saufi/eCert-MBIP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: two-role system — super_admin & admin program (Fasa 12)

Browse Source 
- Replace is_admin boolean with role enum('super_admin','admin') via migration
- ProgramPolicy: admin program can only view/edit/delete own programs
- EnsureIsAdmin: accepts both roles; EnsureSuperAdmin: super_admin only
- UserController + views: super_admin can manage admin accounts
- Sidebar: user management link & role badge gated on isSuperAdmin()
- Fix Controller base class: add AuthorizesRequests trait
- Fix tests: replace nonAdmin() (invalid enum) with adminProgram() against super_admin-only route

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Saufi
2026-05-18 08:47:58 +08:00
parent 700fbd1bcc
commit c9b50ccc5e
18 changed files with 503 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Controllers/Admin/ProgramController.php
View File

@@ -19,6 +19,11 @@ class ProgramController extends Controller
->withCount(['attendances', 'programParticipants']) ->withCount(['attendances', 'programParticipants'])
->latest(); ->latest();
// Admin program hanya nampak program sendiri
if (auth()->user()->isAdminProgram()) {
$query->where('created_by', auth()->id());
}
if ($request->filled('search')) { if ($request->filled('search')) {
$query->where(function ($q) use ($request) { $query->where(function ($q) use ($request) {
$q->where('title', 'like', '%' . $request->search . '%') $q->where('title', 'like', '%' . $request->search . '%')
@@ -57,6 +62,8 @@ class ProgramController extends Controller
public function show(Program $program): View public function show(Program $program): View
{ {
$this->authorize('view', $program);
$program->load([ $program->load([
'qrCode', 'qrCode',
'certificateTemplate', 'certificateTemplate',
@@ -77,11 +84,15 @@ class ProgramController extends Controller
public function edit(Program $program): View public function edit(Program $program): View
{ {
$this->authorize('update', $program);
return view('admin.programs.edit', compact('program')); return view('admin.programs.edit', compact('program'));
} }
public function update(UpdateProgramRequest $request, Program $program): RedirectResponse public function update(UpdateProgramRequest $request, Program $program): RedirectResponse
{ {
$this->authorize('update', $program);
$old = $program->only([ $old = $program->only([
'title', 'status', 'checkin_start_at', 'checkin_end_at', 'title', 'status', 'checkin_start_at', 'checkin_end_at',
'ecert_download_start_at', 'ecert_download_end_at', 'ecert_download_start_at', 'ecert_download_end_at',
@@ -98,6 +109,8 @@ class ProgramController extends Controller
public function destroy(Program $program): RedirectResponse public function destroy(Program $program): RedirectResponse
{ {
$this->authorize('delete', $program);
if ($program->attendances()->exists()) { if ($program->attendances()->exists()) {
return back()->with('error', 'Program tidak boleh dipadam kerana sudah ada rekod kehadiran.'); return back()->with('error', 'Program tidak boleh dipadam kerana sudah ada rekod kehadiran.');
} }
@@ -113,6 +126,8 @@ class ProgramController extends Controller
public function publish(Program $program): RedirectResponse public function publish(Program $program): RedirectResponse
{ {
$this->authorize('update', $program);
if ($program->status !== 'draft') { if ($program->status !== 'draft') {
return back()->with('error', 'Hanya program berstatus Draf boleh diterbitkan.'); return back()->with('error', 'Hanya program berstatus Draf boleh diterbitkan.');
} }
@@ -125,6 +140,8 @@ class ProgramController extends Controller
public function close(Program $program): RedirectResponse public function close(Program $program): RedirectResponse
{ {
$this->authorize('update', $program);
if ($program->status !== 'published') { if ($program->status !== 'published') {
return back()->with('error', 'Hanya program berstatus Diterbitkan boleh ditutup.'); return back()->with('error', 'Hanya program berstatus Diterbitkan boleh ditutup.');
} }

