daengdeni/usermanagement
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat(usermanagement): perbaiki otorisasi, tambah fitur ekspor, dan optimalkan logika pada beberapa controller

Browse Source 
- **Perbaikan Izin Akses**:
  - Mengganti kunci permission pada beberapa metode agar lebih konsisten:
    - `usermanagement.store` menjadi `usermanagement.create` (store).
    - `usermanagement.edit` menjadi `usermanagement.update` (edit/update).
    - `usermanagement.read` tetap diatur sesuai context (index/view).
  - Menambahkan `abort(403)` pada metode yang belum memiliki pengecekan izin untuk memastikan keamanan.

- **Peningkatan Fitur**:
  - Menambahkan fitur ekspor pada `PermissionsController`, `PositionsController`, `RolesController`, dan `UsersController`:
    - Cek validasi izin sebelum melakukan ekspor.
    - Mendukung pengunduhan file Excel.

- **Optimalisasi Logika**:
  - Menggabungkan properti `user` di semua controller dengan mendefinisikannya melalui konstruktor.
  - Menghapus redundansi load user menggunakan `Auth::guard('web')->user()` di setiap metode.
  - Menyederhanakan pengaturan logging aktivitas untuk setiap operasi CRUD.

- **Penyesuaian & Penambahan**:
  - Menambahkan slug `restore` ke daftar permission terkait untuk operasi pemulihan yang diimplementasikan.
  - Menghapus komentar kode yang tidak digunakan dan mendokumentasikan ulang logika penting untuk lebih jelas.

Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
This commit is contained in:
Daeng Deni Mardaeni
2025-06-22 18:11:14 +07:00
parent becbf8aee2
commit fdbef3a5e8
4 changed files with 57 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
app/Http/Controllers/PositionsController.php
View File

@@ -23,7 +23,17 @@
/**
* @var \Illuminate\Contracts\Auth\Authenticatable|null
*/
public $user;
public $this->user;
/**
* UsersController constructor.
*
* Initializes the user property with the authenticated user.
*/
public function __construct()
{
$this->user = Auth::guard('web')->user();
}
/**
* Display a listing of the resource.
@@ -32,11 +42,8 @@
*/
public function index()
{
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to view positions
if (is_null($user) || !$user->can('usermanagement.read')) {
if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
abort(403, 'Sorry! You are not allowed to view positions.');
}
@@ -56,12 +63,9 @@
*/
public function store(PositionRequest $request)
{
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to store positions
if (is_null($user) || !$user->can('usermanagement.create')) {
abort(403, 'Sorry! You are not allowed to store positions.');
if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
abort(403, 'Sorry! You are not allowed to create positions.');
}
// Get validated data
@@ -89,11 +93,8 @@
*/
public function create()
{
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to create positions
if (is_null($user) || !$user->can('usermanagement.create')) {
if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
abort(403, 'Sorry! You are not allowed to create positions.');
}
@@ -110,11 +111,8 @@
*/
public function edit($id)
{
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to edit positions
if (is_null($user) || !$user->can('usermanagement.update')) {
if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
abort(403, 'Sorry! You are not allowed to edit positions.');
}
@@ -135,11 +133,8 @@
*/
public function update(PositionRequest $request, $id)
{
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to update positions
if (is_null($user) || !$user->can('usermanagement.update')) {
if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
abort(403, 'Sorry! You are not allowed to update positions.');
}
@@ -173,27 +168,24 @@
*/
public function destroy($id)
{
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to delete positions
if (is_null($user) || !$user->can('usermanagement.delete')) {
if (is_null($this->user) || !$this->user->can('usermanagement.delete')) {
abort(403, 'Sorry! You are not allowed to delete positions.');
}
// Find the position by ID
$position = Position::findOrFail($id);
// Check if the position has associated roles
if ($position->roles()->count() > 0) {
return redirect()->route('users.positions.index')
->with('error', 'Cannot delete position because it has associated roles.');
}
try {
// If no errors, delete the position from the database
$position->delete();
// Redirect to the positions index page with a success message
return redirect()->route('users.positions.index')
->with('success', 'Position deleted successfully.');
@@ -213,11 +205,8 @@
*/
public function dataForDatatables(Request $request)
{
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to view positions
if (is_null($user) || !$user->can('usermanagement.read')) {
if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
abort(403, 'Sorry! You are not allowed to view positions.');
}
@@ -286,11 +275,8 @@
*/
public function export(Request $request)
{
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to export positions
if (is_null($user) || !$user->can('usermanagement.export')) {
if (is_null($this->user) || !$this->user->can('usermanagement.export')) {
abort(403, 'Sorry! You are not allowed to export positions.');
}