Merge pull request #119 from ntoombs19/better-user-management

Better user management

Author: ntoombs19

app/Data/UserData.php

@@ -2,6 +2,8 @@
 
 namespace App\Data;
 
+use App\Enums\Permissions;
+use App\Enums\Roles;
 use App\Models\User;
 use Carbon\Carbon;
 use Spatie\LaravelData\Data;
@@ -15,9 +17,9 @@ public function __construct(
         public string $firstName,
         public string $lastName,
         public string $email,
-        /** @var string[] $roles */
+        /** @var Roles[] $roles */
         public array $roles,
-        /** @var string[] $permissions */
+        /** @var Permissions[] $permissions */
         public array $permissions,
         public ?Carbon $createdAt,
         public ?Carbon $updatedAt,

app/Enums/Permissions.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Enums;
+
+use App\Concerns\EnumDisplayArray;
+
+enum Permissions: string
+{
+    use EnumDisplayArray;
+
+    case CreateUsers = 'create users';
+    case EditUsers = 'edit users';
+    case DeleteUsers = 'delete users';
+    case ListUsers = 'list users';
+    case ViewUsers = 'view users';
+    case ListCurriculum = 'list curriculum';
+    case ListClasses = 'list classes';
+    case ListReports = 'list reports';
+
+    public function displayValue(): string
+    {
+        return match ($this) {
+            self::CreateUsers => 'Create Users',
+            self::EditUsers => 'Edit Users',
+            self::DeleteUsers => 'Delete Users',
+            self::ListUsers => 'List Users',
+            self::ViewUsers => 'View Users',
+            self::ListCurriculum => 'List Curriculum',
+            self::ListClasses => 'List Classes',
+            self::ListReports => 'List Reports',
+            default => $this->defaultDisplayValue(),
+        };
+    }
+
+}

app/Enums/Roles.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Enums;
+
+use App\Concerns\EnumDisplayArray;
+
+enum Roles: string
+{
+    use EnumDisplayArray;
+    case Admin = 'admin';
+    case Director = 'director';
+    case RegionDirector = 'region director';
+    case ProgramDirector = 'program director';
+    case Facilitator = 'facilitator';
+    case Auditor = 'auditor';
+    case Intake = 'intake';
+    case Participant = 'participant';
+
+    public function displayValue(): string
+    {
+        return match ($this) {
+            self::Admin => 'Admin',
+            self::Director => 'Director',
+            self::RegionDirector => 'Region Director',
+            self::ProgramDirector => 'Program Director',
+            self::Facilitator => 'Facilitator',
+            self::Auditor => 'Auditor',
+            self::Intake => 'Intake',
+            self::Participant => 'Participant',
+            default => $this->defaultDisplayValue(),
+        };
+    }
+}

app/Http/Controllers/Intake/ParticipantRegistrationController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Intake;
 
+use App\Enums\Roles;
 use App\Http\Controllers\Controller;
 use App\Models\User;
 use App\Rules\UsPhoneNumber;
@@ -30,7 +31,7 @@ public function create(): Response
      * @throws \Illuminate\Validation\ValidationException
      */
     public function store(Request $request): RedirectResponse
-    {        
+    {
         $request->validate([
             'first_name' => 'required|string|max:255',
             'last_name' => 'required|string|max:255',
@@ -48,7 +49,7 @@ public function store(Request $request): RedirectResponse
             'password' => Hash::make($request->password),
         ]);
 
-        $user->assignRole('participant');
+        $user->assignRole(Roles::Participant);
 
         event(new Registered($user));
 

app/Http/Controllers/UsersController.php

@@ -3,13 +3,34 @@
 namespace App\Http\Controllers;
 
 use App\Data\UserData;
+use App\Enums\Permissions;
+use App\Enums\Roles;
 use App\Models\User;
+use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
+use Illuminate\Validation\Rules;
 use Inertia\Inertia;
 use Inertia\Response;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\Rule;
 
 class UsersController extends Controller
 {
+    private array $userValidationRules;
+
+    public function __construct()
+    {
+        $this->userValidationRules = [
+            'first_name' => ['required', 'string', 'max:255'],
+            'last_name' => ['required', 'string', 'max:255'],
+            'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:users'],
+            'phone_number' => ['required', 'string', 'max:12'],
+            'password' => ['required', Rules\Password::defaults()],
+            'active' => ['boolean'],
+            'roles' => ['required', 'array'],
+        ];
+    }
+
     public function list(Request $request): Response
     {
         $page = intval($request->get('page', 1) ?: 1);
@@ -36,41 +57,145 @@ public function list(Request $request): Response
         ]);
     }
 
