perms for manager

app/Http/Controllers/OrderController.php

@@ -87,6 +87,10 @@ class OrderController extends Controller
         $this->acceptSearch($q, $request);
         $this->setSortAndOrderBy($model, $request);
 
+        if(hasRole('brigadier')) {
+            $q->where('brigadier_id', auth()->id());
+        }
+
         $q->orderBy($this->data['sortBy'], $this->data['orderBy']);
         $this->data['orders'] = $q->paginate(session('per_page', config('pagination.per_page')))->withQueryString();
 

resources/views/catalog/edit.blade.php

@@ -7,7 +7,7 @@
                 <h3>МАФ {{ $product->common_name ?? 'Новый МАФ' }}</h3>
             </div>
             <div class="col-6 text-end">
-                @if(isset($product))
+                @if(isset($product) && hasRole('admin'))
                      <button class="btn btn-sm text-success" onclick="$('#upl-cert').trigger('click');"><i class="bi bi-plus-circle-fill"></i> Загрузить сертификат</button>
 
                     <form action="{{ route('catalog.upload-certificate', ['product' => $product, 'previous_url' => $previous_url ?? '']) }}" class="visually-hidden" method="POST" enctype="multipart/form-data">
@@ -24,42 +24,43 @@
                 @csrf
                 <div class="row">
                     <div class="col-xl-6">
-                        @include('partials.input', ['name' => 'article', 'title' => 'Артикул', 'required' => true, 'value' => $product->article ?? ''])
-                        @include('partials.input', ['name' => 'nomenclature_number', 'title' => 'Номер номенклатуры', 'required' => true, 'value' => $product->nomenclature_number ?? ''])
-                        @include('partials.input', ['name' => 'name_tz', 'title' => 'Наименование по ТЗ', 'required' => true, 'value' => $product->name_tz ?? ''])
-                        @include('partials.input', ['name' => 'type_tz', 'title' => 'Тип по ТЗ', 'required' => true, 'value' => $product->type_tz ?? ''])
-                        @include('partials.input', ['name' => 'unit', 'title' => 'Ед. изм.', 'required' => true, 'value' => $product->unit ?? ''])
-                        @include('partials.input', ['name' => 'manufacturer', 'title' => 'Производитель', 'required' => true, 'value' => $product->manufacturer ?? ''])
-                        @include('partials.input', ['name' => 'type', 'title' => 'Тип', 'required' => true, 'value' => $product->type ?? ''])
-                        @include('partials.input', ['name' => 'manufacturer_name', 'title' => 'Наименование производителя', 'required' => true, 'value' => $product->manufacturer_name ?? ''])
-                        @include('partials.input', ['name' => 'sizes', 'title' => 'Размеры', 'required' => true, 'value' => $product->sizes ?? ''])
-                        @include('partials.input', ['name' => 'product_price', 'type' => 'number', 'title' => 'Цена товара', 'required' => true, 'value' => $product->product_price ?? ''])
-                        @include('partials.input', ['name' => 'installation_price', 'type' => 'number', 'title' => 'Цена установки', 'required' => true, 'value' => $product->installation_price ?? ''])
-                        @include('partials.input', ['name' => 'total_price', 'type' => 'number', 'title' => 'Итоговая цена', 'required' => true, 'value' => $product->total_price ?? ''])
-                        @include('partials.input', ['name' => 'passport_name', 'title' => 'Наименование по паспорту', 'value' => $product->passport_name ?? ''])
-                        @include('partials.input', ['name' => 'statement_name', 'title' => 'Наименование в ведомости', 'value' => $product->statement_name ?? ''])
+                        @include('partials.input', ['name' => 'article', 'title' => 'Артикул', 'required' => true, 'value' => $product->article ?? '', 'disabled' => !hasRole('admin'), 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'nomenclature_number', 'title' => 'Номер номенклатуры', 'required' => true, 'value' => $product->nomenclature_number ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'name_tz', 'title' => 'Наименование по ТЗ', 'required' => true, 'value' => $product->name_tz ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'type_tz', 'title' => 'Тип по ТЗ', 'required' => true, 'value' => $product->type_tz ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'unit', 'title' => 'Ед. изм.', 'required' => true, 'value' => $product->unit ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'manufacturer', 'title' => 'Производитель', 'required' => true, 'value' => $product->manufacturer ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'type', 'title' => 'Тип', 'required' => true, 'value' => $product->type ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'manufacturer_name', 'title' => 'Наименование производителя', 'required' => true, 'value' => $product->manufacturer_name ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'sizes', 'title' => 'Размеры', 'required' => true, 'value' => $product->sizes ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'product_price', 'type' => 'number', 'title' => 'Цена товара', 'required' => true, 'value' => $product->product_price ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'installation_price', 'type' => 'number', 'title' => 'Цена установки', 'required' => true, 'value' => $product->installation_price ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'total_price', 'type' => 'number', 'title' => 'Итоговая цена', 'required' => true, 'value' => $product->total_price ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'passport_name', 'title' => 'Наименование по паспорту', 'value' => $product->passport_name ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'statement_name', 'title' => 'Наименование в ведомости', 'value' => $product->statement_name ?? '', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'service_life', 'title' => 'Срок службы', 'type' => 'number', 'value' => $product?->service_life, 'disabled' => !hasRole('admin')])
+
                         <input type="hidden" name="previous_url" value="{{ $previous_url ?? '' }}">
                     </div>
                     <div class="col-xl-6">
-                        @if($product->certificate)
+                        @if($product?->certificate)
                             @include('partials.input', ['name' => 'cert', 'title' => 'Сертификат', 'value' => $product->certificate->original_name, 'disabled' => true])
                         @endif
 
