2026-01-13 13:30:51 +08:00
|
|
|
|
<?php
|
|
|
|
|
|
|
2026-01-26 10:37:47 +08:00
|
|
|
|
namespace App\Modules\Core\Controllers;
|
2026-01-13 13:30:51 +08:00
|
|
|
|
|
|
|
|
|
|
use App\Http\Controllers\Controller;
|
2026-01-26 10:37:47 +08:00
|
|
|
|
|
|
|
|
|
|
use App\Modules\Core\Models\User;
|
2026-01-13 13:30:51 +08:00
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
|
|
use Spatie\Permission\Models\Role;
|
|
|
|
|
|
use Inertia\Inertia;
|
|
|
|
|
|
use Illuminate\Validation\Rule;
|
|
|
|
|
|
use Illuminate\Support\Facades\Hash;
|
|
|
|
|
|
|
|
|
|
|
|
class UserController extends Controller
|
|
|
|
|
|
{
|
|
|
|
|
|
/**
|
2026-01-26 14:59:24 +08:00
|
|
|
|
* 顯示資源列表。
|
2026-01-13 13:30:51 +08:00
|
|
|
|
*/
|
2026-01-13 17:09:52 +08:00
|
|
|
|
public function index(Request $request)
|
2026-01-13 13:30:51 +08:00
|
|
|
|
{
|
2026-01-13 17:09:52 +08:00
|
|
|
|
$perPage = $request->input('per_page', 10);
|
2026-01-19 09:30:02 +08:00
|
|
|
|
$sortBy = $request->input('sort_by', 'id');
|
|
|
|
|
|
$sortOrder = $request->input('sort_order', 'asc');
|
2026-01-20 15:53:15 +08:00
|
|
|
|
$search = $request->input('search');
|
2026-02-03 11:51:46 +08:00
|
|
|
|
|
2026-01-20 15:53:15 +08:00
|
|
|
|
$roleId = $request->input('role');
|
2026-02-03 11:51:46 +08:00
|
|
|
|
$isActive = $request->input('is_active'); // 'all', '1', '0'
|
|
|
|
|
|
|
|
|
|
|
|
$query = User::query();
|
2026-01-13 17:09:52 +08:00
|
|
|
|
|
2026-02-03 11:51:46 +08:00
|
|
|
|
// 隱藏超級管理員:若非 super-admin,則不可看到 super-admin 過往
|
|
|
|
|
|
if (!auth()->user()->hasRole('super-admin')) {
|
|
|
|
|
|
$query->whereDoesntHave('roles', function ($q) {
|
|
|
|
|
|
$q->where('name', 'super-admin');
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
// 預載入角色時也過濾掉 super-admin 標籤
|
|
|
|
|
|
$query->with(['roles' => function ($q) {
|
|
|
|
|
|
$q->select('id', 'name', 'display_name')
|
|
|
|
|
|
->where('name', '!=', 'super-admin');
|
|
|
|
|
|
}]);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
$query->with(['roles:id,name,display_name']);
|
|
|
|
|
|
}
|
2026-01-19 09:30:02 +08:00
|
|
|
|
|
2026-01-26 14:59:24 +08:00
|
|
|
|
// 處理搜尋
|
2026-01-20 15:53:15 +08:00
|
|
|
|
if ($search) {
|
|
|
|
|
|
$query->where(function ($q) use ($search) {
|
|
|
|
|
|
$q->where('name', 'like', "%{$search}%")
|
|
|
|
|
|
->orWhere('email', 'like', "%{$search}%")
|
|
|
|
|
|
->orWhere('username', 'like', "%{$search}%");
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-26 14:59:24 +08:00
|
|
|
|
// 處理角色篩選
|
2026-01-20 15:53:15 +08:00
|
|
|
|
if ($roleId && $roleId !== 'all') {
|
|
|
|
|
|
$query->whereHas('roles', function ($q) use ($roleId) {
|
|
|
|
|
|
$q->where('id', $roleId);
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-03 11:51:46 +08:00
|
|
|
|
// 處理狀態篩選
|
|
|
|
|
|
if ($isActive !== null && $isActive !== 'all') {
|
|
|
|
|
|
$query->where('is_active', $isActive === '1' || $isActive === 'true');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-26 14:59:24 +08:00
|
|
|
|
// 處理排序
|
2026-01-19 09:30:02 +08:00
|
|
|
|