-    //    public function show(User $user): Response
-    //    {
-    //        return Inertia::render('Users/Show', [
-    //            'user' => new UserResource($user),
-    //        ]);
-    //    }
-    //
-    //    public function edit(User $user): Response
-    //    {
-    //        return Inertia::render('Users/Edit', [
-    //            'user' => new UserResource($user),
-    //        ]);
-    //    }
-    //
-    //    public function update(User $user): Response
-    //    {
-    //        $user->update(
-    //            request()->validate([
-    //                'name' => ['required', 'max:50'],
-    //                'email' => ['required', 'email'],
-    //            ])
-    //        );
-    //
-    //        return redirect()->route('users.index');
-    //    }
-    //
-    //    public function destroy(User $user)
-    //    {
-    //        $user->delete();
-    //
-    //        return redirect()->route('users.index');
-    //    }
+    /**
+     * Display the specified user.
+     */
+    public function show(User $user): Response
+    {
+        if (! auth()->user()->hasPermissionTo(Permissions::ViewUsers)) {
+            abort(403, 'You do not have permission to view user details.');
+        }
+
+        return Inertia::render('Users/Show', [
+            'user' => UserData::from($user),
+        ]);
+    }
+
+    public function destroy(User $user): RedirectResponse
+    {
+        if (! auth()->user()->hasPermissionTo(Permissions::DeleteUsers)) {
+            return back()->withErrors(['error' => 'You do not have permission to delete users.']);
+        }
+        if (auth()->id() === $user->id) {
+            return back()->withErrors(['error' => 'You cannot delete your own account.']);
+        }
+
+        $user->delete();
+
+        return redirect()->route('users.list')->with('toast', [
+            'type' => 'success',
+            'message' => "User {$user->first_name} {$user->last_name} was successfully deleted.",
+        ]);
+    }
+
+    public function destroyMultiple(Request $request): RedirectResponse
+    {
+        if (! auth()->user()->hasPermissionTo(Permissions::DeleteUsers)) {
+            return back()->withErrors(['error' => 'You do not have permission to delete users.']);
+        }
+
+        $userIds = $request->input('user_ids', []);
+
+        if (empty($userIds)) {
+            return back()->withErrors(['error' => 'No users specified for deletion.']);
+        }
+
+        // Prevent deleting your own account
+        if (in_array(auth()->id(), $userIds)) {
+            return back()->withErrors(['error' => 'You cannot delete your own account.']);
+        }
+
+        $users = User::whereIn('id', $userIds)->get();
+        $count = $users->count();
+
+        // Delete the users
+        User::whereIn('id', $userIds)->delete();
+
+        return back()->with('toast', [
+            'type' => 'success',
+            'message' => "{$count} ".($count === 1 ? 'user' : 'users').' successfully deleted.',
+        ]);
+    }
 
     public function create(): Response
     {
-        return Inertia::render('Users/Create');
+        if (! auth()->user()->hasPermissionTo(Permissions::CreateUsers)) {
+            abort(403, 'You do not have permission to create users.');
+        }
+
+        return Inertia::render('Users/Create', [
+            'roles' => Roles::cases(),
+        ]);
+    }
+
+    public function edit(User $user): Response
+    {
+        if (! auth()->user()->hasPermissionTo(Permissions::EditUsers)) {
+            abort(403, 'You do not have permission to edit users.');
+        }
+
+        return Inertia::render('Users/Edit', [
+            'user' => UserData::from($user),
+            'roles' => Roles::cases(),
+        ]);
+    }
+
+    public function store(Request $request): RedirectResponse
+    {
+        if (! auth()->user()->hasPermissionTo(Permissions::CreateUsers)) {
+            return back()->withErrors(['error' => 'You do not have permission to create users.']);
+        }
+
+        $request->validate($this->userValidationRules);
+
+        $user = User::create([
+            'first_name' => $request->first_name,
+            'last_name' => $request->last_name,
+            'email' => $request->email,
+            'phone_number' => $request->phone_number,
+            'password' => Hash::make($request->password),
+            'active' => $request->active,
+        ]);
+
+        $user->syncRoles($request->roles);
+
+        return redirect()->route('users.list')->with('toast', [
+            'type' => 'success',
+            'message' => "User {$user->first_name} {$user->last_name} was successfully created.",
+        ]);
+    }
+
+    public function update(Request $request, User $user): RedirectResponse
+    {
+        if (! auth()->user()->hasPermissionTo(Permissions::EditUsers)) {
+            return back()->withErrors(['error' => 'You do not have permission to edit users.']);
+        }
+
+        $rules = $this->userValidationRules;
+        $rules['email'] = ['required', 'string', 'lowercase', 'email', 'max:255', Rule::unique('users')->ignore($user->id)];
+        $rules['password'] = ['nullable', Rules\Password::defaults()];
+
+        $request->validate($rules);
+
+        $user->update([
+            'first_name' => $request->first_name,
+            'last_name' => $request->last_name,
+            'email' => $request->email,
+            'phone_number' => $request->phone_number,
+            'active' => $request->active,
+        ]);
+
+        if ($request->password) {
+            $user->update([
+                'password' => Hash::make($request->password),
+            ]);
+        }
+
+        $user->syncRoles($request->roles);
+
+        return redirect()->route('users.list')->with('toast', [
+            'type' => 'success',
+            'message' => "User {$user->first_name} {$user->last_name} was successfully updated.",
+        ]);
     }
 }

app/Http/Middleware/Authenticate.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Illuminate\Auth\Middleware\Authenticate as Middleware;
+use Illuminate\Http\Request;
+
+class Authenticate extends Middleware
+{
+    /**
+     * Get the path the user should be redirected to when they are not authenticated.
+     */
+    protected function redirectTo(Request $request): ?string
+    {
+        // For API requests, return null (will result in a 401 response)
+        if ($request->expectsJson()) {
+            return null;
+        }
+
+        // For web requests, redirect to home where the login page is rendered
+        return route('home');
+    }
+}

app/Http/Middleware/HandleInertiaRequests.php

@@ -39,6 +39,7 @@ public function share(Request $request): array
                 'location' => $request->url(),
                 'query' => $request->query() ?? [],
             ],
+            'toast' => $request->session()->get('toast'),
         ];
     }
 }