diff --git a/app/Http/Controllers/KuponController.php b/app/Http/Controllers/KuponController.php index 595cf77..f44aceb 100644 --- a/app/Http/Controllers/KuponController.php +++ b/app/Http/Controllers/KuponController.php @@ -18,6 +18,10 @@ class KuponController extends Controller { public function index(Request $request) { + if (Auth::user()->role !== 'user') { + abort(403, 'Cetak kupon hanya tersedia untuk akun role user.'); + } + $query = PenerimaBantuan::with('tempat_ibadah')->where('status_persetujuan', 'disetujui'); // Jika admin, bisa melihat semua dan filter. Jika user, hanya melihat yang sesuai tempat ibadahnya. @@ -42,6 +46,10 @@ class KuponController extends Controller } public function show($id) { + if (Auth::user()->role !== 'user') { + abort(403, 'Cetak kupon hanya tersedia untuk akun role user.'); + } + $warga = PenerimaBantuan::findOrFail($id); // Tentukan periode kupon @@ -95,6 +103,10 @@ class KuponController extends Controller public function cetak(Request $request) { + if (Auth::user()->role !== 'user') { + abort(403, 'Cetak kupon hanya tersedia untuk akun role user.'); + } + $ids = $request->input('penerima_ids'); if (empty($ids) || !is_array($ids)) { diff --git a/resources/views/daftar-penerima-bantuan.blade.php b/resources/views/daftar-penerima-bantuan.blade.php index 659e569..45fca7e 100644 --- a/resources/views/daftar-penerima-bantuan.blade.php +++ b/resources/views/daftar-penerima-bantuan.blade.php @@ -41,10 +41,12 @@ @endif + @if(Auth::user()->role === 'user') + @endif