Test

[OniAndria254]

Summary by CodeRabbit

• New Features

  • Introduced "Reset & Import Data" feature accessible through the admin Settings menu. This capability enables administrators and owners to perform database maintenance, resetting tables while preserving excluded tables as configured.

• Chores

  • Updated filesystem configuration to use local storage as the default instead of S3.
  • Updated vue-resource library dependency to version 1.5.3.

[nielsdrost7]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes introduce a data reset feature via a new Laravel controller and route, update filesystem configuration to use local storage by default, enhance database seeders with explicit IDs, add asset versioning, and update dependencies. Configuration and UI components are also modified to support this functionality.

Changes

Cohort / File(s)	Summary
Data Reset Feature app/Http/Controllers/DataController.php, routes/web.php, resources/views/layouts/master.blade.php	New controller method resetAndImportData() added with route /data/reset. Disables foreign key constraints, truncates non-excluded tables based on EXCLUDED_TABLES environment variable, and re-enables constraints. UI navigation menu includes new "Reset & Import Data" link under Settings for administrator/owner roles.
Database Seeder Updates database/seeds/RolesTablesSeeder.php, database/seeds/UserRoleTableSeeder.php, db/script.sql	Seeder methods now assign explicit primary key values (id = 1–4) to role records. UserRoleTableSeeder refactored from model instantiation to direct DB::table() insert. SQL script adds database creation and USE crm; statement.
Filesystem Configuration config/filesystems.php	Default storage disk changed from 's3' to 'local'. Local disk root path updated from storage_path('app') to storage_path('app/public').
Assets & Dependencies package.json, public/mix-manifest.json, public/css/vendor.css	vue-resource dependency updated from ^1.0.3 to ^1.5.3. New mix-manifest.json added with cache-busted asset mappings for JS and CSS files. Glyphicons Halflings font SVG fragment identifier updated in vendor CSS.
Version Control & Storage .gitignore, public/storage/.gitignore	Root .gitignore replaces public/build/ with storage/debugbar/. New public/storage/.gitignore added to ignore storage artifacts except .gitignore.
View Updates resources/views/pages/dashboard.blade.php	Added whitespace between JavaScript ready blocks; no functional changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A reset button hops with cheer,
Tables cleared, the data's gone,
Settings gleam where roles appear,
Local files now carry on,
Mixed with versioned assets bright! 🎉

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Test' is vague and generic, failing to describe any meaningful aspect of the changeset which includes database configuration, filesystem changes, new controller, routes, seeders, and UI updates.	Replace 'Test' with a descriptive title summarizing the main change, such as 'Add data reset functionality and update configuration' or 'Implement database reset endpoint with config updates'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@app/Http/Controllers/DataController.php`:
- Around line 41-45: The reset endpoint in DataController currently comments out
the seeder call (Artisan::call(...)) so data is never imported and still returns
with('success', ...) which the layout doesn't render; fix by
restoring/uncommenting the Artisan::call('db:seed', ['--class' =>
'DummyDatabaseSeeder']) inside the DataController method that performs the
reset, and make the flash key consistent with the view by either changing the
redirect to use with('flash_message', 'Données réinitialisées et importées avec
succès.') or updating resources/views/layouts/master.blade.php (the
flash_message render block) to also display session('success') so the
confirmation is actually shown.
- Around line 22-24: In DataController, the $excludedTables created from
env('EXCLUDED_TABLES', '') is not trimmed or filtered so entries like " roles"
or empty strings remain; after the explode call that produces $excludedTables,
trim each element and remove empty values (e.g. via array_map('trim', ...) and
array_filter(...), then reindex if needed) so comparisons later (where
$excludedTables is used to skip tables) work correctly; update the code that
sets $excludedTables to perform trimming and filtering before it's used.
- Around line 20-39: The code disables foreign key checks with
DB::statement('SET FOREIGN_KEY_CHECKS=0;') then truncates tables in the foreach
($tables as $table) loop, but if any DB::table(...)->truncate() throws the
restore statement is never run; wrap the truncate logic (the DB::select('SHOW
TABLES'), foreach using $tables/$table and the in_array check against
$excludedTables) inside a try block and put DB::statement('SET
FOREIGN_KEY_CHECKS=1;') in a finally block so FOREIGN_KEY_CHECKS is always
restored even on exceptions.

