netgescon-day0/app/Http/Controllers/SuperAdmin/UserController.php

266 lines
11 KiB
PHP
Executable File

<?php
namespace App\Http\Controllers\SuperAdmin;
use App\Http\Controllers\Controller;
use App\Models\Amministratore;
use App\Models\Soggetto;
use App\Models\SubscriptionPlan;
use App\Models\SystemSetting;
use App\Models\User;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rule;
use Spatie\Permission\Models\Role;
class UserController extends Controller
{
public function __construct()
{ // Proteggi le rotte con permessi specifici per il Super Admin
$this->middleware('permission:view-users', ['only' => ['index']]);
$this->middleware('permission:create-users', ['only' => ['create', 'store']]);
$this->middleware('permission:manage-users', ['only' => ['create', 'store', 'edit', 'update', 'destroy', 'updateRole', 'approve', 'reject', 'toggleActive', 'assignPlan']]);
$this->middleware('permission:impersonate-users', ['only' => ['impersonate']]);
}
/**
* Display a listing of the resource.
*/
public function index()
{
$users = User::with(['roles', 'subscriptionPlan'])->latest('id')->paginate(10);
$roles = Role::all(); // Per la selezione dei ruoli nella vista
$plans = SubscriptionPlan::query()->where('is_active', true)->orderBy('name')->get();
return view('superadmin.users.index', compact('users', 'roles', 'plans'));
}
public function create()
{ // <-- QUESTA PARENTESI MANCAVA!
$roles = Role::all(); // Definisci $roles qui
$plans = SubscriptionPlan::query()->where('is_active', true)->orderBy('name')->get();
return view('superadmin.users.create', compact('roles', 'plans'));
}
public function store(Request $request)
{
$request->validate([
'name' => 'required|string|max:255', // Aggiunto 'name' alla validazione
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:8|confirmed',
'role' => 'required|exists:roles,name',
'expires_at' => 'nullable|date',
'subscription_plan_id' => 'nullable|exists:subscription_plans,id',
'permissions' => 'array',
'permissions.*' => 'string|exists:permissions,name',
]);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
'expires_at' => $request->filled('expires_at') ? $request->date('expires_at') : null,
'subscription_plan_id' => $request->input('subscription_plan_id'),
'registration_status' => 'approved',
'is_active' => true,
'approved_by_user_id' => Auth::id(),
'approved_at' => now(),
]);
$user->assignRole($request->role);
$this->ensureDomainProfiles($user, $request->role);
// Sincronizza permessi espliciti (oltre ai ruoli)
$selectedPerms = collect($request->input('permissions', []))->unique()->values()->all();
$user->syncPermissions($selectedPerms);
return redirect()->route('superadmin.users.index')->with('success', 'Utente creato con successo.');
}
public function edit(User $user)
{
$roles = Role::all();
$plans = SubscriptionPlan::query()->where('is_active', true)->orderBy('name')->get();
// Verifica che l'utente corrente abbia i permessi per modificare gli utenti
return view('superadmin.users.edit', compact('user', 'roles', 'plans'));
}
public function update(Request $request, User $user)
{
$request->validate([
'name' => 'required|string|max:255',
'email' => ['required', 'string', 'email', 'max:255', Rule::unique('users')->ignore($user)],
'role' => 'required|exists:roles,name',
'expires_at' => 'nullable|date',
'registration_status' => 'required|in:pending,approved,rejected',
'is_active' => 'nullable|boolean',
'subscription_plan_id' => 'nullable|exists:subscription_plans,id',
'rejection_reason' => 'nullable|string|max:500',
'permissions' => 'array',
'permissions.*' => 'string|exists:permissions,name',
]);
$user->update([
'name' => $request->name,
'email' => $request->email,
'expires_at' => $request->filled('expires_at') ? $request->date('expires_at') : null,
'registration_status' => $request->input('registration_status', 'approved'),
'is_active' => $request->boolean('is_active'),
'subscription_plan_id' => $request->input('subscription_plan_id'),
'rejection_reason' => $request->input('rejection_reason'),
]);
$user->syncRoles([$request->role]); // Assegna il nuovo ruolo all'utente
$this->ensureDomainProfiles($user, $request->role);
$selectedPerms = collect($request->input('permissions', []))->unique()->values()->all();
$user->syncPermissions($selectedPerms);
