middleware('permission:view-users', ['only' => ['index']]); $this->middleware('permission:create-users', ['only' => ['create', 'store']]); $this->middleware('permission:manage-users', ['only' => ['create', 'store', 'edit', 'update', 'destroy', 'updateRole', 'approve', 'reject', 'toggleActive', 'assignPlan']]); $this->middleware('permission:impersonate-users', ['only' => ['impersonate']]); } /** * Display a listing of the resource. */ public function index() { $users = User::with(['roles', 'subscriptionPlan'])->latest('id')->paginate(10); $roles = Role::all(); // Per la selezione dei ruoli nella vista $plans = SubscriptionPlan::query()->where('is_active', true)->orderBy('name')->get(); return view('superadmin.users.index', compact('users', 'roles', 'plans')); } public function create() { // <-- QUESTA PARENTESI MANCAVA! $roles = Role::all(); // Definisci $roles qui $plans = SubscriptionPlan::query()->where('is_active', true)->orderBy('name')->get(); return view('superadmin.users.create', compact('roles', 'plans')); } public function store(Request $request) { $request->validate([ 'name' => 'required|string|max:255', // Aggiunto 'name' alla validazione 'email' => 'required|string|email|max:255|unique:users', 'password' => 'required|string|min:8|confirmed', 'role' => 'required|exists:roles,name', 'expires_at' => 'nullable|date', 'subscription_plan_id' => 'nullable|exists:subscription_plans,id', 'permissions' => 'array', 'permissions.*' => 'string|exists:permissions,name', ]); $user = User::create([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), 'expires_at' => $request->filled('expires_at') ? $request->date('expires_at') : null, 'subscription_plan_id' => $request->input('subscription_plan_id'), 'registration_status' => 'approved', 'is_active' => true, 'approved_by_user_id' => Auth::id(), 'approved_at' => now(), ]); $user->assignRole($request->role); $this->ensureDomainProfiles($user, $request->role); // Sincronizza permessi espliciti (oltre ai ruoli) $selectedPerms = collect($request->input('permissions', []))->unique()->values()->all(); $user->syncPermissions($selectedPerms); return redirect()->route('superadmin.users.index')->with('success', 'Utente creato con successo.'); } public function edit(User $user) { $roles = Role::all(); $plans = SubscriptionPlan::query()->where('is_active', true)->orderBy('name')->get(); // Verifica che l'utente corrente abbia i permessi per modificare gli utenti return view('superadmin.users.edit', compact('user', 'roles', 'plans')); } public function update(Request $request, User $user) { $request->validate([ 'name' => 'required|string|max:255', 'email' => ['required', 'string', 'email', 'max:255', Rule::unique('users')->ignore($user)], 'role' => 'required|exists:roles,name', 'expires_at' => 'nullable|date', 'registration_status' => 'required|in:pending,approved,rejected', 'is_active' => 'nullable|boolean', 'subscription_plan_id' => 'nullable|exists:subscription_plans,id', 'rejection_reason' => 'nullable|string|max:500', 'permissions' => 'array', 'permissions.*' => 'string|exists:permissions,name', ]); $user->update([ 'name' => $request->name, 'email' => $request->email, 'expires_at' => $request->filled('expires_at') ? $request->date('expires_at') : null, 'registration_status' => $request->input('registration_status', 'approved'), 'is_active' => $request->boolean('is_active'), 'subscription_plan_id' => $request->input('subscription_plan_id'), 'rejection_reason' => $request->input('rejection_reason'), ]); $user->syncRoles([$request->role]); // Assegna il nuovo ruolo all'utente $this->ensureDomainProfiles($user, $request->role); $selectedPerms = collect($request->input('permissions', []))->unique()->values()->all(); $user->syncPermissions($selectedPerms); return redirect()->route('superadmin.users.index')->with('success', 'Utente aggiornato con successo.'); } public function updateRole(Request $request, User $user) { $request->validate([ 'role' => 'required|exists:roles,name', ]); if ($user->id === auth()->id()) { return