89
app/Http/Controllers/Admin/UserController.php Normal file
View File

@@ -0,0 +1,89 @@
<?php
namespace App\Http\Controllers\Admin;
use App\Http\Controllers\Controller;
use App\Models\User;
use App\Services\AuditLogService;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Validation\Rules\Password;
use Illuminate\View\View;
class UserController extends Controller
{
public function index(): View
{
$users = User::withCount('programs')->latest()->paginate(20);
return view('admin.users.index', compact('users'));
}
public function create(): View
{
return view('admin.users.create');
}
public function store(Request $request): RedirectResponse
{
$data = $request->validate([
'name' => 'required|string|max:255',
'email' => 'required|email|max:255|unique:users,email',
'role' => 'required|in:super_admin,admin',
'password' => ['required', 'confirmed', Password::min(8)->mixedCase()->numbers()],
]);
$user = User::create($data);
AuditLogService::log('user.created', $user, [], ['email' => $user->email, 'role' => $user->role]);
return redirect()->route('admin.users.index')
->with('success', 'Pengguna "' . $user->name . '" berjaya ditambah.');
}
public function edit(User $user): View
{
return view('admin.users.edit', compact('user'));
}
public function update(Request $request, User $user): RedirectResponse
{
$rules = [
'name' => 'required|string|max:255',
'email' => 'required|email|max:255|unique:users,email,' . $user->id,
'role' => 'required|in:super_admin,admin',
];
if ($request->filled('password')) {
$rules['password'] = ['confirmed', Password::min(8)->mixedCase()->numbers()];
}
$data = $request->validate($rules);
if (! $request->filled('password')) {
unset($data['password']);
}
$old = $user->only(['name', 'email', 'role']);
$user->update($data);
AuditLogService::log('user.updated', $user, $old, $user->only(['name', 'email', 'role']));
return redirect()->route('admin.users.index')
->with('success', 'Maklumat pengguna "' . $user->name . '" berjaya dikemas kini.');
}
public function destroy(User $user): RedirectResponse
{
if ($user->id === auth()->id()) {
return back()->with('error', 'Anda tidak boleh padam akaun sendiri.');
}
$name = $user->name;
AuditLogService::log('user.deleted', $user);
$user->delete();
return redirect()->route('admin.users.index')
->with('success', 'Pengguna "' . $name . '" berjaya dipadam.');
}
}

4
app/Http/Controllers/Controller.php
View File

@@ -2,7 +2,9 @@
namespace App\Http\Controllers; namespace App\Http\Controllers;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
abstract class Controller abstract class Controller
{ {
// use AuthorizesRequests;
} }

4
app/Http/Middleware/EnsureIsAdmin.php
View File

@@ -10,7 +10,9 @@ class EnsureIsAdmin
{ {
public function handle(Request $request, Closure $next): Response public function handle(Request $request, Closure $next): Response
{ {
if (! $request->user()?->is_admin) { $role = $request->user()?->role;
if (! in_array($role, ['super_admin', 'admin'])) {
abort(403, 'Akses ditolak.'); abort(403, 'Akses ditolak.');
} }

19
app/Http/Middleware/EnsureSuperAdmin.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class EnsureSuperAdmin
{
public function handle(Request $request, Closure $next): Response
{
if ($request->user()?->role !== 'super_admin') {
abort(403, 'Hanya Super Admin boleh mengakses bahagian ini.');
}
return $next($request);
}
}

18
app/Models/User.php
View File

@@ -12,7 +12,7 @@ class User extends Authenticatable
/** @use HasFactory<UserFactory> */ /** @use HasFactory<UserFactory> */
use HasFactory, Notifiable; use HasFactory, Notifiable;
protected $fillable = ['name', 'email', 'password', 'is_admin']; protected $fillable = ['name', 'email', 'password', 'role'];
protected $hidden = ['password', 'remember_token']; protected $hidden = ['password', 'remember_token'];
protected function casts(): array protected function casts(): array
@@ -20,10 +20,24 @@ class User extends Authenticatable
return [ return [
'email_verified_at' => 'datetime', 'email_verified_at' => 'datetime',
'password' => 'hashed', 'password' => 'hashed',
'is_admin' => 'boolean',
]; ];
} }
public function isSuperAdmin(): bool
{
return $this->role === 'super_admin';
}
public function isAdminProgram(): bool
{
return $this->role === 'admin';
}
public function canAccessProgram(Program $program): bool
{
return $this->isSuperAdmin() || $program->created_by === $this->id;
}
public function programs() public function programs()
{ {
return $this->hasMany(Program::class, 'created_by'); return $this->hasMany(Program::class, 'created_by');

