fix: hapus hardcode role, ganti dengan permission check (can())

app/Filament/Resources/Activities/Tables/ActivitiesTable.php

@@ -17,7 +17,7 @@ class ActivitiesTable
     {
         return $table
             ->modifyQueryUsing(function ($query) {
-                if (! auth()->user()->hasRole('super_admin')) {
+                if (! auth()->user()->can('ViewDraft:Activity')) {
                     $query->where(fn ($q) => $q
                         ->where('status', '!=', 'draft')
                         ->orWhere('created_by', auth()->id())
@@ -60,7 +60,7 @@ class ActivitiesTable
                     ->color('success')
                     ->requiresConfirmation()
                     ->visible(fn ($record) => $record->status === 'pending'
-                        && auth()->user()->hasAnyRole(['ketua', 'super_admin']))
+                        && auth()->user()->can('Update:Activity'))
                     ->action(fn ($record) => $record->update([
                         'status'      => 'approved',
                         'approved_by' => auth()->id(),
@@ -72,7 +72,7 @@ class ActivitiesTable
                     ->color('danger')
                     ->requiresConfirmation()
                     ->visible(fn ($record) => $record->status === 'pending'
-                        && auth()->user()->hasAnyRole(['ketua', 'super_admin']))
+                        && auth()->user()->can('Update:Activity'))
                     ->action(fn ($record) => $record->update(['status' => 'rejected'])),
             ])
             ->toolbarActions([BulkActionGroup::make([DeleteBulkAction::make()])]);

app/Filament/Resources/CashRecords/Tables/CashRecordsTable.php

@@ -67,7 +67,7 @@ class CashRecordsTable
                     ->color('success')
                     ->requiresConfirmation()
                     ->visible(function (CashRecord $record): bool {
-                        if (! auth()->user()->hasAnyRole(['ketua', 'super_admin'])) return false;
+                        if (! auth()->user()->can('Update:Approval')) return false;
                         if ($record->amount < 500_000 || $record->amount > 2_000_000) return false;
                         $approval = Approval::where('model_type', CashRecord::class)
                             ->where('model_id', $record->id)->first();
@@ -101,7 +101,7 @@ class CashRecordsTable
                     ->icon('heroicon-o-x-circle')
                     ->color('danger')
                     ->visible(function (CashRecord $record): bool {
-                        if (! auth()->user()->hasAnyRole(['ketua', 'super_admin'])) return false;
+                        if (! auth()->user()->can('Update:Approval')) return false;
                         if ($record->amount < 500_000 || $record->amount > 2_000_000) return false;
                         $approval = Approval::where('model_type', CashRecord::class)
                             ->where('model_id', $record->id)->first();
@@ -137,7 +137,7 @@ class CashRecordsTable
                     ->requiresConfirmation()
                     ->hidden(fn (CashRecord $record) => $record->verified_at !== null)
                     ->visible(function (CashRecord $record): bool {
-                        if (! auth()->user()->hasAnyRole(['ketua', 'super_admin', 'bendahara'])) return false;
+                        if (! auth()->user()->can('Update:CashRecord')) return false;
                         if ($record->verified_at) return false;
                         // Cek threshold
                         if ($record->amount >= 500_000 && $record->amount <= 2_000_000) {

app/Filament/Resources/Posts/PostResource.php

@@ -23,17 +23,16 @@ class PostResource extends Resource
     // Label dinamis sesuai role
     public static function getModelLabel(): string
     {
-        return auth()->user()?->hasAnyRole(['super_admin', 'ketua', 'auditor'])
+        return auth()->user()?->can('ViewAny:Post') && auth()->user()?->can('Update:Post')
             ? 'Artikel'
             : 'Artikel Saya';
     }
 
-    // Scope: ketua/super_admin/auditor lihat semua, lainnya hanya milik sendiri
     public static function getEloquentQuery(): Builder
     {
         $query = parent::getEloquentQuery();
 
-        if (auth()->user()?->hasAnyRole(['super_admin', 'ketua', 'auditor'])) {
+        if (auth()->user()?->can('Update:Post')) {
             return $query;
         }
 

app/Filament/Resources/Posts/Schemas/PostForm.php

@@ -13,7 +13,7 @@ class PostForm
 {
     public static function configure(Schema $schema): Schema
     {
-        $isAdmin = auth()->user()?->hasAnyRole(['super_admin', 'ketua']);
+        $isAdmin = auth()->user()?->can('Update:Post');
 
         return $schema->components([
             TextInput::make('title')->label('Judul')->required()

app/Filament/Resources/Posts/Tables/PostsTable.php

@@ -16,7 +16,7 @@ class PostsTable
 {
     public static function configure(Table $table): Table
     {
-        $isAdmin = auth()->user()?->hasAnyRole(['super_admin', 'ketua']);
+        $isAdmin = auth()->user()?->can('Update:Post');
 
         return $table
             ->columns([

app/Policies/ActivityPolicy.php

@@ -20,7 +20,7 @@ class ActivityPolicy
     public function view(AuthUser $authUser, Activity $activity): bool
     {
         if ($activity->status === 'draft' && $activity->created_by !== $authUser->id) {
-            return $authUser->hasRole('super_admin');
+            return $authUser->can('ViewDraft:Activity');
         }
         return $authUser->can('View:Activity');
     }