_agent; $query = UserGroup::query(); if ($agent->role === 'master') { // Master sees all groups, or filter by specific agent_id if provided if ($request->has('agent_id')) { $query->where(function ($q) use ($request) { $q->where('agent_id', $request->agent_id) ->orWhere('is_system', true); // Always show system roles }); } } else { // Regular agent sees their own groups + system groups $query->where(function ($q) use ($agent) { $q->where('agent_id', $agent->id) ->orWhere('is_system', true); }); } $groups = $query->orderBy('created_at', 'desc')->get(); return response()->json([ 'success' => true, 'groups' => $groups ]); } /** * POST /api/user-groups * Create new user group */ public function store(Request $request) { $validated = $request->validate([ 'name' => 'required|string', 'description' => 'nullable|string', 'allowed_menu_ids' => 'array', // List of Menu IDs 'code' => 'nullable|string' ]); // Auto assign Agent ID $agentId = $request->_agent->role === 'master' && $request->has('agent_id') ? $request->agent_id : $request->_agent->id; $group = UserGroup::create([ 'name' => $validated['name'], 'code' => $validated['code'] ?? strtoupper(str_replace(' ', '_', $validated['name'])), 'description' => $validated['description'] ?? '', 'agent_id' => $agentId, 'allowed_menu_ids' => $validated['allowed_menu_ids'] ?? [], 'is_active' => true, 'is_system' => false ]); return response()->json(['success' => true, 'group' => $group]); } /** * PUT /api/user-groups/{id} * Update permissions/name */ public function update(Request $request, $id) { $group = UserGroup::find($id); if (!$group) return response()->json(['success' => false, 'message' => 'Not found'], 404); // Security: Prevent editing System Groups if strict, but maybe allow permission edit? // Usually system groups are fixed. // if ($group->is_system && $request->_agent->role !== 'master') { // return response()->json(['success' => false, 'message' => 'Cannot edit system groups'], 403); // } // For now, allow editing permissions even for system groups? Or prevent? // Let's assume User creates their own groups. // Check ownership if (!$group->is_system && $group->agent_id !== $request->_agent->id && $request->_agent->role !== 'master') { return response()->json(['success' => false, 'message' => 'Unauthorized'], 403); } $group->update($request->only(['name', 'description', 'allowed_menu_ids', 'is_active'])); return response()->json(['success' => true, 'group' => $group]); } /** * DELETE /api/user-groups/{id} */ public function destroy($id, Request $request) { $group = UserGroup::find($id); if (!$group) return response()->json(['success' => false, 'message' => 'Not found'], 404); if ($group->is_system) { return response()->json(['success' => false, 'message' => 'Cannot delete system groups'], 403); } // Check ownership if ($group->agent_id !== $request->_agent->id && $request->_agent->role !== 'master') { return response()->json(['success' => false, 'message' => 'Unauthorized'], 403); } $group->delete(); return response()->json(['success' => true, 'message' => 'Deleted']); } }