From cec11d6385242cc187760d5dbd1ff77cf62ac12a Mon Sep 17 00:00:00 2001 From: arifal Date: Thu, 10 Jul 2025 13:25:02 +0700 Subject: [PATCH] fix report filter data base on user login role dealer --- app/Http/Controllers/AdminController.php | 24 +- app/Http/Controllers/ReportController.php | 388 ++++++++++++++++++++-- 2 files changed, 372 insertions(+), 40 deletions(-) diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php index 5f83aec..0e109a0 100755 --- a/app/Http/Controllers/AdminController.php +++ b/app/Http/Controllers/AdminController.php @@ -175,10 +175,12 @@ class AdminController extends Controller $prev_mth_start = date('Y-m-d', strtotime(date($year.'-'. $request->month .'-1')." -1 month")); $prev_mth = explode('-', $prev_mth_start); - if($request->month == date('m')) { - $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('d'); + if($request->month == date('m') && $year == date('Y')) { + // Jika bulan sekarang, ambil total bulan sebelumnya yang lengkap + $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('t', strtotime($prev_mth_start)); }else{ - $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('t'); + // Jika bulan lain, ambil total bulan sebelumnya yang lengkap + $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('t', strtotime($prev_mth_start)); } $prev_month_trx = []; @@ -309,10 +311,12 @@ class AdminController extends Controller foreach($works as $work1) { $prev_mth_start = date('Y-m-d', strtotime(date('Y-'. $request->month .'-1')." -1 month")); $prev_mth = explode('-', $prev_mth_start); - if($request->month == date('m')) { - $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('d'); + if($request->month == date('m') && date('Y') == date('Y')) { + // Jika bulan sekarang, ambil total bulan sebelumnya yang lengkap + $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('t', strtotime($prev_mth_start)); }else{ - $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('t'); + // Jika bulan lain, ambil total bulan sebelumnya yang lengkap + $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('t', strtotime($prev_mth_start)); } // dd($prev_mth_end); @@ -430,10 +434,12 @@ class AdminController extends Controller foreach($works as $work1) { $prev_mth_start = date('Y-m-d', strtotime(date($request->year.'-'. $request->month .'-1')." -1 month")); $prev_mth = explode('-', $prev_mth_start); - if($request->month == date('m')) { - $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('d'); + if($request->month == date('m') && $request->year == date('Y')) { + // Jika bulan sekarang, ambil total bulan sebelumnya yang lengkap + $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('t', strtotime($prev_mth_start)); }else{ - $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('t'); + // Jika bulan lain, ambil total bulan sebelumnya yang lengkap + $prev_mth_end = $prev_mth[0].'-'.$prev_mth[1].'-'.date('t', strtotime($prev_mth_start)); } $yesterday_month_trx = Transaction::where('work_id', $work1->id)->where('dealer_id', $id)->whereDate('date', '>=', $prev_mth_start)->whereDate('date', '<=', $prev_mth_end)->sum('qty'); diff --git a/app/Http/Controllers/ReportController.php b/app/Http/Controllers/ReportController.php index 8ab1737..822019c 100755 --- a/app/Http/Controllers/ReportController.php +++ b/app/Http/Controllers/ReportController.php @@ -37,13 +37,41 @@ class ReportController extends Controller $request['sa'] = 'all'; } - $works = Work::select('id', 'name')->whereHas('transactions', function($q) use($request) { + // Get dealers based on user role + $user = Auth::user(); + $role = Role::with(['dealers' => function($query) { + $query->whereNull('dealers.deleted_at'); // Only active dealers + }])->find($user->role_id); + + if($role && $this->isAdminRole($role) && $role->dealers->count() == 0) { + $allowedDealers = Dealer::all(); + } else if($role) { + $allowedDealers = $role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $allowedDealers = collect(); + } + + $works = Work::select('id', 'name')->whereHas('transactions', function($q) use($request, $allowedDealers) { if(isset($request->month)) { $q = $q->whereMonth('date', '=', $request->month)->whereYear('date', date('Y')); } + // Filter by allowed dealers based on user role + if($allowedDealers->count() > 0) { + $dealerIds = $allowedDealers->pluck('id')->toArray(); + $q = $q->whereIn('dealer_id', $dealerIds); + } + if(isset($request->dealer) && $request->dealer != 'all') { - $q = $q->where('dealer_id', '=', $request->dealer); + // Validate that the requested dealer is allowed for this user + if($allowedDealers->count() > 0) { + $allowedDealerIds = $allowedDealers->pluck('id')->toArray(); + if(in_array($request->dealer, $allowedDealerIds)) { + $q = $q->where('dealer_id', '=', $request->dealer); + } + } else { + $q = $q->where('dealer_id', '=', $request->dealer); + } } if(isset($request->sa) && $request->sa != 'all') { @@ -53,8 +81,27 @@ class ReportController extends Controller return $q; })->orderBy('id', 'ASC')->get(); - $dealer_datas = Dealer::orderBy('id', 'ASC')->get(); - $sa_datas = User::select('id', 'name')->where('role_id', 4)->get(); + // Get dealers based on user role + $user = Auth::user(); + $role = Role::with(['dealers' => function($query) { + $query->whereNull('dealers.deleted_at'); // Only active dealers + }])->find($user->role_id); + + if($role && $this->isAdminRole($role) && $role->dealers->count() == 0) { + $dealer_datas = Dealer::orderBy('id', 'ASC')->get(); + } else if($role) { + $dealer_datas = $role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $dealer_datas = collect(); + } + + // Get SA users based on dealer access + if($dealer_datas->count() > 0) { + $dealerIds = $dealer_datas->pluck('id')->toArray(); + $sa_datas = User::select('id', 'name')->where('role_id', 4)->whereIn('dealer_id', $dealerIds)->get(); + } else { + $sa_datas = User::select('id', 'name')->where('role_id', 4)->get(); + } $sa = $request->sa; $dealer = $request->dealer; $month = $request->month; @@ -83,8 +130,27 @@ class ReportController extends Controller $request['sa'] = 'all'; } - $dealer_datas = Dealer::orderBy('id', 'ASC')->get(); - $sa_datas = User::select('id', 'name')->where('role_id', 4)->get(); + // Get dealers based on user role + $user = Auth::user(); + $role = Role::with(['dealers' => function($query) { + $query->whereNull('dealers.deleted_at'); // Only active dealers + }])->find($user->role_id); + + if($role && $this->isAdminRole($role) && $role->dealers->count() == 0) { + $dealer_datas = Dealer::orderBy('id', 'ASC')->get(); + } else if($role) { + $dealer_datas = $role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $dealer_datas = collect(); + } + + // Get SA users based on dealer access + if($dealer_datas->count() > 0) { + $dealerIds = $dealer_datas->pluck('id')->toArray(); + $sa_datas = User::select('id', 'name')->where('role_id', 4)->whereIn('dealer_id', $dealerIds)->get(); + } else { + $sa_datas = User::select('id', 'name')->where('role_id', 4)->get(); + } $sa = $request->sa; $dealer = $request->dealer; @@ -127,11 +193,40 @@ class ReportController extends Controller $sa = $request->sa; $year = $request->year; + // Get dealers based on user role + $user = Auth::user(); + $role = Role::with(['dealers' => function($query) { + $query->whereNull('dealers.deleted_at'); // Only active dealers + }])->find($user->role_id); + + if($role && $this->isAdminRole($role) && $role->dealers->count() == 0) { + $allowedDealers = Dealer::all(); + } else if($role) { + $allowedDealers = $role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $allowedDealers = collect(); + } + $dealer_work_trx = DB::statement("SET @sql = NULL"); $sql = "SELECT IF(work_id IS NOT NULL, GROUP_CONCAT(DISTINCT CONCAT('SUM(IF(work_id = \"', work_id,'\", qty,\"\")) AS \"',CONCAT(w.name, '|',w.id),'\"')), 's.work_id') INTO @sql FROM transactions t JOIN works w ON w.id = t.work_id WHERE month(t.date) = '". $month ."' and year(t.date) = '". $year ."' and t.deleted_at is null"; + // Filter by allowed dealers based on user role + if($allowedDealers->count() > 0) { + $dealerIds = $allowedDealers->pluck('id')->toArray(); + $dealerIdsStr = implode(',', $dealerIds); + $sql .