if (in_array($sortBy, ['name', 'created_at'])) {
|
|
|
|
|
|
$query->orderBy($sortBy, $sortOrder);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
$query->orderBy('id', 'asc');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$users = $query->paginate($perPage)->withQueryString();
|
2026-02-03 11:51:46 +08:00
|
|
|
|
|
|
|
|
|
|
// 只能看到自己權限以下的角色
|
|
|
|
|
|
$rolesQuery = Role::select('id', 'name', 'display_name');
|
|
|
|
|
|
if (!auth()->user()->hasRole('super-admin')) {
|
|
|
|
|
|
$rolesQuery->where('name', '!=', 'super-admin');
|
|
|
|
|
|
}
|
|
|
|
|
|
$roles = $rolesQuery->get();
|
2026-01-13 13:30:51 +08:00
|
|
|
|
|
|
|
|
|
|
return Inertia::render('Admin/User/Index', [
|
2026-02-03 11:51:46 +08:00
|
|
|
|
'users' => $users,
|
2026-01-13 17:09:52 +08:00
|
|
|
|
'users' => $users,
|
2026-01-20 15:53:15 +08:00
|
|
|
|
'roles' => $roles,
|
2026-02-03 11:51:46 +08:00
|
|
|
|
'filters' => $request->only(['per_page', 'sort_by', 'sort_order', 'search', 'role', 'is_active']),
|
2026-01-13 13:30:51 +08:00
|
|
|
|
]);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2026-01-26 14:59:24 +08:00
|
|
|
|
* 顯示建立新資源的表單。
|
2026-01-13 13:30:51 +08:00
|
|
|
|
*/
|
|
|
|
|
|
public function create()
|
|
|
|
|
|
{
|
2026-02-03 11:51:46 +08:00
|
|
|
|
$rolesQuery = Role::query();
|
|
|
|
|
|
if (!auth()->user()->hasRole('super-admin')) {
|
|
|
|
|
|
$rolesQuery->where('name', '!=', 'super-admin');
|
|
|
|
|
|
}
|
|
|
|
|
|
$roles = $rolesQuery->pluck('display_name', 'name');
|
2026-01-13 13:30:51 +08:00
|
|
|
|
|
|
|
|
|
|
return Inertia::render('Admin/User/Create', [
|
|
|
|
|
|
'roles' => $roles
|
|
|
|
|
|
]);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2026-01-26 14:59:24 +08:00
|
|
|
|
* 將新建立的資源儲存到儲存體中。
|
2026-01-13 13:30:51 +08:00
|
|
|
|
*/
|
|
|
|
|
|
public function store(Request $request)
|
|
|
|
|
|
{
|
|
|
|
|
|
$validated = $request->validate([
|
|
|
|
|
|
'name' => ['required', 'string', 'max:255'],
|
|
|
|
|
|
'email' => ['nullable', 'string', 'email', 'max:255', 'unique:users'],
|
|
|
|
|
|
'username' => ['required', 'string', 'max:255', 'unique:users'],
|
2026-02-03 11:51:46 +08:00
|
|
|
|
|
2026-01-13 13:30:51 +08:00
|
|
|
|
'password' => ['required', 'string', 'min:8', 'confirmed'],
|
|
|
|
|
|
'roles' => ['array'],
|
2026-02-03 11:51:46 +08:00
|
|
|
|
'is_active' => ['boolean'],
|
2026-01-19 15:58:47 +08:00
|
|
|
|
], [
|
|
|
|
|
|
'password.required' => '請輸入密碼',
|
|
|
|
|
|
'password.min' => '密碼長度至少需 :min 個字元',
|
|
|
|
|
|
'password.confirmed' => '密碼確認不符',
|
2026-01-13 13:30:51 +08:00
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
|
|
$user = User::create([
|
|
|
|
|
|
'name' => $validated['name'],
|
|
|
|
|
|
'email' => $validated['email'],
|
|
|
|
|
|
'username' => $validated['username'],
|
2026-02-03 11:51:46 +08:00
|
|
|
|
|
2026-01-13 13:30:51 +08:00
|
|
|
|
'password' => Hash::make($validated['password']),
|
2026-02-03 11:51:46 +08:00
|
|
|
|
'is_active' => $request->boolean('is_active', true),
|
2026-01-13 13:30:51 +08:00
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
