feat: program management

- ProgramController: full CRUD, publish, close, delete (guarded if attendance exists) - StoreProgramRequest + UpdateProgramRequest with Malay attribute names - AuditLogService: logs admin actions, redacts sensitive fields (no_kp, token, password) - Program index: search, status filter, pagination (Bootstrap 5) - Program create/edit: shared _form partial with all fields (dates, sessions, walk-in toggle) - Program show: tab layout (participants, qr, template, questionnaire, statistics) - Bootstrap 5 pagination via Paginator::useBootstrapFive() Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-16 19:31:00 +08:00
parent 5b85822b78
commit d0be749f29
10 changed files with 882 additions and 35 deletions
--- a/app/Http/Controllers/Admin/ProgramController.php
+++ b/app/Http/Controllers/Admin/ProgramController.php
@@ -3,63 +3,135 @@
 namespace App\Http\Controllers\Admin;

 use App\Http\Controllers\Controller;
+use App\Http\Requests\Admin\StoreProgramRequest;
+use App\Http\Requests\Admin\UpdateProgramRequest;
+use App\Models\Program;
+use App\Services\AuditLogService;
+use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
+use Illuminate\View\View;

 class ProgramController extends Controller
 {
-    /**
-     * Display a listing of the resource.
-     */
-    public function index()
+    public function index(Request $request): View
    {
-        //
+        $query = Program::with('creator')
+            ->withCount(['attendances', 'programParticipants'])
+            ->latest();
+
+        if ($request->filled('search')) {
+            $query->where(function ($q) use ($request) {
+                $q->where('title', 'like', '%' . $request->search . '%')
+                  ->orWhere('organizer', 'like', '%' . $request->search . '%')
+                  ->orWhere('location', 'like', '%' . $request->search . '%');
+            });
+        }
+
+        if ($request->filled('status')) {
+            $query->where('status', $request->status);
+        }
+
+        $programs = $query->paginate(15)->withQueryString();
+
+        return view('admin.programs.index', compact('programs'));
    }

-    /**
-     * Show the form for creating a new resource.
-     */
-    public function create()
+    public function create(): View
    {
-        //
+        return view('admin.programs.create');
    }

-    /**
-     * Store a newly created resource in storage.
-     */
-    public function store(Request $request)
+    public function store(StoreProgramRequest $request): RedirectResponse
    {
-        //
+        $program = Program::create([
+            ...$request->validated(),
+            'created_by' => auth()->id(),
+        ]);
+
+        AuditLogService::log('program.created', $program);
+
+        return redirect()
+            ->route('admin.programs.show', $program)
+            ->with('success', 'Program "' . $program->title . '" berjaya ditambah.');
    }

-    /**
-     * Display the specified resource.
-     */
-    public function show(string $id)
+    public function show(Program $program): View
    {
-        //
+        $program->load([
+            'qrCode',
+            'certificateTemplate',
+            'questionnaire.questionnaireSet.questions',
+        ]);
+
+        $stats = [
+            'total_participants'    => $program->programParticipants()->count(),
+            'pre_registered'        => $program->programParticipants()->where('is_pre_registered', true)->count(),
+            'walk_in'               => $program->programParticipants()->where('registration_source', 'walk_in')->count(),
+            'total_attendances'     => $program->attendances()->count(),
+            'total_certificates'    => $program->certificates()->count(),
+            'generated_certificates'=> $program->certificates()->whereIn('status', ['generated', 'emailed', 'downloaded'])->count(),
+        ];
+
+        return view('admin.programs.show', compact('program', 'stats'));
    }

-    /**
-     * Show the form for editing the specified resource.
-     */
-    public function edit(string $id)
+    public function edit(Program $program): View
    {
-        //
+        return view('admin.programs.edit', compact('program'));
    }

-    /**
-     * Update the specified resource in storage.
-     */
-    public function update(Request $request, string $id)
+    public function update(UpdateProgramRequest $request, Program $program): RedirectResponse
    {
-        //
+        $old = $program->only([
+            'title', 'status', 'checkin_start_at', 'checkin_end_at',
+            'ecert_download_start_at', 'ecert_download_end_at',
+        ]);
+
+        $program->update($request->validated());
+
+        AuditLogService::log('program.updated', $program, $old);
+
+        return redirect()
+            ->route('admin.programs.show', $program)
+            ->with('success', 'Maklumat program berjaya dikemas kini.');
    }