= " and t.dealer_id IN (". $dealerIdsStr .")"; + } + if(isset($request->dealer) && $request->dealer != 'all') { - $sql .= " and t.dealer_id = '". $dealer ."'"; + // Validate that the requested dealer is allowed for this user + if($allowedDealers->count() > 0) { + $allowedDealerIds = $allowedDealers->pluck('id')->toArray(); + if(in_array($request->dealer, $allowedDealerIds)) { + $sql .= " and t.dealer_id = '". $dealer ."'"; + } + } else { + $sql .= " and t.dealer_id = '". $dealer ."'"; + } } if(isset($request->sa) && $request->sa != 'all') { @@ -140,17 +235,35 @@ class ReportController extends Controller $sa_work_trx = DB::statement($sql); + // Validate dealer access before building the main query + $dealerFilter = ""; + if(isset($request->dealer) && $request->dealer != 'all') { + if($allowedDealers->count() > 0) { + $allowedDealerIds = $allowedDealers->pluck('id')->toArray(); + if(in_array($request->dealer, $allowedDealerIds)) { + $dealerFilter = " and s.dealer_id = '". $dealer ."'"; + } + } else { + $dealerFilter = " and s.dealer_id = '". $dealer ."'"; + } + } else if($allowedDealers->count() > 0) { + // If no specific dealer requested, filter by allowed dealers + $dealerIds = $allowedDealers->pluck('id')->toArray(); + $dealerIdsStr = implode(',', $dealerIds); + $dealerFilter = " and s.dealer_id IN (". $dealerIdsStr .")"; + } + if(isset($request->dealer) && $request->dealer != 'all') { if(isset($request->sa) && $request->sa != 'all') { - $sa_work_trx = DB::statement("SET @sql = IF(@sql != 's.work_id' ,CONCAT(\"SELECT sa.name as SA, sa.id as sa_id, \", @sql, \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null and s.dealer_id = '". $dealer ."' and s.user_sa_id = '". $sa ."' GROUP BY s.user_sa_id ORDER BY s.user_sa_id ASC\"), CONCAT(\"SELECT sa.name as SA, sa.id as sa_id \", \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null and s.dealer_id = '". $dealer ."' and s.user_sa_id = '". $sa ."' GROUP BY s.`user_sa_id` ORDER BY s.`user_sa_id` ASC\"))"); + $sa_work_trx = DB::statement("SET @sql = IF(@sql != 's.work_id' ,CONCAT(\"SELECT sa.name as SA, sa.id as sa_id, \", @sql, \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null". $dealerFilter ." and s.user_sa_id = '". $sa ."' GROUP BY s.user_sa_id ORDER BY s.user_sa_id ASC\"), CONCAT(\"SELECT sa.name as SA, sa.id as sa_id \", \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null". $dealerFilter ." and s.user_sa_id = '". $sa ."' GROUP BY s.`user_sa_id` ORDER BY s.`user_sa_id` ASC\"))"); }else{ - $sa_work_trx = DB::statement("SET @sql = IF(@sql != 's.work_id' ,CONCAT(\"SELECT sa.name as SA, sa.id as sa_id, \", @sql, \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null and s.dealer_id = '". $dealer ."' GROUP BY s.user_sa_id ORDER BY s.user_sa_id ASC\"), CONCAT(\"SELECT sa.name as SA, sa.id as sa_id \", \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null and s.dealer_id = '". $dealer ."' GROUP BY s.`user_sa_id` ORDER BY s.`user_sa_id` ASC\"))"); + $sa_work_trx = DB::statement("SET @sql = IF(@sql != 's.work_id' ,CONCAT(\"SELECT sa.name as SA, sa.id as sa_id, \", @sql, \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null". $dealerFilter ." GROUP BY s.user_sa_id ORDER BY s.user_sa_id ASC\"), CONCAT(\"SELECT sa.name as SA, sa.id as sa_id \", \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null". $dealerFilter ." GROUP BY s.