298 lines
13 KiB
PHP
298 lines
13 KiB
PHP
<?php
|
|
|
|
namespace App\Filament\Resources;
|
|
|
|
use App\enum\UserLevel;
|
|
use App\Filament\Resources\UserResource\Pages\CreateUser;
|
|
use App\Filament\Resources\UserResource\Pages\EditUser;
|
|
use App\Filament\Resources\UserResource\Pages\ListUsers;
|
|
use App\Filament\Resources\UserResource\RelationManagers\LogsRelationManager;
|
|
use App\Filament\Resources\UserResource\RelationManagers\UsageLogsRelationManager;
|
|
use App\Models\User;
|
|
use App\Services\ImpersonationService;
|
|
use BackedEnum;
|
|
use Filament\Actions\Action;
|
|
use Filament\Actions\BulkAction;
|
|
use Filament\Actions\BulkActionGroup;
|
|
use Filament\Actions\DeleteBulkAction;
|
|
use Filament\Actions\EditAction;
|
|
use Filament\Forms\Components\DatePicker;
|
|
use Filament\Forms\Components\Select;
|
|
use Filament\Forms\Components\TextInput;
|
|
use Filament\Notifications\Notification;
|
|
use Filament\Resources\Resource;
|
|
use Filament\Schemas\Schema;
|
|
use Filament\Tables\Columns\IconColumn;
|
|
use Filament\Tables\Columns\TextColumn;
|
|
use Filament\Tables\Filters\SelectFilter;
|
|
use Filament\Tables\Table;
|
|
use Illuminate\Database\Eloquent\Collection;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Illuminate\Support\Facades\Log;
|
|
use UnitEnum;
|
|
|
|
class UserResource extends Resource
|
|
{
|
|
protected static ?string $model = User::class;
|
|
|
|
protected static string|BackedEnum|null $navigationIcon = 'heroicon-o-users';
|
|
|
|
protected static string|UnitEnum|null $navigationGroup = 'Admin';
|
|
|
|
public static function form(Schema $schema): Schema
|
|
{
|
|
return $schema
|
|
->components([
|
|
TextInput::make('name')
|
|
->required()
|
|
->maxLength(255),
|
|
|
|
TextInput::make('email')
|
|
->email()
|
|
->required()
|
|
->maxLength(255),
|
|
TextInput::make('password')
|
|
->password()
|
|
->required()
|
|
->minLength(6)
|
|
->maxLength(255)
|
|
->visibleOn('create'),
|
|
TextInput::make('email_verified_at')
|
|
->label('Email Verification Status')
|
|
->disabled()
|
|
->formatStateUsing(fn ($record): string => $record->email_verified_at ?? ''
|
|
? 'Verified at '.$record->email_verified_at->toDateTimeString()
|
|
: 'Not Verified')
|
|
->helperText('Shows whether the user has verified their email address.'),
|
|
TextInput::make('stripe_id')
|
|
->label('Stripe ID')
|
|
->disabled()
|
|
->helperText('Automatically managed by Stripe'),
|
|
|
|
TextInput::make('pm_type')
|
|
->label('Payment Method Type')
|
|
->disabled(),
|
|
|
|
TextInput::make('pm_last_four')
|
|
->label('Card Last 4 Digits')
|
|
->disabled(),
|
|
|
|
DatePicker::make('trial_ends_at')
|
|
->label('Trial Ends At')
|
|
->disabled()
|
|
->displayFormat('Y-m-d H:i:s'),
|
|
Select::make('level')
|
|
->label('User Level')
|
|
->options(UserLevel::class)
|
|
->enum(UserLevel::class)
|
|
->required()
|
|
->helperText('Select the appropriate user level. Super Admin has full system access.'),
|
|
|
|
]);
|
|
}
|
|
|
|
public static function table(Table $table): Table
|
|
{
|
|
return $table
|
|
->columns([
|
|
TextColumn::make('name')->sortable()->searchable(),
|
|
