daengdeni/lpj
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update role-based query conditions in controllers

Browse Source 
- Menambahkan pengecekan peran 'administrator' sebelum menerapkan filter pada relasi `penilaian.userPenilai`.
- Memastikan hanya pengguna non-administrator yang dibatasi berdasarkan `user_id` dan `role`.
This commit is contained in:
Daeng Deni Mardaeni
2024-12-24 11:51:48 +07:00
parent 78635b6295
commit 7dfda9ffb6
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/Http/Controllers/PenilaiController.php
View File

@@ -242,10 +242,13 @@ class PenilaiController extends Controller
} }
$query->whereHas('penilaian.userPenilai', function ($q) { if(!Auth::user()->hasRole('administrator')) {
$q->where('role', 'penilai') $query->whereHas('penilaian.userPenilai', function ($q) {
->where('user_id', Auth::user()->id); $q
}); ->where('role', 'penilai')
->where('user_id', Auth::user()->id);
});
}
// Apply sorting if provided // Apply sorting if provided
if ($request->has('sortOrder') && !empty($request->get('sortOrder'))) { if ($request->has('sortOrder') && !empty($request->get('sortOrder'))) {

10
app/Http/Controllers/SurveyorController.php
View File

@@ -1412,10 +1412,12 @@ class SurveyorController extends Controller
$query->whereRaw('LOWER(status) = ?', ['assign']); $query->whereRaw('LOWER(status) = ?', ['assign']);
$query->whereHas('penilaian.userPenilai', function ($q) { if(!Auth::user()->hasRole('administrator')) {
$q->where('user_id', Auth::user()->id); $query->whereHas('penilaian.userPenilai', function ($q) {
$q->where('role', 'surveyor'); $q->where('user_id', Auth::user()->id);
}); $q->where('role', 'surveyor');
});
}
if ($request->has('sortOrder') && !empty($request->get('sortOrder'))) { if ($request->has('sortOrder') && !empty($request->get('sortOrder'))) {