-                        @include('partials.input', ['name' => 'service_life', 'title' => 'Срок службы', 'type' => 'number', 'value' => $product->service_life])
-                        @include('partials.input', ['name' => 'certificate_number', 'title' => 'Номер сертификата', 'value' => $product->certificate_number])
-                        @include('partials.input', ['name' => 'certificate_date', 'title' => 'Дата сертификата', 'type' => 'date', 'value' => $product->certificate_date])
-                        @include('partials.input', ['name' => 'certificate_issuer', 'title' => 'Орган сертификации', 'value' => $product->certificate_issuer])
-                        @include('partials.input', ['name' => 'certificate_type', 'title' => 'Вид сертификации', 'value' => $product->certificate_type])
-                        @include('partials.input', ['name' => 'weight', 'title' => 'Вес', 'value' => $product->weight,  'type' => 'number', 'step' => '0.01'])
-                        @include('partials.input', ['name' => 'volume', 'title' => 'Объём', 'value' => $product->volume, 'type' => 'number', 'step' => '0.01'])
-                        @include('partials.input', ['name' => 'places', 'title' => 'Кол-во мест', 'value' => $product->places, 'type' => 'number', 'step' => '1'])
+                        @include('partials.input', ['name' => 'certificate_number', 'title' => 'Номер сертификата', 'value' => $product?->certificate_number, 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'certificate_date', 'title' => 'Дата сертификата', 'type' => 'date', 'value' => $product?->certificate_date, 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'certificate_issuer', 'title' => 'Орган сертификации', 'value' => $product?->certificate_issuer, 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'certificate_type', 'title' => 'Вид сертификации', 'value' => $product?->certificate_type, 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'weight', 'title' => 'Вес', 'value' => $product?->weight,  'type' => 'number', 'step' => '0.01', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'volume', 'title' => 'Объём', 'value' => $product?->volume, 'type' => 'number', 'step' => '0.01', 'disabled' => !hasRole('admin')])
+                        @include('partials.input', ['name' => 'places', 'title' => 'Кол-во мест', 'value' => $product?->places, 'type' => 'number', 'step' => '1', 'disabled' => !hasRole('admin')])
 
                         <div class="row mb-2">
                             <label for="note" class="col-form-label my-1">
                                 Примечание <sup>*</sup>
                             </label>
                             <div>
-                                <textarea name="note" id="note" rows="15" class="form-control @error('note') is-invalid @enderror" required>{{ old('note', $product->note ?? '') }}</textarea>
+                                <textarea name="note" id="note" rows="15" @disabled(!hasRole('admin')) class="form-control @error('note') is-invalid @enderror" required>{{ old('note', $product->note ?? '') }}</textarea>
                                 @error('note')
                                     <span class="invalid-feedback" role="alert"><strong>{{ $message }}</strong></span>
                                 @enderror
@@ -67,7 +68,7 @@
                         </div>
                     </div>
                     <div class="col-12">
-                        @include('partials.submit', ['deleteDisabled' => (!isset($product) || $product->hasRelations()), 'offset' => 6, 'delete' => ['form_id' => 'deleteProduct']])
+                        @include('partials.submit', ['deleteDisabled' => (!isset($product) || $product->hasRelations() || !hasRole('admin')), 'disabled' => !hasRole('admin'), 'offset' => 6, 'delete' => ['form_id' => 'deleteProduct']])
                     </div>
                 </div>
 

resources/views/catalog/index.blade.php

@@ -7,14 +7,15 @@
             <h3>Каталог</h3>
         </div>
         <div class="col-md-6 text-end">
-            <button type="button" class="btn btn-sm mb-1 btn-primary" data-bs-toggle="modal" data-bs-target="#importModal">
-                Импорт
-            </button>
-            <button type="button" class="btn btn-sm mb-1 btn-primary" data-bs-toggle="modal" data-bs-target="#exportModal">
-                Экспорт
-            </button>
-            <a href="{{ route('catalog.create') }}" class="btn btn-sm mb-1 btn-primary">Добавить</a>
-
+            @if(hasRole('admin'))
+                <button type="button" class="btn btn-sm mb-1 btn-primary" data-bs-toggle="modal" data-bs-target="#importModal">
+                    Импорт
+                </button>
+                <button type="button" class="btn btn-sm mb-1 btn-primary" data-bs-toggle="modal" data-bs-target="#exportModal">
+                    Экспорт
+                </button>
+                <a href="{{ route('catalog.create') }}" class="btn btn-sm mb-1 btn-primary">Добавить</a>
+            @endif
         </div>
     </div>
 

