From 59160a62c30948dd4b98025396f998ef9b73436e Mon Sep 17 00:00:00 2001
From: "fauzgabriel@gmail.com" <fauzgabriel@gmail.com>
Date: Wed, 11 Mar 2026 11:29:37 +0700
Subject: [PATCH] offtaker access

---
 .../Controllers/Api/OfftakerController.php    | 20 ++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/app/Http/Controllers/Api/OfftakerController.php b/app/Http/Controllers/Api/OfftakerController.php
index afb2e5f..af7d17e 100644
--- a/app/Http/Controllers/Api/OfftakerController.php
+++ b/app/Http/Controllers/Api/OfftakerController.php
@@ -22,7 +22,9 @@ public function index(): JsonResponse
 
     public function store(Request $request): JsonResponse
     {
-        Gate::authorize('any',['super_admin', 'petani']);
+        if (!Gate::any(['super_admin', 'petani', 'fasilitator', 'admin'])) {
+            abort(403, 'Unauthorized');
+        }
 
         $validated = $request->validate([
             'user_email' => ['required', 'email', 'max:255'],
@@ -49,14 +51,18 @@ public function store(Request $request): JsonResponse
 
     public function show(string $id): JsonResponse
     {
-        Gate::authorize('any',['super_admin', 'petani']);
+        if (!Gate::any(['super_admin', 'petani', 'fasilitator', 'admin'])) {
+            abort(403, 'Unauthorized');
+        }
         $offtaker = Offtaker::findOrFail($id);
         return response()->json($offtaker);
     }
 
     public function update(Request $request, string $id): JsonResponse
     {
-        Gate::authorize('any',['super_admin', 'petani']);
+        if (!Gate::any(['super_admin', 'petani', 'fasilitator', 'admin'])) {
+            abort(403, 'Unauthorized');
+        }
         $offtaker = Offtaker::findOrFail($id);
 
         $validated = $request->validate([
@@ -74,7 +80,9 @@ public function update(Request $request, string $id): JsonResponse
 
     public function destroy(string $id): JsonResponse
     {
-        Gate::authorize('any',['super_admin', 'petani']);
+        if (!Gate::any(['super_admin', 'petani', 'fasilitator', 'admin'])) {
+            abort(403, 'Unauthorized');
+        }
         Offtaker::findOrFail($id)->delete();
         
         return response()->json(null, 204);
@@ -85,7 +93,9 @@ public function destroy(string $id): JsonResponse
      */
     public function batchUpsert(Request $request): JsonResponse
     {
-        Gate::authorize('any',['super_admin', 'petani']);
+        if (!Gate::any(['super_admin', 'petani', 'fasilitator', 'admin'])) {
+            abort(403, 'Unauthorized');
+        }
 
         $validated = $request->validate([
             'offtakers' => ['required', 'array'],