/
home
/
sjslayjy
/
public_html
/
ccbfsoution
/
app
/
Http
/
Controllers
/
Admin
/
Upload File
HOME
<?php namespace App\Http\Controllers\Admin; use App\Http\Controllers\Controller; use Illuminate\Http\Request; use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Auth; // Don't forget to import Auth class UsersController extends Controller { /** * Display a listing of the users based on user role and site access. */ public function index(Request $request) { $authenticatedUser = Auth::user(); $query = DB::table('users'); // Apply role-based and site-based data filtering if ($authenticatedUser->role == 1) { // Role 1 (Admin): See all users. } elseif ($authenticatedUser->role == 2 && str_contains($authenticatedUser->site_id, '1')) { $query->where(function ($q) { $q->where('site_name', '1') ->orWhere('site_name', 'like', '1,%') ->orWhere('site_name', 'like', '%,1') ->orWhere('site_name', 'like', '%,1,%'); }); } elseif ($authenticatedUser->role == 3 && str_contains($authenticatedUser->site_id, '2')) { $query->where(function ($q) { $q->where('site_name', '2') ->orWhere('site_name', 'like', '2,%') ->orWhere('site_name', 'like', '%,2') ->orWhere('site_name', 'like', '%,2,%'); }); } elseif ($authenticatedUser->role == 4) { // Role 4 - Show users with the same site_id(s) $siteIds = explode(',', $authenticatedUser->site_id); $query->where(function ($q) use ($siteIds) { foreach ($siteIds as $siteId) { $q->orWhere('site_name', $siteId) ->orWhere('site_name', 'like', "{$siteId},%") ->orWhere('site_name', 'like', "%,{$siteId}") ->orWhere('site_name', 'like', "%,{$siteId},%"); } }); } elseif ($authenticatedUser->role == 5 && str_contains($authenticatedUser->site_id, '4')) { // Role 5 - Show users with site_id 4 (Test site) $query->where(function ($q) { $q->where('site_name', '4') ->orWhere('site_name', 'like', '4,%') ->orWhere('site_name', 'like', '%,4') ->orWhere('site_name', 'like', '%,4,%'); }); } else { $query->whereRaw('1 = 0'); // No access for undefined roles } // Apply search filter if present if ($request->has('search')) { $search = $request->search; $query->where(function($q) use ($search) { $q->where('name', 'LIKE', "%{$search}%") ->orWhere('email', 'LIKE', "%{$search}%"); }); } $users = $query->paginate(10); // Get blocks based on user's site access $blocks = collect(); if ($authenticatedUser->role == 1) { // Superadmin can see all blocks $blocks = DB::table('master_land')->select('block_name')->distinct()->get(); } else { // Other users see blocks only from their assigned sites $userSiteIds = explode(',', $authenticatedUser->site_id); $blocks = DB::table('master_land') ->join('master_sites', 'master_land.site_id', '=', 'master_sites.id') ->whereIn('master_land.site_id', $userSiteIds) ->select('master_land.block_name') ->distinct() ->get(); } // Sites for Add User modal $sites = collect(); if ($authenticatedUser->role == 1) { $sites = DB::table('master_sites')->select('id', 'site_name')->get(); } elseif ($authenticatedUser->role == 2 && str_contains($authenticatedUser->site_id, '1')) { $sites = DB::table('master_sites')->select('id', 'site_name')->where('id', 1)->get(); } elseif ($authenticatedUser->role == 3 && str_contains($authenticatedUser->site_id, '2')) { $sites = DB::table('master_sites')->select('id', 'site_name')->where('id', 2)->get(); } elseif ($authenticatedUser->role == 4) { $siteIds = explode(',', $authenticatedUser->site_id); $sites = DB::table('master_sites')->select('id', 'site_name')->whereIn('id', $siteIds)->get(); } elseif ($authenticatedUser->role == 5 && str_contains($authenticatedUser->site_id, '4')) { $sites = DB::table('master_sites')->select('id', 'site_name')->where('id', 4)->get(); } return view('admin.user', compact('users', 'blocks', 'sites')); } public function store(Request $request) { $authenticatedUser = Auth::user(); // Base validation rules $rules = [ 'name' => 'required', 'email' => 'required|email', 'password' => 'required|min:6', 'block_name' => 'required', 'plot_name' => 'required', 'user_type' => 'nullable|string', ]; // Determine default role and site IDs based on the authenticated user's role $newRole = null; $siteIds = []; $newSiteName = null; $newSiteId = null; if ($authenticatedUser->role == 1) { // Role 1 (Admin): Can specify role and multiple site IDs $rules['role'] = 'required|string'; $rules['site_ids'] = 'required|array|min:1'; $rules['site_ids.