redirect()->route('superadmin.users.index')->with('error', 'Non puoi modificare il tuo stesso ruolo.'); } $user->syncRoles([$request->role]); // Assegna il nuovo ruolo all'utente return redirect()->route('superadmin.users.index')->with('status', 'Ruolo utente aggiornato!'); } public function destroy(User $user) { // Impedisci al Super Admin di eliminare il proprio account if ($user->id === Auth::id()) { return redirect()->route('superadmin.users.index')->with('error', 'Non puoi eliminare il tuo stesso account.'); } $user->delete(); return redirect()->route('superadmin.users.index')->with('success', 'Utente eliminato con successo.'); } public function impersonate(User $user) { $impersonator = Auth::user(); // Verifica che l'utente corrente possa impersonare e che l'utente target possa essere impersonato if (! Gate::allows('impersonate', $impersonator)) { return back()->with('error', 'Non hai i permessi per impersonare utenti.'); } // Verifica se l'utente target può essere impersonato if (! Gate::allows('canBeImpersonated', $user)) { return back()->with('error', 'Questo utente non può essere impersonato.'); } $impersonator->impersonate($user); return redirect('/dashboard')->with('status', 'Ora stai impersonando ' . $user->name); } public function approve(Request $request, User $user): RedirectResponse { $request->validate([ 'role' => 'nullable|exists:roles,name', ]); if ($user->id === Auth::id()) { return redirect()->route('superadmin.users.index')->with('error', 'Non puoi approvare te stesso.'); } $role = $request->input('role', $user->requested_role ?: 'amministratore'); $requireEmailVerification = SystemSetting::bool('require_email_verification', true); if ($requireEmailVerification && ! $user->hasVerifiedEmail()) { return redirect()->route('superadmin.users.index')->with('error', 'Utente non approvabile: email non ancora verificata.'); } $user->forceFill([ 'registration_status' => 'approved', 'is_active' => true, 'approved_by_user_id' => Auth::id(), 'approved_at' => now(), 'rejected_at' => null, 'rejection_reason' => null, ])->save(); $user->syncRoles([$role]); $this->ensureDomainProfiles($user, $role); return redirect()->route('superadmin.users.index')->with('success', 'Utente approvato con successo.'); } public function reject(Request $request, User $user): RedirectResponse { $request->validate([ 'reason' => 'nullable|string|max:500', ]); if ($user->id === Auth::id()) { return redirect()->route('superadmin.users.index')->with('error', 'Non puoi rifiutare te stesso.'); } $user->forceFill([ 'registration_status' => 'rejected', 'is_active' => false, 'rejected_at' => now(), 'rejection_reason' => $request->input('reason'), ])->save(); return redirect()->route('superadmin.users.index')->with('success', 'Richiesta registrazione rifiutata.'); } public function toggleActive(User $user): RedirectResponse { if ($user->id === Auth::id()) { return redirect()->route('superadmin.users.index')->with('error', 'Non puoi disattivare il tuo stesso account.'); } $user->forceFill([ 'is_active' => ! $user->is_active, ])->save(); $status = $user->is_active ? 'attivato' : 'disattivato'; return redirect()->route('superadmin.users.index')->with('success', "Utente {$status} con successo."); } public function assignPlan(Request $request, User $user): RedirectResponse { $request->validate([ 'subscription_plan_id' => 'nullable|exists:subscription_plans,id', ]); $user->forceFill([ 'subscription_plan_id' => $request->input('subscription_plan_id'), ])->save(); return redirect()->route('superadmin.users.index')->with('success', 'Piano assegnato correttamente.'); } private function ensureDomainProfiles(User $user, string $role): void { if ($role === 'amministratore') { Amministratore::firstOrCreate(['user_id' => $user->id], [ 'nome' => $user->name, 'cognome' => $user->name, ]); } if (in_array($role, ['condomino', 'inquilino'], true)) { Soggetto::firstOrCreate(['email' => $user->email], [ 'nome' => $user->name, 'cognome' => $user->name, 'tipo' => $role === 'condomino' ? 'proprietario' : 'inquilino', ]); } } }