|
|
if (!empty($validated['roles'])) {
|
2026-02-03 11:51:46 +08:00
|
|
|
|
// 安全檢查:非 super-admin 不能賦予 super-admin 角色
|
|
|
|
|
|
if (!auth()->user()->hasRole('super-admin') && in_array('super-admin', $validated['roles'])) {
|
|
|
|
|
|
abort(403, '您沒有權限指派系統管理員角色');
|
|
|
|
|
|
}
|
2026-01-13 13:30:51 +08:00
|
|
|
|
$user->syncRoles($validated['roles']);
|
2026-01-19 16:06:40 +08:00
|
|
|
|
|
2026-01-26 14:59:24 +08:00
|
|
|
|
// 更新 'created' 紀錄以包含角色資訊
|
2026-01-19 16:06:40 +08:00
|
|
|
|
$activity = \Spatie\Activitylog\Models\Activity::where('subject_type', get_class($user))
|
|
|
|
|
|
->where('subject_id', $user->id)
|
|
|
|
|
|
->where('event', 'created')
|
|
|
|
|
|
->latest()
|
|
|
|
|
|
->first();
|
|
|
|
|
|
|
|
|
|
|
|
if ($activity) {
|
|
|
|
|
|
$roleNames = $user->roles()->pluck('display_name')->join(', ');
|
2026-01-19 17:07:45 +08:00
|
|
|
|
$properties = $activity->properties->toArray();
|
2026-01-19 16:06:40 +08:00
|
|
|
|
$properties['attributes']['role_id'] = $roleNames;
|
|
|
|
|
|
$activity->properties = $properties;
|
|
|
|
|
|
$activity->save();
|
|
|
|
|
|
}
|
2026-01-13 13:30:51 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return redirect()->route('users.index')->with('success', '使用者建立成功');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2026-01-26 14:59:24 +08:00
|
|
|
|
* 顯示編輯指定資源的表單。
|
2026-01-13 13:30:51 +08:00
|
|
|
|
*/
|
|
|
|
|
|
public function edit(string $id)
|
|
|
|
|
|
{
|
|
|
|
|
|
$user = User::with('roles')->findOrFail($id);
|
2026-02-03 11:51:46 +08:00
|
|
|
|
|
|
|
|
|
|
// 安全檢查:非 super-admin 不能編輯 super-admin
|
|
|
|
|
|
if ($user->hasRole('super-admin') && !auth()->user()->hasRole('super-admin')) {
|
|
|
|
|
|
abort(403, '您沒有權限編輯系統管理員');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$rolesQuery = Role::select('id', 'name', 'display_name');
|
|
|
|
|
|
if (!auth()->user()->hasRole('super-admin')) {
|
|
|
|
|
|
$rolesQuery->where('name', '!=', 'super-admin');
|
|
|
|
|
|
}
|
|
|
|
|
|
$roles = $rolesQuery->get();
|
2026-01-13 13:30:51 +08:00
|
|
|
|
|
|
|
|
|
|
return Inertia::render('Admin/User/Edit', [
|
|
|
|
|
|
'user' => $user,
|
|
|
|
|
|
'roles' => $roles,
|
|
|
|
|
|
'currentRoles' => $user->getRoleNames()
|
|
|
|
|
|
]);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2026-01-26 14:59:24 +08:00
|
|
|
|
* 更新儲存體中的指定資源。
|
2026-01-13 13:30:51 +08:00
|
|
|
|
*/
|
|
|
|
|
|
public function update(Request $request, string $id)
|
|
|
|
|
|
{
|
|
|
|
|
|
$user = User::findOrFail($id);
|
2026-01-19 16:10:59 +08:00
|
|
|
|
|
2026-02-03 11:51:46 +08:00
|
|
|
|
// 安全檢查:非 super-admin 不能更新 super-admin
|
|
|
|
|
|
if ($user->hasRole('super-admin') && !auth()->user()->hasRole('super-admin')) {
|
|
|
|
|
|
abort(403, '您沒有權限編輯系統管理員');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-13 13:30:51 +08:00
|
|
|
|
$validated = $request->validate([
|
|
|
|
|
|
'name' => ['required', 'string', 'max:255'],
|
|
|
|
|
|
'email' => ['nullable', 'string', 'email', 'max:255', Rule::unique('users')->ignore($user->id)],
|
|
|
|
|
|