34
app/Policies/ProgramPolicy.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
namespace App\Policies;
use App\Models\Program;
use App\Models\User;
class ProgramPolicy
{
public function viewAny(User $user): bool
{
return true; // Both roles can see programs list (scoped per controller)
}
public function view(User $user, Program $program): bool
{
return $user->canAccessProgram($program);
}
public function create(User $user): bool
{
return true; // Both roles can create programs
}
public function update(User $user, Program $program): bool
{
return $user->canAccessProgram($program);
}
public function delete(User $user, Program $program): bool
{
return $user->canAccessProgram($program);
}
}

6
app/Providers/AppServiceProvider.php
View File

@@ -2,9 +2,12 @@
namespace App\Providers; namespace App\Providers;
use App\Models\Program;
use App\Policies\ProgramPolicy;
use Illuminate\Cache\RateLimiting\Limit; use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Pagination\Paginator; use Illuminate\Pagination\Paginator;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\RateLimiter; use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Facades\URL; use Illuminate\Support\Facades\URL;
use Illuminate\Support\ServiceProvider; use Illuminate\Support\ServiceProvider;
@@ -15,6 +18,9 @@ class AppServiceProvider extends ServiceProvider
public function boot(): void public function boot(): void
{ {
// Policies
Gate::policy(Program::class, ProgramPolicy::class);
// Bootstrap pagination // Bootstrap pagination
Paginator::useBootstrapFive(); Paginator::useBootstrapFive();

3
bootstrap/app.php
View File

@@ -12,7 +12,8 @@ return Application::configure(basePath: dirname(__DIR__))
) )
->withMiddleware(function (Middleware $middleware): void { ->withMiddleware(function (Middleware $middleware): void {
$middleware->alias([ $middleware->alias([
'admin' => \App\Http\Middleware\EnsureIsAdmin::class, 'admin' => \App\Http\Middleware\EnsureIsAdmin::class,
'super_admin' => \App\Http\Middleware\EnsureSuperAdmin::class,
]); ]);
}) })
->withExceptions(function (Exceptions $exceptions): void { ->withExceptions(function (Exceptions $exceptions): void {

11
database/factories/UserFactory.php
View File

@@ -30,7 +30,7 @@ class UserFactory extends Factory
'email_verified_at' => now(), 'email_verified_at' => now(),
'password' => static::$password ??= Hash::make('password'), 'password' => static::$password ??= Hash::make('password'),
'remember_token' => Str::random(10), 'remember_token' => Str::random(10),
'is_admin' => true, 'role' => 'super_admin',
]; ];
} }
@@ -41,8 +41,15 @@ class UserFactory extends Factory
]); ]);
} }
public function adminProgram(): static
{
return $this->state(fn (array $attributes) => ['role' => 'admin']);
}
public function nonAdmin(): static public function nonAdmin(): static
{ {
return $this->state(fn (array $attributes) => ['is_admin' => false]); // role='none' bukan dalam enum yang valid → EnsureIsAdmin returns 403
// SQLite tidak enforce enum constraint dalam tests
return $this->state(fn (array $attributes) => ['role' => 'none']);
} }
} }

36
database/migrations/2026_05_17_000001_replace_is_admin_with_role_on_users_table.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
public function up(): void
{
Schema::table('users', function (Blueprint $table) {
$table->enum('role', ['super_admin', 'admin'])->default('admin')->after('password');
});
// Migrate existing is_admin=true rows to super_admin
DB::table('users')->where('is_admin', true)->update(['role' => 'super_admin']);
Schema::table('users', function (Blueprint $table) {
$table->dropColumn('is_admin');
});
}
public function down(): void
{
Schema::table('users', function (Blueprint $table) {
$table->boolean('is_admin')->default(false)->after('password');
});
DB::table('users')->where('role', 'super_admin')->update(['is_admin' => true]);
Schema::table('users', function (Blueprint $table) {
$table->dropColumn('role');
});
}
};

2
database/seeders/AdminSeeder.php
View File

@@ -15,7 +15,7 @@ class AdminSeeder extends Seeder
[ [
'name' => 'Admin eCert MBIP', 'name' => 'Admin eCert MBIP',
'password' => Hash::make('Admin@MBIP2025!'), 'password' => Hash::make('Admin@MBIP2025!'),
'is_admin' => true, 'role' => 'super_admin',
] ]
); );

