feat(usermanagement): perbaiki otorisasi, tambah fitur ekspor, dan optimalkan logika pada beberapa controller
- **Perbaikan Izin Akses**:
- Mengganti kunci permission pada beberapa metode agar lebih konsisten:
- `usermanagement.store` menjadi `usermanagement.create` (store).
- `usermanagement.edit` menjadi `usermanagement.update` (edit/update).
- `usermanagement.read` tetap diatur sesuai context (index/view).
- Menambahkan `abort(403)` pada metode yang belum memiliki pengecekan izin untuk memastikan keamanan.
- **Peningkatan Fitur**:
- Menambahkan fitur ekspor pada `PermissionsController`, `PositionsController`, `RolesController`, dan `UsersController`:
- Cek validasi izin sebelum melakukan ekspor.
- Mendukung pengunduhan file Excel.
- **Optimalisasi Logika**:
- Menggabungkan properti `user` di semua controller dengan mendefinisikannya melalui konstruktor.
- Menghapus redundansi load user menggunakan `Auth::guard('web')->user()` di setiap metode.
- Menyederhanakan pengaturan logging aktivitas untuk setiap operasi CRUD.
- **Penyesuaian & Penambahan**:
- Menambahkan slug `restore` ke daftar permission terkait untuk operasi pemulihan yang diimplementasikan.
- Menghapus komentar kode yang tidak digunakan dan mendokumentasikan ulang logika penting untuk lebih jelas.
Signed-off-by: Daeng Deni Mardaeni <ddeni05@gmail.com>
This commit is contained in:
Daeng Deni Mardaeni
@@ -63,8 +63,8 @@
|
|||||||
public function store(PermissionRequest $request)
|
public function store(PermissionRequest $request)
|
||||||
{
|
{
|
||||||
// Check if the authenticated user has the required permission to store permissions
|
// Check if the authenticated user has the required permission to store permissions
|
||||||
if (is_null($this->user) || !$this->user->can('usermanagement.store')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
|
||||||
abort(403, 'Sorry! You are not allowed to store permissions.');
|
abort(403, 'Sorry! You are not allowed to create permissions.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$validate = $request->validated();
|
$validate = $request->validated();
|
||||||
@@ -80,7 +80,8 @@
|
|||||||
$group_name . '.delete',
|
$group_name . '.delete',
|
||||||
$group_name . '.export',
|
$group_name . '.export',
|
||||||
$group_name . '.authorize',
|
$group_name . '.authorize',
|
||||||
$group_name . '.report'
|
$group_name . '.report',
|
||||||
|
$group_name . '.restore'
|
||||||
];
|
];
|
||||||
|
|
||||||
foreach ($data as $permission) {
|
foreach ($data as $permission) {
|
||||||
@@ -126,7 +127,7 @@
|
|||||||
public function edit($id)
|
public function edit($id)
|
||||||
{
|
{
|
||||||
// Check if the authenticated user has the required permission to edit permissions
|
// Check if the authenticated user has the required permission to edit permissions
|
||||||
if (is_null($this->user) || !$this->user->can('usermanagement.edit')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
|
||||||
abort(403, 'Sorry! You are not allowed to edit permissions.');
|
abort(403, 'Sorry! You are not allowed to edit permissions.');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -173,7 +174,8 @@
|
|||||||
$group_name . '.delete',
|
$group_name . '.delete',
|
||||||
$group_name . '.export',
|
$group_name . '.export',
|
||||||
$group_name . '.authorize',
|
$group_name . '.authorize',
|
||||||
$group_name . '.report'
|
$group_name . '.report',
|
||||||
|
$group_name . '.restore'
|
||||||
];
|
];
|
||||||
|
|
||||||
$i = 0;
|
$i = 0;
|
||||||
@@ -325,6 +327,11 @@
|
|||||||
|
|
||||||
public function export()
|
public function export()
|
||||||
{
|
{
|
||||||
|
// Check if the authenticated user has the required permission to export permissions
|
||||||
|
if (is_null($this->user) || !$this->user->can('usermanagement.export')) {
|
||||||
|
abort(403, 'Sorry! You are not allowed to export permissions.');
|
||||||
|
}
|
||||||
|
|
||||||
return Excel::download(new PermissionExport, 'permissions.xlsx');
|
return Excel::download(new PermissionExport, 'permissions.xlsx');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,7 +23,17 @@
|
|||||||
/**
|
/**
|
||||||
* @var \Illuminate\Contracts\Auth\Authenticatable|null
|
* @var \Illuminate\Contracts\Auth\Authenticatable|null
|
||||||
*/
|
*/
|
||||||
public $user;
|
public $this->user;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* UsersController constructor.
