feat(usermanagement): perbaiki otorisasi, tambah fitur ekspor, dan optimalkan logika pada beberapa controller

- **Perbaikan Izin Akses**:
  - Mengganti kunci permission pada beberapa metode agar lebih konsisten:
    - `usermanagement.store` menjadi `usermanagement.create` (store).
    - `usermanagement.edit` menjadi `usermanagement.update` (edit/update).
    - `usermanagement.read` tetap diatur sesuai context (index/view).
  - Menambahkan `abort(403)` pada metode yang belum memiliki pengecekan izin untuk memastikan keamanan.

- **Peningkatan Fitur**:
  - Menambahkan fitur ekspor pada `PermissionsController`, `PositionsController`, `RolesController`, dan `UsersController`:
    - Cek validasi izin sebelum melakukan ekspor.
    - Mendukung pengunduhan file Excel.

- **Optimalisasi Logika**:
  - Menggabungkan properti `user` di semua controller dengan mendefinisikannya melalui konstruktor.
  - Menghapus redundansi load user menggunakan `Auth::guard('web')->user()` di setiap metode.
  - Menyederhanakan pengaturan logging aktivitas untuk setiap operasi CRUD.

- **Penyesuaian & Penambahan**:
  - Menambahkan slug `restore` ke daftar permission terkait untuk operasi pemulihan yang diimplementasikan.
  - Menghapus komentar kode yang tidak digunakan dan mendokumentasikan ulang logika penting untuk lebih jelas.

Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>

app/Http/Controllers/UsersController.php

@@ -9,7 +9,7 @@
     use Illuminate\Support\Facades\Hash;
     use Illuminate\Support\Facades\Validator;
     use Maatwebsite\Excel\Facades\Excel;
-    use Modules\Lpj\Models\Branch;
+    use Modules\Basicdata\Models\Branch;
     use Modules\Usermanagement\Exports\UsersExport;
     use Modules\Usermanagement\Http\Requests\User as UserRequest;
     use Modules\Usermanagement\Models\Role;
@@ -49,7 +49,7 @@
         public function index()
         {
             if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
-                //abort(403, 'Sorry! You are not allowed to view users.');
+                abort(403, 'Sorry! You are not allowed to view users.');
             }
 
             return view('usermanagement::users.index');
@@ -66,7 +66,7 @@
         public function dataForDatatables(Request $request)
         {
             if (is_null($this->user) || !$this->user->can('usermanagement.view')) {
-                //abort(403, 'Sorry! You are not allowed to view users.');
+                abort(403, 'Sorry! You are not allowed to view users.');
             }
 
             // Retrieve data from the database
@@ -76,8 +76,7 @@
             if ($request->has('search') && !empty($request->get('search'))) {
                 $search = $request->get('search');
                 $query->where(function ($q) use ($search) {
-                    $q
-                        ->whereRaw('LOWER(name) LIKE ?', ['%' . strtolower($search) . '%'])
+                    $q->whereRaw('LOWER(name) LIKE ?', ['%' . strtolower($search) . '%'])
                         ->orWhereRaw('LOWER(email) LIKE ?', ['%' . strtolower($search) . '%']);
                 });
             }
@@ -135,8 +134,8 @@
          */
         public function edit($id)
         {
-            if (is_null($this->user) || !$this->user->can('usermanagement.edit')) {
-                //abort(403, 'Sorry! You are not allowed to edit users.');
+            if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
+                abort(403, 'Sorry! You are not allowed to edit users.');
             }
 
             $user     = User::find($id);
@@ -156,7 +155,7 @@
         public function destroy($id)
         {
             if (is_null($this->user) || !$this->user->can('usermanagement.delete')) {
-                //abort(403, 'Sorry! You are not allowed to delete users.');
+                abort(403, 'Sorry! You are not allowed to delete users.');
             }
 
             $user = User::find($id);
@@ -198,6 +197,10 @@
          */
         public function store(UserRequest $request)
         {
+            if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
+                abort(403, 'Sorry! You are not allowed to create a user.');
+            }
+
             $validated = $request->validated();
 
             if ($validated) {
@@ -223,7 +226,7 @@
         public function create()
         {
             if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
-                //abort(403, 'Sorry! You are not allowed to create a user.');
+                abort(403, 'Sorry! You are not allowed to create a user.');
             }
 
             $roles    = Role::all();
@@ -233,6 +236,10 @@
 
         public function export()
         {
+            if (is_null($this->user) || !$this->user->can('usermanagement.export')) {
+                abort(403, 'Sorry! You are not allowed to export users.');
+            }
+
             return Excel::download(new UsersExport, 'users.xlsx');
         }
 
@@ -316,7 +323,7 @@
         public function update(UserRequest $request, $id)
         {
             if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
-                //abort(403, 'Sorry! You are not allowed to update users.');
+                abort(403, 'Sorry! You are not allowed to update users.');
             }
 
             $validated = $request->validated();