76
resources/views/admin/users/create.blade.php Normal file
View File

@@ -0,0 +1,76 @@
@extends('layouts.admin')
@section('title', 'Tambah Pengguna')
@section('header', 'Tambah Pengguna Baru')
@section('breadcrumb')
<li class="breadcrumb-item"><a href="{{ route('admin.users.index') }}">Pengguna</a></li>
<li class="breadcrumb-item active">Tambah Baru</li>
@endsection
@section('content')
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card border-0 shadow-sm">
<div class="card-body p-4">
<form method="POST" action="{{ route('admin.users.store') }}">
@csrf
<div class="mb-3">
<label class="form-label fw-medium">Nama Penuh <span class="text-danger">*</span></label>
<input type="text" name="name" value="{{ old('name') }}"
class="form-control @error('name') is-invalid @enderror"
placeholder="Nama penuh pengguna">
@error('name')<div class="invalid-feedback">{{ $message }}</div>@enderror
</div>
<div class="mb-3">
<label class="form-label fw-medium">Emel <span class="text-danger">*</span></label>
<input type="email" name="email" value="{{ old('email') }}"
class="form-control @error('email') is-invalid @enderror"
placeholder="pengguna@mbip.gov.my">
@error('email')<div class="invalid-feedback">{{ $message }}</div>@enderror
</div>
<div class="mb-3">
<label class="form-label fw-medium">Peranan <span class="text-danger">*</span></label>
<select name="role" class="form-select @error('role') is-invalid @enderror">
<option value="admin" {{ old('role') === 'admin' ? 'selected' : '' }}>
Admin Program Boleh urus program sendiri sahaja
</option>
<option value="super_admin" {{ old('role') === 'super_admin' ? 'selected' : '' }}>
Super Admin Boleh urus semua program & pengguna
</option>
</select>
@error('role')<div class="invalid-feedback">{{ $message }}</div>@enderror
</div>
<div class="mb-3">
<label class="form-label fw-medium">Kata Laluan <span class="text-danger">*</span></label>
<input type="password" name="password"
class="form-control @error('password') is-invalid @enderror"
placeholder="Minimum 8 aksara, huruf besar, huruf kecil, nombor">
@error('password')<div class="invalid-feedback">{{ $message }}</div>@enderror
</div>
<div class="mb-4">
<label class="form-label fw-medium">Sahkan Kata Laluan <span class="text-danger">*</span></label>
<input type="password" name="password_confirmation"
class="form-control"
placeholder="Ulang kata laluan">
</div>
<div class="d-flex gap-2">
<button type="submit" class="btn btn-primary">
<i class="bi bi-person-check me-1"></i> Tambah Pengguna
</button>
<a href="{{ route('admin.users.index') }}" class="btn btn-outline-secondary">Batal</a>
</div>
</form>
</div>
</div>
</div>
</div>
@endsection

77
resources/views/admin/users/edit.blade.php Normal file
View File

@@ -0,0 +1,77 @@
@extends('layouts.admin')
@section('title', 'Edit Pengguna — ' . $user->name)
@section('header', 'Edit Pengguna')
@section('breadcrumb')
<li class="breadcrumb-item"><a href="{{ route('admin.users.index') }}">Pengguna</a></li>
<li class="breadcrumb-item active">{{ Str::limit($user->name, 30) }}</li>
@endsection
@section('content')
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card border-0 shadow-sm">
<div class="card-body p-4">
<form method="POST" action="{{ route('admin.users.update', $user) }}">
@csrf @method('PUT')
<div class="mb-3">
<label class="form-label fw-medium">Nama Penuh <span class="text-danger">*</span></label>
<input type="text" name="name" value="{{ old('name', $user->name) }}"
class="form-control @error('name') is-invalid @enderror">
@error('name')<div class="invalid-feedback">{{ $message }}</div>@enderror
</div>
<div class="mb-3">
<label class="form-label fw-medium">Emel <span class="text-danger">*</span></label>
<input type="email" name="email" value="{{ old('email', $user->email) }}"
class="form-control @error('email') is-invalid @enderror">
@error('email')<div class="invalid-feedback">{{ $message }}</div>@enderror
</div>
<div class="mb-3">
<label class="form-label fw-medium">Peranan <span class="text-danger">*</span></label>
<select name="role" class="form-select @error('role') is-invalid @enderror"
{{ $user->id === auth()->id() ? 'disabled' : '' }}>
<option value="admin" {{ old('role', $user->role) === 'admin' ? 'selected' : '' }}>
Admin Program
</option>
<option value="super_admin" {{ old('role', $user->role) === 'super_admin' ? 'selected' : '' }}>
Super Admin
</option>
</select>
@if($user->id === auth()->id())
<input type="hidden" name="role" value="{{ $user->role }}">
<div class="form-text text-warning"><i class="bi bi-exclamation-circle me-1"></i>Anda tidak boleh tukar peranan akaun sendiri.</div>
@endif
@error('role')<div class="invalid-feedback">{{ $message }}</div>@enderror
</div>
<div class="mb-3">
<label class="form-label fw-medium">Kata Laluan Baru <span class="text-muted small">(kosongkan jika tidak tukar)</span></label>
<input type="password" name="password"
class="form-control @error('password') is-invalid @enderror"
placeholder="Minimum 8 aksara, huruf besar, huruf kecil, nombor">
@error('password')<div class="invalid-feedback">{{ $message }}</div>@enderror
</div>
<div class="mb-4">
<label class="form-label fw-medium">Sahkan Kata Laluan Baru</label>
<input type="password" name="password_confirmation" class="form-control">
</div>
<div class="d-flex gap-2">
<button type="submit" class="btn btn-primary">
<i class="bi bi-check-lg me-1"></i> Simpan Perubahan
</button>
<a href="{{ route('admin.users.index') }}" class="btn btn-outline-secondary">Batal</a>
</div>
</form>
</div>
</div>
</div>
</div>
@endsection