In `@config/filesystems.php`:
- Line 18: Change the filesystem default and the local-disk mapping so
accidental Storage calls don't switch to the public folder: update the 'default'
setting (the 'default' => ...) to use the env var (e.g.
env('FILESYSTEM_DISK','s3') or 'cloud') instead of the hardcoded 'local', and
change the 'local' disk definition (the 'local' entry) to point to
storage_path('app') (and keep a separate 'public' disk mapped to
storage_path('app/public') if not already present) so Storage::put /
Storage::url calls in app/Models/User::(around line 163) and
app/Http/Controllers/UsersController::(around lines 187 and 263) will not
silently write/serve from the public folder. Ensure the default env var is
documented/updated in .env (FILESYSTEM_DISK) to the intended cloud driver.

In `@db/script.sql`:
- Around line 1-2: Make the script idempotent by ensuring the database creation
is conditional and safe to re-run: change the CREATE DATABASE statement for
"crm" to use a conditional form (e.g., CREATE DATABASE IF NOT EXISTS crm) so it
won't error if the DB already exists, then keep the USE crm statement to select
the database; ensure no other unconditional create statements for "crm" remain.

In `@package.json`:
- Line 34: Update the Vue Resource interceptor in bootstrap.js to use the v1.5.3
API by replacing the old (request, next) => { ...; next(); } pattern with the
new single-argument interceptor: push a function via Vue.http.interceptors.push
that accepts (request) and sets the header using
request.headers.set('X-CSRF-TOKEN', Laravel.csrfToken); remove any calls to
next() and ensure the interceptor only manipulates the request object.

In `@public/css/vendor.css`:
- Line 323: The src declaration for the glyphicons font is failing stylelint's
function-url-quotes rule; update every url(...) on the src line (the URLs
referencing glyphicons-halflings-regular.eot/woff2/woff.ttf.svg) to use quoted
strings inside url(), e.g. url("/fonts/vendor/...") for each occurrence so all
url() arguments are consistently quoted and the rule passes.

In `@routes/web.php`:
- Line 239: The route exposing DataController::resetAndImportData is a dangerous
unauthenticated GET; change the Route::get('/data/reset', ...) to a POST route
and protect it with authentication and your admin/owner middleware (e.g. wrap
with auth and admin middleware or add authorize checks in
DataController::resetAndImportData), so the action requires CSRF and elevated
privileges; also update the UI/sidebar to submit a POST form (with CSRF token)
instead of navigating via link.

🪄 Autofix (Beta)

❌ Autofix failed (check again to retry)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9d4009b5-6853-4dc8-aeca-3e6be388e6f3

📥 Commits

Reviewing files that changed from the base of the PR and between 40d7f5d and ee2e151.

⛔ Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (14)

• .gitignore
• app/Http/Controllers/DataController.php
• config/filesystems.php
• database/seeds/RolesTablesSeeder.php
• database/seeds/UserRoleTableSeeder.php
• db/script.sql
• package.json
• public/css/vendor.css
• public/js/app.js
• public/mix-manifest.json
• public/storage/.gitignore
• resources/views/layouts/master.blade.php
• resources/views/pages/dashboard.blade.php
• routes/web.php

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Always restore FOREIGN_KEY_CHECKS, even on failure.

If any truncate() throws, execution skips Line 39 and leaves the connection with FK checks disabled for the rest of the request. Put the reset loop behind a try/finally.

🛡️ Proposed fix

         DB::statement('SET FOREIGN_KEY_CHECKS=0;');
-
-        // Récupérer la liste des tables à exclure depuis .env
-        $excludedTables = explode(',', env('EXCLUDED_TABLES', ''));
-
-        // Récupérer toutes les tables de la base de données
-        $tables = DB::select('SHOW TABLES');
-
-        // Parcourir les tables et les vider (sauf celles exclues)
-        foreach ($tables as $table) {
-            $tableName = $table->{'Tables_in_' . config('database.connections.mysql.database')};
-
-            // Vérifier si la table doit être exclue
-            if (!in_array($tableName, $excludedTables)) {
-                DB::table($tableName)->truncate();
-            }
-        }
-
-        // Réactiver les vérifications de contraintes de clé étrangère
-        DB::statement('SET FOREIGN_KEY_CHECKS=1;');
+        try {
+            // Récupérer la liste des tables à exclure depuis .env
+            $excludedTables = explode(',', env('EXCLUDED_TABLES', ''));
+
+            // Récupérer toutes les tables de la base de données
+            $tables = DB::select('SHOW TABLES');
+
+            // Parcourir les tables et les vider (sauf celles exclues)
+            foreach ($tables as $table) {
+                $tableName = $table->{'Tables_in_' . config('database.connections.mysql.database')};
+
+                // Vérifier si la table doit être exclue
+                if (!in_array($tableName, $excludedTables)) {
+                    DB::table($tableName)->truncate();
+                }
+            }
+        } finally {
+            // Réactiver les vérifications de contraintes de clé étrangère
+            DB::statement('SET FOREIGN_KEY_CHECKS=1;');
+        }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/Http/Controllers/DataController.php` around lines 20 - 39, The code
disables foreign key checks with DB::statement('SET FOREIGN_KEY_CHECKS=0;') then
truncates tables in the foreach ($tables as $table) loop, but if any
DB::table(...)->truncate() throws the restore statement is never run; wrap the
truncate logic (the DB::select('SHOW TABLES'), foreach using $tables/$table and
the in_array check against $excludedTables) inside a try block and put
DB::statement('SET FOREIGN_KEY_CHECKS=1;') in a finally block so
FOREIGN_KEY_CHECKS is always restored even on exceptions.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Trim and filter the exclusion list before comparing table names.

