I need, depending on the role/permission of each user, to limit the database records that are displayed in the view index.
For example, I need a certain user to only be able to see the records with the "pendiente" value in the "estado" column.
code of my controller index function:
public function index()
{
$siniestros = Siniestro::paginate(50);
//return DB::select('select localidad from siniestros'); //---> Devuelve los datos de la columna estados
return view('siniestros.index', compact('siniestros'));
$now = Carbon::now();
}
code of my index.blade view
@extends('layouts.app')
@section('content')
<section class="section">
<div class="section-header">
<h3 class="page__heading">Siniestros</h3>
</div>
<div class="section-body">
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-body">
@can('crear-siniestro')
<a class="btn btn-primary" href="{{ route('siniestros.create') }}">Nuevo</a>
@endcan
<table class="table table-sm m-1 p-1 table-bordered table-hover table-striped tablita" style="width:100%">
<thead style="background-color:hsl(213, 99%, 49%)">
<th style="display: none;">ID</th>
<th style="color:#fff;">Siniestro</th>
<th style="color:#fff;">Coordinador</th>
<th style="color:#fff;">Actualizado</th>
<th style="color:#fff;">Patente</th>
<th style="color:#fff;">Cliente</th>
<th style="color:#fff;">Fecha ingreso</th>
<th style="color:#fff;">Fecha gestión</th>
<th style="color:#fff;">Captura de pantalla</th>
<th style="color:#fff;">Estado</th>
<th style="color:#fff;">Modalidad</th>
<th style="color:#fff;">Observaciones</th>
@can('derivar-siniestro')
<!-- <th style="color:#fff;">Screenshot</th> -->
<th style="color:#fff;">Dirección</th>
<th style="color:#fff;">Localidad</th>
<th style="color:#fff;">Inspector</th>
<th style="color:#fff;">Motivo</th>
<th style="color:#fff;">Enviar Orden</th>
@endcan
<th style="color:#fff;">Acciones</th>
</thead>
<tbody>
@foreach ($siniestros as $siniestro)
<tr>
<td style="display: none;">{{ $siniestro->id }}</td>
<td>{{ $siniestro->siniestro }}</td>
<td>{{ $siniestro->creator->name }}</td>
<td>{{ $siniestro->editor->name }}</td>
<td>{{ $siniestro->patente }}</td>
<td>{{ $siniestro->cliente }}</td>
<td>{{ $siniestro->created_at }}</td>
<td>{{ $siniestro->updated_at }}</td>
<td><img alt="img" src="/img/{{ $siniestro->imagen }}" width="100px"></td>
<td>{{ $siniestro->estado }}</td>
<td>{{ $siniestro->modalidad }}</td>
<td>{{ $siniestro->observaciones }}</td>
@can('derivar-siniestro')
<!-- <td><a href="{{ $siniestro->url }}" target="blank_" >Ver documento</a></td> -->
<td>{{ $siniestro->direccion }}</td>
<td>{{ $siniestro->localidad }}</td>
<td>{{ $siniestro->inspector }}</td>
<td>{{ $siniestro->motivo }}</td>
<td>{{ $siniestro->enviarorden }}</td>
@endcan
<td>
<form action="{{ route('siniestros.destroy',$siniestro->id) }}" method="POST">
@can('editar-siniestro')
<a class="btn btn-outline-success btn-sm" href="{{ route('siniestros.edit',$siniestro->id) }}">Editar</a>
@endcan
@csrf
@method('DELETE')
@can('borrar-siniestro')
<button type="submit" class="btn btn-outline-danger btn-sm">Borrar</button>
@endcan
</form>
</td>
</tr>
@endforeach
</tbody>
</table>
<!-- Paginacion a la derecha -->
<div class="pagination justify-content-end">
{!! $siniestros->links() !!}
</div>
</div>
</div>
</div>
</div>
</div>
</section>
@endsection
@section('javas')
<script>
$(document).ready(function() {
$('.tablita').DataTable({
responsive: true,
processing: true,
});
})
</script>
<!-- DataTables JS -->
<script src="{{ asset('assets/js/jquery.min.js') }}"></script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.1.36/pdfmake.min.js"></script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.1.36/vfs_fonts.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/v/bs4/jszip-2.5.0/dt-1.11.5/b-2.2.2/b-colvis-2.2.2/b-html5-2.2.2/b-print-2.2.2/r-2.2.9/datatables.min.js"></script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js"></script>
<script>
$(function() {
const languages = {
'es': 'https://cdn.datatables.net/plug-ins/1.10.19/i18n/Spanish.json'
};
$.extend(true, $.fn.dataTable.Buttons.defaults.dom.button, {
className: 'btn btn-sm'
})
$.extend(true, $.fn.dataTable.defaults, {
responsive: true,
language: {
url: languages['es']
},
pageLength: 25,
dom: 'lBfrtip',
buttons: [{
extend: 'copy',
className: 'btn-light',
text: 'Copiar',
exportOptions: {
columns: ':visible'
}
},
{
extend: 'csv',
className: 'btn-light',
text: 'CSV',
exportOptions: {
columns: ':visible'
}
},
{
extend: 'excel',
className: 'btn-light',
text: 'Excel',
exportOptions: {
columns: ':visible'
}
},
{
extend: 'pdf',
className: 'btn-light',
text: 'PDF',
exportOptions: {
columns: ':visible'
}
},
{
extend: 'print',
className: 'btn-light',
text: 'Imprimir',
exportOptions: {
columns: ':visible'
}
},
{
extend: 'colvis',
className: 'btn-light',
text: 'Visibilidad Columnas',
exportOptions: {
columns: ':visible'
}
}
]
});
});
</script>
@endsection
Attached screenshot of my index.blade view
Of course I can filter with my DataTable, but the idea is that for security reasons, each user can only view the records according to their "estado"/value
I thank you in advance, and tell me if it is relevant that I attach other information
I need to do this, but in the backend, with the roles/permissions
Model Siniestro.php
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Wildside\Userstamps\Userstamps;
class Siniestro extends Model
{
use HasFactory;
use Userstamps;
protected $fillable = ['created_by', 'imagen', 'updated_by', 'deleted_by', 'siniestro', 'patente', 'cliente', 'fechaip', 'estado', 'modalidad',
'observaciones', 'fechacierre', 'compania', 'contacto', 'codigoinspeccion', 'inspector', 'direccion', 'localidad', 'telefono', 'motivo', 'link', 'enviarorden', 'email'];
public function archivos()
{
return $this->hasMany(Archivo::class);
}
}1 Answer
After your edit, I am writing this controller for you:
public function index()
{
$siniestros = Siniestro::paginate(50);
if($user->hasDirectPermission('crear-siniestro')){
$siniestros->makeHidden(['estado']);
}
return view('siniestros.index', compact('siniestros'));
$now = Carbon::now();
}
This should work if I'm not mistaken.
0 comments:
Post a Comment
Thanks