daengdeni/location
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: daengdeni:cd10e172590b2fd08e704a150b769076e228aa59
Branches Tags
daengdeni:master
daengdeni:v1.0.0
...
compare: daengdeni:d8767174cac3ea9787bcd72a5b89be8a0412dc62
Branches Tags
daengdeni:master
daengdeni:v1.0.0

2 Commits
cd10e17259 ... d8767174ca

Author SHA1 Message Date
Daeng Deni Mardaeni
d8767174ca feat(location): perbaiki middleware auth dan optimalkan metode controllers 
- **Middleware Auth**:
  - Mengganti penanganan middleware auth menggunakan `this->middleware('auth')` pada semua controller.
  - Menambahkan middleware closure untuk menginisialisasi properti user dengan `Auth::user()` setelah auth diverifikasi.

- **Controller Updates**:
  - **CitiesController**:
    - Menambahkan variabel `$provinces` untuk mendapatkan semua data provinsi.
    - Menambahkan data `$provinces` ke dalam view `location::cities.index`.
  - **DistrictsController**:
    - Menambahkan variabel `$provinces` untuk mendukung akses data provinsi dalam view.
    - Menyertakan data provinsi ke dalam view `location::districts.index`.
  - **ProvincesController** dan **VillagesController**:
    - Penyesuaian middleware auth sama seperti controller lainnya. Tidak ada perubahan pada struktur utama lainnya.

- **Seeder Optimization**:
  - Menghapus metode `crudActions` dalam `PermissionSeeder` yang sebelumnya menghasilkan daftar tindakan CRUD.
  - Mengurangi redundansi kode seeding dengan langsung membuat grup permission tanpa tindakan tambahan.
  - Membersihkan logika tambahan terkait CRUD actions yang tidak dipakai.
 2025-06-22 20:51:20 +07:00
Daeng Deni Mardaeni
53a2c3a38e feat(auth): tambah validasi peran pengguna untuk modul lokasi 
- **Autentikasi dan Otorisasi**:
  - Menambah validasi akses berdasarkan peran pengguna menggunakan `Auth::guard('web')->user()`.
  - Menentukan izin seperti `location.read`, `location.create`, `location.update`, `location.delete`, dan `location.export` untuk setiap metode di controller.
  - Menambahkan pesan error khusus untuk user yang tidak memiliki izin akses tertentu.

- **Peningkatan Controller**:
  - Mengubah properti `user` dari publik menjadi `protected`.
  - Menambahkan validasi peran pengguna pada metode di controller berikut:
    - `ProvincesController`: Pembatasan akses untuk operasi CRUD dan export.
    - `CitiesController`: Restriksi yang sama seperti pada `ProvincesController`.
    - `DistrictsController`: Menambahkan pengecekan otorisasi berdasarkan peran.
    - `VillagesController`: Validasi akses CRUD, export, dan data villager.

- **Seeder**:
  - Menambahkan `PermissionSeeder` untuk menghasilkan izin CRUD dengan grup `location`.
  - Memastikan setiap action CRUD (`read`, `create`, `update`, dll.) terdaftar dalam basis data.

- **Perbaikan API Response**:
  - Mengganti penggunaan `echo json_encode` dengan metode `response()->json()`.
  - Penanganan response untuk berbagai metode seperti `destroy`, dan validasi akses lainnya.

Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
 2025-06-22 19:16:11 +07:00
6 changed files with 243 additions and 27 deletions
Expand all files Collapse all files