83
resources/views/admin/users/index.blade.php Normal file
View File

@@ -0,0 +1,83 @@
@extends('layouts.admin')
@section('title', 'Pengurusan Pengguna')
@section('header', 'Pengurusan Pengguna')
@section('breadcrumb')
<li class="breadcrumb-item active">Pengguna</li>
@endsection
@section('header-actions')
<a href="{{ route('admin.users.create') }}" class="btn btn-sm btn-primary">
<i class="bi bi-person-plus me-1"></i> Tambah Pengguna
</a>
@endsection
@section('content')
<div class="card border-0 shadow-sm">
<div class="table-responsive">
<table class="table table-hover align-middle mb-0">
<thead class="table-light">
<tr>
<th>Nama</th>
<th>Emel</th>
<th>Peranan</th>
<th class="text-center">Program</th>
<th>Tarikh Daftar</th>
<th></th>
</tr>
</thead>
<tbody>
@forelse($users as $user)
<tr>
<td>
<div class="fw-medium">{{ $user->name }}</div>
@if($user->id === auth()->id())
<span class="badge bg-light text-muted border" style="font-size:.65rem;">Anda</span>
@endif
</td>
<td class="small text-muted">{{ $user->email }}</td>
<td>
@if($user->role === 'super_admin')
<span class="badge bg-danger">Super Admin</span>
@else
<span class="badge bg-primary">Admin Program</span>
@endif
</td>
<td class="text-center">
<span class="badge bg-secondary">{{ $user->programs_count }}</span>
</td>
<td class="small text-muted">{{ $user->created_at->format('d/m/Y') }}</td>
<td class="text-end">
<a href="{{ route('admin.users.edit', $user) }}"
class="btn btn-sm btn-outline-secondary">
<i class="bi bi-pencil"></i>
</a>
@if($user->id !== auth()->id())
<form method="POST" action="{{ route('admin.users.destroy', $user) }}"
class="d-inline"
onsubmit="return confirm('Padam pengguna {{ addslashes($user->name) }}? Program mereka tidak akan terjejas.')">
@csrf @method('DELETE')
<button class="btn btn-sm btn-outline-danger">
<i class="bi bi-trash"></i>
</button>
</form>
@endif
</td>
</tr>
@empty
<tr>
<td colspan="6" class="text-center py-4 text-muted">Tiada pengguna dijumpai.</td>
</tr>
@endforelse
</tbody>
</table>
</div>
@if($users->hasPages())
<div class="card-footer bg-white">{{ $users->links() }}</div>
@endif
</div>
@endsection

