Create Laravel project
Install Bootstrap
Data Model & Migration
User Model
Country Model
Company Model
Event Model
Function Role User Model
Holiday Model
Leave Type Model
Leave Application Model
Leave Application Document Model
Leave Application Summary Model
Leave Entitlement Model
Month Model
Leave Type Approving Officer Model
User Permission Model
Week Day Model
User Approving Officer Model
Working Day Model
Data Seeder
Policy
Company Controller
User Password Controller
User Controller
Home Controller
User Permission Controller
Event Controller
Holiday Controller
Leave Type Controller
Leave Application Controller
Leave Application Confirmation Controller
LeaveApplication History Controller
Leave Entitlement Controller
Leave Type Approving Officer Controller
Manage LeaveApplication Controller
User Approving Officer Controller
Manage Leave Application Document Contoller
Working Day Controller
Alert Component
Breadcrumb Component
Checkbox Component
Page Title Component
Search Panel Component
Search Panel For Country Component
CSS/SCSS
JavaScript
Routes
Layout View
Auth/Permission View
Auth/User Approving Officer View
Auth/Index View
Auth/Create View
Auth/Show View
Auth/Change Password
Company Create View
Company Show View
Company Index View
Holiday Create View
Holiday Show View
Holiday Index View
Leave Type Create View
Leave Type Show View
Leave Type Index View
Working Day Create View
Working Day Show View
Working Day Index View
Leave Entitlement Edit View
Leave Type Approving Officer View
Leave Entitlement Index View
Leave Application View
Leave Application Confirmation View
Leave Application History View
Manage Leave Application View
Manage Leave Application Document View
Calendar View
Source Code

User Controller

For understanding, how the controller code, please refer to company controller

php artisan make:controller Auth\\UserController

Replace the code with below

Laravel has built-in hashing method to protect user password.

Hash::make($request->password),

Auth::id() will give current authenticated user id. It then check if requested multiple user records ids match for deletion. This is because, we want to safe guard to prevent current login user account from deleting. If match, it throw 403 unauthorized action.

$loginId = \Auth::id(); if(in_array($loginId, $ids)) { abort(403, 'Unauthorized action.'); }

We need to include the following import statement(s)
use Illuminate\Support\Facades\DB;
use App\Models\User;
use App\Models\Company;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Collection;

Replace the code with below

Controller full code
class UserController extends Controller { public function __construct() { $this->middleware('auth'); } public function index(){ $this->authorize('read', User::class); $useraccounts =DB::table('users') ->join('companies','companies.id', '=', 'users.company_id') ->whereNull('users.deleted_at') ->select(['companies.name as companyName', 'users.deleted_at','users.id', 'users.name', 'users.email', 'users.staffId']) ->paginate(20); session(['pageTitle' => 'User Accounts']); session(['pageTitleIcon' => 'fa fa-th-list']); $companies = Company::all(); return view('auth.index', [ 'useraccounts' => $useraccounts, 'companies' => $companies, ]); } public function create(){ $this->authorize('read', User::class); session(['pageTitle' => 'User Accounts: New']); session(['pageTitleIcon' => 'fa fa-pencil']); $companies = Company::all(); return view('auth.create',[ 'companies' => $companies, ]); } public function store(Request $request){ $this->authorize('create', User::class); $action = $request->input('btn-submit'); $this->validate($request, [ 'company_id'=> 'required|not_in:0', 'name' => 'required||max:255', 'email'=> 'required|unique:users,email|max:255', 'password' => 'required|confirmed|min:8', ]); $id = User::create([ 'company_id'=> $request->company_id, 'name' => $request->name, 'staffId' => $request->staffId, 'email' => $request->email, 'password' => Hash::make($request->password), 'joinDate'=> $request->joinDate, ])->id; switch($action){ case 1: $companies = Company::all(); $user = User::find($id); return view('auth.show',[ 'companies' => $companies, 'user'=>$user, ])->with('success', trans('message.add_success')); break; case 2: return redirect()->route('useraccounts')->with('success', trans('message.add_success')); break; case 3: return redirect()->route('useraccounts.create')->with('success', trans('message.add_success')); break; } } public function show($id) { $this->authorize('update', User::class); session(['pageTitle' => 'User Account: Edit']); session(['pageTitleIcon' => 'fa fa-pencil']); $companies = Company::all(); $user = User::find($id); return view('auth.show', [ 'user'=> $user, 'companies' => $companies, ]); } public function update(Request $request,$id) { $this->authorize('update', User::class); $user = User::find($id); $user->company_id = $request->company_id; $user->name = $request->name; $user->staffId = $request->staffId; $user->joinDate = $request->joinDate; $user->save(); $action = $request->input('btn-submit'); switch($action){ case 1: $companies = Company::all(); return view('auth.show', [ 'user'=> $user, 'companies' => $companies, ])->with('success', trans('message.update_success')); break; case 2: return redirect()->route('useraccounts')->with('success', trans('message.update_success')); break; case 3: return redirect()->route('useraccounts.create')->with('success', trans('message.update_success')); break; } } public function destroy(Request $request) { $this->authorize('delete', User::class); $this->authorize('amItheLoginUser', $request->id); $useraccount = User::find($request->id); $useraccount->delete(); return response()->json($useraccount); } public function multi_action(Request $request) { $ids = $request->id; $action = $request->input('btn-submit'); if($ids != null) { switch($action){ case 1: $this->authorize('delete', User::class); $loginId = \Auth::id(); if(in_array($loginId, $ids)) { abort(403, 'Unauthorized action.'); } else{ User::destroy($ids); return redirect()->route('useraccounts')->with('success', trans('message.delete_success')); } break; case 2: $this->authorize('restore', User::class); User::onlyTrashed() ->whereIn('id', $ids) ->restore(); return redirect()->route('useraccounts')->with('success', trans('message.record_restore')); break; } } else{ return redirect()->route('useraccounts')->with('success', trans('message.no_item_selected')); } } public function search(Request $request){ $this->authorize('read', User::class); $company_id = $request->company_id; $status = $request->status; $useraccounts; if($status == 1) //active { if($company_id > 0) { $useraccounts =DB::table('users') ->join('companies','companies.id', '=', 'users.company_id') ->whereNull('users.deleted_at') ->where('companies.id', '=', $company_id) ->select(['companies.name as companyName', 'users.deleted_at','users.id', 'users.name', 'users.email', 'users.staffId']) ->paginate(20); } else { $useraccounts =DB::table('users') ->join('companies','companies.id', '=', 'users.company_id') ->whereNull('users.deleted_at') ->select(['companies.name as companyName', 'users.deleted_at','users.id', 'users.name', 'users.email', 'users.staffId']) ->paginate(20); } } else { if($company_id > 0) { $useraccounts =DB::table('users') ->join('companies','companies.id', '=', 'users.company_id') ->whereNotNull('users.deleted_at') ->where('companies.id', '=', $company_id) ->select(['companies.name as companyName', 'users.deleted_at','users.id', 'users.name', 'users.email', 'users.staffId']) ->paginate(20); } else { $useraccounts =DB::table('users') ->join('companies','companies.id', '=', 'users.company_id') ->whereNotNull('users.deleted_at') ->select(['companies.name as companyName', 'users.deleted_at','users.id', 'users.name', 'users.email', 'users.staffId']) ->paginate(20); } } $companies = Company::all(); return view('auth.index', [ 'useraccounts' => $useraccounts, 'companies' => $companies, ]); } }
< User Password Controller
Home Controller >