58
app/Http/Controllers/CitiesController.php
View File

@@ -3,30 +3,55 @@
namespace Modules\Location\Http\Controllers;
use App\Http\Controllers\Controller;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Auth;
use Maatwebsite\Excel\Facades\Excel;
use Modules\Location\Exports\CitiesExport;
use Modules\Location\Http\Requests\CityRequest;
use Modules\Location\Models\City;
use Modules\Location\Models\Province;
class CitiesController extends Controller
{
public $user;
protected $user;
public function __construct()
{
// Mengatur middleware auth
$this->middleware('auth');
// Mengatur user setelah middleware auth dijalankan
$this->middleware(function ($request, $next) {
$this->user = Auth::user();
return $next($request);
});
}
public function index(){
if (is_null($this->user) || !$this->user->can('location.read')) {
abort(403, 'Sorry! You are not allowed to view cities.');
}
$provinces = Province::all();
return view('location::cities.index', compact('provinces'));
}
public function create(){
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create cities.');
}
$provinces = Province::all();
return view('location::cities.create',compact('provinces'));
}
public function store(CityRequest $request){
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create cities.');
}
$validate = $request->validated();
if($validate){
@@ -40,12 +65,20 @@ class CitiesController extends Controller
}
public function edit($id){
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update cities.');
}
$city = City::find($id);
$provinces = Province::all();
return view('location::cities.create', compact('city', 'provinces'));
}
public function update(CityRequest $request, $id){
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update cities.');
}
$validate = $request->validated();
if($validate){
@@ -60,17 +93,21 @@ class CitiesController extends Controller
}
public function destroy($id){
if (is_null($this->user) || !$this->user->can('provinces.delete')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete cities.']);
}
try {
City::destroy($id);
echo json_encode(['message' => 'City deleted successfully', 'success' => true]);
return response()->json(['message' => 'City deleted successfully', 'success' => true]);
} catch (\Exception $e) {
echo json_encode(['message' => 'Failed to delete city', 'success' => false]);
return response()->json(['message' => 'Failed to delete city', 'success' => false]);
}
}
public function dataForDatatables(Request $request){
if (is_null($this->user) || !$this->user->can('provinces.view')) {
//abort(403, 'Sorry! You are not allowed to view users.');
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view cities.'], 403);
}
// Retrieve data from the database
@@ -161,11 +198,18 @@ class CitiesController extends Controller
public function export()
{
if (is_null($this->user) || !$this->user->can('location.read')) {
abort(403, 'Sorry! You are not allowed to export cities.');
}
return Excel::download(new CitiesExport, 'cities.xlsx');
}
public function getCitiesByProvinceId($id)
{
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view cities.'], 403);
}
$query = City::query();

58
app/Http/Controllers/DistrictsController.php
View File

@@ -10,27 +10,52 @@ use Modules\Location\Http\Requests\DistrictRequest;
use Modules\Location\Models\City;
use Modules\Location\Models\District;
use Modules\Location\Models\Province;
use Illuminate\Support\Facades\Auth;
class DistrictsController extends Controller
{
public $user;
protected $user;
public function __construct()
{
// Mengatur middleware auth
$this->middleware('auth');
// Mengatur user setelah middleware auth dijalankan
$this->middleware(function ($request, $next) {
$this->user = Auth::user();
return $next($request);
});
}
public function index(){
if (is_null($this->user) || !$this->user->can('location.read')) {
abort(403, 'Sorry! You are not allowed to view districts.');
}
$provinces = Province::all();
return view('location::districts.index', compact('provinces'));
}
public function create(){
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create districts.');
}
$provinces = Province::all();
return view('location::districts.create', compact('provinces'));
}
public function store(DistrictRequest $request){
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create districts.');
}
$validate = $request->validated();
if($validate){
try{
$district = District::create($validate);
District::create($validate);
return redirect()->route('locations.districts.index')->with('success', 'District created successfully');
} catch(\Exception $e){
return redirect()->back()->with('error', 'Failed to create district. '.$e->getMessage());
@@ -39,6 +64,10 @@ class DistrictsController extends Controller
}
public function edit($id){
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to edit districts.');
}
$district = District::find($id);
$provinces = Province::all();
$cities = City::where('province_code', $district->province_code)->get();
@@ -46,6 +75,10 @@ class DistrictsController extends Controller
}
public function update(DistrictRequest $request, $id){
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update districts.');
}
$validate = $request->validated();
if($validate){
@@ -60,17 +93,22 @@ class DistrictsController extends Controller
}
public function destroy($id){
if (is_null($this->user) || !$this->user->can('location.delete')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete districts.'], 403);
}
try{
District::destroy($id);
echo json_encode(['message' => 'District deleted successfully','success'=>true ]);
return response()->json(['message' => 'District deleted successfully', 'success' => true]);
} catch(\Exception $e){
echo json_encode(['message' => 'Failed to delete District', 'success' => false]);
return response()->json(['message' => 'Failed to delete District', 'success' => false]);
}
}
public function dataForDatatables(Request $request){
if (is_null($this->user) || !$this->user->can('provinces.view')) {
//abort(403, 'Sorry! You are not allowed to view users.');
// Check if the authenticated user has the required permission to view audit logs
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view districts.'], 403);
}
// Retrieve data from the database
@@ -159,10 +197,18 @@ class DistrictsController extends Controller
}
public function export(Request $request){
if (is_null($this->user) || !$this->user->can('location.export')) {
abort(403, 'Sorry! You are not allowed to export districts.');
}
return Excel::download(new DistrictsExport, 'districts.xlsx');
}
public function getDistrictsByCityId($id){
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view districts.'], 403);
}
return response()->json(District::where('city_code', $id)->get());
}
}

