daengdeni/usermanagement
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat(usermanagement): perbaiki otorisasi, tambah fitur ekspor, dan optimalkan logika pada beberapa controller

Browse Source 
- **Perbaikan Izin Akses**:
  - Mengganti kunci permission pada beberapa metode agar lebih konsisten:
    - `usermanagement.store` menjadi `usermanagement.create` (store).
    - `usermanagement.edit` menjadi `usermanagement.update` (edit/update).
    - `usermanagement.read` tetap diatur sesuai context (index/view).
  - Menambahkan `abort(403)` pada metode yang belum memiliki pengecekan izin untuk memastikan keamanan.

- **Peningkatan Fitur**:
  - Menambahkan fitur ekspor pada `PermissionsController`, `PositionsController`, `RolesController`, dan `UsersController`:
    - Cek validasi izin sebelum melakukan ekspor.
    - Mendukung pengunduhan file Excel.

- **Optimalisasi Logika**:
  - Menggabungkan properti `user` di semua controller dengan mendefinisikannya melalui konstruktor.
  - Menghapus redundansi load user menggunakan `Auth::guard('web')->user()` di setiap metode.
  - Menyederhanakan pengaturan logging aktivitas untuk setiap operasi CRUD.

- **Penyesuaian & Penambahan**:
  - Menambahkan slug `restore` ke daftar permission terkait untuk operasi pemulihan yang diimplementasikan.
  - Menghapus komentar kode yang tidak digunakan dan mendokumentasikan ulang logika penting untuk lebih jelas.

Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
This commit is contained in:
Daeng Deni Mardaeni
2025-06-22 18:11:14 +07:00
parent becbf8aee2
commit fdbef3a5e8
4 changed files with 57 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Controllers/PermissionsController.php
View File

@@ -63,8 +63,8 @@
public function store(PermissionRequest $request) public function store(PermissionRequest $request)
{ {
// Check if the authenticated user has the required permission to store permissions // Check if the authenticated user has the required permission to store permissions
if (is_null($this->user) || !$this->user->can('usermanagement.store')) { if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
abort(403, 'Sorry! You are not allowed to store permissions.'); abort(403, 'Sorry! You are not allowed to create permissions.');
} }
$validate = $request->validated(); $validate = $request->validated();
@@ -80,7 +80,8 @@
$group_name . '.delete', $group_name . '.delete',
$group_name . '.export', $group_name . '.export',
$group_name . '.authorize', $group_name . '.authorize',
$group_name . '.report' $group_name . '.report',
$group_name . '.restore'
]; ];
foreach ($data as $permission) { foreach ($data as $permission) {
@@ -126,7 +127,7 @@
public function edit($id) public function edit($id)
{ {
// Check if the authenticated user has the required permission to edit permissions // Check if the authenticated user has the required permission to edit permissions
if (is_null($this->user) || !$this->user->can('usermanagement.edit')) { if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
abort(403, 'Sorry! You are not allowed to edit permissions.'); abort(403, 'Sorry! You are not allowed to edit permissions.');
} }
@@ -173,7 +174,8 @@
$group_name . '.delete', $group_name . '.delete',
$group_name . '.export', $group_name . '.export',
$group_name . '.authorize', $group_name . '.authorize',
$group_name . '.report' $group_name . '.report',
$group_name . '.restore'
]; ];
$i = 0; $i = 0;
@@ -325,6 +327,11 @@
public function export() public function export()
{ {
// Check if the authenticated user has the required permission to export permissions
if (is_null($this->user) || !$this->user->can('usermanagement.export')) {
abort(403, 'Sorry! You are not allowed to export permissions.');
}
return Excel::download(new PermissionExport, 'permissions.xlsx'); return Excel::download(new PermissionExport, 'permissions.xlsx');
} }
} }