resources/views/layouts/menu.blade.php

@@ -4,8 +4,6 @@
     @if(hasRole('admin,manager'))
         <li class="nav-item"><a class="nav-link @if($active == 'product_sku') active @endif"
                                 href="{{ route('product_sku.index', session('gp_sku')) }}">МАФ</a></li>
-        <li class="nav-item"><a class="nav-link @if($active == 'maf_order') active @endif"
-                            href="{{ route('maf_order.index', session('gp_maf_order')) }}">Заказы МАФ</a></li>
         <li class="nav-item"><a class="nav-link @if($active == 'catalog') active @endif"
                                 href="{{ route('catalog.index', session('gp_catalog')) }}">Каталог</a></li>
         <li class="nav-item"><a class="nav-link @if($active == 'reports') active @endif"
@@ -20,7 +18,8 @@
 
 
     @if(hasrole('admin'))
-
+        <li class="nav-item"><a class="nav-link @if($active == 'maf_order') active @endif"
+                                href="{{ route('maf_order.index', session('gp_maf_order')) }}">Заказы МАФ</a></li>
         <li class="nav-item dropdown">
             <a id="navbarDropdown" class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown"
                aria-haspopup="true" aria-expanded="false">

resources/views/orders/edit.blade.php

@@ -16,27 +16,27 @@
 
                 @include('partials.select', ['name' => 'order_status_id', 'title' => 'Статус', 'options' => $orderStatuses, 'value' => $order->order_status_id ?? old('order_status_id'), 'required' => true])
 
-                @include('partials.select', ['name' => 'district_id', 'title' => 'Округ', 'options' => $districts, 'value' => $order?->district_id ?? old('district_id'), 'first_empty' => true, 'required' => true])
+                @include('partials.select', ['name' => 'district_id', 'title' => 'Округ', 'options' => $districts, 'value' => $order?->district_id ?? old('district_id'), 'first_empty' => true, 'required' => true, 'disabled' => !hasRole('admin')])
 
-                @include('partials.select', ['name' => 'area_id', 'title' => 'Район', 'options' => $areas, 'value' => $order?->area_id ?? old('area_id'), 'required' => true, 'first_empty' => true])
+                @include('partials.select', ['name' => 'area_id', 'title' => 'Район', 'options' => $areas, 'value' => $order?->area_id ?? old('area_id'), 'required' => true, 'first_empty' => true, 'disabled' => !hasRole('admin')])
 
-                @include('partials.input', ['name' => 'object_address', 'title' => 'Адрес объекта', 'value' => $order->object_address ?? old('object_address'), 'required' => true])
+                @include('partials.input', ['name' => 'object_address', 'title' => 'Адрес объекта', 'value' => $order->object_address ?? old('object_address'), 'required' => true, 'disabled' => !hasRole('admin')])
 
-                @include('partials.input', ['name' => 'name', 'title' => 'Название', 'value' => $order->name ?? old('name'), 'required' => true])
+                @include('partials.input', ['name' => 'name', 'title' => 'Название', 'value' => $order->name ?? old('name'), 'required' => true, 'disabled' => !hasRole('admin')])
 
-                @include('partials.select', ['name' => 'object_type_id', 'title' => 'Тип объекта', 'options' => $objectTypes, 'value' => $order->object_type_id ?? old('object_type_id'), 'required' => true, 'first_empty' => true])
+                @include('partials.select', ['name' => 'object_type_id', 'title' => 'Тип объекта', 'options' => $objectTypes, 'value' => $order->object_type_id ?? old('object_type_id'), 'required' => true, 'first_empty' => true, 'disabled' => !hasRole('admin')])
 
                 @include('partials.textarea', ['name' => 'comment', 'title' => 'Комментарий', 'value' => $order->comment ?? old('comment')])
 
-                @include('partials.input', ['name' => 'installation_date', 'title' => 'Дата выхода на монтаж', 'type' => 'date', 'value' => $order->installation_date ?? old('installation_date')])
+                @include('partials.input', ['name' => 'installation_date', 'title' => 'Дата выхода на монтаж', 'type' => 'date', 'value' => $order->installation_date ?? old('installation_date'), 'disabled' => !hasRole('admin')])
 
-                @include('partials.input', ['name' => 'install_days', 'title' => 'Дней на монтаж', 'type' => 'number', 'min' => 1, 'value' => $order->install_days ?? old('install_days')])
+                @include('partials.input', ['name' => 'install_days', 'title' => 'Дней на монтаж', 'type' => 'number', 'min' => 1, 'value' => $order->install_days ?? old('install_days'), 'disabled' => !hasRole('admin')])
 
-                @include('partials.input', ['name' => 'ready_date', 'title' => 'Дата готовности площадки', 'type' => 'date', 'value' => $order->ready_date ?? old('ready_date')])
+                @include('partials.input', ['name' => 'ready_date', 'title' => 'Дата готовности площадки', 'type' => 'date', 'value' => $order->ready_date ?? old('ready_date'), 'disabled' => !hasRole('admin')])
 
