dyzulk/trustlab-api
1
0
Fork 0
mirror of https://github.com/dyzulk/trustlab-api.git synced 2026-01-26 13:22:05 +07:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow owner role to access all admin api endpoints and see stats

Browse Source
This commit is contained in:
dyzulk
2025-12-30 20:29:35 +07:00
parent a14d788400
commit 1eabedcb5b
6 changed files with 34 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/Http/Controllers/Api/DashboardController.php
View File

@@ -40,14 +40,14 @@ class DashboardController extends Controller
// Tickets (Role Based)
$ticketQuery = Ticket::query()->whereIn('status', ['open', 'answered']);
if (!$user->isAdmin()) {
if (!$user->isAdminOrOwner()) {
$ticketQuery->where('user_id', $user->id);
}
$activeTickets = $ticketQuery->count();
// Previous Tickets (Role Based)
$prevTicketQuery = Ticket::query()->whereIn('status', ['open', 'answered'])->where('created_at', '<', $currentMonth);
if (!$user->isAdmin()) {
if (!$user->isAdminOrOwner()) {
$prevTicketQuery->where('user_id', $user->id);
}
$prevActiveTickets = $prevTicketQuery->count();
@@ -76,7 +76,7 @@ class DashboardController extends Controller
];
// Admin only stats
if ($user->isAdmin()) {
if ($user->isAdminOrOwner()) {
$totalUsers = User::count();
$prevUsers = User::where('created_at', '<', $currentMonth)->count();
@@ -108,7 +108,7 @@ class DashboardController extends Controller
->latest()
->take(10);
if (!$user->isAdmin()) {
if (!$user->isAdminOrOwner()) {
$activityLogQuery->where('user_id', $user->id);
}
@@ -128,7 +128,7 @@ class DashboardController extends Controller
for ($i = 6; $i >= 0; $i--) {
$date = now()->subDays($i)->format('Y-m-d');
$countQuery = Certificate::whereDate('created_at', $date);
if (!$user->isAdmin()) {
if (!$user->isAdminOrOwner()) {
$countQuery->where('user_id', $user->id);
}