File: /home/posscale/public_html/printmanager/app/Http/Controllers/Tenant/UserController.php
<?php
namespace App\Http\Controllers\Tenant;
use App\Http\Controllers\Controller;
use App\Http\Requests\UserRequest;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Redirect;
use Illuminate\View\View;
use Spatie\Permission\Models\Role;
class UserController extends Controller
{
/**
* Display a listing of the resource.
*/
public function index(Request $request): View
{
$user = auth()->user();
// Only users with manage_users permission may manage tenant users
abort_unless(auth()->user()?->can('manage_users'), 403);
$search = $request->input('search');
$users = User::where(function ($query) use ($search) {
if ($search) {
$query->where('name', 'LIKE', '%' . $search . '%');
$query->orWhere('email', 'LIKE', '%' . $search . '%');
}
})->paginate(15);
return view('tenant.users.list', [
'users' => $users,
'search' => $search,
]);
}
/**
* Show the form for creating a new resource.
*/
public function create()
{
abort_unless(auth()->user()?->can('manage_users'), 403);
$roles = Role::pluck('name')->toArray();
return view('tenant.users.form', [
'user' => [],
'action' => 'Add User',
'roles' => $roles,
'currentRole' => 'user',
]);
}
/**
* Store a newly created resource in storage.
*/
public function store(UserRequest $request)
{
abort_unless(auth()->user()?->can('manage_users'), 403);
$validated = $request->validated();
$user = new User([
'name' => $validated['name'],
'email' => $validated['email'],
'user_type' => 3, // Normal User
'password' => Hash::make($validated['password']),
]);
$user->save();
// Assign selected Spatie role for tenant users (default: user)
$roleName = $request->input('role', 'user');
$user->syncRoles([$roleName]);
return Redirect::route('users.index')->with('message', 'User created successfully.');
}
/**
* Display the specified resource.
*/
public function show(string $id)
{
//
}
/**
* Show the form for editing the specified resource.
*/
public function edit(User $user)
{
abort_unless(auth()->user()?->can('manage_users'), 403);
$roles = Role::pluck('name')->toArray();
$currentRole = $user->roles->pluck('name')->first() ?? 'user';
return view('tenant.users.form', [
'user' => $user->toArray(),
'action' => 'Edit User',
'roles' => $roles,
'currentRole' => $currentRole,
]);
}
/**
* Update the specified resource in storage.
*/
public function update(UserRequest $request, User $user)
{
abort_unless(auth()->user()?->can('manage_users'), 403);
$validated = $request->validated();
$user->name = $validated['name'];
$user->email = $validated['email'];
if($request->has('password') && $request->input('password')){
$user->password = Hash::make($validated['password']);
}
$user->save();
// Update assigned role if provided
if ($request->filled('role')) {
$user->syncRoles([$request->input('role')]);
}
return Redirect::route('users.index')->with('message', 'User updated successfully.');
}
/**
* Remove the specified resource from storage.
*/
public function destroy(User $user)
{
abort_unless(auth()->user()?->can('manage_users'), 403);
$user->delete();
return Redirect::route('users.index')->with('message', 'User delete successfully.');
}
}