-                @include('partials.select', ['name' => 'brigadier_id', 'title' => 'Бригадир', 'options' => $brigadiers, 'value' => $order->brigadier_id ?? old('brigadier_id'), 'first_empty' => true])
+                @include('partials.select', ['name' => 'brigadier_id', 'title' => 'Бригадир', 'options' => $brigadiers, 'value' => $order->brigadier_id ?? old('brigadier_id'), 'first_empty' => true, 'disabled' => !hasRole('admin')])
 
-                @include('partials.select', ['name' => 'user_id', 'title' => 'Менеджер', 'options' => $users, 'value' => $order->user_id ?? old('user_id') ?? auth()->user()->id])
+                @include('partials.select', ['name' => 'user_id', 'title' => 'Менеджер', 'options' => $users, 'value' => $order->user_id ?? old('user_id') ?? auth()->user()->id, 'disabled' => !hasRole('admin')])
 
                 @include('partials.input', ['name' => 'tg_group_name', 'title' => 'Название группы в ТГ', 'value' => $order->tg_group_name ?? old('tg_group_name')])
 
@@ -46,8 +46,8 @@
             <div class="col-xxl-6">
                 <h4>МАФ</h4>
                 <div>
-                    <input type="text" class="form-control mb-2" @disabled(($order->order_status_id ?? 0) > 1) placeholder="Поиск номенклатуры" id="search_maf">
-                    <select id="select_maf" class="form-select mb-3" multiple @disabled(($order->order_status_id ?? 0) > 1)></select>
+                    <input type="text" class="form-control mb-2" @disabled((($order->order_status_id ?? 0) > 1) || !hasRole('admin')) placeholder="Поиск номенклатуры" id="search_maf">
+                    <select id="select_maf" class="form-select mb-3" multiple @disabled((($order->order_status_id ?? 0) > 1) || !hasRole('admin'))></select>
                 </div>
 
                 <div id="selected_maf">
@@ -64,10 +64,10 @@
                                 </div>
                                 <div class="col-1 d-flex justify-content-end">
                                     <div>
-                                        <input class="form-control text-end form-control-sm quantity" type="number" name="quantity[]" value="1" @disabled($order->order_status_id > 1)>
+                                        <input @disabled((($order->order_status_id ?? 0) > 1) || !hasRole('admin')) class="form-control text-end form-control-sm quantity" type="number" name="quantity[]" value="1" @disabled($order->order_status_id > 1)>
                                     </div>
                                     <div class="p-1">
-                                        @if($order->order_status_id == 1)
+                                        @if(($order->order_status_id == 1) && hasRole('admin'))
                                             <i onclick="$(this).parent().parent().parent().remove(); $('.changes-message').removeClass('visually-hidden');" class="bi bi-trash text-danger cursor-pointer"></i>
                                         @endif
                                     </div>

resources/views/orders/index.blade.php

@@ -5,7 +5,7 @@
         <div class="col-6">
             <h3>Площадки</h3>
         </div>
-        @if(hasRole('admin,manager'))
+        @if(hasRole('admin'))
             <div class="col-6 text-end">
                 <a href="{{ route('order.create') }}" class="btn btn-sm btn-primary">Создать</a>
             </div>

