fix: authorization

app/Http/Controllers/CustomerController.php

@@ -2,7 +2,6 @@
 
 namespace App\Http\Controllers;
 
-use App\Models\Sale;
 use App\Models\Customer;
 use App\Http\Requests\Customer\StoreCustomerRequest;
 use App\Http\Requests\Customer\UpdateCustomerRequest;

app/Http/Controllers/PurchaseController.php

@@ -16,6 +16,8 @@ use Illuminate\Database\QueryException;
 use App\Http\Requests\Purchase\StorePurchaseRequest;
 use App\Http\Requests\Purchase\UpdatePurchaseRequest;
 use App\Models\Company;
+use App\Models\User;
+use App\Policies\PurchasePolicy;
 use App\Services\FunctionService;
 use App\Services\PurchaseService;
 
@@ -330,6 +332,8 @@ class PurchaseController extends Controller
 
     public function invoice(Purchase $purchase)
     {
+        $this->authorize("viewAny", Purchase::class);
+
         $ppn = Ppn::first()->ppn;
 
         $company = Company::first();
@@ -344,6 +348,8 @@ class PurchaseController extends Controller
 
     public function deliveryOrder(Purchase $purchase)
     {
+        $this->authorize("viewAny", Purchase::class);
+
         $company = Company::first();
 
         $pdf = Pdf::loadView(
@@ -358,6 +364,8 @@ class PurchaseController extends Controller
 
     public function report()
     {
+        $this->authorize("viewAny", User::class);
+
         return inertia("Purchases/Report", [
             "initialFilters" => request()->only(
                 "start_date",
@@ -385,6 +393,8 @@ class PurchaseController extends Controller
 
     public function reportExcel()
     {
+        $this->authorize("viewAny", User::class);
+
         return new PurchaseDetailsExport([
             "purchases" => PurchaseDetail::filter(
                 request()->only("start_date", "end_date", "status")

app/Http/Controllers/SalesController.php

@@ -206,6 +206,8 @@ class SalesController extends Controller
 
     public function invoice(Sale $sale)
     {
+        $this->authorize("viewAny", Sale::class);
+
         $ppn = Ppn::first()->ppn;
 
         $company = Company::first();
@@ -220,6 +222,8 @@ class SalesController extends Controller
 
     public function deliveryOrder(Sale $sale)
     {
+        $this->authorize("viewAny", Sale::class);
+
         $company = Company::first();
 
         $pdf = Pdf::loadView("PDF.Sales.Do", compact("sale", "company"));
@@ -231,6 +235,8 @@ class SalesController extends Controller
 
     public function report()
     {
+        $this->authorize("viewAny", User::class);
+
         return inertia("Sales/Report", [
             "initialFilters" => request()->only("start_date", "end_date"),
             "sales" => SaleDetail::filter(
@@ -254,6 +260,8 @@ class SalesController extends Controller
 
     public function reportExcel()
     {
+        $this->authorize("viewAny", User::class);
+
         return new SaleDetailsExport([
             "sales" => SaleDetail::filter(
                 request()->only("start_date", "end_date")

app/Http/Controllers/SettingController.php

@@ -15,6 +15,8 @@ class SettingController extends Controller
      */
     public function index()
     {
+        $this->authorize("viewAny", User::class);
+
         return inertia("Settings/Index", [
             "ppn" => Ppn::first(),
             "company" => Company::first(),

app/Policies/ReportPolicy.php

@@ -1,94 +0,0 @@
-<?php
-
-namespace App\Policies;
-
-use App\Models\Report;
-use App\Models\User;
-use Illuminate\Auth\Access\HandlesAuthorization;
-
-class ReportPolicy
-{
-    use HandlesAuthorization;
-
-    /**
-     * Determine whether the user can view any models.
-     *
-     * @param  \App\Models\User  $user
-     * @return \Illuminate\Auth\Access\Response|bool
-     */
-    public function viewAny(User $user)
-    {
-        return $user->role_id === 1;
-    }
-
-    /**
-     * Determine whether the user can view the model.
-     *
-     * @param  \App\Models\User  $user
-     * @param  \App\Models\Report  $report
-     * @return \Illuminate\Auth\Access\Response|bool
-     */
-    public function view(User $user, Report $report)
-    {
-        return $user->role_id === 1;
-    }
-
-    /**
-     * Determine whether the user can create models.
-     *
-     * @param  \App\Models\User  $user
-     * @return \Illuminate\Auth\Access\Response|bool
-     */
-    public function create(User $user)
-    {
-        return $user->role_id === 1;
-    }
-
-    /**
-     * Determine whether the user can update the model.
-     *
-     * @param  \App\Models\User  $user
-     * @param  \App\Models\Report  $report
-     * @return \Illuminate\Auth\Access\Response|bool
-     */
-    public function update(User $user, Report $report)
-    {
-        return $user->role_id === 1;
-    }
-
-    /**
-     * Determine whether the user can delete the model.
-     *
-     * @param  \App\Models\User  $user
-     * @param  \App\Models\Report  $report
-     * @return \Illuminate\Auth\Access\Response|bool
-     */
-    public function delete(User $user, Report $report)
-    {
-        return $user->role_id === 1;
-    }
-
-    /**
-     * Determine whether the user can restore the model.
-     *
-     * @param  \App\Models\User  $user
-     * @param  \App\Models\Report  $report
-     * @return \Illuminate\Auth\Access\Response|bool
-     */
-    public function restore(User $user, Report $report)
-    {
-        //
-    }
-
-    /**
-     * Determine whether the user can permanently delete the model.
-     *
-     * @param  \App\Models\User  $user
-     * @param  \App\Models\Report  $report
-     * @return \Illuminate\Auth\Access\Response|bool
-     */
-    public function forceDelete(User $user, Report $report)
-    {
-        //
-    }
-}

app/Providers/AuthServiceProvider.php

@@ -2,7 +2,18 @@
 
 namespace App\Providers;
 
+use App\Models\Customer;
+use App\Models\Product;
+use App\Models\Purchase;
+use App\Models\StockProduct;
+use App\Models\Supplier;
 use App\Models\User;
+use App\Policies\CustomerPolicy;
+use App\Policies\ProductPolicy;
+use App\Policies\PurchasePolicy;
+use App\Policies\SalePolicy;
+use App\Policies\StockProductPolicy;
+use App\Policies\SupplierPolicy;
 use App\Policies\UserPolicy;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 
@@ -15,7 +26,13 @@ class AuthServiceProvider extends ServiceProvider
      */
     protected $policies = [
         // Class::class => ClassPolicy::class,
-        User::class => UserPolicy::class
+        Customer::class => CustomerPolicy::class,
+        Product::class => ProductPolicy::class,
+        Purchase::class => PurchasePolicy::class,
+        Sale::class => SalePolicy::class,
+        StockProduct::class => StockProductPolicy::class,
+        Supplier::class => SupplierPolicy::class,
+        User::class => UserPolicy::class,
     ];
 
     /**