266 lines
11 KiB
PHP
Executable File
266 lines
11 KiB
PHP
Executable File
<?php
|
|
namespace App\Http\Controllers\SuperAdmin;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Models\Amministratore;
|
|
use App\Models\Soggetto;
|
|
use App\Models\SubscriptionPlan;
|
|
use App\Models\SystemSetting;
|
|
use App\Models\User;
|
|
use Illuminate\Http\RedirectResponse;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\Gate;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Validation\Rule;
|
|
use Spatie\Permission\Models\Role;
|
|
|
|
class UserController extends Controller
|
|
{
|
|
public function __construct()
|
|
{ // Proteggi le rotte con permessi specifici per il Super Admin
|
|
$this->middleware('permission:view-users', ['only' => ['index']]);
|
|
$this->middleware('permission:create-users', ['only' => ['create', 'store']]);
|
|
$this->middleware('permission:manage-users', ['only' => ['create', 'store', 'edit', 'update', 'destroy', 'updateRole', 'approve', 'reject', 'toggleActive', 'assignPlan']]);
|
|
$this->middleware('permission:impersonate-users', ['only' => ['impersonate']]);
|
|
}
|
|
|
|
/**
|
|
* Display a listing of the resource.
|
|
*/
|
|
public function index()
|
|
{
|
|
$users = User::with(['roles', 'subscriptionPlan'])->latest('id')->paginate(10);
|
|
$roles = Role::all(); // Per la selezione dei ruoli nella vista
|
|
$plans = SubscriptionPlan::query()->where('is_active', true)->orderBy('name')->get();
|
|
|
|
return view('superadmin.users.index', compact('users', 'roles', 'plans'));
|
|
}
|
|
|
|
public function create()
|
|
{ // <-- QUESTA PARENTESI MANCAVA!
|
|
$roles = Role::all(); // Definisci $roles qui
|
|
$plans = SubscriptionPlan::query()->where('is_active', true)->orderBy('name')->get();
|
|
|
|
return view('superadmin.users.create', compact('roles', 'plans'));
|
|
}
|
|
|
|
public function store(Request $request)
|
|
{
|
|
$request->validate([
|
|
'name' => 'required|string|max:255', // Aggiunto 'name' alla validazione
|
|
'email' => 'required|string|email|max:255|unique:users',
|
|
'password' => 'required|string|min:8|confirmed',
|
|
'role' => 'required|exists:roles,name',
|
|
'expires_at' => 'nullable|date',
|
|
'subscription_plan_id' => 'nullable|exists:subscription_plans,id',
|
|
'permissions' => 'array',
|
|
'permissions.*' => 'string|exists:permissions,name',
|
|
]);
|
|
|
|
$user = User::create([
|
|
'name' => $request->name,
|
|
'email' => $request->email,
|
|
'password' => Hash::make($request->password),
|
|
'expires_at' => $request->filled('expires_at') ? $request->date('expires_at') : null,
|
|
'subscription_plan_id' => $request->input('subscription_plan_id'),
|
|
'registration_status' => 'approved',
|
|
'is_active' => true,
|
|
'approved_by_user_id' => Auth::id(),
|
|
'approved_at' => now(),
|
|
]);
|
|
|
|
$user->assignRole($request->role);
|
|
$this->ensureDomainProfiles($user, $request->role);
|
|
|
|
// Sincronizza permessi espliciti (oltre ai ruoli)
|
|
$selectedPerms = collect($request->input('permissions', []))->unique()->values()->all();
|
|
$user->syncPermissions($selectedPerms);
|
|
|
|
return redirect()->route('superadmin.users.index')->with('success', 'Utente creato con successo.');
|
|
}
|
|
|
|
public function edit(User $user)
|
|
{
|
|
$roles = Role::all();
|
|
$plans = SubscriptionPlan::query()->where('is_active', true)->orderBy('name')->get();
|
|
// Verifica che l'utente corrente abbia i permessi per modificare gli utenti
|
|
return view('superadmin.users.edit', compact('user', 'roles', 'plans'));
|
|
}
|
|
|
|
public function update(Request $request, User $user)
|
|
{
|
|
$request->validate([
|
|
'name' => 'required|string|max:255',
|
|
'email' => ['required', 'string', 'email', 'max:255', Rule::unique('users')->ignore($user)],
|
|
'role' => 'required|exists:roles,name',
|
|
'expires_at' => 'nullable|date',
|
|
'registration_status' => 'required|in:pending,approved,rejected',
|
|
'is_active' => 'nullable|boolean',
|
|
'subscription_plan_id' => 'nullable|exists:subscription_plans,id',
|
|
'rejection_reason' => 'nullable|string|max:500',
|
|
'permissions' => 'array',
|
|
'permissions.*' => 'string|exists:permissions,name',
|
|
]);
|
|
|
|
$user->update([
|
|
'name' => $request->name,
|
|
'email' => $request->email,
|
|
'expires_at' => $request->filled('expires_at') ? $request->date('expires_at') : null,
|
|
'registration_status' => $request->input('registration_status', 'approved'),
|
|
'is_active' => $request->boolean('is_active'),
|
|
'subscription_plan_id' => $request->input('subscription_plan_id'),
|
|
'rejection_reason' => $request->input('rejection_reason'),
|
|
]);
|
|
|
|
$user->syncRoles([$request->role]); // Assegna il nuovo ruolo all'utente
|
|
$this->ensureDomainProfiles($user, $request->role);
|
|
$selectedPerms = collect($request->input('permissions', []))->unique()->values()->all();
|
|
$user->syncPermissions($selectedPerms);
|
|
|