'username' => ['required', 'string', 'max:255', Rule::unique('users')->ignore($user->id)],
|
2026-02-03 11:51:46 +08:00
|
|
|
|
|
2026-01-13 13:30:51 +08:00
|
|
|
|
'password' => ['nullable', 'string', 'min:8', 'confirmed'],
|
|
|
|
|
|
'roles' => ['array'],
|
2026-02-03 11:51:46 +08:00
|
|
|
|
'is_active' => ['boolean'],
|
2026-01-19 15:58:47 +08:00
|
|
|
|
], [
|
|
|
|
|
|
'password.min' => '密碼長度至少需 :min 個字元',
|
|
|
|
|
|
'password.confirmed' => '密碼確認不符',
|
2026-01-13 13:30:51 +08:00
|
|
|
|
]);
|
|
|
|
|
|
|
2026-01-26 14:59:24 +08:00
|
|
|
|
// 1. 準備資料並偵測變更
|
2026-01-13 13:30:51 +08:00
|
|
|
|
$userData = [
|
|
|
|
|
|
'name' => $validated['name'],
|
|
|
|
|
|
'email' => $validated['email'],
|
|
|
|
|
|
'username' => $validated['username'],
|
|
|
|
|
|
];
|
|
|
|
|
|
|
2026-01-19 16:10:59 +08:00
|
|
|
|
$user->fill($userData);
|
|
|
|
|
|
|
2026-01-26 14:59:24 +08:00
|
|
|
|
// 捕捉變更屬性以進行手動記錄
|
2026-01-19 16:10:59 +08:00
|
|
|
|
$dirty = $user->getDirty();
|
|
|
|
|
|
$oldAttributes = [];
|
|
|
|
|
|
$newAttributes = [];
|
|
|
|
|
|
|
|
|
|
|
|
foreach ($dirty as $key => $value) {
|
|
|
|
|
|
$oldAttributes[$key] = $user->getOriginal($key);
|
|
|
|
|
|
$newAttributes[$key] = $value;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-26 14:59:24 +08:00
|
|
|
|
// 儲存但不觸發事件(防止重複記錄)
|
2026-01-19 16:10:59 +08:00
|
|
|
|
$user->saveQuietly();
|
2026-01-13 13:30:51 +08:00
|
|
|
|
|
2026-01-26 14:59:24 +08:00
|
|
|
|
// 2. 處理角色
|
2026-01-19 16:10:59 +08:00
|
|
|
|
$roleChanges = null;
|
2026-01-13 13:30:51 +08:00
|
|
|
|
if (isset($validated['roles'])) {
|
2026-02-03 11:51:46 +08:00
|
|
|
|
// 安全檢查:非 super-admin 不能賦予 super-admin 角色
|
|
|
|
|
|
if (!auth()->user()->hasRole('super-admin') && in_array('super-admin', $validated['roles'])) {
|
|
|
|
|
|
abort(403, '您沒有權限指派系統管理員角色');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 16:10:59 +08:00
|
|
|
|
$oldRoles = $user->roles()->pluck('display_name')->join(', ');
|
2026-01-13 13:30:51 +08:00
|
|
|
|
$user->syncRoles($validated['roles']);
|
2026-01-19 16:06:40 +08:00
|
|
|
|
$newRoles = $user->roles()->pluck('display_name')->join(', ');
|
|
|
|
|
|
|
|
|
|
|
|
if ($oldRoles !== $newRoles) {
|
2026-01-19 16:10:59 +08:00
|
|
|
|
$roleChanges = [
|
|
|
|
|
|
'old' => $oldRoles,
|
|
|
|
|
|
'new' => $newRoles
|
|
|
|
|
|
];
|
2026-01-19 16:06:40 +08:00
|
|
|
|
}
|
2026-01-13 13:30:51 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-26 14:59:24 +08:00
|
|
|
|
// 3. 手動記錄活動(單一整合記錄)
|
2026-01-19 16:10:59 +08:00
|
|
|
|
if (!empty($newAttributes) || $roleChanges) {
|
|
|
|
|
|
$properties = [
|
|
|
|
|
|
'attributes' => $newAttributes,
|
|
|
|
|
|
'old' => $oldAttributes,
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
if ($roleChanges) {
|
|
|
|
|
|
$properties['attributes']['role_id'] = $roleChanges['new'];
|
|
|
|
|
|
$properties['old']['role_id'] = $roleChanges['old'];
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
activity()
|
|
|
|
|
|
->performedOn($user)
|
|
|
|
|
|
->causedBy(auth()->user())
|
|
|
|
|
|
->event('updated')
|
|
|
|
|
|
->withProperties($properties)
