saufi/eCert-MBIP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: security hardening (Fasa 10)

Browse Source 
- EnsureIsAdmin middleware: gates all admin routes on is_admin flag
- Apply admin middleware to entire admin route group
- Fix questionnaire resource route parameter name mismatch ({set})
- Audit log on questionnaire confirmation

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Saufi
2026-05-16 23:54:11 +08:00
parent 165f22fe6f
commit a41ff59009
4 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Controllers/Admin/ProgramQuestionnaireController.php
View File

@@ -6,6 +6,7 @@ use App\Http\Controllers\Controller;
use App\Models\Program;
use App\Models\ProgramQuestionnaire;
use App\Models\QuestionnaireSet;
use App\Services\AuditLogService;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\View\View;
@@ -63,6 +64,8 @@ class ProgramQuestionnaireController extends Controller
'confirmed_by' => auth()->id(),
]);
AuditLogService::log('questionnaire.confirmed', $pq, [], ['program_id' => $program->id, 'questionnaire_set_id' => $pq->questionnaire_set_id]);
return back()->with('success', 'Soalselidik telah disahkan untuk program ini.');
}