|
return redirect()->route('superadmin.users.index')->with('success', 'Utente aggiornato con successo.');
|
|
}
|
|
|
|
public function updateRole(Request $request, User $user)
|
|
{
|
|
$request->validate([
|
|
'role' => 'required|exists:roles,name',
|
|
]);
|
|
|
|
if ($user->id === auth()->id()) {
|
|
return redirect()->route('superadmin.users.index')->with('error', 'Non puoi modificare il tuo stesso ruolo.');
|
|
}
|
|
|
|
$user->syncRoles([$request->role]); // Assegna il nuovo ruolo all'utente
|
|
|
|
return redirect()->route('superadmin.users.index')->with('status', 'Ruolo utente aggiornato!');
|
|
}
|
|
|
|
public function destroy(User $user)
|
|
{
|
|
// Impedisci al Super Admin di eliminare il proprio account
|
|
if ($user->id === Auth::id()) {
|
|
return redirect()->route('superadmin.users.index')->with('error', 'Non puoi eliminare il tuo stesso account.');
|
|
}
|
|
$user->delete();
|
|
|
|
return redirect()->route('superadmin.users.index')->with('success', 'Utente eliminato con successo.');
|
|
}
|
|
|
|
public function impersonate(User $user)
|
|
{
|
|
$impersonator = Auth::user();
|
|
|
|
// Verifica che l'utente corrente possa impersonare e che l'utente target possa essere impersonato
|
|
if (! Gate::allows('impersonate', $impersonator)) {
|
|
return back()->with('error', 'Non hai i permessi per impersonare utenti.');
|
|
}
|
|
|
|
// Verifica se l'utente target può essere impersonato
|
|
if (! Gate::allows('canBeImpersonated', $user)) {
|
|
return back()->with('error', 'Questo utente non può essere impersonato.');
|
|
}
|
|
|
|
$impersonator->impersonate($user);
|
|
return redirect('/dashboard')->with('status', 'Ora stai impersonando ' . $user->name);
|
|
}
|
|
|
|
public function approve(Request $request, User $user): RedirectResponse
|
|
{
|
|
$request->validate([
|
|
'role' => 'nullable|exists:roles,name',
|
|
]);
|
|
|
|
if ($user->id === Auth::id()) {
|
|
return redirect()->route('superadmin.users.index')->with('error', 'Non puoi approvare te stesso.');
|
|
}
|
|
|
|
$role = $request->input('role', $user->requested_role ?: 'amministratore');
|
|
|
|
$requireEmailVerification = SystemSetting::bool('require_email_verification', true);
|
|
if ($requireEmailVerification && ! $user->hasVerifiedEmail()) {
|
|
return redirect()->route('superadmin.users.index')->with('error', 'Utente non approvabile: email non ancora verificata.');
|
|
}
|
|
|
|
$user->forceFill([
|
|
'registration_status' => 'approved',
|
|
'is_active' => true,
|
|
'approved_by_user_id' => Auth::id(),
|
|
'approved_at' => now(),
|
|
'rejected_at' => null,
|
|
'rejection_reason' => null,
|
|
])->save();
|
|
|
|
$user->syncRoles([$role]);
|
|
$this->ensureDomainProfiles($user, $role);
|
|
|
|
return redirect()->route('superadmin.users.index')->with('success', 'Utente approvato con successo.');
|
|
}
|
|
|
|
public function reject(Request $request, User $user): RedirectResponse
|
|
{
|
|
$request->validate([
|
|
'reason' => 'nullable|string|max:500',
|
|
]);
|
|
|
|
if ($user->id === Auth::id()) {
|
|
return redirect()->route('superadmin.users.index')->with('error', 'Non puoi rifiutare te stesso.');
|
|
}
|
|
|
|
$user->forceFill([
|
|
'registration_status' => 'rejected',
|
|
'is_active' => false,
|
|
'rejected_at' => now(),
|
|
'rejection_reason' => $request->input('reason'),
|
|
])->save();
|
|
|
|
return redirect()->route('superadmin.users.index')->with('success', 'Richiesta registrazione rifiutata.');
|
|
}
|
|
|
|
public function toggleActive(User $user): RedirectResponse
|
|
{
|
|
if ($user->id === Auth::id()) {
|
|
return redirect()->route('superadmin.users.index')->with('error', 'Non puoi disattivare il tuo stesso account.');
|
|
}
|
|
|
|
$user->forceFill([
|
|
'is_active' => ! $user->is_active,
|
|
])->save();
|
|
|
|
$status = $user->is_active ? 'attivato' : 'disattivato';
|
|
|
|
return redirect()->route('superadmin.users.index')->with('success', "Utente {$status} con successo.");
|
|
}
|
|
|
|
public function assignPlan(Request $request, User $user): RedirectResponse
|
|
{
|
|
$request->validate([
|
|
'subscription_plan_id' => 'nullable|exists:subscription_plans,id',
|
|
]);
|
|
|
|
$user->forceFill([
|
|
'subscription_plan_id' => $request->input('subscription_plan_id'),
|
|
])->save();
|
|
|
|
return redirect()->route('superadmin.users.index')->with('success', 'Piano assegnato correttamente.');
|
|
}
|
|
|
|
private function ensureDomainProfiles(User $user, string $role): void
|
|
{
|
|
if ($role === 'amministratore') {
|
|
Amministratore::firstOrCreate(['user_id' => $user->id], [
|
|
'nome' => $user->name,
|
|
'cognome' => $user->name,
|
|
]);
|
|
}
|
|
|
|
if (in_array($role, ['condomino', 'inquilino'], true)) {
|
|
Soggetto::firstOrCreate(['email' => $user->email], [
|
|
'nome' => $user->name,
|
|
'cognome' => $user->name,
|
|
'tipo' => $role === 'condomino' ? 'proprietario' : 'inquilino',
|
|
]);
|
|
}
|
|
}
|
|
}
|