|
||||||
|
*
|
||||||
|
* Initializes the user property with the authenticated user.
|
||||||
|
*/
|
||||||
|
public function __construct()
|
||||||
|
{
|
||||||
|
$this->user = Auth::guard('web')->user();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Display a listing of the resource.
|
* Display a listing of the resource.
|
||||||
@@ -32,11 +42,8 @@
|
|||||||
*/
|
*/
|
||||||
public function index()
|
public function index()
|
||||||
{
|
{
|
||||||
// Get the authenticated user
|
|
||||||
$user = Auth::guard('web')->user();
|
|
||||||
|
|
||||||
// Check if the authenticated user has the required permission to view positions
|
// Check if the authenticated user has the required permission to view positions
|
||||||
if (is_null($user) || !$user->can('usermanagement.read')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
|
||||||
abort(403, 'Sorry! You are not allowed to view positions.');
|
abort(403, 'Sorry! You are not allowed to view positions.');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -56,12 +63,9 @@
|
|||||||
*/
|
*/
|
||||||
public function store(PositionRequest $request)
|
public function store(PositionRequest $request)
|
||||||
{
|
{
|
||||||
// Get the authenticated user
|
|
||||||
$user = Auth::guard('web')->user();
|
|
||||||
|
|
||||||
// Check if the authenticated user has the required permission to store positions
|
// Check if the authenticated user has the required permission to store positions
|
||||||
if (is_null($user) || !$user->can('usermanagement.create')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
|
||||||
abort(403, 'Sorry! You are not allowed to store positions.');
|
abort(403, 'Sorry! You are not allowed to create positions.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get validated data
|
// Get validated data
|
||||||
@@ -89,11 +93,8 @@
|
|||||||
*/
|
*/
|
||||||
public function create()
|
public function create()
|
||||||
{
|
{
|
||||||
// Get the authenticated user
|
|
||||||
$user = Auth::guard('web')->user();
|
|
||||||
|
|
||||||
// Check if the authenticated user has the required permission to create positions
|
// Check if the authenticated user has the required permission to create positions
|
||||||
if (is_null($user) || !$user->can('usermanagement.create')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
|
||||||
abort(403, 'Sorry! You are not allowed to create positions.');
|
abort(403, 'Sorry! You are not allowed to create positions.');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -110,11 +111,8 @@
|
|||||||
*/
|
*/
|
||||||
public function edit($id)
|
public function edit($id)
|
||||||
{
|
{
|
||||||
// Get the authenticated user
|
|
||||||
$user = Auth::guard('web')->user();
|
|
||||||
|
|
||||||
// Check if the authenticated user has the required permission to edit positions
|
// Check if the authenticated user has the required permission to edit positions
|
||||||
if (is_null($user) || !$user->can('usermanagement.update')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
|
||||||
abort(403, 'Sorry! You are not allowed to edit positions.');
|
abort(403, 'Sorry! You are not allowed to edit positions.');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -135,11 +133,8 @@
|
|||||||
*/
|
*/
|
||||||
public function update(PositionRequest $request, $id)
|
public function update(PositionRequest $request, $id)
|
||||||
{
|
{
|
||||||
// Get the authenticated user
|
|
||||||
$user = Auth::guard('web')->user();
|
|
||||||
|
|
||||||
// Check if the authenticated user has the required permission to update positions
|
// Check if the authenticated user has the required permission to update positions
|
||||||
if (is_null($user) || !$user->can('usermanagement.update')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
|
||||||
abort(403, 'Sorry! You are not allowed to update positions.');
|
abort(403, 'Sorry! You are not allowed to update positions.');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -173,27 +168,24 @@
|
|||||||
*/
|
*/
|
||||||
public function destroy($id)
|
public function destroy($id)
|
||||||
{
|
{
|
||||||
// Get the authenticated user
|
|
||||||
$user = Auth::guard('web')->user();
|
|
||||||
|
|
||||||
// Check if the authenticated user has the required permission to delete positions
|
// Check if the authenticated user has the required permission to delete positions
|
||||||