22
resources/views/layouts/admin.blade.php
View File

@@ -46,11 +46,26 @@
<i class="bi bi-clipboard2-check-fill"></i> Set Soalselidik <i class="bi bi-clipboard2-check-fill"></i> Set Soalselidik
</a> </a>
</li> </li>
@if(auth()->user()->isSuperAdmin())
<li class="nav-item mt-2">
<small class="text-white-50 px-3" style="font-size:.7rem; text-transform:uppercase; letter-spacing:.8px;">Sistem</small>
</li>
<li class="nav-item">
<a href="{{ route('admin.users.index') }}"
class="nav-link {{ request()->routeIs('admin.users.*') ? 'active' : '' }}">
<i class="bi bi-people-fill"></i> Pengurusan Pengguna
</a>
</li>
@endif
</ul> </ul>
<div class="px-3 pb-3 mt-auto"> <div class="px-3 pb-3 mt-auto">
<div class="border-top border-white border-opacity-25 pt-3"> <div class="border-top border-white border-opacity-25 pt-3">
<small class="text-white-50 d-block mb-1">{{ auth()->user()->name }}</small> <small class="text-white-50 d-block mb-1">{{ auth()->user()->name }}</small>
<span class="badge {{ auth()->user()->isSuperAdmin() ? 'bg-danger' : 'bg-primary' }} mb-2 d-inline-block">
{{ auth()->user()->isSuperAdmin() ? 'Super Admin' : 'Admin Program' }}
</span>
<form method="POST" action="{{ route('logout') }}"> <form method="POST" action="{{ route('logout') }}">
@csrf @csrf
<button type="submit" class="btn btn-sm btn-outline-light w-100"> <button type="submit" class="btn btn-sm btn-outline-light w-100">
@@ -145,6 +160,13 @@
<i class="bi bi-clipboard2-check-fill me-2"></i>Set Soalselidik <i class="bi bi-clipboard2-check-fill me-2"></i>Set Soalselidik
</a> </a>
</li> </li>
@if(auth()->user()->isSuperAdmin())
<li class="nav-item">
<a href="{{ route('admin.users.index') }}" class="nav-link {{ request()->routeIs('admin.users.*') ? 'active' : '' }}" style="color:rgba(255,255,255,.85);">
<i class="bi bi-people-fill me-2"></i>Pengurusan Pengguna
</a>
</li>
@endif
</ul> </ul>
</div> </div>
</div> </div>

6
routes/web.php
View File

@@ -2,6 +2,7 @@
use Illuminate\Support\Facades\Route; use Illuminate\Support\Facades\Route;
use App\Http\Controllers\Admin\DashboardController; use App\Http\Controllers\Admin\DashboardController;
use App\Http\Controllers\Admin\UserController;
use App\Http\Controllers\Admin\ProgramController; use App\Http\Controllers\Admin\ProgramController;
use App\Http\Controllers\Admin\QrCodeController; use App\Http\Controllers\Admin\QrCodeController;
use App\Http\Controllers\Admin\ParticipantController; use App\Http\Controllers\Admin\ParticipantController;
@@ -83,6 +84,11 @@ Route::middleware(['auth', 'admin'])->prefix('admin')->name('admin.')->group(fun
Route::post('/email-all', [AdminCertificateController::class, 'emailAll'])->name('email-all'); Route::post('/email-all', [AdminCertificateController::class, 'emailAll'])->name('email-all');
}); });
// User Management (Super Admin only)
Route::middleware('super_admin')->group(function () {
Route::resource('users', UserController::class)->except(['show']);
});
// Questionnaire Sets // Questionnaire Sets
Route::resource('questionnaires', QuestionnaireSetController::class)->except(['show'])->parameters(['questionnaires' => 'set']); Route::resource('questionnaires', QuestionnaireSetController::class)->except(['show'])->parameters(['questionnaires' => 'set']);
Route::post('/questionnaires/{set}/publish', [QuestionnaireSetController::class, 'publish'])->name('questionnaires.publish'); Route::post('/questionnaires/{set}/publish', [QuestionnaireSetController::class, 'publish'])->name('questionnaires.publish');

8
tests/Feature/AuthTest.php
View File

@@ -27,12 +27,12 @@ class AuthTest extends TestCase
$this->get('/admin/dashboard')->assertRedirect('/login'); $this->get('/admin/dashboard')->assertRedirect('/login');
} }
public function test_non_admin_cannot_access_admin_routes(): void public function test_admin_program_cannot_access_user_management(): void
{ {
$user = User::factory()->nonAdmin()->create(); $admin = User::factory()->adminProgram()->create();
$this->actingAs($user) $this->actingAs($admin)
->get('/admin/dashboard') ->get('/admin/users')
->assertForbidden(); ->assertForbidden();
} }