tuxarmy/persegi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: hapus hardcode role, ganti dengan permission check (can())

Browse Source
This commit is contained in:
tuxarmy
2026-04-04 09:44:14 +07:00
parent 70bb914e54
commit d3d7c6e422
7 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Filament/Resources/Activities/Tables/ActivitiesTable.php
+3 -3
View File
@@ -17,7 +17,7 @@ class ActivitiesTable
{ {
return $table return $table
->modifyQueryUsing(function ($query) { ->modifyQueryUsing(function ($query) {
if (! auth()->user()->hasRole('super_admin')) { if (! auth()->user()->can('ViewDraft:Activity')) {
$query->where(fn ($q) => $q $query->where(fn ($q) => $q
->where('status', '!=', 'draft') ->where('status', '!=', 'draft')
->orWhere('created_by', auth()->id()) ->orWhere('created_by', auth()->id())
@@ -60,7 +60,7 @@ class ActivitiesTable
->color('success') ->color('success')
->requiresConfirmation() ->requiresConfirmation()
->visible(fn ($record) => $record->status === 'pending' ->visible(fn ($record) => $record->status === 'pending'
&& auth()->user()->hasAnyRole(['ketua', 'super_admin'])) && auth()->user()->can('Update:Activity'))
->action(fn ($record) => $record->update([ ->action(fn ($record) => $record->update([
'status' => 'approved', 'status' => 'approved',
'approved_by' => auth()->id(), 'approved_by' => auth()->id(),
@@ -72,7 +72,7 @@ class ActivitiesTable
->color('danger') ->color('danger')
->requiresConfirmation() ->requiresConfirmation()
->visible(fn ($record) => $record->status === 'pending' ->visible(fn ($record) => $record->status === 'pending'
&& auth()->user()->hasAnyRole(['ketua', 'super_admin'])) && auth()->user()->can('Update:Activity'))
->action(fn ($record) => $record->update(['status' => 'rejected'])), ->action(fn ($record) => $record->update(['status' => 'rejected'])),
]) ])
->toolbarActions([BulkActionGroup::make([DeleteBulkAction::make()])]); ->toolbarActions([BulkActionGroup::make([DeleteBulkAction::make()])]);
app/Filament/Resources/CashRecords/Tables/CashRecordsTable.php
+3 -3
View File
@@ -67,7 +67,7 @@ class CashRecordsTable
->color('success') ->color('success')
->requiresConfirmation() ->requiresConfirmation()
->visible(function (CashRecord $record): bool { ->visible(function (CashRecord $record): bool {
if (! auth()->user()->hasAnyRole(['ketua', 'super_admin'])) return false; if (! auth()->user()->can('Update:Approval')) return false;
if ($record->amount < 500_000 || $record->amount > 2_000_000) return false; if ($record->amount < 500_000 || $record->amount > 2_000_000) return false;
$approval = Approval::where('model_type', CashRecord::class) $approval = Approval::where('model_type', CashRecord::class)
->where('model_id', $record->id)->first(); ->where('model_id', $record->id)->first();
@@ -101,7 +101,7 @@ class CashRecordsTable
->icon('heroicon-o-x-circle') ->icon('heroicon-o-x-circle')
->color('danger') ->color('danger')
->visible(function (CashRecord $record): bool { ->visible(function (CashRecord $record): bool {
if (! auth()->user()->hasAnyRole(['ketua', 'super_admin'])) return false; if (! auth()->user()->can('Update:Approval')) return false;
if ($record->amount < 500_000 || $record->amount > 2_000_000) return false; if ($record->amount < 500_000 || $record->amount > 2_000_000) return false;
$approval = Approval::where('model_type', CashRecord::class) $approval = Approval::where('model_type', CashRecord::class)
->where('model_id', $record->id)->first(); ->where('model_id', $record->id)->first();
@@ -137,7 +137,7 @@ class CashRecordsTable
->requiresConfirmation() ->requiresConfirmation()
->hidden(fn (CashRecord $record) => $record->verified_at !== null) ->hidden(fn (CashRecord $record) => $record->verified_at !== null)
