Merge pull request #28 from Xatta-Trone/Feat/add-user-wise-dept

add dept access

Author: Xatta-Trone

app/Http/Controllers/Api/Admin/UserController.php

@@ -126,11 +126,16 @@ public function update(UserUpdateRequest $request, $id)
             return  $this->noPermissionResponse();
         }
 
-
         $user = User::findOrFail($id);
         $userOld =  $user->replicate();
 
-        $user->update($request->validated());
+        $dept_access = array_merge($request->dept_access ? $request->dept_access : [], [$user->department]);
+        $dept_access = implode(',', $dept_access);
+        $data = array_merge($request->validated(), ['dept_access' => $dept_access]);
+
+        // dd($dept_access, $user->department, $data);
+
+        $user->update($data);
         $this->saveAdminUpdateActivity($user->id, 'user', $user->student_id, $userOld, $user->getChanges());
         // dd($user);
         if ($user) {

app/Http/Controllers/Api/User/MaterialController.php

@@ -35,8 +35,16 @@ public function courses()
     public function infos($deptSlug, $ltSlug = null, $courseSlug = null)
     {
         // check if can access dept
-        $dept  = Department::select('can_be_accessed_by')->where('slug', $deptSlug)->first();
-        $canBeAccessedBy = explode(',', $dept->can_be_accessed_by);
+        // $dept  = Department::select('can_be_accessed_by')->where('slug', $deptSlug)->first();
+        // $canBeAccessedBy = explode(',', $dept->can_be_accessed_by);
+
+        $user =  auth()->user();
+        $userDepartments = $user->dept_access ? explode(',', $user->dept_access) : [];
+        $defaultDepartments  = explode(',', Department::query()
+            ->select('can_be_accessed_by')
+            ->where('code', substr($user->student_id, 2, 2))
+            ->get()->first()->can_be_accessed_by);
+        $canBeAccessedBy = array_unique(array_merge($defaultDepartments, $userDepartments));
 
         if (!in_array(auth()->user()->department, $canBeAccessedBy)) {
             return $this->errorResponse('NOT_AUTHORIZED_TO_ACCESS_THIS_DEPARTMENT', []);

app/Http/Requests/UserUpdateRequest.php

@@ -31,7 +31,10 @@ public function rules()
             'status' => ['required'],
             'user_letter' => ['required'],
             'whitelisted' => ['required'],
-            'max_devices' => ['required', 'integer']
+            'max_devices' => ['required', 'integer'],
+            'dept_access' => ['nullable', 'array'],
         ];
     }
-}
+
+
+}

app/Models/User/User.php

@@ -35,7 +35,6 @@ protected static function boot()
     }
 
 
-
     /**
      * The attributes that are mass assignable.
      *
@@ -50,7 +49,8 @@ protected static function boot()
         'whitelisted',
         'deleted_at',
         'status',
-        'max_devices'
+        'max_devices',
+        'dept_access',
     ];
 
     protected $guarded = [];

database/migrations/2024_07_20_150632_add_dept_access_to_users_table.php

@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddDeptAccessToUsersTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->string('dept_access')->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('dept_access');
+        });
+    }
+}