From 21521b384eef242e2917ed620445dc39d74f49c3 Mon Sep 17 00:00:00 2001
From: Daeng Deni Mardaeni <ddeni05@gmail.com>
Date: Sun, 22 Jun 2025 18:56:06 +0700
Subject: [PATCH] feat(usermanagement): ubah respons abort menjadi JSON untuk
 akses terlarang di beberapa controller

- Mengganti respons `abort(403)` menjadi respons JSON yang lebih informatif di beberapa controller:
  - **PermissionsController**
    - Penyesuaian pada metode penghapusan dan pengambilan data untuk datatable.
    - Menampilkan pesan error dan status success=false jika pengguna tidak memiliki izin.
  - **PositionsController**
    - Perubahan serupa diterapkan pada metode penghapusan posisi dan pengambilan data untuk datatable.
  - **RolesController**
    - Penyesuaian dilakukan pada metode pengambilan data untuk datatable.
  - **UsersController**
    - Ubah logika pada metode penghapusan dan pengambilan data pengguna ke JSON.

Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
---
 app/Http/Controllers/PermissionsController.php | 4 ++--
 app/Http/Controllers/PositionsController.php   | 4 ++--
 app/Http/Controllers/RolesController.php       | 2 +-
 app/Http/Controllers/UsersController.php       | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/app/Http/Controllers/PermissionsController.php b/app/Http/Controllers/PermissionsController.php
index 1d72817..f7b63c5 100644
--- a/app/Http/Controllers/PermissionsController.php
+++ b/app/Http/Controllers/PermissionsController.php
@@ -205,7 +205,7 @@
         {
             // Check if the authenticated user has the required permission to delete permissions
             if (is_null($this->user) || !$this->user->can('usermanagement.delete')) {
-                abort(403, 'Sorry! You are not allowed to delete permissions.');
+                return response()->json(['message' => 'Sorry! You are not allowed to delete permissions.','success' => false]);
             }
 
             $permission = PermissionGroup::find($id);
@@ -260,7 +260,7 @@
         public function dataForDatatables(Request $request)
         {
             if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
-                abort(403, 'Sorry! You are not allowed to view users.');
+                return response()->json(['message' => 'Sorry! You are not allowed to view permissions.','success' => false]);
             }
 
             // Retrieve data from the database
diff --git a/app/Http/Controllers/PositionsController.php b/app/Http/Controllers/PositionsController.php
index bcb0dd4..16643f6 100644
--- a/app/Http/Controllers/PositionsController.php
+++ b/app/Http/Controllers/PositionsController.php
@@ -170,7 +170,7 @@
         {
             // Check if the authenticated user has the required permission to delete positions
             if (is_null($this->user) || !$this->user->can('usermanagement.delete')) {
-                abort(403, 'Sorry! You are not allowed to delete positions.');
+                return response()->json(['message' => 'Sorry! You are not allowed to delete positions.','success' => false]);
             }
 
             // Find the position by ID
@@ -207,7 +207,7 @@
         {
             // Check if the authenticated user has the required permission to view positions
             if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
-                abort(403, 'Sorry! You are not allowed to view positions.');
+                return response()->json(['message' => 'Sorry! You are not allowed to view positions.','success' => false]);
             }
 
             // Retrieve data from the database
diff --git a/app/Http/Controllers/RolesController.php b/app/Http/Controllers/RolesController.php
index f06c260..98a1a59 100644
--- a/app/Http/Controllers/RolesController.php
+++ b/app/Http/Controllers/RolesController.php
@@ -260,7 +260,7 @@
         public function dataForDatatables(Request $request)
         {
             if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
-                abort(403, 'Sorry! You are not allowed to view users.');
+                return response()->json(['message' => 'Sorry! You are not allowed to view roles.','success' => false]);
             }
 
             // Retrieve data from the database
diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php
index 752efae..52a7be5 100644
--- a/app/Http/Controllers/UsersController.php
+++ b/app/Http/Controllers/UsersController.php
@@ -66,7 +66,7 @@
         public function dataForDatatables(Request $request)
         {
             if (is_null($this->user) || !$this->user->can('usermanagement.view')) {
-                abort(403, 'Sorry! You are not allowed to view users.');
+                return response()->json(['message' => 'Sorry! You are not allowed to view users.','success' => false]);
             }
 
             // Retrieve data from the database
@@ -155,7 +155,7 @@
         public function destroy($id)
         {
             if (is_null($this->user) || !$this->user->can('usermanagement.delete')) {
-                abort(403, 'Sorry! You are not allowed to delete users.');
+                return response()->json(['message' => 'Sorry! You are not allowed to delete users.','success' => false]);
             }
 
             $user = User::find($id);