54
app/Http/Controllers/PositionsController.php
View File

@@ -23,7 +23,17 @@
/** /**
* @var \Illuminate\Contracts\Auth\Authenticatable|null * @var \Illuminate\Contracts\Auth\Authenticatable|null
*/ */
public $user; public $this->user;
/**
* UsersController constructor.
*
* Initializes the user property with the authenticated user.
*/
public function __construct()
{
$this->user = Auth::guard('web')->user();
}
/** /**
* Display a listing of the resource. * Display a listing of the resource.
@@ -32,11 +42,8 @@
*/ */
public function index() public function index()
{ {
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to view positions // Check if the authenticated user has the required permission to view positions
if (is_null($user) || !$user->can('usermanagement.read')) { if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
abort(403, 'Sorry! You are not allowed to view positions.'); abort(403, 'Sorry! You are not allowed to view positions.');
} }
@@ -56,12 +63,9 @@
*/ */
public function store(PositionRequest $request) public function store(PositionRequest $request)
{ {
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to store positions // Check if the authenticated user has the required permission to store positions
if (is_null($user) || !$user->can('usermanagement.create')) { if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
abort(403, 'Sorry! You are not allowed to store positions.'); abort(403, 'Sorry! You are not allowed to create positions.');
} }
// Get validated data // Get validated data
@@ -89,11 +93,8 @@
*/ */
public function create() public function create()
{ {
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to create positions // Check if the authenticated user has the required permission to create positions
if (is_null($user) || !$user->can('usermanagement.create')) { if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
abort(403, 'Sorry! You are not allowed to create positions.'); abort(403, 'Sorry! You are not allowed to create positions.');
} }
@@ -110,11 +111,8 @@
*/ */
public function edit($id) public function edit($id)
{ {
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to edit positions // Check if the authenticated user has the required permission to edit positions
if (is_null($user) || !$user->can('usermanagement.update')) { if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
abort(403, 'Sorry! You are not allowed to edit positions.'); abort(403, 'Sorry! You are not allowed to edit positions.');
} }
@@ -135,11 +133,8 @@
*/ */
public function update(PositionRequest $request, $id) public function update(PositionRequest $request, $id)
{ {
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to update positions // Check if the authenticated user has the required permission to update positions
if (is_null($user) || !$user->can('usermanagement.update')) { if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
abort(403, 'Sorry! You are not allowed to update positions.'); abort(403, 'Sorry! You are not allowed to update positions.');
} }
@@ -173,11 +168,8 @@
*/ */
public function destroy($id) public function destroy($id)
{ {
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to delete positions // Check if the authenticated user has the required permission to delete positions
if (is_null($user) || !$user->can('usermanagement.delete')) { if (is_null($this->user) || !$this->user->can('usermanagement.delete')) {
abort(403, 'Sorry! You are not allowed to delete positions.'); abort(403, 'Sorry! You are not allowed to delete positions.');
} }
@@ -213,11 +205,8 @@
*/ */
public function dataForDatatables(Request $request) public function dataForDatatables(Request $request)
{ {
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to view positions // Check if the authenticated user has the required permission to view positions
if (is_null($user) || !$user->can('usermanagement.read')) { if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
abort(403, 'Sorry! You are not allowed to view positions.'); abort(403, 'Sorry! You are not allowed to view positions.');
} }
@@ -286,11 +275,8 @@
*/ */
public function export(Request $request) public function export(Request $request)
{ {
// Get the authenticated user
$user = Auth::guard('web')->user();
// Check if the authenticated user has the required permission to export positions // Check if the authenticated user has the required permission to export positions
if (is_null($user) || !$user->can('usermanagement.export')) { if (is_null($this->user) || !$this->user->can('usermanagement.export')) {
abort(403, 'Sorry! You are not allowed to export positions.'); abort(403, 'Sorry! You are not allowed to export positions.');
} }

4
app/Http/Controllers/RolesController.php
View File

@@ -344,6 +344,10 @@
public function export() public function export()
{ {
if (is_null($this->user) || !$this->user->can('usermanagement.export')) {
abort(403, 'Sorry! You are not allowed to export roles.');
}
return Excel::download(new RolesExport, 'roles.xlsx'); return Excel::download(new RolesExport, 'roles.xlsx');
} }
} }