`user_sa_id` ORDER BY s.`user_sa_id` ASC\"))"); } }else{ if(isset($request->sa) && $request->sa != 'all') { - $sa_work_trx = DB::statement("SET @sql = IF(@sql != 's.work_id' ,CONCAT(\"SELECT sa.name as SA, sa.id as sa_id, \", @sql, \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null and s.user_sa_id = '". $sa ."' GROUP BY s.user_sa_id ORDER BY s.user_sa_id ASC\"), CONCAT(\"SELECT sa.name as SA, sa.id as user_sa_id \", \"FROM transactions s JOIN dealers d ON d.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null and s.user_sa_id = '". $sa ."' GROUP BY s.`user_sa_id` ORDER BY s.`user_sa_id` ASC\"))"); + $sa_work_trx = DB::statement("SET @sql = IF(@sql != 's.work_id' ,CONCAT(\"SELECT sa.name as SA, sa.id as sa_id, \", @sql, \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null". $dealerFilter ." and s.user_sa_id = '". $sa ."' GROUP BY s.user_sa_id ORDER BY s.user_sa_id ASC\"), CONCAT(\"SELECT sa.name as SA, sa.id as user_sa_id \", \"FROM transactions s JOIN dealers d ON d.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null". $dealerFilter ." and s.user_sa_id = '". $sa ."' GROUP BY s.`user_sa_id` ORDER BY s.`user_sa_id` ASC\"))"); }else{ - $sa_work_trx = DB::statement("SET @sql = IF(@sql != 's.work_id' ,CONCAT(\"SELECT sa.name as SA, sa.id as sa_id, \", @sql, \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null GROUP BY s.user_sa_id ORDER BY s.user_sa_id ASC\"), CONCAT(\"SELECT sa.name as SA, sa.id as user_sa_id \", \"FROM transactions s JOIN dealers d ON d.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null GROUP BY s.`user_sa_id` ORDER BY s.`user_sa_id` ASC\"))"); + $sa_work_trx = DB::statement("SET @sql = IF(@sql != 's.work_id' ,CONCAT(\"SELECT sa.name as SA, sa.id as sa_id, \", @sql, \"FROM transactions s JOIN users sa ON sa.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null". $dealerFilter ." GROUP BY s.user_sa_id ORDER BY s.user_sa_id ASC\"), CONCAT(\"SELECT sa.name as SA, sa.id as user_sa_id \", \"FROM transactions s JOIN dealers d ON d.id = s.user_sa_id WHERE month(s.date) = '". $month ."' and year(s.date) = '". $year ."' and s.deleted_at is null". $dealerFilter ." GROUP BY s.`user_sa_id` ORDER BY s.`user_sa_id` ASC\"))"); } } @@ -219,13 +332,41 @@ class ReportController extends Controller $request['month'] = date('m'); } - $works = Work::select('id', 'name')->whereHas('transactions', function($q) use($request) { + // Get dealers based on user role + $user = Auth::user(); + $role = Role::with(['dealers' => function($query) { + $query->whereNull('dealers.deleted_at'); // Only active dealers + }])->find($user->role_id); + + if($role && $this->isAdminRole($role) && $role->dealers->count() == 0) { + $allowedDealers = Dealer::all(); + } else if($role) { + $allowedDealers = $role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $allowedDealers = collect(); + } + + $works = Work::select('id', 'name')->whereHas('transactions', function($q) use($request, $allowedDealers) { if(isset($request->month)) { $q->whereMonth('date', '=', $request->month); } + // Filter by allowed dealers based on user role + if($allowedDealers->count() > 0) { + $dealerIds = $allowedDealers->pluck('id')->toArray(); + $q->whereIn('dealer_id', $dealerIds); + } + if(isset($request->dealer) && $request->dealer != 'all') { - $q->where('dealer_id', '=', $request->dealer); + // Validate that the requested dealer is allowed for this user + if($allowedDealers->count() > 0) { + $allowedDealerIds = $allowedDealers->pluck('id')->toArray(); + if(in_array($request->dealer, $allowedDealerIds)) { + $q->where('dealer_id', '=', $request->dealer); + } + } else { + $q->where('dealer_id', '=', $request->dealer); + } } if(isset($request->sa) && $request->sa != 'all') { @@ -233,7 +374,27 @@ class ReportController extends Controller } })->get(); - $sas = User::select('id', 'name')->where('role_id', 