HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/be.naniguide.com/app/Http/Controllers/Refactor/Admin/AdminController.php
<?php

namespace App\Http\Controllers\Refactor\Admin;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Model\Admin;
use App\Model\AdminGroup;
use App\Model\User;
use App\Model\Language;
use App\Model\Role;

class AdminController extends Controller
{
    public function index(Request $request)
    {
        if (\Gate::denies('read', new Admin())) {
            return $this->notAuthorized();
        }

        $stats = [
            'total' => Admin::count(),
            'active' => Admin::where('status', 'active')->count(),
        ];

        return view('refactor.pages.admin.admins.index', compact('stats'));
    }

    public function listing(Request $request)
    {
        if (\Gate::denies('read', new Admin())) {
            return $this->notAuthorized();
        }

        if (!$request->user()->admin->can('readAll', new Admin())) {
            $request->merge(['creator_id' => $request->user()->id]);
        }

        $query = Admin::search($request);

        if ($request->status && $request->status !== 'all') {
            $query = $query->where('admins.status', $request->status);
        }

        if ($request->admin_group_id) {
            $query = $query->where('admins.admin_group_id', $request->admin_group_id);
        }

        $items = $query->paginate($request->per_page ?? 15);

        return view('refactor.pages.admin.admins._list', compact('items'));
    }

    public function create(Request $request)
    {
        $admin = Admin::newAdmin();

        if (\Gate::denies('create', $admin)) {
            return $this->notAuthorized();
        }

        $user = User::newDefault();

        return view('refactor.pages.admin.admins.create', compact('admin', 'user'));
    }

    public function store(Request $request)
    {
        $admin = Admin::newAdmin();

        if (\Gate::denies('create', $admin)) {
            return response()->json(['status' => 'error', 'message' => 'Not authorized'], 403);
        }

        [$validator, $admin, $user] = app(\App\Services\AccountManagement\AccountProvisioningService::class)->createAdmin(
            $request->email,
            $request->password,
            $request->password_confirmation,
            $request->first_name,
            $request->last_name,
            $request->image,
            $request->admin_group_id,
            $request->user()->id,
            $request->timezone,
            $request->language_id,
            $request->create_customer_account
        );

        if (!$validator->errors()->isEmpty()) {
            return response()->json(['status' => 'error', 'errors' => $validator->errors()], 422);
        }

        return response()->json([
            'status' => 'success',
            'message' => trans('refactor/admin_admins.flash.created'),
        ]);
    }

    public function edit(Request $request, $uid)
    {
        $admin = Admin::findByUid($uid);

        if (!$admin) {
            return response()->json(['status' => 'error', 'message' => 'Not found'], 404);
        }

        if (\Gate::denies('update', $admin)) {
            return $this->notAuthorized();
        }

        $user = $admin->user;

        return view('refactor.pages.admin.admins.edit', compact('admin', 'user'));
    }

    public function update(Request $request, $uid)
    {
        $admin = Admin::findByUid($uid);

        if (!$admin) {
            return response()->json(['status' => 'error', 'message' => 'Not found'], 404);
        }

        if (\Gate::denies('update', $admin)) {
            return response()->json(['status' => 'error', 'message' => 'Not authorized'], 403);
        }

        $user = $admin->user;

        $rules = [
            'email' => 'required|email|unique:users,email,' . $user->id . ',id',
            'first_name' => 'required',
            'last_name' => 'required',
            'admin_group_id' => 'required',
            'timezone' => 'required',
            'language_id' => 'required',
        ];

        if ($request->password) {
            $rules['password'] = 'min:5|confirmed';
        }

        $validator = \Validator::make($request->all(), $rules);

        if ($validator->fails()) {
            return response()->json(['status' => 'error', 'errors' => $validator->errors()], 422);
        }

        // Save user
        [$result, $errors] = $user->saveUser(
            $request->email,
            $request->password,
            $request->password_confirmation,
            $request->first_name,
            $request->last_name,
            $request->image,
            Role::getDefaultAdminRole()->uid
        );

        // Save admin
        [$result, $errors] = $admin->saveAdmin(
            $user,
            $request->admin_group_id,
            $request->user()->id,
            $request->timezone,
            $request->language_id,
            $request->create_customer_account
        );

        if (!$result) {
            return response()->json(['status' => 'error', 'errors' => $errors], 422);
        }

        return response()->json([
            'status' => 'success',
            'message' => trans('refactor/admin_admins.flash.updated'),
        ]);
    }

    public function enable(Request $request)
    {
        $items = Admin::whereIn('uid', is_array($request->uids) ? $request->uids : explode(',', $request->uids));

        foreach ($items->get() as $item) {
            if ($request->user()->admin->can('update', $item)) {
                $item->enable();
            }
        }

        return response()->json(['status' => 'success', 'message' => trans('refactor/admin_admins.flash.enabled')]);
    }

    public function disable(Request $request)
    {
        $items = Admin::whereIn('uid', is_array($request->uids) ? $request->uids : explode(',', $request->uids));

        foreach ($items->get() as $item) {
            if ($request->user()->admin->can('update', $item)) {
                $item->disable();
            }
        }

        return response()->json(['status' => 'success', 'message' => trans('refactor/admin_admins.flash.disabled')]);
    }

    public function delete(Request $request)
    {
        $items = Admin::whereIn('uid', is_array($request->uids) ? $request->uids : explode(',', $request->uids));

        foreach ($items->get() as $item) {
            if ($request->user()->admin->can('delete', $item)) {
                $item->deleteAccount();
            }
        }

        return response()->json(['status' => 'success', 'message' => trans('refactor/admin_admins.flash.deleted')]);
    }

    public function loginAs(Request $request)
    {
        $admin = Admin::findByUid($request->uid);

        if (\Gate::denies('loginAs', $admin)) {
            return response()->json(['status' => 'error', 'message' => 'Not authorized'], 403);
        }

        $orig_id = $request->user()->uid;
        \Auth::login($admin->user);
        \Session::put('orig_admin_id', $orig_id);

        return response()->json([
            'status' => 'success',
            'redirect' => route('refactor.admin.dashboard'),
        ]);
    }

    public function loginBack(Request $request)
    {
        $id = \Session::pull('orig_admin_id');
        if (!$id) {
            // No active impersonation — just go back to admin index
            return redirect()->route('refactor.admin.admins.index');
        }
        $orig_user = User::findByUid($id);
        if (!$orig_user) {
            return redirect()->route('refactor.admin.admins.index');
        }

        \Auth::login($orig_user);

        return redirect()->route('refactor.admin.admins.index');
    }

    public function oneClickLogin(Request $request)
    {
        $admin = Admin::findByUid($request->uid);

        return view('refactor.pages.admin.admins.one_click_login', [
            'url' => $admin->user->generateOneClickLoginUrl(),
        ]);
    }
}