daengdeni/location
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat(auth): tambah validasi peran pengguna untuk modul lokasi

Browse Source 
- **Autentikasi dan Otorisasi**:
  - Menambah validasi akses berdasarkan peran pengguna menggunakan `Auth::guard('web')->user()`.
  - Menentukan izin seperti `location.read`, `location.create`, `location.update`, `location.delete`, dan `location.export` untuk setiap metode di controller.
  - Menambahkan pesan error khusus untuk user yang tidak memiliki izin akses tertentu.

- **Peningkatan Controller**:
  - Mengubah properti `user` dari publik menjadi `protected`.
  - Menambahkan validasi peran pengguna pada metode di controller berikut:
    - `ProvincesController`: Pembatasan akses untuk operasi CRUD dan export.
    - `CitiesController`: Restriksi yang sama seperti pada `ProvincesController`.
    - `DistrictsController`: Menambahkan pengecekan otorisasi berdasarkan peran.
    - `VillagesController`: Validasi akses CRUD, export, dan data villager.

- **Seeder**:
  - Menambahkan `PermissionSeeder` untuk menghasilkan izin CRUD dengan grup `location`.
  - Memastikan setiap action CRUD (`read`, `create`, `update`, dll.) terdaftar dalam basis data.

- **Perbaikan API Response**:
  - Mengganti penggunaan `echo json_encode` dengan metode `response()->json()`.
  - Penanganan response untuk berbagai metode seperti `destroy`, dan validasi akses lainnya.

Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
This commit is contained in:
Daeng Deni Mardaeni
2025-06-22 19:16:11 +07:00
parent cd10e17259
commit 53a2c3a38e
6 changed files with 235 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
app/Http/Controllers/VillagesController.php
View File

@@ -2,6 +2,7 @@
namespace Modules\Location\Http\Controllers;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Maatwebsite\Excel\Facades\Excel;
@@ -15,21 +16,37 @@
class VillagesController extends Controller
{
public $user;
protected $user;
public function __construct()
{
$this->user = Auth::guard('web')->user();
}
/**
* Display a listing of the resource.
*/
public function index()
{
if (is_null($this->user) || !$this->user->can('location.read')) {
abort(403, 'Sorry! You are not allowed to view villages.');
}
$provinces = Province::all();
return view('location::villages.index',compact('provinces'));
}
public function store(VillageRequest $request)
{
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create villages.');
}
$validate = $request->validated();
if ($validate) {
try {
$village = Village::create($validate);
Village::create($validate);
return redirect()
->route('locations.villages.index')
->with('success', 'Village created successfully');
@@ -41,12 +58,20 @@
public function create()
{
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create villages.');
}
$provinces = Province::all();
return view('location::villages.create', compact('provinces'));
}
public function edit($id)
{
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update villages.');
}
$village = Village::find($id);
$provinces = Province::all();
$cities = City::where('province_code', $village->province_code)->get();
@@ -56,6 +81,10 @@
public function update(VillageRequest $request, $id)
{
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update villages.');
}
$validate = $request->validated();
if ($validate) {
@@ -73,23 +102,31 @@
public function destroy($id)
{
if (is_null($this->user) || !$this->user->can('location.delete')) {
return response()->json(['success' => false,'message' => 'Sorry! You are not allowed to delete villages.'], 403);
}
try {
Village::destroy($id);
echo json_encode(['message' => 'Village deleted successfully', 'success' => true]);
return json_encode(['message' => 'Village deleted successfully', 'success' => true]);
} catch (Exception $e) {
echo json_encode(['message' => 'Failed to delete Village', 'success' => false]);
return json_encode(['message' => 'Failed to delete Village', 'success' => false]);
}
}
public function export(Request $request)
{
if (is_null($this->user) || !$this->user->can('location.export')) {
abort(403, 'Sorry! You are not allowed to export villages.');
}
return Excel::download(new VillagesExport, 'villages.xlsx');
}
public function dataForDatatables(Request $request)
{
if (is_null($this->user) || !$this->user->can('provinces.view')) {
//abort(403, 'Sorry! You are not allowed to view users.');
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false,'message' => 'Sorry! You are not allowed to view villages.'], 403);
}
// Retrieve data from the database
@@ -181,10 +218,18 @@
}
public function getVillagesByDistrictId($id){
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false,'message' => 'Sorry! You are not allowed to view villages.'], 403);
}
return response()->json(Village::where('district_code', $id)->get());
}
public function getPostalCodesByVillageId($id){
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false,'message' => 'Sorry! You are not allowed to view villages.'], 403);
}
return response()->json(Village::where('code', $id)->first());
}