4)->get(); + // Get dealers based on user role + $user = Auth::user(); + $role = Role::with(['dealers' => function($query) { + $query->whereNull('dealers.deleted_at'); // Only active dealers + }])->find($user->role_id); + + if($role && $this->isAdminRole($role) && $role->dealers->count() == 0) { + $dealer_datas = Dealer::all(); + } else if($role) { + $dealer_datas = $role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $dealer_datas = collect(); + } + + // Get SA users based on dealer access + if($dealer_datas->count() > 0) { + $dealerIds = $dealer_datas->pluck('id')->toArray(); + $sas = User::select('id', 'name')->where('role_id', 4)->whereIn('dealer_id', $dealerIds)->get(); + } else { + $sas = User::select('id', 'name')->where('role_id', 4)->get(); + } $trxs = []; foreach($sas as $key => $sa) { @@ -244,9 +405,23 @@ class ReportController extends Controller if(isset($request->month)) { $d = $d->whereMonth('date', '=', $request->month); } + + // Filter by allowed dealers based on user role + if($allowedDealers->count() > 0) { + $dealerIds = $allowedDealers->pluck('id')->toArray(); + $d = $d->whereIn('dealer_id', $dealerIds); + } if(isset($request->dealer) && $request->dealer != 'all') { - $d = $d->where('dealer_id', '=', $request->dealer); + // Validate that the requested dealer is allowed for this user + if($allowedDealers->count() > 0) { + $allowedDealerIds = $allowedDealers->pluck('id')->toArray(); + if(in_array($request->dealer, $allowedDealerIds)) { + $d = $d->where('dealer_id', '=', $request->dealer); + } + } else { + $d = $d->where('dealer_id', '=', $request->dealer); + } } if(isset($request->sa) && $request->sa != 'all') { @@ -302,35 +477,76 @@ class ReportController extends Controller $month = $request->month; $dealer_id = $request->dealer; $sa_id = $request->sa; - $dealers = Dealer::all(); - $sas = User::where('role_id', 4)->get(); - return view('back.report.transaction_sa', compact('sas', 'dealers', 'dealer_id', 'sa_id', 'month', 'trxs', 'works', 'work_count', 'sa_names', 'trx_data')); + return view('back.report.transaction_sa', compact('sas', 'dealer_datas', 'dealer_id', 'sa_id', 'month', 'trxs', 'works', 'work_count', 'sa_names', 'trx_data')); } public function sa_work_trx(Request $request) { - $sa_work_trx = Work::select(DB::raw('works.name AS work_name'), DB::raw("IFNULL(SUM(t.qty), 0) AS qty"), 'works.id AS work_id')->whereHas('transactions', function($q) use($request) { + // Get dealers based on user role + $user = Auth::user(); + $role = Role::with(['dealers' => function($query) { + $query->whereNull('dealers.deleted_at'); // Only active dealers + }])->find($user->role_id); + + if($role && $this->isAdminRole($role) && $role->dealers->count() == 0) { + $allowedDealers = Dealer::all(); + } else if($role) { + $allowedDealers = $role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $allowedDealers = collect(); + } + + $sa_work_trx = Work::select(DB::raw('works.name AS work_name'), DB::raw("IFNULL(SUM(t.qty), 0) AS qty"), 'works.id AS work_id')->whereHas('transactions', function($q) use($request, $allowedDealers) { if(isset($request->month)) { $q = $q->whereMonth('date', '=', $request->month)->whereYear('date', date('Y')); } + // Filter by allowed dealers based on user role + if($allowedDealers->count() > 0) { + $dealerIds = $allowedDealers->pluck('id')->toArray(); + $q->whereIn('dealer_id', $dealerIds); + } + if(isset($request->dealer) && $request->dealer != 'all') { - $q = $q->where('dealer_id', '=', $request->dealer); + // Validate that the requested dealer is allowed for this user + if($allowedDealers->count() > 0) { + $allowedDealerIds = $allowedDealers->pluck('id')->toArray(); + if(in_array($request->dealer, $allowedDealerIds)) { + $q->where('dealer_id', '=', $request->dealer); + } + } else { + $q->where('dealer_id', '=', $request->dealer); + } } if(isset($request->sa_filter) && $request->sa_filter != 'all') { - $q = $q->where('user_sa_id', '=', $request->sa_filter); + $q->where('user_sa_id', '=', $request->sa_filter); } return $q; - })->leftJoin('transactions AS t', function($q) use($request) { + })->leftJoin('transactions AS t', function($q) use($request, $allowedDealers) { $q->on('t.work_id', '=', 'works.id'); $q->on(DB::raw('MONTH(t.date)'), '=', DB::raw($request->month)); $q->on(DB::raw('YEAR(t.date)'), '=', DB::raw(date('Y'))); $q->on('t.user_sa_id', '=', DB::raw($request->sa)); + + // Filter by allowed dealers based on user role + if($allowedDealers->count() > 0) { + $dealerIds = $allowedDealers->pluck('id')->toArray(); + $q->whereIn('t.dealer_id', $dealerIds); + } + if(isset($request->dealer) && $request->dealer != 'all') { - $q->on('t.dealer_id', '=', DB::raw($request->dealer)); + // Validate that the requested dealer is allowed for this user + if($allowedDealers->count() > 0) { + $allowedDealerIds = $allowedDealers->pluck('id')->toArray(); + if(in_array($request->dealer, $allowedDealerIds)) { + $q->on('t.dealer_id', '=', DB::raw($request->dealer)); + } + } else { + $q->on('t.dealer_id', '=', DB::raw($request->dealer)); + } } if(isset($request->sa_filter) && $request->sa_filter != 'all') { $q->on('t.user_sa_id', '=', DB::raw($request->sa_filter)); @@ -352,13 +568,41 @@ class ReportController extends Controller $request['sa'] = 'all'; } - $sas = User::where('role_id', 4)->whereHas('sa_transactions', function($q) use($request) { + // Get dealers based on user role + $user = Auth::user(); + $role = Role::with(['dealers' => function($query) { + $query->whereNull('dealers.deleted_at'); // Only active dealers + }])->find($user->role_id); + + if($role && $this->isAdminRole($role) && $role->dealers->count() == 0) { + $allowedDealers = Dealer::all(); + } else if($role) { + $allowedDealers = $role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $allowedDealers = collect(); + } + + $sas = User::where('role_id', 4)->whereHas('sa_transactions', function($q) use($request, $allowedDealers) { if(isset($request->month)) { $q = $q->whereMonth('date', '=', $request->month)->whereYear('date', date('Y')); } + // Filter by allowed dealers based on user role + if($allowedDealers->count() > 0) { + $dealerIds = $allowedDealers->pluck('id')->toArray(); + $q->whereIn('dealer_id', $dealerIds); + } + if(isset($request->dealer) && $request->dealer != 'all') { - $q->where('dealer_id', '=', $request->dealer); + // Validate that the requested dealer is allowed for this user + if($allowedDealers->count() > 0) { + $allowedDealerIds = $allowedDealers->pluck('id')->toArray(); + if(in_array($request->dealer, $allowedDealerIds)) { + $q->where('dealer_id', '=', $request->dealer); + } + } else { + $q->where('dealer_id', '=', $request->dealer); + } } }); @@ -389,10 +633,12 @@ class ReportController extends Controller $query->whereNull('dealers.deleted_at'); // Only active dealers }])->find($user->role_id); - if(strtolower($role->name) === 'admin') { + if($role && $this->isAdminRole($role) && $role->dealers->count() == 0) { $dealer_datas = Dealer::all(); - }else{ + } else if($role) { $dealer_datas = $role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $dealer_datas = collect(); } $year = $request->year; @@ -407,9 +653,30 @@ class ReportController extends Controller $menu = Menu::where('link', 'report.transaction')->first(); abort_if(Gate::denies('view', $menu), 403, 'Unauthorized User'); - $sas = User::where('role_id', 4)->get(); - $mechanics = User::where('role_id', 3)->get(); - $dealers = Dealer::all(); + $current_user = Auth::user(); + $current_role = Role::with(['dealers' => function($query) { + $query->whereNull('dealers.deleted_at'); // Only active dealers + }])->find($current_user->role_id); + + // Get dealers based on user role + if($current_role && $this->isAdminRole($current_role) && $current_role->dealers->count() == 0) { + $dealers = Dealer::all(); + } else if($current_role) { + $dealers = $current_role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $dealers = collect(); + } + + // Get SA users based on dealer access + if($dealers->count() > 0) { + $dealerIds = $dealers->pluck('id')->toArray(); + $sas = User::where('role_id', 4)->whereIn('dealer_id', $dealerIds)->get(); + $mechanics = User::where('role_id', 3)->whereIn('dealer_id', $dealerIds)->get(); + } else { + $sas = User::where('role_id', 4)->get(); + $mechanics = User::where('role_id', 3)->get(); + } + $works = Work::all(); return view('back.report.transaction', compact('sas', 'mechanics', 'dealers', 'works')); @@ -421,6 +688,20 @@ class ReportController extends Controller abort_if(Gate::denies('view', $menu), 403, 'Unauthorized User'); if ($request->ajax()) { + // Get dealers based on user role + $current_user = Auth::user(); + $current_role = Role::with(['dealers' => function($query) { + $query->whereNull('dealers.deleted_at'); // Only active dealers + }])->find($current_user->role_id); + + if($current_role && $this->isAdminRole($current_role) && $current_role->dealers->count() == 0) { + $allowedDealers = Dealer::all(); + } else if($current_role) { + $allowedDealers = $current_role->dealers()->whereNull('dealers.deleted_at')->orderBy('name')->get(); + } else { + $allowedDealers = collect(); + } + $data = Transaction::leftJoin('users', 'users.id', '=', 'transactions.user_id') ->leftJoin('users as sa', 'sa.id', '=', 'transactions.user_sa_id') ->leftJoin('works as w', 'w.id', '=', 'transactions.work_id') @@ -428,6 +709,13 @@ class ReportController extends Controller ->leftJoin('dealers as d', 'd.id', '=', 'transactions.dealer_id') ->select('transactions.id', 'transactions.status', 'transactions.user_id as user_id', 'transactions.user_sa_id as user_sa_id', 'users.name as username', 'sa.name as sa_name', 'cat.name as category_name', 'w.name as workname', 'transactions.qty as qty', 'transactions.date as date', 'transactions.police_number as police_number', 'transactions.warranty as warranty', 'transactions.spk as spk', 'transactions.dealer_id', 'd.name as dealer_name'); + // Filter by allowed dealers based on user role + if($allowedDealers->count() > 0) { + + $dealerIds = $allowedDealers->pluck('id')->toArray(); + $data->whereIn('transactions.dealer_id', $dealerIds); + } + if(isset($request->date_start)) { $data->where('transactions.date', '>=', $request->date_start); } @@ -445,7 +733,15 @@ class ReportController extends Controller } if(isset($request->dealer)) { - $data->where('transactions.dealer_id', $request->dealer); + // Validate that the requested dealer is allowed for this user + if($allowedDealers->count() > 0) { + $allowedDealerIds = $allowedDealers->pluck('id')->toArray(); + if(in_array($request->dealer, $allowedDealerIds)) { + $data->where('transactions.dealer_id', $request->dealer); + } + } else { + $data->where('transactions.dealer_id', $request->dealer); + } } $data->orderBy('date', 'DESC'); @@ -576,4 +872,34 @@ class ReportController extends Controller return response()->json($response); } + + /** + * Check if role is admin type + */ + private function isAdminRole($role) + { + if (!$role) { + return false; + } + + // Define admin role names that should have access to all dealers + $adminRoleNames = [ + 'admin' + ]; + + // Check if role name contains admin keywords (but not "area") + $roleName = strtolower(trim($role->name)); + foreach ($adminRoleNames as $adminName) { + if (strpos($roleName, $adminName) !== false && strpos($roleName, 'area') === false) { + return true; + } + } + + // Role with "area" in name should use pivot dealers, not all dealers + if (strpos($roleName, 'area') !== false) { + return false; + } + + return false; + } }