if (is_null($user) || !$user->can('usermanagement.delete')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.delete')) {
|
||||||
abort(403, 'Sorry! You are not allowed to delete positions.');
|
abort(403, 'Sorry! You are not allowed to delete positions.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find the position by ID
|
// Find the position by ID
|
||||||
$position = Position::findOrFail($id);
|
$position = Position::findOrFail($id);
|
||||||
|
|
||||||
// Check if the position has associated roles
|
// Check if the position has associated roles
|
||||||
if ($position->roles()->count() > 0) {
|
if ($position->roles()->count() > 0) {
|
||||||
return redirect()->route('users.positions.index')
|
return redirect()->route('users.positions.index')
|
||||||
->with('error', 'Cannot delete position because it has associated roles.');
|
->with('error', 'Cannot delete position because it has associated roles.');
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// If no errors, delete the position from the database
|
// If no errors, delete the position from the database
|
||||||
$position->delete();
|
$position->delete();
|
||||||
|
|
||||||
// Redirect to the positions index page with a success message
|
// Redirect to the positions index page with a success message
|
||||||
return redirect()->route('users.positions.index')
|
return redirect()->route('users.positions.index')
|
||||||
->with('success', 'Position deleted successfully.');
|
->with('success', 'Position deleted successfully.');
|
||||||
@@ -213,11 +205,8 @@
|
|||||||
*/
|
*/
|
||||||
public function dataForDatatables(Request $request)
|
public function dataForDatatables(Request $request)
|
||||||
{
|
{
|
||||||
// Get the authenticated user
|
|
||||||
$user = Auth::guard('web')->user();
|
|
||||||
|
|
||||||
// Check if the authenticated user has the required permission to view positions
|
// Check if the authenticated user has the required permission to view positions
|
||||||
if (is_null($user) || !$user->can('usermanagement.read')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
|
||||||
abort(403, 'Sorry! You are not allowed to view positions.');
|
abort(403, 'Sorry! You are not allowed to view positions.');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -286,11 +275,8 @@
|
|||||||
*/
|
*/
|
||||||
public function export(Request $request)
|
public function export(Request $request)
|
||||||
{
|
{
|
||||||
// Get the authenticated user
|
|
||||||
$user = Auth::guard('web')->user();
|
|
||||||
|
|
||||||
// Check if the authenticated user has the required permission to export positions
|
// Check if the authenticated user has the required permission to export positions
|
||||||
if (is_null($user) || !$user->can('usermanagement.export')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.export')) {
|
||||||
abort(403, 'Sorry! You are not allowed to export positions.');
|
abort(403, 'Sorry! You are not allowed to export positions.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -344,6 +344,10 @@
|
|||||||
|
|
||||||
public function export()
|
public function export()
|
||||||
{
|
{
|
||||||
|
if (is_null($this->user) || !$this->user->can('usermanagement.export')) {
|
||||||
|
abort(403, 'Sorry! You are not allowed to export roles.');
|
||||||
|
}
|
||||||
|
|
||||||
return Excel::download(new RolesExport, 'roles.xlsx');
|
return Excel::download(new RolesExport, 'roles.xlsx');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -9,7 +9,7 @@
|
|||||||
use Illuminate\Support\Facades\Hash;
|
use Illuminate\Support\Facades\Hash;
|
||||||
use Illuminate\Support\Facades\Validator;
|
use Illuminate\Support\Facades\Validator;
|
||||||
use Maatwebsite\Excel\Facades\Excel;
|
use Maatwebsite\Excel\Facades\Excel;
|
||||||
use Modules\Lpj\Models\Branch;
|
use Modules\Basicdata\Models\Branch;
|
||||||
use Modules\Usermanagement\Exports\UsersExport;
|
use Modules\Usermanagement\Exports\UsersExport;
|
||||||
use Modules\Usermanagement\Http\Requests\User as UserRequest;
|
use Modules\Usermanagement\Http\Requests\User as UserRequest;
|
||||||
use Modules\Usermanagement\Models\Role;
|
use Modules\Usermanagement\Models\Role;
|
||||||
@@ -49,7 +49,7 @@
|
|||||||
public function index()
|
public function index()
|
||||||
{
|
{
|
||||||
if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.read')) {
|
||||||
