From d89482adf127e1f2b47512c0efaf3375b0b1d198 Mon Sep 17 00:00:00 2001
From: Daeng Deni Mardaeni <ddeni05@gmail.com>
Date: Thu, 31 Oct 2024 14:35:16 +0700
Subject: [PATCH] Restrict download links to specific user roles

Add conditional checks to show download links only to users with 'administrator' or 'pemohon-eo' roles in the 'jaminan.blade.php' and 'detail-jaminan.blade.php' views. This enhances security by limiting access to sensitive document downloads.
---
 resources/views/component/detail-jaminan.blade.php   | 2 ++
 resources/views/debitur/components/jaminan.blade.php | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/resources/views/component/detail-jaminan.blade.php b/resources/views/component/detail-jaminan.blade.php
index ab9c649..bc2ee80 100644
--- a/resources/views/component/detail-jaminan.blade.php
+++ b/resources/views/component/detail-jaminan.blade.php
@@ -74,7 +74,9 @@
                                     </td>
                                     <td class="py-3 text-gray-700 text-2sm font-normal">
                                         @if(isset($detail->dokumen_jaminan))
+                                            @if(in_array(Auth::user()->roles[0]->name,['administrator','pemohon-eo']))
                                             <a href="{{ route('debitur.jaminan.download',['id'=>$permohonan->debiture->id,'dokumen'=>$detail->id]) }}" class="badge badge-sm badge-outline mt-2 badge-info"><i class="ki-filled ki-cloud-download mr-2"></i> Download</a>
+                                           ) @endif
                                             <span class="badge badge-sm badge-outline badge-warning mt-2" onclick="viewPDF('{{ Storage::url($detail->dokumen_jaminan) }}')"><i class="ki-filled ki-eye mr-2"></i>Preview</span>
                                         @endif
                                     </td>
diff --git a/resources/views/debitur/components/jaminan.blade.php b/resources/views/debitur/components/jaminan.blade.php
index 437e4ab..80439ff 100644
--- a/resources/views/debitur/components/jaminan.blade.php
+++ b/resources/views/debitur/components/jaminan.blade.php
@@ -69,7 +69,9 @@
                             {{ $loop->index+1 }}. {{ $detail->jenisLegalitasJaminan->name }}
                         </span>
                         <div>
+                            @if(in_array(Auth::user()->roles[0]->name,['administrator','pemohon-eo']))
                             <a href="{{ route('debitur.jaminan.download',['id'=>$debitur->id,'dokumen'=>$detail->id]) }}" class="badge badge-sm badge-outline mt-2 badge-info"><i class="ki-filled ki-cloud-download mr-2"></i> Download</a>
+                            @endif
                             <span class="badge badge-sm badge-outline badge-warning mt-2" onclick="viewPDF('{{ Storage::url($detail->dokumen_jaminan) }}')"><i class="ki-filled ki-eye mr-2"></i>Preview</span>
                         </div>
                     </div>