*'] = 'exists:master_sites,id'; $newRole = $request->role; $siteIds = $request->site_ids; $newSiteName = implode(',', $siteIds); $newSiteId = implode(',', $siteIds); } elseif ($authenticatedUser->role == 2 && str_contains($authenticatedUser->site_id, '1')) { // Role 2 (Site 1 Manager): Can only create users with role 2 and site_id 1 $newRole = 2; $siteIds = [1]; $newSiteName = '1'; $newSiteId = '1'; } elseif ($authenticatedUser->role == 3 && str_contains($authenticatedUser->site_id, '2')) { // Role 3 (Site 2 Manager): Can only create users with role 3 and site_id 2 $newRole = 3; $siteIds = [2]; $newSiteName = '2'; $newSiteId = '2'; } elseif ($authenticatedUser->role == 4) { // Role 4: Can create users with same site_id(s) $newRole = 4; $userSiteIds = explode(',', $authenticatedUser->site_id); $siteIds = $userSiteIds; $newSiteName = $authenticatedUser->site_id; $newSiteId = $authenticatedUser->site_id; } elseif ($authenticatedUser->role == 5 && str_contains($authenticatedUser->site_id, '4')) { // Role 5 (Site 4 Manager): Can only create users with role 5 and site_id 4 $newRole = 5; $siteIds = [4]; $newSiteName = '4'; $newSiteId = '4'; } else { return redirect()->back()->withErrors(['error' => 'You do not have permission to add users.']); } $validator = Validator::make($request->all(), $rules); if ($validator->fails()) { return redirect()->back()->withErrors($validator)->withInput(); } // Validate that the selected block belongs to the user's site if ($authenticatedUser->role != 1) { $userSiteIds = explode(',', $authenticatedUser->site_id); $blockExists = DB::table('master_land') ->join('master_sites', 'master_land.site_id', '=', 'master_sites.id') ->where('master_land.block_name', $request->block_name) ->whereIn('master_land.site_id', $userSiteIds) ->exists(); if (!$blockExists) { return redirect()->back()->withErrors(['block_name' => 'Selected block is not available for your site.'])->withInput(); } } $plotName = $request->plot_name; if ($plotName === 'N/A') { $plotName = null; } // Get area from master_land based on block and plot, considering site restrictions $areaQuery = DB::table('master_land') ->where('block_name', $request->block_name); // Add site restriction for non-superadmin users if ($authenticatedUser->role != 1) { $userSiteIds = explode(',', $authenticatedUser->site_id); $areaQuery->whereIn('site_id', $userSiteIds); } $area = $areaQuery->where(function ($query) use ($plotName) { if ($plotName === null) { $query->whereNull('st_no')->whereNull('plot_no'); } else { $query->where('st_no', $plotName) ->orWhere('plot_no', $plotName); } }) ->value('area_ha'); if (!$area) { $area = $request->area ?: 0; } // Create the user $user = DB::table('users')->insertGetId([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), 'role' => $newRole, 'block_name' => $request->block_name, 'plot_name' => $plotName, 'area' => $area, 'site_name' => $newSiteName, // Store comma-separated site IDs 'site_id' => $newSiteId, // Auto insert site_id 'user_type' => $request->user_type, 'created_at' => now(), 'updated_at' => now(), ]); return redirect()->route('users.index')->with('success', 'User added successfully.'); } public function edit($id) { $user = DB::table('users')->find($id); if (!$user) { return response()->json(['error' => 'User not found'], 404); } $authenticatedUser = Auth::user(); if ($authenticatedUser->role == 2 && str_contains($authenticatedUser->site_id, '1') && $user->site_name != 1) { return response()->json(['error' => 'Unauthorized to edit this user.'], 403); } if ($authenticatedUser->role == 3 && str_contains($authenticatedUser->site_id, '2') && $user->site_name != 2) { return response()->json(['error' => 'Unauthorized to edit this user.'], 403); } if ($authenticatedUser->role == 5 && str_contains($authenticatedUser->site_id, '4') && $user->site_name != 4) { return response()->json(['error' => 'Unauthorized to edit this user.'], 403); } return response()->json(['user' => $user]); } public function update(Request $request, $id) { $authenticatedUser = Auth::user(); $userToUpdate = DB::table('users')->find($id); if (!$userToUpdate) { return redirect()->back()->with('error', 'User not found.'); } // Authorization check if ($authenticatedUser->role == 2 && str_contains($authenticatedUser->site_id, '1') && $userToUpdate->site_name != 1) { return redirect()->back()->with('error', 'You are not authorized to update users for this site.'); } if ($authenticatedUser->role == 3 && str_contains($authenticatedUser->site_id, '2') && $userToUpdate->site_name != 2) { return redirect()->back()->with('error', 'You are not authorized to update users for this site.'); } if ($authenticatedUser->role == 5 && str_contains($authenticatedUser->site_id, '4') && $userToUpdate->site_name != 4) { return redirect()->back()->with('error', 'You are not authorized to update users for this site.'); } $rules = [ 'name' => 'required', 'email' => 'required|email|unique:users,email,'.