tuxarmy/persegi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: hapus hardcode role, ganti dengan permission check (can())

Browse Source
This commit is contained in:
tuxarmy
2026-04-04 09:44:14 +07:00
parent 70bb914e54
commit d3d7c6e422
7 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Filament/Resources/Activities/Tables/ActivitiesTable.php
+3 -3
View File
@@ -17,7 +17,7 @@ class ActivitiesTable
{
return $table
->modifyQueryUsing(function ($query) {
if (! auth()->user()->hasRole('super_admin')) {
if (! auth()->user()->can('ViewDraft:Activity')) {
$query->where(fn ($q) => $q
->where('status', '!=', 'draft')
->orWhere('created_by', auth()->id())
@@ -60,7 +60,7 @@ class ActivitiesTable
->color('success')
->requiresConfirmation()
->visible(fn ($record) => $record->status === 'pending'
&& auth()->user()->hasAnyRole(['ketua', 'super_admin']))
&& auth()->user()->can('Update:Activity'))
->action(fn ($record) => $record->update([
'status' => 'approved',
'approved_by' => auth()->id(),
@@ -72,7 +72,7 @@ class ActivitiesTable
->color('danger')
->requiresConfirmation()
->visible(fn ($record) => $record->status === 'pending'
&& auth()->user()->hasAnyRole(['ketua', 'super_admin']))
&& auth()->user()->can('Update:Activity'))
->action(fn ($record) => $record->update(['status' => 'rejected'])),
])
->toolbarActions([BulkActionGroup::make([DeleteBulkAction::make()])]);
app/Filament/Resources/CashRecords/Tables/CashRecordsTable.php
+3 -3
View File
@@ -67,7 +67,7 @@ class CashRecordsTable
->color('success')
->requiresConfirmation()
->visible(function (CashRecord $record): bool {
if (! auth()->user()->hasAnyRole(['ketua', 'super_admin'])) return false;
if (! auth()->user()->can('Update:Approval')) return false;
if ($record->amount < 500_000 || $record->amount > 2_000_000) return false;
$approval = Approval::where('model_type', CashRecord::class)
->where('model_id', $record->id)->first();
@@ -101,7 +101,7 @@ class CashRecordsTable
->icon('heroicon-o-x-circle')
->color('danger')
->visible(function (CashRecord $record): bool {
if (! auth()->user()->hasAnyRole(['ketua', 'super_admin'])) return false;
if (! auth()->user()->can('Update:Approval')) return false;
if ($record->amount < 500_000 || $record->amount > 2_000_000) return false;
$approval = Approval::where('model_type', CashRecord::class)
->where('model_id', $record->id)->first();
@@ -137,7 +137,7 @@ class CashRecordsTable
->requiresConfirmation()
->hidden(fn (CashRecord $record) => $record->verified_at !== null)
->visible(function (CashRecord $record): bool {
if (! auth()->user()->hasAnyRole(['ketua', 'super_admin', 'bendahara'])) return false;
if (! auth()->user()->can('Update:CashRecord')) return false;
if ($record->verified_at) return false;
// Cek threshold
if ($record->amount >= 500_000 && $record->amount <= 2_000_000) {
app/Filament/Resources/Posts/PostResource.php
+2 -3
View File
@@ -23,17 +23,16 @@ class PostResource extends Resource
// Label dinamis sesuai role
public static function getModelLabel(): string
{
return auth()->user()?->hasAnyRole(['super_admin', 'ketua', 'auditor'])
return auth()->user()?->can('ViewAny:Post') && auth()->user()?->can('Update:Post')
? 'Artikel'
: 'Artikel Saya';
}
// Scope: ketua/super_admin/auditor lihat semua, lainnya hanya milik sendiri
public static function getEloquentQuery(): Builder
{
$query = parent::getEloquentQuery();
if (auth()->user()?->hasAnyRole(['super_admin', 'ketua', 'auditor'])) {
if (auth()->user()?->can('Update:Post')) {
return $query;
}
app/Filament/Resources/Posts/Schemas/PostForm.php
+1 -1
View File
@@ -13,7 +13,7 @@ class PostForm
{
public static function configure(Schema $schema): Schema
{
$isAdmin = auth()->user()?->hasAnyRole(['super_admin', 'ketua']);
$isAdmin = auth()->user()?->can('Update:Post');
return $schema->components([
TextInput::make('title')->label('Judul')->required()
app/Filament/Resources/Posts/Tables/PostsTable.php
+1 -1
View File
@@ -16,7 +16,7 @@ class PostsTable
{
public static function configure(Table $table): Table
{
$isAdmin = auth()->user()?->hasAnyRole(['super_admin', 'ketua']);
$isAdmin = auth()->user()?->can('Update:Post');
return $table
->columns([
app/Policies/ActivityPolicy.php
+1 -1
View File
@@ -20,7 +20,7 @@ class ActivityPolicy
public function view(AuthUser $authUser, Activity $activity): bool
{
if ($activity->status === 'draft' && $activity->created_by !== $authUser->id) {
return $authUser->hasRole('super_admin');
return $authUser->can('ViewDraft:Activity');
}
return $authUser->can('View:Activity');
}
database/seeders/PermissionSeeder.php
+5
View File
@@ -17,6 +17,11 @@ class PermissionSeeder extends Seeder
$pengurus = Role::findByName('pengurus');
$anggota = Role::findByName('anggota');
$auditor = Role::findByName('auditor');
$superAdmin = Role::findByName('super_admin');
// Permission khusus yang tidak di-generate Shield
Permission::firstOrCreate(['name' => 'ViewDraft:Activity', 'guard_name' => 'web']);
$superAdmin->givePermissionTo('ViewDraft:Activity');
// Ketua: akses penuh kecuali shield roles
$ketua->syncPermissions(Permission::where('name', 'not like', '%Role%')