57
app/Http/Controllers/ProvincesController.php
View File

@@ -2,32 +2,57 @@
namespace Modules\Location\Http\Controllers;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;
use Maatwebsite\Excel\Facades\Excel;
use Modules\Location\Models\Province;
use Modules\Location\Exports\ProvincesExport;
use Modules\Location\Http\Requests\ProvinceRequest;
use Modules\Location\Models\Province;
class ProvincesController extends Controller
{
public $user;
protected $user;
public function __construct()
{
// Mengatur middleware auth
$this->middleware('auth');
// Mengatur user setelah middleware auth dijalankan
$this->middleware(function ($request, $next) {
$this->user = Auth::user();
return $next($request);
});
}
public function index(){
if (is_null($this->user) || !$this->user->can('location.read')) {
abort(403, 'Sorry! You are not allowed to view provinces.');
}
return view('location::provinces.index');
}
public function create(){
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create provinces.');
}
return view('location::provinces.create');
}
public function store(ProvinceRequest $request){
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create provinces.');
}
$validate = $request->validated();
if($validate){
try{
// Save to database
$province = Province::create($validate);
Province::create($validate);
return redirect()->route('locations.provinces.index')->with('success', 'Province created successfully');
} catch (\Exception $e){
return redirect()->route('locations.provinces.create')->with('error', 'Failed to create province');
@@ -36,11 +61,19 @@ class ProvincesController extends Controller
}
public function edit($id){
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update provinces.');
}
$province = Province::find($id);
return view('location::provinces.create', compact('province'));
}
public function update(ProvinceRequest $request, $id){
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update provinces.');
}
$validate = $request->validated();
if($validate){
@@ -56,20 +89,24 @@ class ProvincesController extends Controller
}
public function destroy($id){
if (is_null($this->user) || !$this->user->can('location.delete')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to delete provinces.']);
}
try{
// Delete from database
$province = Province::find($id);
$province->delete();
echo json_encode(['success' => true, 'message' => 'Province deleted successfully']);
return response()->json(['success' => true, 'message' => 'Province deleted successfully']);
} catch (\Exception $e){
echo json_encode(['success' => false, 'message' => 'Failed to delete province']);
return response()->json(['success' => false, 'message' => 'Failed to delete province']);
}
}
public function dataForDatatables(Request $request){
if (is_null($this->user) || !$this->user->can('provinces.view')) {
//abort(403, 'Sorry! You are not allowed to view users.');
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to view provinces.']);
}
// Retrieve data from the database
@@ -129,6 +166,10 @@ class ProvincesController extends Controller
public function export()
{
if (is_null($this->user) || !$this->user->can('location.export')) {
return response()->json(['success' => false, 'message' => 'Sorry! You are not allowed to export provinces.']);
}
return Excel::download(new ProvincesExport, 'provinces.xlsx');
}
}