->visible(function (CashRecord $record): bool { ->visible(function (CashRecord $record): bool {
if (! auth()->user()->hasAnyRole(['ketua', 'super_admin', 'bendahara'])) return false; if (! auth()->user()->can('Update:CashRecord')) return false;
if ($record->verified_at) return false; if ($record->verified_at) return false;
// Cek threshold // Cek threshold
if ($record->amount >= 500_000 && $record->amount <= 2_000_000) { if ($record->amount >= 500_000 && $record->amount <= 2_000_000) {
app/Filament/Resources/Posts/PostResource.php
+2 -3
View File
@@ -23,17 +23,16 @@ class PostResource extends Resource
// Label dinamis sesuai role // Label dinamis sesuai role
public static function getModelLabel(): string public static function getModelLabel(): string
{ {
return auth()->user()?->hasAnyRole(['super_admin', 'ketua', 'auditor']) return auth()->user()?->can('ViewAny:Post') && auth()->user()?->can('Update:Post')
? 'Artikel' ? 'Artikel'
: 'Artikel Saya'; : 'Artikel Saya';
} }
// Scope: ketua/super_admin/auditor lihat semua, lainnya hanya milik sendiri
public static function getEloquentQuery(): Builder public static function getEloquentQuery(): Builder
{ {
$query = parent::getEloquentQuery(); $query = parent::getEloquentQuery();
if (auth()->user()?->hasAnyRole(['super_admin', 'ketua', 'auditor'])) { if (auth()->user()?->can('Update:Post')) {
return $query; return $query;
} }
app/Filament/Resources/Posts/Schemas/PostForm.php
+1 -1
View File
@@ -13,7 +13,7 @@ class PostForm
{ {
public static function configure(Schema $schema): Schema public static function configure(Schema $schema): Schema
{ {
$isAdmin = auth()->user()?->hasAnyRole(['super_admin', 'ketua']); $isAdmin = auth()->user()?->can('Update:Post');
return $schema->components([ return $schema->components([
TextInput::make('title')->label('Judul')->required() TextInput::make('title')->label('Judul')->required()
app/Filament/Resources/Posts/Tables/PostsTable.php
+1 -1
View File
@@ -16,7 +16,7 @@ class PostsTable
{ {
public static function configure(Table $table): Table public static function configure(Table $table): Table
{ {
$isAdmin = auth()->user()?->hasAnyRole(['super_admin', 'ketua']); $isAdmin = auth()->user()?->can('Update:Post');
return $table return $table
->columns([ ->columns([
app/Policies/ActivityPolicy.php
+1 -1
View File
@@ -20,7 +20,7 @@ class ActivityPolicy
public function view(AuthUser $authUser, Activity $activity): bool public function view(AuthUser $authUser, Activity $activity): bool
{ {
if ($activity->status === 'draft' && $activity->created_by !== $authUser->id) { if ($activity->status === 'draft' && $activity->created_by !== $authUser->id) {
return $authUser->hasRole('super_admin'); return $authUser->can('ViewDraft:Activity');
} }
return $authUser->can('View:Activity'); return $authUser->can('View:Activity');
} }
database/seeders/PermissionSeeder.php
+5
View File
@@ -17,6 +17,11 @@ class PermissionSeeder extends Seeder
$pengurus = Role::findByName('pengurus'); $pengurus = Role::findByName('pengurus');
$anggota = Role::findByName('anggota'); $anggota = Role::findByName('anggota');
$auditor = Role::findByName('auditor'); $auditor = Role::findByName('auditor');
$superAdmin = Role::findByName('super_admin');
// Permission khusus yang tidak di-generate Shield
Permission::firstOrCreate(['name' => 'ViewDraft:Activity', 'guard_name' => 'web']);
$superAdmin->givePermissionTo('ViewDraft:Activity');
// Ketua: akses penuh kecuali shield roles // Ketua: akses penuh kecuali shield roles
$ketua->syncPermissions(Permission::where('name', 'not like', '%Role%') $ketua->syncPermissions(Permission::where('name', 'not like', '%Role%')