feat(auth): tambah validasi peran pengguna untuk modul lokasi
- **Autentikasi dan Otorisasi**:
- Menambah validasi akses berdasarkan peran pengguna menggunakan `Auth::guard('web')->user()`.
- Menentukan izin seperti `location.read`, `location.create`, `location.update`, `location.delete`, dan `location.export` untuk setiap metode di controller.
- Menambahkan pesan error khusus untuk user yang tidak memiliki izin akses tertentu.
- **Peningkatan Controller**:
- Mengubah properti `user` dari publik menjadi `protected`.
- Menambahkan validasi peran pengguna pada metode di controller berikut:
- `ProvincesController`: Pembatasan akses untuk operasi CRUD dan export.
- `CitiesController`: Restriksi yang sama seperti pada `ProvincesController`.
- `DistrictsController`: Menambahkan pengecekan otorisasi berdasarkan peran.
- `VillagesController`: Validasi akses CRUD, export, dan data villager.
- **Seeder**:
- Menambahkan `PermissionSeeder` untuk menghasilkan izin CRUD dengan grup `location`.
- Memastikan setiap action CRUD (`read`, `create`, `update`, dll.) terdaftar dalam basis data.
- **Perbaikan API Response**:
- Mengganti penggunaan `echo json_encode` dengan metode `response()->json()`.
- Penanganan response untuk berbagai metode seperti `destroy`, dan validasi akses lainnya.
Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
This commit is contained in:
Daeng Deni Mardaeni
@@ -3,30 +3,46 @@
|
||||
namespace Modules\Location\Http\Controllers;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Response;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Maatwebsite\Excel\Facades\Excel;
|
||||
use Modules\Location\Exports\CitiesExport;
|
||||
use Modules\Location\Http\Requests\CityRequest;
|
||||
use Modules\Location\Models\City;
|
||||
use Modules\Location\Models\Province;
|
||||
|
||||
|
||||
class CitiesController extends Controller
|
||||
{
|
||||
public $user;
|
||||
protected $user;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->user = Auth::guard('web')->user();
|
||||
}
|
||||
|
||||
public function index(){
|
||||
$provinces = Province::all();
|
||||
return view('location::cities.index', compact('provinces'));
|
||||
if (is_null($this->user) || !$this->user->can('location.read')) {
|
||||
abort(403, 'Sorry! You are not allowed to view cities.');
|
||||
}
|
||||
|
||||
return view('location::cities.index');
|
||||
}
|
||||
|
||||
public function create(){
|
||||
if (is_null($this->user) || !$this->user->can('location.create')) {
|
||||
abort(403, 'Sorry! You are not allowed to create cities.');
|
||||
}
|
||||
|
||||
$provinces = Province::all();
|
||||
return view('location::cities.create',compact('provinces'));
|
||||
}
|
||||
|
||||
public function store(CityRequest $request){
|
||||
if (is_null($this->user) || !$this->user->can('location.create')) {
|
||||
abort(403, 'Sorry! You are not allowed to create cities.');
|
||||
}
|
||||
|
||||
$validate = $request->validated();
|
||||
|
||||
if($validate){
|
||||
@@ -40,12 +56,20 @@ class CitiesController extends Controller
|
||||
}
|
||||
|
||||
public function edit($id){
|
||||
if (is_null($this->user) || !$this->user->can('location.update')) {
|
||||
abort(403, 'Sorry! You are not allowed to update cities.');
|
||||
}
|
||||
|
||||
$city = City::find($id);
|
||||
$provinces = Province::all();
|
||||
return view('location::cities.create', compact('city', 'provinces'));
|
||||
}
|
||||
|
||||
public function update(CityRequest $request, $id){
|
||||
if (is_null($this->user) || !$this->user->can('location.update')) {
|
||||
abort(403, 'Sorry! You are not allowed to update cities.');
|
||||
}
|
||||
|
||||
$validate = $request->validated();
|
||||
|
||||
if($validate){
|
||||
@@ -60,17 +84,21 @@ class CitiesController extends Controller
|
||||
}
|
||||
|
||||
public function destroy($id){
|
||||
if (is_null($this->user) || !$this->user->can('provinces.delete')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete cities.']);
|
||||
}
|
||||
|
||||
try {
|
||||
City::destroy($id);
|
||||
echo json_encode(['message' => 'City deleted successfully', 'success' => true]);
|
||||
return response()->json(['message' => 'City deleted successfully', 'success' => true]);
|
||||
} catch (\Exception $e) {
|
||||
echo json_encode(['message' => 'Failed to delete city', 'success' => false]);
|
||||
return response()->json(['message' => 'Failed to delete city', 'success' => false]);
|
||||
}
|
||||
}
|
||||
|
||||
public function dataForDatatables(Request $request){
|
||||
if (is_null($this->user) || !$this->user->can('provinces.view')) {
|
||||
//abort(403, 'Sorry! You are not allowed to view users.');
|
||||
if (is_null($this->user) || !$this->user->can('location.read')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view cities.'], 403);
|
||||
}
|
||||
|
||||
// Retrieve data from the database
|
||||
@@ -161,11 +189,18 @@ class CitiesController extends Controller
|
||||
|
||||
public function export()
|
||||
{
|
||||
if (is_null($this->user) || !$this->user->can('location.read')) {
|
||||
abort(403, 'Sorry! You are not allowed to export cities.');
|
||||
}
|
||||
|
||||
return Excel::download(new CitiesExport, 'cities.xlsx');
|
||||
}
|
||||
|
||||
public function getCitiesByProvinceId($id)
|
||||
{
|
||||
if (is_null($this->user) || !$this->user->can('location.read')) {
|
||||
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view cities.'], 403);
|
||||
}
|
||||
|
||||
$query = City::query();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user