explode(',', ...) keeps whitespace and the empty fallback. A common value like EXCLUDED_TABLES=users, roles becomes ['users', ' roles'], so Line 33 will still truncate roles.

🔧 Proposed fix

-        $excludedTables = explode(',', env('EXCLUDED_TABLES', ''));
+        $excludedTables = array_filter(array_map('trim', explode(',', env('EXCLUDED_TABLES', ''))));
...
-            if (!in_array($tableName, $excludedTables)) {
+            if (!in_array($tableName, $excludedTables, true)) {

Also applies to: 33-35

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/Http/Controllers/DataController.php` around lines 22 - 24, In
DataController, the $excludedTables created from env('EXCLUDED_TABLES', '') is
not trimmed or filtered so entries like " roles" or empty strings remain; after
the explode call that produces $excludedTables, trim each element and remove
empty values (e.g. via array_map('trim', ...) and array_filter(...), then
reindex if needed) so comparisons later (where $excludedTables is used to skip
tables) work correctly; update the code that sets $excludedTables to perform
trimming and filtering before it's used.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

This action resets data but never imports it.

Artisan::call(...) is commented out, so this "Reset & Import Data" flow only truncates tables and still reports success. resources/views/layouts/master.blade.php Lines 209-215 also only render flash_message, not success, so the confirmation is dropped too.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/Http/Controllers/DataController.php` around lines 41 - 45, The reset
endpoint in DataController currently comments out the seeder call
(Artisan::call(...)) so data is never imported and still returns with('success',
...) which the layout doesn't render; fix by restoring/uncommenting the
Artisan::call('db:seed', ['--class' => 'DummyDatabaseSeeder']) inside the
DataController method that performs the reset, and make the flash key consistent
with the view by either changing the redirect to use with('flash_message',
'Données réinitialisées et importées avec succès.') or updating
resources/views/layouts/master.blade.php (the flash_message render block) to
also display session('success') so the confirmation is actually shown.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find Storage facade usages that rely on default disk (no explicit disk()).
rg -nP --type=php 'Storage::(put|get|url|delete|exists|path)\(' app -C2
rg -nP --type=php 'Storage::disk\(' app -C1

Repository: Bottelet/DaybydayCRM

Length of output: 1257

---

🏁 Script executed:

cat config/filesystems.php

Repository: Bottelet/DaybydayCRM

Length of output: 3190

---

Change default disk and local disk configuration to prevent silent storage behavior changes.

Setting 'default' => 'local' causes Storage facade calls without explicit disk parameters (Storage::put, Storage::url, etc.) to use the local disk. Since the 'local' disk is currently mapped to storage_path('app/public'), three call sites in the codebase (app/Models/User.php:163, app/Http/Controllers/UsersController.php:187, app/Http/Controllers/UsersController.php:263) will write to and serve from the public directory instead of the configured cloud driver. This breaks the intended private/public disk separation.

Proposed fix

-    'default' => 'local',
+    'default' => env('FILESYSTEM_DRIVER', 's3'),

         'local' => [
             'driver' => 'local',
-            'root'   => storage_path('app/public'),
+            'root'   => storage_path('app'),
         ],

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@config/filesystems.php` at line 18, Change the filesystem default and the
local-disk mapping so accidental Storage calls don't switch to the public
folder: update the 'default' setting (the 'default' => ...) to use the env var
(e.g. env('FILESYSTEM_DISK','s3') or 'cloud') instead of the hardcoded 'local',
and change the 'local' disk definition (the 'local' entry) to point to
storage_path('app') (and keep a separate 'public' disk mapped to
storage_path('app/public') if not already present) so Storage::put /
Storage::url calls in app/Models/User::(around line 163) and
app/Http/Controllers/UsersController::(around lines 187 and 263) will not
silently write/serve from the public folder. Ensure the default env var is
documented/updated in .env (FILESYSTEM_DISK) to the intended cloud driver.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Make the DB bootstrap script idempotent.