-    /**
-     * Remove the specified resource from storage.
-     */
-    public function destroy(string $id)
+    public function destroy(Program $program): RedirectResponse
    {
-        //
+        if ($program->attendances()->exists()) {
+            return back()->with('error', 'Program tidak boleh dipadam kerana sudah ada rekod kehadiran.');
+        }
+
+        $title = $program->title;
+        AuditLogService::log('program.deleted', $program);
+        $program->delete();
+
+        return redirect()
+            ->route('admin.programs.index')
+            ->with('success', 'Program "' . $title . '" berjaya dipadam.');
+    }
+
+    public function publish(Program $program): RedirectResponse
+    {
+        if ($program->status !== 'draft') {
+            return back()->with('error', 'Hanya program berstatus Draf boleh diterbitkan.');
+        }
+
+        $program->update(['status' => 'published']);
+        AuditLogService::log('program.published', $program);
+
+        return back()->with('success', 'Program berjaya diterbitkan.');
+    }
+
+    public function close(Program $program): RedirectResponse
+    {
+        if ($program->status !== 'published') {
+            return back()->with('error', 'Hanya program berstatus Diterbitkan boleh ditutup.');
+        }
+
+        $program->update(['status' => 'closed']);
+        AuditLogService::log('program.closed', $program);
+
+        return back()->with('success', 'Program berjaya ditutup.');
    }
 }
--- a/app/Http/Requests/Admin/StoreProgramRequest.php
+++ b/app/Http/Requests/Admin/StoreProgramRequest.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Http\Requests\Admin;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class StoreProgramRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return auth()->check();
+    }
+
+    public function rules(): array
+    {
+        return [
+            'title'                    => ['required', 'string', 'max:255'],
+            'description'              => ['nullable', 'string', 'max:5000'],
+            'organizer'                => ['required', 'string', 'max:255'],
+            'location'                 => ['required', 'string', 'max:500'],
+            'start_date'               => ['required', 'date'],
+            'end_date'                 => ['required', 'date', 'gte:start_date'],
+            'checkin_start_at'         => ['nullable', 'date'],
+            'checkin_end_at'           => ['nullable', 'date', 'after_or_equal:checkin_start_at'],
+            'ecert_download_start_at'  => ['nullable', 'date'],
+            'ecert_download_end_at'    => ['nullable', 'date', 'after_or_equal:ecert_download_start_at'],
+            'allow_walk_in'            => ['boolean'],
+            'default_staff_session'    => ['nullable', 'in:pagi,petang,full_day'],
+            'default_external_session' => ['nullable', 'in:pagi,petang,full_day'],
+        ];
+    }
+
+    public function attributes(): array
+    {
+        return [
+            'title'                    => 'nama program',
+            'organizer'                => 'penganjur',
+            'location'                 => 'lokasi',
+            'start_date'               => 'tarikh mula',
+            'end_date'                 => 'tarikh tamat',
+            'checkin_start_at'         => 'masa mula check-in',
+            'checkin_end_at'           => 'masa tamat check-in',
+            'ecert_download_start_at'  => 'masa mula download sijil',
+            'ecert_download_end_at'    => 'masa tamat download sijil',
+            'default_staff_session'    => 'sesi default kakitangan',
+            'default_external_session' => 'sesi default peserta luar',
+        ];
+    }
+
+    protected function prepareForValidation(): void
+    {
+        $this->merge([
+            'allow_walk_in' => $this->boolean('allow_walk_in'),
+        ]);
+    }
+}
--- a/app/Http/Requests/Admin/UpdateProgramRequest.php
+++ b/app/Http/Requests/Admin/UpdateProgramRequest.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace App\Http\Requests\Admin;
+
+class UpdateProgramRequest extends StoreProgramRequest
+{
+    // Inherits all rules from StoreProgramRequest.
+    // Status changes handled via dedicated publish/close actions, not here.
+}
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -4,6 +4,7 @@ namespace App\Providers;

 use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Http\Request;
+use Illuminate\Pagination\Paginator;
 use Illuminate\Support\Facades\RateLimiter;
 use Illuminate\Support\Facades\URL;
 use Illuminate\Support\ServiceProvider;
@@ -14,6 +15,9 @@ class AppServiceProvider extends ServiceProvider

    public function boot(): void
    {
+        // Bootstrap pagination
+        Paginator::useBootstrapFive();
+
        // Rate limiters for public routes
        RateLimiter::for('checkin', fn(Request $request) =>
            Limit::perMinute(60)->by($request->ip())
--- a/app/Services/AuditLogService.php
+++ b/app/Services/AuditLogService.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Services;
+
+use App\Models\AuditLog;
+use Illuminate\Database\Eloquent\Model;
+
+class AuditLogService
+{
+    public static function log(
+        string $action,
+        ?Model $model = null,
+        array $oldValues = [],
+        array $newValues = []
+    ): void {
+        try {
+            AuditLog::create([
+                'user_id'        => auth()->id(),
+                'action'         => $action,
+                'auditable_type' => $model ? get_class($model) : null,
+                'auditable_id'   => $model?->getKey(),
+                'old_values'     => self::redact($oldValues),
+                'new_values'     => self::redact($newValues),
+                'ip_address'     => request()->ip(),
+                'user_agent'     => substr(request()->userAgent() ?? '', 0, 500),
+            ]);
+        } catch (\Throwable) {
+            // Audit log failure must not break the main flow.
+        }
+    }
+
+    private static function redact(array $values): array
+    {
+        // Never log these sensitive fields.
+        $sensitive = ['no_kp', 'password', 'token', 'remember_token'];
+
+        return array_diff_key($values, array_flip($sensitive));
+    }
+}