resources/views/orders/show.blade.php

@@ -30,9 +30,11 @@
                 @if(in_array($order->order_status_id, [Order::STATUS_READY_TO_MOUNT, Order::STATUS_IN_MOUNT]) && $order->isAllMafConnected() && hasRole('admin,manager'))
                     <a href="{{ route('order.generate-installation-pack', $order) }}"
                        class="btn btn-sm mb-1 btn-primary">Документы для монтажа</a>
-                        <button @disabled(is_null($order->brigadier_id)) class="btn btn-primary btn-sm mb-1"
-                                id="createScheduleButton">Перенести в график
-                        </button>
+                        @if(hasRole('admin'))
+                            <button @disabled(is_null($order->brigadier_id)) class="btn btn-primary btn-sm mb-1"
+                                    id="createScheduleButton">Перенести в график
+                            </button>
+                        @endif
                 @endif
                 @if($order->canCreateHandover() && hasRole('admin,manager'))
                     <a href="{{ route('order.generate-handover-pack', $order) }}" class="btn btn-sm mb-1 btn-primary">Документы
@@ -60,13 +62,13 @@
                 <div class="row">
                     <div class="col-md-8">Дата выхода на монтаж:</div>
                     <div class="col-md-4">
-                        <input type="date" name="installation_date" id="installation_date" @disabled(!hasRole('admin,manager')) value="{{ $order->installation_date }}" class="form-control form-control-sm">
+                        <input type="date" name="installation_date" id="installation_date" @disabled(!hasRole('admin')) value="{{ $order->installation_date }}" class="form-control form-control-sm">
                     </div>
                 </div>
                 <div class="row">
                     <div class="col-md-8">Дней на монтаж:</div>
                     <div class="col-md-4">
-                        <input type="number" min="1" name="install_days" id="install_days" @disabled(!hasRole('admin,manager')) value="{{ $order->install_days }}"  class="form-control form-control-sm">
+                        <input type="number" min="1" name="install_days" id="install_days" @disabled(!hasRole('admin')) value="{{ $order->install_days }}"  class="form-control form-control-sm">
                     </div>
                 </div>
                 <div>Дата готовности площадки: {{ $order->ready_date }}</div>
@@ -85,10 +87,10 @@
                         </div>
                     @endforeach
                 </div>
-                <hr>
-                <div class="documents">
-                    Документы
-                    @if(hasRole('admin,manager'))
+                @if(hasRole('admin,manager'))
+                    <hr>
+                    <div class="documents">
+                        Документы
                         <button class="btn btn-sm text-success" onclick="$('#upl-documents').trigger('click');"><i
                                     class="bi bi-plus-circle-fill"></i> Загрузить
                         </button>
@@ -98,31 +100,29 @@
                             <input required type="file" id="upl-documents" onchange="$(this).parent().submit()" multiple
                                    name="document[]" class="form-control form-control-sm">
                         </form>
-                    @endif
-                    <div class="row my-2 g-1">
-                        @foreach($order->documents as $document)
-                            <div class="col-12">
-                                <a href="{{ $document->link }}" target="_blank">
-                                    {{ $document->original_name }}
-                                </a>
-                                @if(hasRole('admin'))
-                                    <i class="bi bi-x-circle-fill fs-6 text-danger cursor-pointer ms-2"
-                                       onclick="if(confirm('Удалить?')) $('#document-{{ $document->id }}').submit()"
-                                       title="Удалить"></i>
-                                @endif
-                                <form action="{{ route('order.delete-document', [$order, $document]) }}" method="POST"
-                                      id="document-{{ $document->id }}" class="visually-hidden">
-                                    @csrf
-                                    @method('DELETE')
-                                </form>
-                            </div>
-                        @endforeach
+                        <div class="row my-2 g-1">
+                            @foreach($order->documents as $document)
+                                <div class="col-12">
+                                    <a href="{{ $document->link }}" target="_blank">
+                                        {{ $document->original_name }}
+                                    </a>
+                                    @if(hasRole('admin'))
+                                        <i class="bi bi-x-circle-fill fs-6 text-danger cursor-pointer ms-2"
+                                           onclick="if(confirm('Удалить?')) $('#document-{{ $document->id }}').submit()"
+                                           title="Удалить"></i>
+                                    @endif
+                                    <form action="{{ route('order.delete-document', [$order, $document]) }}" method="POST"
+                                          id="document-{{ $document->id }}" class="visually-hidden">
+                                        @csrf
+                                        @method('DELETE')
+                                    </form>
+                                </div>
+                            @endforeach
+                        </div>
                     </div>
-                </div>
-                <hr>
-                <div class="statements">
-                    Ведомости
-                    @if(hasRole('admin,manager'))
+                    <hr>
+                    <div class="statements">
+                        Ведомости
                         <button class="btn btn-sm text-success" onclick="$('#upl-statements').trigger('click');"><i
                                     class="bi bi-plus-circle-fill"></i> Загрузить
                         </button>
@@ -132,27 +132,27 @@
                             <input required type="file" id="upl-statements" onchange="$(this).parent().submit()" multiple
                                    name="statement[]" class="form-control form-control-sm">
                         </form>
-                    @endif
-                    <div class="row my-2 g-1">
-                        @foreach($order->statements as $statement)
-                            <div class="col-12">
-                                <a href="{{ $statement->link }}" target="_blank">
-                                    {{ $statement->original_name }}
-                                </a>
-                                @if(hasRole('admin'))
-                                    <i class="bi bi-x-circle-fill fs-6 text-danger cursor-pointer ms-2"
-                                       onclick="if(confirm('Удалить?')) $('#statement-{{ $statement->id }}').submit()"
-                                       title="Удалить"></i>
-                                @endif
-                                <form action="{{ route('order.delete-statement', [$order, $statement]) }}" method="POST"
-                                      id="statement-{{ $statement->id }}" class="visually-hidden">
-                                    @csrf
-                                    @method('DELETE')
-                                </form>
-                            </div>
-                        @endforeach
+                        <div class="row my-2 g-1">
+                            @foreach($order->statements as $statement)
+                                <div class="col-12">
+                                    <a href="{{ $statement->link }}" target="_blank">
+                                        {{ $statement->original_name }}
+                                    </a>
+                                    @if(hasRole('admin'))
+                                        <i class="bi bi-x-circle-fill fs-6 text-danger cursor-pointer ms-2"
+                                           onclick="if(confirm('Удалить?')) $('#statement-{{ $statement->id }}').submit()"
+                                           title="Удалить"></i>
+                                    @endif
+                                    <form action="{{ route('order.delete-statement', [$order, $statement]) }}" method="POST"
+                                          id="statement-{{ $statement->id }}" class="visually-hidden">
+                                        @csrf
+                                        @method('DELETE')
+                                    </form>
+                                </div>
+                            @endforeach
+                        </div>
                     </div>
-                </div>
+                @endif
 
