daengdeni/location
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat(auth): tambah validasi peran pengguna untuk modul lokasi

Browse Source 
- **Autentikasi dan Otorisasi**:
  - Menambah validasi akses berdasarkan peran pengguna menggunakan `Auth::guard('web')->user()`.
  - Menentukan izin seperti `location.read`, `location.create`, `location.update`, `location.delete`, dan `location.export` untuk setiap metode di controller.
  - Menambahkan pesan error khusus untuk user yang tidak memiliki izin akses tertentu.

- **Peningkatan Controller**:
  - Mengubah properti `user` dari publik menjadi `protected`.
  - Menambahkan validasi peran pengguna pada metode di controller berikut:
    - `ProvincesController`: Pembatasan akses untuk operasi CRUD dan export.
    - `CitiesController`: Restriksi yang sama seperti pada `ProvincesController`.
    - `DistrictsController`: Menambahkan pengecekan otorisasi berdasarkan peran.
    - `VillagesController`: Validasi akses CRUD, export, dan data villager.

- **Seeder**:
  - Menambahkan `PermissionSeeder` untuk menghasilkan izin CRUD dengan grup `location`.
  - Memastikan setiap action CRUD (`read`, `create`, `update`, dll.) terdaftar dalam basis data.

- **Perbaikan API Response**:
  - Mengganti penggunaan `echo json_encode` dengan metode `response()->json()`.
  - Penanganan response untuk berbagai metode seperti `destroy`, dan validasi akses lainnya.

Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
This commit is contained in:
Daeng Deni Mardaeni
2025-06-22 19:16:11 +07:00
parent cd10e17259
commit 53a2c3a38e
6 changed files with 235 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
app/Http/Controllers/DistrictsController.php
View File

@@ -10,27 +10,45 @@ use Modules\Location\Http\Requests\DistrictRequest;
use Modules\Location\Models\City;
use Modules\Location\Models\District;
use Modules\Location\Models\Province;
use Illuminate\Support\Facades\Auth;
class DistrictsController extends Controller
{
public $user;
protected $user;
public function __construct()
{
$this->user = Auth::guard('web')->user();
}
public function index(){
$provinces = Province::all();
return view('location::districts.index', compact('provinces'));
if (is_null($this->user) || !$this->user->can('location.read')) {
abort(403, 'Sorry! You are not allowed to view districts.');
}
return view('location::districts.index');
}
public function create(){
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create districts.');
}
$provinces = Province::all();
return view('location::districts.create', compact('provinces'));
}
public function store(DistrictRequest $request){
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create districts.');
}
$validate = $request->validated();
if($validate){
try{
$district = District::create($validate);
District::create($validate);
return redirect()->route('locations.districts.index')->with('success', 'District created successfully');
} catch(\Exception $e){
return redirect()->back()->with('error', 'Failed to create district. '.$e->getMessage());
@@ -39,6 +57,10 @@ class DistrictsController extends Controller
}
public function edit($id){
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to edit districts.');
}
$district = District::find($id);
$provinces = Province::all();
$cities = City::where('province_code', $district->province_code)->get();
@@ -46,6 +68,10 @@ class DistrictsController extends Controller
}
public function update(DistrictRequest $request, $id){
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update districts.');
}
$validate = $request->validated();
if($validate){
@@ -60,17 +86,22 @@ class DistrictsController extends Controller
}
public function destroy($id){
if (is_null($this->user) || !$this->user->can('location.delete')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete districts.'], 403);
}
try{
District::destroy($id);
echo json_encode(['message' => 'District deleted successfully','success'=>true ]);
return response()->json(['message' => 'District deleted successfully', 'success' => true]);
} catch(\Exception $e){
echo json_encode(['message' => 'Failed to delete District', 'success' => false]);
return response()->json(['message' => 'Failed to delete District', 'success' => false]);
}
}
public function dataForDatatables(Request $request){
if (is_null($this->user) || !$this->user->can('provinces.view')) {
//abort(403, 'Sorry! You are not allowed to view users.');
// Check if the authenticated user has the required permission to view audit logs
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view districts.'], 403);
}
// Retrieve data from the database
@@ -159,10 +190,18 @@ class DistrictsController extends Controller
}
public function export(Request $request){
if (is_null($this->user) || !$this->user->can('location.export')) {
abort(403, 'Sorry! You are not allowed to export districts.');
}
return Excel::download(new DistrictsExport, 'districts.xlsx');
}
public function getDistrictsByCityId($id){
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view districts.'], 403);
}
return response()->json(District::where('city_code', $id)->get());
}
}