From 7d15d60b3251298a44033c4d7badc62a75f83a95 Mon Sep 17 00:00:00 2001
From: Daeng Deni Mardaeni <ddeni05@gmail.com>
Date: Mon, 24 Mar 2025 11:48:14 +0700
Subject: [PATCH] fix(permohonan): perbaikan logika akses pada halaman
 otorisasi permohonan

- Menambahkan filter berdasarkan branch_id untuk pengguna yang bukan administrator.
- Memastikan pengguna hanya dapat mengakses data yang relevan dengan cabang mereka.
---
 app/Http/Controllers/PermohonanController.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/Http/Controllers/PermohonanController.php b/app/Http/Controllers/PermohonanController.php
index 3f1da47..c6372f3 100644
--- a/app/Http/Controllers/PermohonanController.php
+++ b/app/Http/Controllers/PermohonanController.php
@@ -280,6 +280,10 @@ class PermohonanController extends Controller
         // Retrieve data from the database
         $query = Permohonan::query()->with('documents')->has('documents', '>', 0)->where('status', '=', 'order');
 
+        if (!Auth::user()->hasAnyRole(['administrator'])) {
+            $query = $query->where('branch_id', Auth::user()->branch_id);
+        }
+
         // Apply search filter if provided
         if ($request->has('search') && !empty($request->get('search'))) {
             $search = $request->get('search');