                 <hr>
                 <div class="photo">
@@ -238,7 +238,7 @@
                                             @endif
                                         </td>
                                         <td>
-                                            @if(hasRole('admin,manager'))
+                                            @if(hasRole('admin'))
                                                 <a href="{{ route('product_sku.show', ['product_sku' =>$p, 'previous_url' => url()->current()]) }}">
                                                     {!! $p->product->article !!}
                                                 </a>
@@ -250,7 +250,7 @@
                                         <td>{!! $p->product->nomenclature_number !!}</td>
                                         <td>{{ $p->status }}</td>
                                         <td>
-                                            @if($p->maf_order_id && hasRole('admin,manager'))
+                                            @if($p->maf_order_id && hasRole('admin'))
                                                 <a href="{{ route('maf_order.show', $p->maf_order) }}">{{ $p->maf_order->order_number }}</a>
                                             @endif
                                         </td>
@@ -281,7 +281,7 @@
                             </table>
                         </div>
                         <div>
-                            @if(hasRole('admin,manager'))
+                            @if(hasRole('admin'))
                                 <a href="{{ route('order.get-maf', $order) }}"
                                    class="btn btn-primary btn-sm mb-1 @disabled($order->ready_to_mount == 'Нет' )">Привязать
                                     все МАФы</a>

resources/views/products_sku/edit.blade.php

@@ -8,7 +8,7 @@
                 <h4>МАФ на складе</h4>
             </div>
             <div class="col-xl-6 text-end">
-                @if(isset($product_sku))
+                @if(isset($product_sku) && hasRole('admin'))
                     <button class="btn btn-sm text-success" onclick="$('#upl-pass').trigger('click');"><i class="bi bi-plus-circle-fill"></i> Загрузить паспорт</button>
 
                     <form action="{{ route('product-sku.upload-passport', ['product_sku' => $product_sku, 'previous_url' => $previous_url ?? '']) }}" class="visually-hidden" method="POST" enctype="multipart/form-data">
@@ -29,12 +29,12 @@
 
                 @include('partials.input', ['name' => 'order_name', 'title' => 'Площадка', 'disabled' => true, 'value' => $product_sku->order->common_name])
                 @include('partials.input', ['name' => 'product_name', 'title' => 'МАФ', 'disabled' => true, 'value' => $product_sku->product->common_name])
-                @include('partials.input', ['name' => 'rfid', 'title' => 'RFID', 'required' => true, 'value' => $product_sku->rfid])
-                @include('partials.input', ['name' => 'factory_number', 'title' => 'Номер фабрики', 'required' => true, 'value' => $product_sku->factory_number])
-                @include('partials.input', ['name' => 'manufacture_date', 'title' => 'Дата производства', 'type' => 'date', 'required' => true, 'value' => $product_sku->manufacture_date])
-                @include('partials.input', ['name' => 'statement_number', 'title' => 'Номер ведомости', 'value' => $product_sku->statement_number])
-                @include('partials.input', ['name' => 'statement_date', 'title' => 'Дата ведомости', 'type' => 'date', 'value' => $product_sku->statement_date])
-                @include('partials.input', ['name' => 'upd_number', 'title' => 'Номер УПД', 'value' => $product_sku->upd_number])
+                @include('partials.input', ['name' => 'rfid', 'title' => 'RFID', 'required' => true, 'disabled' => !hasRole('admin'), 'value' => $product_sku->rfid])
+                @include('partials.input', ['name' => 'factory_number', 'title' => 'Номер фабрики', 'required' => true, 'disabled' => !hasRole('admin'), 'value' => $product_sku->factory_number])
+                @include('partials.input', ['name' => 'manufacture_date', 'title' => 'Дата производства', 'type' => 'date', 'required' => true, 'disabled' => !hasRole('admin'), 'value' => $product_sku->manufacture_date])
+                @include('partials.input', ['name' => 'statement_number', 'title' => 'Номер ведомости', 'disabled' => !hasRole('admin'), 'value' => $product_sku->statement_number])
+                @include('partials.input', ['name' => 'statement_date', 'title' => 'Дата ведомости', 'disabled' => !hasRole('admin'), 'type' => 'date', 'value' => $product_sku->statement_date])
+                @include('partials.input', ['name' => 'upd_number', 'title' => 'Номер УПД', 'disabled' => !hasRole('admin'), 'value' => $product_sku->upd_number])
             </div>
             <div class="col-xxl-6">
                 @if($product_sku->passport)
@@ -45,7 +45,7 @@
                         Примечание
                     </label>
                     <div>
-                        <textarea name="comment" id="comment" rows="15" class="form-control @error('comment') is-invalid @enderror">{{ old('note', $product_sku->comment ?? '') }}</textarea>
+                        <textarea name="comment" id="comment" @disabled(!hasRole('admin')) rows="15" class="form-control @error('comment') is-invalid @enderror">{{ old('note', $product_sku->comment ?? '') }}</textarea>
                         @error('comment')
                         <span class="invalid-feedback" role="alert"><strong>{{ $message }}</strong></span>
                         @enderror
@@ -54,7 +54,7 @@
 
