Commit Graph

3 Commits

Author SHA1 Message Date
GuavaPopper f855f7e027 feat: Plan 4 — Dashboard Statistik + Gap Analysis
- Add /dashboard route (all authenticated roles)
- Add dashboard view with Chart.js 4.4:
  - 4 stat cards (ibadah, miskin, jiwa, % terjangkau)
  - Donut chart: ibadah per jenis
  - Horizontal bar chart: miskin per kondisi rumah
  - Gap Analysis: Turf.js coverage computation, doughnut chart,
    per-ibadah coverage table sorted by KK count, uncovered family list
  - esc() helper applied to all user-data innerHTML
- Add Dashboard nav link to map, data, and admin views
- 5 new tests: unauthenticated redirect + all 4 roles can access
- Mark K-02 and K-03 complete in missing_features.md
- Update README with new page and feature section

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-03 14:19:37 +07:00
GuavaPopper c1c1fae93c fix: escape user-controlled fields in admin/users innerHTML to prevent stored XSS
u.name and u.email are stored user input and were interpolated raw into
tbody.innerHTML. Added esc() helper and applied to name, email, and role
display string.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-03 13:53:01 +07:00
GuavaPopper 8476c5d643 feat: Plan 3 — Manajemen Pengguna (Admin User Management)
- Add AdminUserController: CRUD users, assign role, reset password,
  self-delete guard (403 on own account)
- Add admin route group under role:administrator middleware
  (GET/POST/PUT/DELETE /api/admin/users, PUT /api/admin/users/{id}/password)
- Add resources/views/admin/users.blade.php: DaisyUI table + 4 modals
  (create, edit, reset password, delete confirm), stats grid, toast
- Add Admin nav link (administrator-only) to map and data navbars
- 9 new tests covering page access, API CRUD, self-delete guard, password reset
- Mark Plan 3 complete in missing_features.md; update README page list
- Save plan3 to docs/ for reference

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-03 13:51:08 +07:00