return redirect()->route('superadmin.users.index')->with('success', 'Utente aggiornato con successo.');
}
public function updateRole(Request $request, User $user)
{
$request->validate([
'role' => 'required|exists:roles,name',
]);
if ($user->id === auth()->id()) {
return redirect()->route('superadmin.users.index')->with('error', 'Non puoi modificare il tuo stesso ruolo.');
}
$user->syncRoles([$request->role]); // Assegna il nuovo ruolo all'utente
return redirect()->route('superadmin.users.index')->with('status', 'Ruolo utente aggiornato!');
}
public function destroy(User $user)
{
// Impedisci al Super Admin di eliminare il proprio account
if ($user->id === Auth::id()) {
return redirect()->route('superadmin.users.index')->with('error', 'Non puoi eliminare il tuo stesso account.');
}
$user->delete();
return redirect()->route('superadmin.users.index')->with('success', 'Utente eliminato con successo.');
}
public function impersonate(User $user)
{
$impersonator = Auth::user();
// Verifica che l'utente corrente possa impersonare e che l'utente target possa essere impersonato
if (! Gate::allows('impersonate', $impersonator)) {
return back()->with('error', 'Non hai i permessi per impersonare utenti.');
}
// Verifica se l'utente target può essere impersonato
if (! Gate::allows('canBeImpersonated', $user)) {
return back()->with('error', 'Questo utente non può essere impersonato.');
}
$impersonator->impersonate($user);
return redirect('/dashboard')->with('status', 'Ora stai impersonando ' . $user->name);
}
public function approve(Request $request, User $user): RedirectResponse
{
$request->validate([
'role' => 'nullable|exists:roles,name',
]);
if ($user->id === Auth::id()) {
return redirect()->route('superadmin.users.index')->with('error', 'Non puoi approvare te stesso.');
}
$role = $request->input('role', $user->requested_role ?: 'amministratore');
$requireEmailVerification = SystemSetting::bool('require_email_verification', true);
if ($requireEmailVerification && ! $user->hasVerifiedEmail()) {
return redirect()->route('superadmin.users.index')->with('error', 'Utente non approvabile: email non ancora verificata.');
}
$user->forceFill([
'registration_status' => 'approved',
'is_active' => true,
'approved_by_user_id' => Auth::id(),
'approved_at' => now(),
'rejected_at' => null,
'rejection_reason' => null,
])->save();
$user->syncRoles([$role]);
$this->ensureDomainProfiles($user, $role);
return redirect()->route('superadmin.users.index')->with('success', 'Utente approvato con successo.');
}
public function reject(Request $request, User $user): RedirectResponse
{
$request->validate([
'reason' => 'nullable|string|max:500',
]);
if ($user->id === Auth::id()) {
return redirect()->route('superadmin.users.index')->with('error', 'Non puoi rifiutare te stesso.');
}
$user->forceFill([
'registration_status' => 'rejected',
'is_active' => false,
'rejected_at' => now(),
'rejection_reason' => $request->input('reason'),
])->save();
return redirect()->route('superadmin.users.index')->with('success', 'Richiesta registrazione rifiutata.');
}
public function toggleActive(User $user): RedirectResponse
{
if ($user->id === Auth::id()) {
return redirect()->route('superadmin.users.index')->with('error', 'Non puoi disattivare il tuo stesso account.');
}
$user->forceFill([
'is_active' => ! $user->is_active,
])->save();
$status = $user->is_active ? 'attivato' : 'disattivato';
return redirect()->route('superadmin.users.index')->with('success', "Utente {$status} con successo.");
}
public function assignPlan(Request $request, User $user): RedirectResponse
{
$request->validate([
'subscription_plan_id' => 'nullable|exists:subscription_plans,id',
]);
$user->forceFill([
'subscription_plan_id' => $request->input('subscription_plan_id'),
])->save();
return redirect()->route('superadmin.users.index')->with('success', 'Piano assegnato correttamente.');
}
private function ensureDomainProfiles(User $user, string $role): void
{
if ($role === 'amministratore') {
Amministratore::firstOrCreate(['user_id' => $user->id], [
'nome' => $user->name,
'cognome' => $user->name,
]);
}
if (in_array($role, ['condomino', 'inquilino'], true)) {
Soggetto::firstOrCreate(['email' => $user->email], [
'nome' => $user->name,
'cognome' => $user->name,
'tipo' => $role === 'condomino' ? 'proprietario' : 'inquilino',
]);
}
}
}