27
app/Http/Controllers/UsersController.php
View File

@@ -9,7 +9,7 @@
use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Validator;
use Maatwebsite\Excel\Facades\Excel; use Maatwebsite\Excel\Facades\Excel;
use Modules\Lpj\Models\Branch; use Modules\Basicdata\Models\Branch;
use Modules\Usermanagement\Exports\UsersExport; use Modules\Usermanagement\Exports\UsersExport;
use Modules\Usermanagement\Http\Requests\User as UserRequest; use Modules\Usermanagement\Http\Requests\User as UserRequest;
use Modules\Usermanagement\Models\Role; use Modules\Usermanagement\Models\Role;
@@ -49,7 +49,7 @@
public function index() public function index()
{ {
if (is_null($this->user) || !$this->user->can('usermanagement.read')) { if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
//abort(403, 'Sorry! You are not allowed to view users.'); abort(403, 'Sorry! You are not allowed to view users.');
} }
return view('usermanagement::users.index'); return view('usermanagement::users.index');
@@ -66,7 +66,7 @@
public function dataForDatatables(Request $request) public function dataForDatatables(Request $request)
{ {
if (is_null($this->user) || !$this->user->can('usermanagement.view')) { if (is_null($this->user) || !$this->user->can('usermanagement.view')) {
//abort(403, 'Sorry! You are not allowed to view users.'); abort(403, 'Sorry! You are not allowed to view users.');
} }
// Retrieve data from the database // Retrieve data from the database
@@ -76,8 +76,7 @@
if ($request->has('search') && !empty($request->get('search'))) { if ($request->has('search') && !empty($request->get('search'))) {
$search = $request->get('search'); $search = $request->get('search');
$query->where(function ($q) use ($search) { $query->where(function ($q) use ($search) {
$q $q->whereRaw('LOWER(name) LIKE ?', ['%' . strtolower($search) . '%'])
->whereRaw('LOWER(name) LIKE ?', ['%' . strtolower($search) . '%'])
->orWhereRaw('LOWER(email) LIKE ?', ['%' . strtolower($search) . '%']); ->orWhereRaw('LOWER(email) LIKE ?', ['%' . strtolower($search) . '%']);
}); });
} }
@@ -135,8 +134,8 @@
*/ */
public function edit($id) public function edit($id)
{ {
if (is_null($this->user) || !$this->user->can('usermanagement.edit')) { if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
//abort(403, 'Sorry! You are not allowed to edit users.'); abort(403, 'Sorry! You are not allowed to edit users.');
} }
$user = User::find($id); $user = User::find($id);
@@ -156,7 +155,7 @@
public function destroy($id) public function destroy($id)
{ {
if (is_null($this->user) || !$this->user->can('usermanagement.delete')) { if (is_null($this->user) || !$this->user->can('usermanagement.delete')) {
//abort(403, 'Sorry! You are not allowed to delete users.'); abort(403, 'Sorry! You are not allowed to delete users.');
} }
$user = User::find($id); $user = User::find($id);
@@ -198,6 +197,10 @@
*/ */
public function store(UserRequest $request) public function store(UserRequest $request)
{ {
if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
abort(403, 'Sorry! You are not allowed to create a user.');
}
$validated = $request->validated(); $validated = $request->validated();
if ($validated) { if ($validated) {
@@ -223,7 +226,7 @@
public function create() public function create()
{ {
if (is_null($this->user) || !$this->user->can('usermanagement.create')) { if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
//abort(403, 'Sorry! You are not allowed to create a user.'); abort(403, 'Sorry! You are not allowed to create a user.');
} }
$roles = Role::all(); $roles = Role::all();
@@ -233,6 +236,10 @@
public function export() public function export()
{ {
if (is_null($this->user) || !$this->user->can('usermanagement.export')) {
abort(403, 'Sorry! You are not allowed to export users.');
}
return Excel::download(new UsersExport, 'users.xlsx'); return Excel::download(new UsersExport, 'users.xlsx');
} }
@@ -316,7 +323,7 @@
public function update(UserRequest $request, $id) public function update(UserRequest $request, $id)
{ {
if (is_null($this->user) || !$this->user->can('usermanagement.update')) { if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
//abort(403, 'Sorry! You are not allowed to update users.'); abort(403, 'Sorry! You are not allowed to update users.');
} }
$validated = $request->validated(); $validated = $request->validated();