             </div>
             <div class="col-12">
-                @include('partials.submit', ['name' => 'Сохранить', 'offset' => 5])
+                @include('partials.submit', ['name' => 'Сохранить', 'offset' => 5, 'disabled' => !hasRole('admin')])
             </div>
         </form>
 @endsection

resources/views/schedule/index.blade.php

@@ -44,7 +44,6 @@
             </div>
         </div>
 
-
         <table class="table">
             <thead>
             <tr>
@@ -59,7 +58,7 @@
                 <th>Кол-во позиций</th>
                 <th>Бригадир</th>
                 <th>Примечание</th>
-                @if(hasRole('admin,manager'))
+                @if(hasRole('admin'))
                     <th></th>
                 @endif
             </tr>
@@ -69,8 +68,10 @@
                 <tr>
                     <td rowspan="{{ ($schs) ? count($schs) : '1' }}"
                         class="vertical">{{ \App\Helpers\DateHelper::getHumanDayOfWeek($dow) }}
-                        <i class="bi bi-calendar-plus text-primary ms-2 createSchedule"
-                           title="Новая запись" data-schedule-date="{{ $dow }}"></i>
+                        @if(hasRole('admin'))
+                            <i class="bi bi-calendar-plus text-primary ms-2 createSchedule"
+                               title="Новая запись" data-schedule-date="{{ $dow }}"></i>
+                        @endif
                     </td>
                     <td rowspan="{{ ($schs) ? count($schs) : '1' }}"
                         class="vertical">{{ \App\Helpers\DateHelper::getHumanDate($dow) }}</td>
@@ -100,7 +101,7 @@
                                 class="align-middle">{{ $schedule->brigadier->name }}</td>
                             <td style="background: {{ $schedule->brigadier->color }}"
                                 class="align-middle comment-{{ $schedule->id }}">{{ $schedule->comment }}</td>
-                            @if(hasRole('admin,manager'))
+                            @if(hasRole('admin'))
                                 <td style="background: {{ $schedule->brigadier->color }}" class="align-middle">
                                     <i class="bi bi-pencil p-1 m-1 cursor-pointer text-primary editSchedule"
                                        data-schedule-date="{{ $schedule->installation_date }}"

routes/web.php

@@ -59,17 +59,10 @@ Route::middleware('auth:web')->group(function () {
     Route::get('profile', [UserController::class, 'profile'])->name('user.profile');
     Route::post('profile/store', [UserController::class, 'storeProfile'])->name('profile.store');
 
-    // catalog
-    Route::middleware('role:admin,manager')->group(function (){
+    Route::middleware('role:admin,manager')->group(function () {
+        // catalog
         Route::get('catalog', [ProductController::class, 'index'])->name('catalog.index');
-        Route::get('catalog/create', [ProductController::class, 'create'])->name('catalog.create');
         Route::get('catalog/{product}', [ProductController::class, 'show'])->name('catalog.show');
-        Route::post('catalog', [ProductController::class, 'store'])->name('catalog.store');
-        Route::post('catalog/{product}', [ProductController::class, 'update'])->name('catalog.update');
-        Route::delete('catalog/{product}', [ProductController::class, 'delete'])->name('catalog.delete');
-
-        Route::post('catalog-import', [ProductController::class, 'import'])->name('catalog.import');
-        Route::post('catalog-export', [ProductController::class, 'export'])->name('catalog.export');
 
         // contracts
         Route::get('contract', [ContractController::class, 'index'])->name('contract.index');
@@ -80,18 +73,12 @@ Route::middleware('auth:web')->group(function () {
         Route::delete('contract/{contract}', [ContractController::class, 'delete'])->name('contract.delete');
 
         // orders
-        Route::get('order/create', [OrderController::class, 'create'])->name('order.create');
         Route::get('order/edit/{order}', [OrderController::class, 'edit'])->name('order.edit');
 
         Route::post('order/store', [OrderController::class, 'store'])->name('order.store');
         Route::post('order/update', [OrderController::class, 'store'])->name('order.update');
         Route::delete('order/{order}', [OrderController::class, 'destroy'])->name('order.destroy')->middleware('role:' . Role::ADMIN);
 
-        Route::get('order/{order}/get-maf', [OrderController::class, 'getMafToOrder'])->name('order.get-maf');
-        Route::get('order/revert-maf/{order}', [OrderController::class, 'revertMaf'])->name('order.revert-maf');
-        Route::post('order/move-maf', [OrderController::class, 'moveMaf'])->name('order.move-maf');
-        Route::post('order/create-ttn', [OrderController::class, 'createTtn'])->name('order.create-ttn');
-
         Route::post('order/{order}/upload-document', [OrderController::class, 'uploadDocument'])->name('order.upload-document');
         Route::post('order/{order}/upload-statement', [OrderController::class, 'uploadStatement'])->name('order.upload-statement');
 
@@ -109,14 +96,6 @@ Route::middleware('auth:web')->group(function () {
         Route::get('product_sku/{product_sku}', [ProductSKUController::class, 'show'])->name('product_sku.show');
         Route::post('product_sku/update/{product_sku}', [ProductSKUController::class, 'update'])->name('product_sku.update');
 
