Files
D1041231009-WebGIS-PovertyMap/routes/web.php
T
GuavaPopper 8476c5d643 feat: Plan 3 — Manajemen Pengguna (Admin User Management)
- Add AdminUserController: CRUD users, assign role, reset password,
  self-delete guard (403 on own account)
- Add admin route group under role:administrator middleware
  (GET/POST/PUT/DELETE /api/admin/users, PUT /api/admin/users/{id}/password)
- Add resources/views/admin/users.blade.php: DaisyUI table + 4 modals
  (create, edit, reset password, delete confirm), stats grid, toast
- Add Admin nav link (administrator-only) to map and data navbars
- 9 new tests covering page access, API CRUD, self-delete guard, password reset
- Mark Plan 3 complete in missing_features.md; update README page list
- Save plan3 to docs/ for reference

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-03 13:51:08 +07:00

55 lines
2.5 KiB
PHP

<?php
use App\Http\Controllers\AdminUserController;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\IbadahController;
use App\Http\Controllers\MiskinController;
use Illuminate\Support\Facades\Route;
// Auth routes (public, redirect to /map if already logged in)
Route::get('/login', [AuthController::class, 'showLogin'])->name('login')->middleware('guest');
Route::post('/login', [AuthController::class, 'login'])->middleware('guest');
Route::post('/logout', [AuthController::class, 'logout'])->name('logout')->middleware('auth');
// All other routes require authentication
Route::middleware('auth')->group(function () {
// Web pages
Route::get('/', fn() => view('welcome'));
Route::get('/map', fn() => view('map'));
Route::get('/data', fn() => view('data'));
// API routes moved here for session + CSRF middleware
Route::prefix('api')->group(function () {
// Rumah Ibadah — read: all roles, write: administrator + pengurus_ibadah
Route::get('/ibadah', [IbadahController::class, 'index']);
Route::middleware('role:administrator|pengurus_ibadah')->group(function () {
Route::post('/ibadah', [IbadahController::class, 'store']);
Route::put('/ibadah/{id}', [IbadahController::class, 'update']);
Route::delete('/ibadah/{id}', [IbadahController::class, 'destroy']);
});
// Rumah Miskin — read: all roles, write: administrator + petugas_pendataan
Route::get('/miskin', [MiskinController::class, 'index']);
Route::middleware('role:administrator|petugas_pendataan')->group(function () {
Route::post('/miskin', [MiskinController::class, 'store']);
Route::put('/miskin/{id}', [MiskinController::class, 'update']);
Route::delete('/miskin/{id}', [MiskinController::class, 'destroy']);
});
});
// Admin routes — hanya administrator
Route::middleware('role:administrator')->group(function () {
Route::get('/admin/users', fn() => view('admin.users'))->name('admin.users');
Route::prefix('api/admin')->group(function () {
Route::get('/users', [AdminUserController::class, 'index']);
Route::post('/users', [AdminUserController::class, 'store']);
Route::put('/users/{id}', [AdminUserController::class, 'update']);
Route::delete('/users/{id}', [AdminUserController::class, 'destroy']);
Route::put('/users/{id}/password', [AdminUserController::class, 'resetPassword']);
});
});
});