$id, 'block_name' => 'required', 'plot_name' => 'required', 'user_type' => 'nullable|string', ]; // Only allow Role 1 to change role and site_name if ($authenticatedUser->role == 1) { $rules['role'] = 'required|string'; $rules['site_name'] = 'required|exists:master_sites,id'; } $validator = Validator::make($request->all(), $rules); if ($validator->fails()) { return redirect()->back()->withErrors($validator)->withInput(); } // Validate that the selected block belongs to the user's site (for non-superadmin) if ($authenticatedUser->role != 1) { $userSiteIds = explode(',', $authenticatedUser->site_id); $blockExists = DB::table('master_land') ->join('master_sites', 'master_land.site_id', '=', 'master_sites.id') ->where('master_land.block_name', $request->block_name) ->whereIn('master_land.site_id', $userSiteIds) ->exists(); if (!$blockExists) { return redirect()->back()->withErrors(['block_name' => 'Selected block is not available for your site.'])->withInput(); } } $plotName = $request->plot_name; if ($plotName === 'N/A') { $plotName = null; } // Get area considering site restrictions $areaQuery = DB::table('master_land') ->where('block_name', $request->block_name); if ($authenticatedUser->role != 1) { $userSiteIds = explode(',', $authenticatedUser->site_id); $areaQuery->whereIn('site_id', $userSiteIds); } $area = $areaQuery->where(function($query) use ($plotName) { if ($plotName === null) { $query->whereNull('st_no')->whereNull('plot_no'); } else { $query->where('st_no', $plotName) ->orWhere('plot_no', $plotName); } }) ->value('area_ha'); if (!$area) { $area = $request->area ?: 0; } $updateData = [ 'name' => $request->name, 'email' => $request->email, 'block_name' => $request->block_name, 'plot_name' => $plotName, 'area' => $area, 'user_type' => $request->user_type, 'updated_at' => now(), ]; // Only update role and site_name if the authenticated user is Role 1 if ($authenticatedUser->role == 1) { $updateData['role'] = $request->role; $updateData['site_name'] = $request->site_name; $updateData['site_id'] = $request->site_name; // Auto update site_id } DB::table('users')->where('id', $id)->update($updateData); return redirect()->route('users.index')->with('success', 'User updated successfully.'); } public function destroy($id) { $authenticatedUser = Auth::user(); $userToDelete = DB::table('users')->find($id); if (!$userToDelete) { return response()->json(['error' => 'User not found'], 404); } // Authorization checks if ($authenticatedUser->role == 2 && str_contains($authenticatedUser->site_id, '1') && $userToDelete->site_name != 1) { return response()->json(['error' => 'Unauthorized to delete this user.'], 403); } if ($authenticatedUser->role == 3 && str_contains($authenticatedUser->site_id, '2') && $userToDelete->site_name != 2) { return response()->json(['error' => 'Unauthorized to delete this user.'], 403); } if ($authenticatedUser->role == 5 && str_contains($authenticatedUser->site_id, '4') && $userToDelete->site_name != 4) { return response()->json(['error' => 'Unauthorized to delete this user.'], 403); } DB::table('users')->where('id', $id)->delete(); return redirect()->back()->with('success', 'User deleted successfully.'); } // Updated helper method to get plots based on user's site access public function getPlots($block) { $authenticatedUser = Auth::user(); $query = DB::table('master_land')->where('block_name', $block); // Add site restriction for non-superadmin users if ($authenticatedUser->role != 1) { $userSiteIds = explode(',', $authenticatedUser->site_id); $query->whereIn('site_id', $userSiteIds); } $plots = $query->whereNotNull('plot_no')->pluck('plot_no')->toArray(); if (empty($plots)) { $plots = $query->whereNotNull('st_no')->pluck('st_no')->toArray(); } if (empty($plots)) { $hasNullPlots = $query->whereNull('plot_no')->whereNull('st_no')->exists(); if ($hasNullPlots) { $plots = ['N/A']; } } return response()->json($plots); } public function getArea(Request $request) { $authenticatedUser = Auth::user(); $blockName = $request->block_name; $plotName = $request->plot_name; $query = DB::table('master_land')->where('block_name', $blockName); // Add site restriction for non-superadmin users if ($authenticatedUser->role != 1) { $userSiteIds = explode(',', $authenticatedUser->site_id); $query->whereIn('site_id', $userSiteIds); } if ($plotName === 'N/A') { $area = $query->whereNull('plot_no')->whereNull('st_no')->value('area_ha'); } else { $area = $query->where(function($subQuery) use ($plotName) { $subQuery->where('plot_no', $plotName)->orWhere('st_no', $plotName); })->value('area_ha'); } return response()->json($area ?: 0); } }