name('login')->middleware('guest'); Route::post('/login', [AuthController::class, 'login'])->middleware('guest'); Route::post('/logout', [AuthController::class, 'logout'])->name('logout')->middleware('auth'); // All other routes require authentication Route::middleware('auth')->group(function () { // Web pages Route::get('/', fn() => view('welcome')); Route::get('/map', fn() => view('map')); Route::get('/data', fn() => view('data')); // API routes moved here for session + CSRF middleware Route::prefix('api')->group(function () { // Rumah Ibadah — read: all roles, write: administrator + pengurus_ibadah Route::get('/ibadah', [IbadahController::class, 'index']); Route::middleware('role:administrator|pengurus_ibadah')->group(function () { Route::post('/ibadah', [IbadahController::class, 'store']); Route::put('/ibadah/{id}', [IbadahController::class, 'update']); Route::delete('/ibadah/{id}', [IbadahController::class, 'destroy']); }); // Rumah Miskin — read: all roles, write: administrator + petugas_pendataan Route::get('/miskin', [MiskinController::class, 'index']); Route::middleware('role:administrator|petugas_pendataan')->group(function () { Route::post('/miskin', [MiskinController::class, 'store']); Route::put('/miskin/{id}', [MiskinController::class, 'update']); Route::delete('/miskin/{id}', [MiskinController::class, 'destroy']); }); }); // Admin routes — hanya administrator Route::middleware('role:administrator')->group(function () { Route::get('/admin/users', fn() => view('admin.users'))->name('admin.users'); Route::prefix('api/admin')->group(function () { Route::get('/users', [AdminUserController::class, 'index']); Route::post('/users', [AdminUserController::class, 'store']); Route::put('/users/{id}', [AdminUserController::class, 'update']); Route::delete('/users/{id}', [AdminUserController::class, 'destroy']); Route::put('/users/{id}/password', [AdminUserController::class, 'resetPassword']); }); }); });