Added super admin middleware

app/Http/Controllers/API/CompanyController.php

@@ -35,19 +35,15 @@ class CompanyController extends Controller
 
     public function store(CreateOrUpdateRequest $request)
     {
-        if(Auth::user()->super_admin){
-            $company=new Company();
+        $company = new Company();
 
-            $company->fill([
+        $company->fill([
             ...$request->all(),
         ]);
 
         $company->save();
-        return $this->created();
-        }
-
-        return $this->forbidden("Operation without permission");
 
+        return $this->created();
     }
 
     public function show(string $id)
@@ -58,36 +54,27 @@ class CompanyController extends Controller
                 return $this->forbidden("You are not a user under this company");
             }
         }
+
         $field = Company::query()->findOrFail($id);
 
         return new CompanyResource($field);
     }
 
     public function update(CreateOrUpdateRequest $request,string $id){
-        if(Auth::user()->super_admin) {
-            $company = Company::findOrFail($id);
-            $company->fill($request->all());
-            $company->save();
-            return $this->noContent();
-        }
+        $company = Company::findOrFail($id);
 
-        return $this->forbidden("Operation without permission");
+        $company->fill($request->all());
+        $company->save();
+
+        return $this->noContent();
     }
 
 
     public function destroy(string $id)
     {
-        if(Auth::user()->super_admin) {
-            $company = Company::findOrFail($id);
-            $company->delete();
+        $company = Company::findOrFail($id);
+        $company->delete();
 
-            return $this->noContent();
-        }
-        return $this->forbidden("Operation without permission");
+        return $this->noContent();
     }
-
-
-
-
-
 }

app/Http/Kernel.php

@@ -3,6 +3,7 @@
 namespace App\Http;
 
 use App\Http\Middleware\CheckPermission;
+use App\Http\Middleware\SuperAdmin;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
 
 class Kernel extends HttpKernel
@@ -66,5 +67,6 @@ class Kernel extends HttpKernel
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
         'permission' => CheckPermission::class,
+        'role.super-admin' => SuperAdmin::class,
     ];
 }

app/Http/Middleware/SuperAdmin.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\HttpException;
+
+class SuperAdmin
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (Auth::user()->super_admin) {
+            return $next($request);
+        }
+
+        throw new HttpException(403, 'Operation without permission');
+    }
+}

routes/api.php

@@ -21,13 +21,18 @@ Route::middleware(['auth:sanctum'])->group(function () {
     Route::post("/logout", [API\AuthController::class, "logout"]);
     Route::get("user/info", [API\UserController::class, 'info'])->name("user.info");
 
-    Route::middleware(['permission'])->group(function () {
+    // Allow access only to admin role
+    Route::middleware(['permission', 'role.super-admin'])->group(function () {
         Route::get("config", [API\ConfigController::class, "index"])->name("config.index");
         Route::post("config-setting", [API\ConfigController::class, "setting"])->name("config.setting");
         Route::get("config/message-notification-setting", [API\ConfigController::class, "messageNotificationSetting"])
             ->name("config.message-notification-setting");
         Route::post("config/message-notification-setting", [API\ConfigController::class, "storeMessageNotificationSetting"])
             ->name("config.store-message-notification-setting");
+
+        Route::apiResource("company", API\CompanyController::class)->only([
+            'store', 'update', 'destroy'
+        ]);
     });
 
     Route::middleware(['permission'])->group(function() {
@@ -44,9 +49,12 @@ Route::middleware(['auth:sanctum'])->group(function () {
             'task' => API\TaskController::class,
             'library' => API\LibraryController::class,
             'department' => API\DepartmentController::class,
-            'company' => API\CompanyController::class,
             'user' => API\UserController::class,
         ]);
+        Route::apiResource("company", API\CompanyController::class)->only([
+            'index', 'show'
+        ]);
+
         Route::get("asset/{asset_id}/report",[API\AssetController::class, 'report'])->name('asset.report');
 
         Route::patch("requirement/{requirement_id}/close",[API\RequirementController::class, 'close'])->name('requirement.close');