TextColumn::make('email')->sortable()->searchable(),
|
|
IconColumn::make('email_verified_at')
|
|
->label('Verified')
|
|
->boolean()
|
|
->trueIcon('heroicon-o-check-circle')
|
|
->falseIcon('heroicon-o-x-circle')
|
|
->trueColor('success')
|
|
->falseColor('danger')
|
|
->getStateUsing(fn ($record): bool => ! is_null($record->email_verified_at))
|
|
->sortable(),
|
|
TextColumn::make('level')
|
|
->label('User Level')
|
|
->badge()
|
|
->getStateUsing(fn ($record): string => $record->level->getLabel())
|
|
->color(fn ($record): string => $record->level->getColor())
|
|
->icon(fn ($record): string => $record->level->getIcon())
|
|
->sortable(),
|
|
TextColumn::make('stripe_id')->label('Stripe ID')->copyable(),
|
|
TextColumn::make('pm_last_four')->label('Card Last 4'),
|
|
TextColumn::make('trial_ends_at')->label('Trial Ends')->dateTime()->sortable(),
|
|
])
|
|
->defaultSort('created_at', 'desc')
|
|
->filters([
|
|
SelectFilter::make('level')
|
|
->label('User Level')
|
|
->options(UserLevel::class),
|
|
SelectFilter::make('subscription_status')
|
|
->label('Subscription Status')
|
|
->options([
|
|
'subscribed' => 'Has Active Subscription',
|
|
'not_subscribed' => 'No Active Subscription',
|
|
])
|
|
->query(function ($query, array $data): void {
|
|
if ($data['value'] === 'subscribed') {
|
|
$query->whereHas('subscriptions', function ($query): void {
|
|
$query->where('stripe_status', 'active')
|
|
->orWhere('stripe_status', 'trialing');
|
|
});
|
|
} elseif ($data['value'] === 'not_subscribed') {
|
|
$query->whereDoesntHave('subscriptions', function ($query): void {
|
|
$query->where('stripe_status', 'active')
|
|
->orWhere('stripe_status', 'trialing');
|
|
});
|
|
}
|
|
}),
|
|
SelectFilter::make('email_verified')
|
|
->label('Email Verification')
|
|
->options([
|
|
'verified' => 'Verified',
|
|
'not_verified' => 'Not Verified',
|
|
])
|
|
->query(function ($query, array $data): void {
|
|
if ($data['value'] === 'verified') {
|
|
$query->whereNotNull('email_verified_at');
|
|
} elseif ($data['value'] === 'not_verified') {
|
|
$query->whereNull('email_verified_at');
|
|
}
|
|
}),
|
|
])
|
|
->recordActions([
|
|
EditAction::make(),
|
|
Action::make('impersonate')
|
|
->label('Login as User')
|
|
->icon('heroicon-o-arrow-right-on-rectangle')
|
|
->color('warning')
|
|
->requiresConfirmation()
|
|
->modalHeading('Start User Impersonation')
|
|
->modalDescription('This will open a new tab where you will be logged in as this user. All actions will be logged for security. Your admin panel will remain open in this tab.')
|
|
->modalSubmitActionLabel('Start Impersonation')
|
|
->modalCancelActionLabel('Cancel')
|
|
->visible(fn (User $record): bool => auth()->user()?->isSuperAdmin() &&
|
|
$record->isNormalUser() &&
|
|
! app(ImpersonationService::class)->isImpersonating()
|
|
)
|
|
->url(function (User $record): string {
|
|
$admin = auth()->user();
|
|
$impersonationService = app(ImpersonationService::class);
|
|
|
|
if (! $impersonationService->canImpersonate($admin, $record)) {
|
|
Notification::make()
|
|
->title('Impersonation Failed')
|
|
->body('Unable to start impersonation. Please check permissions and try again.')