-        // Склад заказы МАФ
-        Route::get('maf_orders', [MafOrderController::class, 'index'])->name('maf_order.index');
-        Route::get('maf_orders/{maf_order}', [MafOrderController::class, 'show'])->name('maf_order.show');
-        Route::post('maf_orders/store', [MafOrderController::class, 'store'])->name('maf_order.store');
-        Route::post('maf_orders/update/{maf_order}', [MafOrderController::class, 'update'])->name('maf_order.update');
-        Route::delete('maf_orders/delete/{maf_order}', [MafOrderController::class, 'destroy'])->name('maf_order.delete');
-        Route::post('maf_orders/set_in_stock/{maf_order}', [MafOrderController::class, 'setInStock'])->name('maf_order.set_in_stock');
-
         // рекламации
         Route::post('reclamations/create/{order}', [ReclamationController::class, 'create'])->name('reclamations.create');
         Route::post('reclamations/update/{reclamation}', [ReclamationController::class, 'update'])->name('reclamations.update');
@@ -125,22 +104,46 @@ Route::middleware('auth:web')->group(function () {
         Route::post('reclamations/{reclamation}/update-details', [ReclamationController::class, 'updateDetails'])->name('reclamations.update-details');
         Route::get('reports', [ReportController::class, 'index'])->name('reports.index');
 
-        // график
-        Route::post('schedule/create_from_order', [ScheduleController::class, 'createFromOrder'])->name('schedule.create-from-order');
-        Route::post('schedule/update', [ScheduleController::class, 'update'])->name('schedule.update');
-        Route::delete('schedule/delete/{schedule}', [ScheduleController::class, 'delete'])->name('schedule.delete');
 
     });
 
 
-
     // orders for all
     Route::get('order', [OrderController::class, 'index'])->name('order.index');
     Route::get('order/{order}', [OrderController::class, 'show'])->name('order.show');
     Route::post('order/{order}/upload-photo', [OrderController::class, 'uploadPhoto'])->name('order.upload-photo');
     Route::get('order/generate-photos-pack/{order}', [OrderController::class, 'generatePhotosPack'])->name('order.generate-photos-pack');
 
-    Route::middleware('role:' . Role::ADMIN)->group(function (){
+    Route::middleware('role:' . Role::ADMIN)->group(function () {
+        Route::get('catalog/create', [ProductController::class, 'create'])->name('catalog.create');
+        Route::post('catalog', [ProductController::class, 'store'])->name('catalog.store');
+        Route::post('catalog/{product}', [ProductController::class, 'update'])->name('catalog.update');
+        Route::delete('catalog/{product}', [ProductController::class, 'delete'])->name('catalog.delete');
+
+        Route::post('catalog-import', [ProductController::class, 'import'])->name('catalog.import');
+        Route::post('catalog-export', [ProductController::class, 'export'])->name('catalog.export');
+
+
+        // Склад заказы МАФ
+        Route::get('maf_orders', [MafOrderController::class, 'index'])->name('maf_order.index');
+        Route::get('maf_orders/{maf_order}', [MafOrderController::class, 'show'])->name('maf_order.show');
+        Route::post('maf_orders/store', [MafOrderController::class, 'store'])->name('maf_order.store');
+        Route::post('maf_orders/update/{maf_order}', [MafOrderController::class, 'update'])->name('maf_order.update');
+        Route::delete('maf_orders/delete/{maf_order}', [MafOrderController::class, 'destroy'])->name('maf_order.delete');
+        Route::post('maf_orders/set_in_stock/{maf_order}', [MafOrderController::class, 'setInStock'])->name('maf_order.set_in_stock');
+
+        // график
+        Route::post('schedule/create_from_order', [ScheduleController::class, 'createFromOrder'])->name('schedule.create-from-order');
+        Route::post('schedule/update', [ScheduleController::class, 'update'])->name('schedule.update');
+        Route::delete('schedule/delete/{schedule}', [ScheduleController::class, 'delete'])->name('schedule.delete');
+
+        Route::get('order/create', [OrderController::class, 'create'])->name('order.create');
+
+        Route::get('order/{order}/get-maf', [OrderController::class, 'getMafToOrder'])->name('order.get-maf');
+        Route::get('order/revert-maf/{order}', [OrderController::class, 'revertMaf'])->name('order.revert-maf');
+        Route::post('order/move-maf', [OrderController::class, 'moveMaf'])->name('order.move-maf');
+        Route::post('order/create-ttn', [OrderController::class, 'createTtn'])->name('order.create-ttn');
+
         Route::delete('order/delete-photo/{order}/{file}', [OrderController::class, 'deletePhoto'])->name('order.delete-photo');
         Route::delete('order/delete-document/{order}/{file}', [OrderController::class, 'deleteDocument'])->name('order.delete-document');
         Route::delete('order/delete-statement/{order}/{file}', [OrderController::class, 'deleteStatement'])->name('order.delete-statement');