch'
];
$response = $this->actingAs($user)
->put(route('basicdata.branch.update', $this->branch->id), $updatedData);
$response->assertStatus(403);
$this->assertDatabaseMissing('branches', $updatedData);
}
#[Test]
public function user_with_permission_can_delete_branch()
{
$response = $this->actingAs($this->user)
->delete(route('basicdata.branch.destroy', $this->branch->id));
$response->assertJson(['success' => true]);
$this->assertSoftDeleted($this->branch);
}
#[Test]
public function user_without_permission_cannot_delete_branch()
{
// Create a role with only read permission
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
$role->givePermissionTo('basic-data.read');
// Create a user with the reader role
$user = User::factory()->create();
$user->assignRole($role);
$response = $this->actingAs($user)
->delete(route('basicdata.branch.destroy', $this->branch->id));
$response->assertStatus(403);
$this->assertDatabaseHas('branches', ['id' => $this->branch->id, 'deleted_at' => null]);
}
#[Test]
public function user_with_permission_can_export_branches()
{
$response = $this->actingAs($this->user)
->get(route('basicdata.branch.export'));
$response->assertStatus(200);
}
#[Test]
public function user_without_permission_cannot_export_branches()
{
// Create a role with only read permission
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
$role->givePermissionTo('basic-data.read');
// Create a user with the reader role
$user = User::factory()->create();
$user->assignRole($role);
$response = $this->actingAs($user)
->get(route('basicdata.branch.export'));
$response->assertStatus(403);
}
}