|
|
->danger()
|
|
->send();
|
|
|
|
return '#';
|
|
}
|
|
|
|
// Return impersonation URL
|
|
return route('impersonation.start', $record);
|
|
})
|
|
->openUrlInNewTab(),
|
|
])
|
|
->toolbarActions([
|
|
Action::make('stopImpersonation')
|
|
->label('Stop Impersonating')
|
|
->icon('heroicon-o-arrow-left-on-rectangle')
|
|
->color('danger')
|
|
->visible(fn (): bool => app(ImpersonationService::class)->isImpersonating())
|
|
->action(function () {
|
|
$impersonationService = app(ImpersonationService::class);
|
|
|
|
if (! $impersonationService->stopImpersonation(request())) {
|
|
Notification::make()
|
|
->title('Failed to Stop Impersonation')
|
|
->body('Unable to stop impersonation session.')
|
|
->danger()
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
Notification::make()
|
|
->title('Impersonation Ended')
|
|
->body('You have been returned to your admin account.')
|
|
->success()
|
|
->send();
|
|
|
|
return redirect()->to(\Filament\Pages\Dashboard::getUrl());
|
|
}),
|
|
BulkActionGroup::make([
|
|
DeleteBulkAction::make(),
|
|
BulkAction::make('updateLevel')
|
|
->label('Update User Level')
|
|
->action(function (Collection $records, array $data): void {
|
|
$newLevel = (int) $data['new_level'];
|
|
|
|
// Prevent bulk updating to Super Admin level for security
|
|
if ($newLevel === UserLevel::SUPERADMIN->value) {
|
|
$message = 'Cannot bulk assign Super Admin level for security reasons.';
|
|
|
|
Log::warning('Attempted bulk Super Admin assignment', [
|
|
'user_ids' => $records->pluck('id')->toArray(),
|
|
'attempted_level' => $newLevel,
|
|
'ip' => request()->ip(),
|
|
]);
|
|
|
|
Notification::make()
|
|
->title('Security Restriction')
|
|
->body($message)
|
|
->danger()
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
DB::table('users')
|
|
->whereIn('id', $records->pluck('id'))
|
|
->update(['level' => $newLevel]);
|
|
|
|
Log::info('Bulk user level update completed', [
|
|
'user_ids' => $records->pluck('id')->toArray(),
|
|
'new_level' => $newLevel,
|
|
'updated_by' => auth()->id(),
|
|
]);
|
|
|
|
Notification::make()
|
|
->title('User Level Updated')
|
|
->body('The selected users\' levels have been updated successfully.')
|
|
->success()
|
|
->send();
|
|
})
|
|
->icon('heroicon-o-pencil')
|
|
->color('primary')
|
|
->modalHeading('Select User Level')
|
|
->modalDescription('Please choose the user level to apply to the selected users.')
|
|
->modalSubmitActionLabel('Update Level')
|
|
->modalCancelActionLabel('Cancel')
|
|
->form([
|
|
Select::make('new_level')
|
|
->label('Select User Level')
|
|
->options([
|
|
UserLevel::NORMALUSER->value => UserLevel::NORMALUSER->getLabel(),
|
|
UserLevel::BANNEDUSER->value => UserLevel::BANNEDUSER->getLabel(),
|
|
])
|
|
->required()
|
|
->helperText('Super Admin level cannot be assigned via bulk action for security.'),
|
|
]),
|
|
]),
|
|
]);
|
|
}
|
|
|
|
public static function getRelations(): array
|
|
{
|
|
return [
|
|
LogsRelationManager::class,
|
|
UsageLogsRelationManager::class,
|
|
];
|
|
}
|
|
|
|
public static function getPages(): array
|
|
{
|
|
return [
|
|
'index' => ListUsers::route('/'),
|
|
'create' => CreateUser::route('/create'),
|
|
'edit' => EditUser::route('/{record}/edit'),
|
|
];
|
|
}
|
|
}
|