daengdeni/location
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat(auth): tambah validasi peran pengguna untuk modul lokasi

Browse Source 
- **Autentikasi dan Otorisasi**:
  - Menambah validasi akses berdasarkan peran pengguna menggunakan `Auth::guard('web')->user()`.
  - Menentukan izin seperti `location.read`, `location.create`, `location.update`, `location.delete`, dan `location.export` untuk setiap metode di controller.
  - Menambahkan pesan error khusus untuk user yang tidak memiliki izin akses tertentu.

- **Peningkatan Controller**:
  - Mengubah properti `user` dari publik menjadi `protected`.
  - Menambahkan validasi peran pengguna pada metode di controller berikut:
    - `ProvincesController`: Pembatasan akses untuk operasi CRUD dan export.
    - `CitiesController`: Restriksi yang sama seperti pada `ProvincesController`.
    - `DistrictsController`: Menambahkan pengecekan otorisasi berdasarkan peran.
    - `VillagesController`: Validasi akses CRUD, export, dan data villager.

- **Seeder**:
  - Menambahkan `PermissionSeeder` untuk menghasilkan izin CRUD dengan grup `location`.
  - Memastikan setiap action CRUD (`read`, `create`, `update`, dll.) terdaftar dalam basis data.

- **Perbaikan API Response**:
  - Mengganti penggunaan `echo json_encode` dengan metode `response()->json()`.
  - Penanganan response untuk berbagai metode seperti `destroy`, dan validasi akses lainnya.

Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
This commit is contained in:
Daeng Deni Mardaeni
2025-06-22 19:16:11 +07:00
parent cd10e17259
commit 53a2c3a38e
6 changed files with 235 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
app/Http/Controllers/ProvincesController.php
View File

@@ -2,32 +2,50 @@
namespace Modules\Location\Http\Controllers;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;
use Maatwebsite\Excel\Facades\Excel;
use Modules\Location\Models\Province;
use Modules\Location\Exports\ProvincesExport;
use Modules\Location\Http\Requests\ProvinceRequest;
use Modules\Location\Models\Province;
class ProvincesController extends Controller
{
public $user;
protected $user;
public function __construct()
{
$this->user = Auth::guard('web')->user();
}
public function index(){
if (is_null($this->user) || !$this->user->can('location.read')) {
abort(403, 'Sorry! You are not allowed to view provinces.');
}
return view('location::provinces.index');
}
public function create(){
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create provinces.');
}
return view('location::provinces.create');
}
public function store(ProvinceRequest $request){
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create provinces.');
}
$validate = $request->validated();
if($validate){
try{
// Save to database
$province = Province::create($validate);
Province::create($validate);
return redirect()->route('locations.provinces.index')->with('success', 'Province created successfully');
} catch (\Exception $e){
return redirect()->route('locations.provinces.create')->with('error', 'Failed to create province');
@@ -36,11 +54,19 @@ class ProvincesController extends Controller
}
public function edit($id){
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update provinces.');
}
$province = Province::find($id);
return view('location::provinces.create', compact('province'));
}
public function update(ProvinceRequest $request, $id){
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update provinces.');
}
$validate = $request->validated();
if($validate){
@@ -56,20 +82,24 @@ class ProvincesController extends Controller
}
public function destroy($id){
if (is_null($this->user) || !$this->user->can('location.delete')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete provinces.']);
}
try{
// Delete from database
$province = Province::find($id);
$province->delete();
echo json_encode(['success' => true, 'message' => 'Province deleted successfully']);
return response()->json(['success' => true, 'message' => 'Province deleted successfully']);
} catch (\Exception $e){
echo json_encode(['success' => false, 'message' => 'Failed to delete province']);
return response()->json(['success' => false, 'message' => 'Failed to delete province']);
}
}
public function dataForDatatables(Request $request){
if (is_null($this->user) || !$this->user->can('provinces.view')) {
//abort(403, 'Sorry! You are not allowed to view users.');
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view provinces.']);
}
// Retrieve data from the database
@@ -129,6 +159,10 @@ class ProvincesController extends Controller
public function export()
{
if (is_null($this->user) || !$this->user->can('location.export')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to export provinces.']);
}
return Excel::download(new ProvincesExport, 'provinces.xlsx');
}
}