|
2026-01-19 16:13:22 +08:00
|
|
|
|
->tap(function (\Spatie\Activitylog\Contracts\Activity $activity) use ($user) {
|
2026-01-26 14:59:24 +08:00
|
|
|
|
// 手動加入快照,因為使用 saveQuietly 所以不使用模型的 LogOptions
|
2026-01-19 16:13:22 +08:00
|
|
|
|
$activity->properties = $activity->properties->merge([
|
|
|
|
|
|
'snapshot' => [
|
|
|
|
|
|
'name' => $user->name,
|
|
|
|
|
|
'username' => $user->username,
|
|
|
|
|
|
]
|
|
|
|
|
|
]);
|
|
|
|
|
|
})
|
2026-01-19 16:10:59 +08:00
|
|
|
|
->log('updated');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-13 13:30:51 +08:00
|
|
|
|
return redirect()->route('users.index')->with('success', '使用者更新成功');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2026-01-26 14:59:24 +08:00
|
|
|
|
* 從儲存體中移除指定資源。
|
2026-01-13 13:30:51 +08:00
|
|
|
|
*/
|
|
|
|
|
|
public function destroy(string $id)
|
|
|
|
|
|
{
|
|
|
|
|
|
$user = User::findOrFail($id);
|
|
|
|
|
|
|
2026-02-03 11:51:46 +08:00
|
|
|
|
// 安全檢查:非 super-admin 不能刪除 super-admin
|
|
|
|
|
|
if ($user->hasRole('super-admin') && !auth()->user()->hasRole('super-admin')) {
|
|
|
|
|
|
abort(403, '您沒有權限刪除系統管理員');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-13 13:30:51 +08:00
|
|
|
|
if ($user->hasRole('super-admin')) {
|
|
|
|
|
|
return back()->with('error', '無法刪除超級管理員帳號');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ($user->id === auth()->id()) {
|
|
|
|
|
|
return back()->with('error', '無法刪除自己');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$user->delete();
|
|
|
|
|
|
|
2026-02-03 11:51:46 +08:00
|
|
|
|
return redirect()->route('users.index')->with('success', "使用者「{$user->name}」已刪除");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* 切換使用者啟用/停用狀態
|
|
|
|
|
|
*/
|
|
|
|
|
|
public function toggleActive(string $id)
|
|
|
|
|
|
{
|
|
|
|
|
|
$user = User::findOrFail($id);
|
|
|
|
|
|
|
|
|
|
|
|
// 安全檢查:不能停用自己
|
|
|
|
|
|
if ($user->id === auth()->id() && $user->is_active) {
|
|
|
|
|
|
return back()->with('error', '無法停用自己的帳號');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 安全檢查:非 super-admin 不能停用 super-admin
|
|
|
|
|
|
if ($user->hasRole('super-admin') && !auth()->user()->hasRole('super-admin')) {
|
|
|
|
|
|
abort(403, '您沒有權限變更系統管理員狀態');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$oldStatus = $user->is_active;
|
|
|
|
|
|
$user->is_active = !$oldStatus;
|
|
|
|
|
|
$user->save();
|
|
|
|
|
|
|
|
|
|
|
|
// 記錄活動
|
|
|
|
|
|
activity()
|
|
|
|
|
|
->performedOn($user)
|
|
|
|
|
|
->causedBy(auth()->user())
|
|
|
|
|
|
->event('updated')
|
|
|
|
|
|
->withProperties([
|
|
|
|
|
|
'attributes' => ['is_active' => $user->is_active],
|
|
|
|
|
|
'old' => ['is_active' => $oldStatus],
|
|
|
|
|
|
'snapshot' => [
|
|
|
|
|
|
'name' => $user->name,
|
|
|
|
|
|
'username' => $user->username,
|
|
|
|
|
|
]
|
|
|
|
|
|
])
|
|
|
|
|
|
->log('updated');
|
|
|
|
|
|
|
|
|
|
|
|
$statusText = $user->is_active ? '已啟用' : '已停用';
|
|
|
|
|
|
return back()->with('success', "使用者「{$user->name}」{$statusText}");
|
2026-01-13 13:30:51 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