64
app/Http/Controllers/VillagesController.php
View File

@@ -2,6 +2,7 @@
namespace Modules\Location\Http\Controllers;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Maatwebsite\Excel\Facades\Excel;
@@ -15,21 +16,44 @@
class VillagesController extends Controller
{
public $user;
protected $user;
public function __construct()
{
// Mengatur middleware auth
$this->middleware('auth');
// Mengatur user setelah middleware auth dijalankan
$this->middleware(function ($request, $next) {
$this->user = Auth::user();
return $next($request);
});
}
/**
* Display a listing of the resource.
*/
public function index()
{
if (is_null($this->user) || !$this->user->can('location.read')) {
abort(403, 'Sorry! You are not allowed to view villages.');
}
$provinces = Province::all();
return view('location::villages.index',compact('provinces'));
}
public function store(VillageRequest $request)
{
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create villages.');
}
$validate = $request->validated();
if ($validate) {
try {
$village = Village::create($validate);
Village::create($validate);
return redirect()
->route('locations.villages.index')
->with('success', 'Village created successfully');
@@ -41,12 +65,20 @@
public function create()
{
if (is_null($this->user) || !$this->user->can('location.create')) {
abort(403, 'Sorry! You are not allowed to create villages.');
}
$provinces = Province::all();
return view('location::villages.create', compact('provinces'));
}
public function edit($id)
{
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update villages.');
}
$village = Village::find($id);
$provinces = Province::all();
$cities = City::where('province_code', $village->province_code)->get();
@@ -56,6 +88,10 @@
public function update(VillageRequest $request, $id)
{
if (is_null($this->user) || !$this->user->can('location.update')) {
abort(403, 'Sorry! You are not allowed to update villages.');
}
$validate = $request->validated();
if ($validate) {
@@ -73,23 +109,31 @@
public function destroy($id)
{
if (is_null($this->user) || !$this->user->can('location.delete')) {
return response()->json(['success' => false,'message' => 'Sorry! You are not allowed to delete villages.'], 403);
}
try {
Village::destroy($id);
echo json_encode(['message' => 'Village deleted successfully', 'success' => true]);
return json_encode(['message' => 'Village deleted successfully', 'success' => true]);
} catch (Exception $e) {
echo json_encode(['message' => 'Failed to delete Village', 'success' => false]);
return json_encode(['message' => 'Failed to delete Village', 'success' => false]);
}
}
public function export(Request $request)
{
if (is_null($this->user) || !$this->user->can('location.export')) {
abort(403, 'Sorry! You are not allowed to export villages.');
}
return Excel::download(new VillagesExport, 'villages.xlsx');
}
public function dataForDatatables(Request $request)
{
if (is_null($this->user) || !$this->user->can('provinces.view')) {
//abort(403, 'Sorry! You are not allowed to view users.');
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false,'message' => 'Sorry! You are not allowed to view villages.'], 403);
}
// Retrieve data from the database
@@ -181,10 +225,18 @@
}
public function getVillagesByDistrictId($id){
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false,'message' => 'Sorry! You are not allowed to view villages.'], 403);
}
return response()->json(Village::where('district_code', $id)->get());
}
public function getPostalCodesByVillageId($id){
if (is_null($this->user) || !$this->user->can('location.read')) {
return response()->json(['success' => false,'message' => 'Sorry! You are not allowed to view villages.'], 403);
}
return response()->json(Village::where('code', $id)->first());
}

1
database/seeders/LocationDatabaseSeeder.php
View File

@@ -13,6 +13,7 @@ class LocationDatabaseSeeder extends Seeder
public function run(): void
{
$this->call([
PermissionSeeder::class,
ProvinceSeeder::class,
CitySeeder::class,
DistrictSeeder::class,

32
database/seeders/PermissionSeeder.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
namespace Modules\Location\Database\Seeders;
use Illuminate\Database\Seeder;
use Illuminate\Support\Str;
use Modules\Usermanagement\Models\PermissionGroup;
class PermissionSeeder extends Seeder
{
/**
* Run the database seeds.
*/
public function run()
{
$data = $this->data();
foreach ($data as $value) {
PermissionGroup::updateOrCreate([
'name' => $value['name'],
'slug' => Str::slug($value['name'])
]);
}
}
public function data()
{
return [
['name' => 'location']
];
}
}