//abort(403, 'Sorry! You are not allowed to view users.');
|
abort(403, 'Sorry! You are not allowed to view users.');
|
||||||
}
|
}
|
||||||
|
|
||||||
return view('usermanagement::users.index');
|
return view('usermanagement::users.index');
|
||||||
@@ -66,7 +66,7 @@
|
|||||||
public function dataForDatatables(Request $request)
|
public function dataForDatatables(Request $request)
|
||||||
{
|
{
|
||||||
if (is_null($this->user) || !$this->user->can('usermanagement.view')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.view')) {
|
||||||
//abort(403, 'Sorry! You are not allowed to view users.');
|
abort(403, 'Sorry! You are not allowed to view users.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Retrieve data from the database
|
// Retrieve data from the database
|
||||||
@@ -76,8 +76,7 @@
|
|||||||
if ($request->has('search') && !empty($request->get('search'))) {
|
if ($request->has('search') && !empty($request->get('search'))) {
|
||||||
$search = $request->get('search');
|
$search = $request->get('search');
|
||||||
$query->where(function ($q) use ($search) {
|
$query->where(function ($q) use ($search) {
|
||||||
$q
|
$q->whereRaw('LOWER(name) LIKE ?', ['%' . strtolower($search) . '%'])
|
||||||
->whereRaw('LOWER(name) LIKE ?', ['%' . strtolower($search) . '%'])
|
|
||||||
->orWhereRaw('LOWER(email) LIKE ?', ['%' . strtolower($search) . '%']);
|
->orWhereRaw('LOWER(email) LIKE ?', ['%' . strtolower($search) . '%']);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@@ -135,8 +134,8 @@
|
|||||||
*/
|
*/
|
||||||
public function edit($id)
|
public function edit($id)
|
||||||
{
|
{
|
||||||
if (is_null($this->user) || !$this->user->can('usermanagement.edit')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
|
||||||
//abort(403, 'Sorry! You are not allowed to edit users.');
|
abort(403, 'Sorry! You are not allowed to edit users.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = User::find($id);
|
$user = User::find($id);
|
||||||
@@ -156,7 +155,7 @@
|
|||||||
public function destroy($id)
|
public function destroy($id)
|
||||||
{
|
{
|
||||||
if (is_null($this->user) || !$this->user->can('usermanagement.delete')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.delete')) {
|
||||||
//abort(403, 'Sorry! You are not allowed to delete users.');
|
abort(403, 'Sorry! You are not allowed to delete users.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = User::find($id);
|
$user = User::find($id);
|
||||||
@@ -198,6 +197,10 @@
|
|||||||
*/
|
*/
|
||||||
public function store(UserRequest $request)
|
public function store(UserRequest $request)
|
||||||
{
|
{
|
||||||
|
if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
|
||||||
|
abort(403, 'Sorry! You are not allowed to create a user.');
|
||||||
|
}
|
||||||
|
|
||||||
$validated = $request->validated();
|
$validated = $request->validated();
|
||||||
|
|
||||||
if ($validated) {
|
if ($validated) {
|
||||||
@@ -223,7 +226,7 @@
|
|||||||
public function create()
|
public function create()
|
||||||
{
|
{
|
||||||
if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.create')) {
|
||||||
//abort(403, 'Sorry! You are not allowed to create a user.');
|
abort(403, 'Sorry! You are not allowed to create a user.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$roles = Role::all();
|
$roles = Role::all();
|
||||||
@@ -233,6 +236,10 @@
|
|||||||
|
|
||||||
public function export()
|
public function export()
|
||||||
{
|
{
|
||||||
|
if (is_null($this->user) || !$this->user->can('usermanagement.export')) {
|
||||||
|
abort(403, 'Sorry! You are not allowed to export users.');
|
||||||
|
}
|
||||||
|
|
||||||
return Excel::download(new UsersExport, 'users.xlsx');
|
return Excel::download(new UsersExport, 'users.xlsx');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -316,7 +323,7 @@
|
|||||||
public function update(UserRequest $request, $id)
|
public function update(UserRequest $request, $id)
|
||||||
{
|
{
|
||||||
if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
|
if (is_null($this->user) || !$this->user->can('usermanagement.update')) {
|
||||||
//abort(403, 'Sorry! You are not allowed to update users.');
|
abort(403, 'Sorry! You are not allowed to update users.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$validated = $request->validated();
|
$validated = $request->validated();
|
||||||
|
|||||||
Reference in New Issue
Block a user