ongfuren/GLOC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor script

Browse Source
This commit is contained in:
furen81
2026-02-07 04:52:11 +07:00
parent 6e681c4ad3
commit c1ef2df512
20 changed files with 1608 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
app/Http/Controllers/StaffController.php
View File

@ -14,10 +14,36 @@ class StaffController extends Controller
* GET /api/staff
* Get all staff (role = sales)
*/
public function index(): JsonResponse
public function index(Request $request): JsonResponse
{
$staff = User::orderBy('created_at', 'desc')
->get(['id', 'employee_id', 'name', 'email', 'phone', 'color', 'role', 'is_active']);
$query = User::with('agent:id,company_name,agent_id');
// Isolation:
// 1. Master agents see ALL staff
// 2. Regular agents or Staff users see only their OWN agent's staff
$requestAgent = $request->_agent;
// If the logged-in entity is NOT 'master', filter by their Agent ID.
// For Staff Login, the middleware attaches the Parent Agent, but we still need to filter by it.
// For Agent Login (Manager), they also see only their staff.
if ($requestAgent->role !== 'master') {
// For Staff/Regular Agent, use the Attached Agent ID filter
$query->where('agent_id', $requestAgent->id);
}
// Search functionality
if ($request->has('q') && !empty($request->q)) {
$term = $request->q;
$pattern = '/' . preg_quote($term, '/') . '/i';
$query->where(function ($q) use ($pattern) {
$q->where('name', 'regexp', $pattern)
->orWhere('email', 'regexp', $pattern)
->orWhere('employee_id', 'regexp', $pattern);
});
}
$staff = $query->orderBy('created_at', 'desc')
->get(['id', 'employee_id', 'name', 'email', 'phone', 'color', 'role', 'is_active', 'agent_id', 'user_group_id']);
return response()->json([
'success' => true,
@ -39,8 +65,19 @@ class StaffController extends Controller
'phone' => 'nullable|string',
'color' => 'nullable|string',
'role' => 'nullable|string|in:sales,admin,manager', // Default to sales if not provided
'agent_id' => [
$request->_agent->role === 'master' ? 'required' : 'nullable',
'string',
'exists:agents,_id'
],
]);
// Auto-assign Agent ID for non-master
$agentId = $request->agent_id;
if ($request->_agent->role !== 'master') {
$agentId = $request->_agent->id;
}
$user = User::create([
'employee_id' => $request->employee_id,
'name' => $request->name,
@ -50,8 +87,13 @@ class StaffController extends Controller
'color' => $request->color ?? '#3B82F6', // Default blue
'role' => $request->role ?? 'sales',
'is_active' => true,
'user_group_id' => $request->user_group_id, // [NEW] Link to User Group
'agent_id' => $agentId, // [NEW] Link to Agent
]);
// Load the agent relationship
$user->load('agent:id,company_name,agent_id');
return response()->json([
'success' => true,
'message' => 'Staff created successfully',
@ -76,9 +118,15 @@ class StaffController extends Controller
'name' => 'nullable|string',
'password' => 'nullable|string|min:6',
'color' => 'nullable|string',
'agent_id' => 'nullable|string|exists:agents,_id', // [NEW] Agent ID validation
]);
$data = $request->only(['employee_id', 'name', 'email', 'phone', 'color', 'role', 'is_active']);
$data = $request->only(['employee_id', 'name', 'email', 'phone', 'color', 'role', 'is_active', 'agent_id', 'user_group_id']);
// Prevent non-master from changing agent
if ($request->_agent->role !== 'master' && isset($data['agent_id'])) {
unset($data['agent_id']);
}
// Update password only if provided
if ($request->filled('password')) {
@ -87,6 +135,9 @@ class StaffController extends Controller
$user->update($data);
// Load the agent relationship
$user->load('agent:id,company_name,agent_id');
return response()->json([
'success' => true,
'message' => 'Staff updated successfully',