Re-running this script fails if crm already exists, which is risky for reset/import workflows.

Proposed fix

-CREATE DATABASE crm;
+CREATE DATABASE IF NOT EXISTS crm
+  CHARACTER SET utf8mb4
+  COLLATE utf8mb4_unicode_ci;
 USE crm;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	CREATE DATABASE crm;
	USE crm;
	CREATE DATABASE IF NOT EXISTS crm
	CHARACTER SET utf8mb4
	COLLATE utf8mb4_unicode_ci;
	USE crm;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@db/script.sql` around lines 1 - 2, Make the script idempotent by ensuring the
database creation is conditional and safe to re-run: change the CREATE DATABASE
statement for "crm" to use a conditional form (e.g., CREATE DATABASE IF NOT
EXISTS crm) so it won't error if the DB already exists, then keep the USE crm
statement to select the database; ensure no other unconditional create
statements for "crm" remain.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

In vue-resource version 1.5.3, is this interceptor API still valid for Vue 2.x: Vue.http.interceptors.push((request, next) => { request.headers.set('X-CSRF-TOKEN', token); next(); }) ?

💡 Result:

In vue-resource 1.5.3 (Vue 2.x compatible), the interceptor signature is no longer (request, next) => { ...; next(); }.

Since v1.4.0, interceptors were changed to use return (optionally returning a response handler) instead of calling next(...). [2] The 1.5.3 docs show interceptors as function(request) { ... } (and optionally return function(response) { ... }). [1]

So your header injection should be written like:

Vue.http.interceptors.push((request) => {
  request.headers.set('X-CSRF-TOKEN', token)
})

[1][2]

---

🏁 Script executed:

#!/bin/bash
# Verify the current interceptor usage pattern in the repository.
rg -n -C3 'Vue\.http\.interceptors\.push|X-CSRF-TOKEN' resources/assets/js/bootstrap.js

Repository: Bottelet/DaybydayCRM

Length of output: 288

---

Update bootstrap.js to use the correct vue-resource 1.5.3 interceptor API.

The current interceptor pattern at resources/assets/js/bootstrap.js:32-36 is incompatible with vue-resource@^1.5.3. The (request, next) => { ...; next(); } signature was changed in v1.4.0. Update to:

Corrected interceptor pattern

Vue.http.interceptors.push((request) => {
    request.headers.set('X-CSRF-TOKEN', Laravel.csrfToken);
});

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 34, Update the Vue Resource interceptor in bootstrap.js
to use the v1.5.3 API by replacing the old (request, next) => { ...; next(); }
pattern with the new single-argument interceptor: push a function via
Vue.http.interceptors.push that accepts (request) and sets the header using
request.headers.set('X-CSRF-TOKEN', Laravel.csrfToken); remove any calls to
next() and ensure the interceptor only manipulates the request object.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix stylelint function-url-quotes violations on the src line.

This line currently violates the configured function-url-quotes rule.

Proposed fix

-  src: url(/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.eot?f4769f9bdb7466be65088239c12046d1?#iefix) format("embedded-opentype"), url(/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.woff2?448c34a56d699c29117adc64c43affeb) format("woff2"), url(/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.woff?fa2772327f55d8198301fdb8bcfc8158) format("woff"), url(/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.ttf?e18bbf611f2a2e43afc071aa2f4e1512) format("truetype"), url(/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.svg?f721466883998665b87923b92dea655b#glyphicons_halflingsregular) format("svg");
+  src: url("/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.eot?f4769f9bdb7466be65088239c12046d1?#iefix") format("embedded-opentype"), url("/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.woff2?448c34a56d699c29117adc64c43affeb") format("woff2"), url("/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.woff?fa2772327f55d8198301fdb8bcfc8158") format("woff"), url("/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.ttf?e18bbf611f2a2e43afc071aa2f4e1512") format("truetype"), url("/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.svg?f721466883998665b87923b92dea655b#glyphicons_halflingsregular") format("svg");

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

src: url(/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.eot?f4769f9bdb7466be65088239c12046d1?#iefix) format("embedded-opentype"), url(/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.woff2?448c34a56d699c29117adc64c43affeb) format("woff2"), url(/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.woff?fa2772327f55d8198301fdb8bcfc8158) format("woff"), url(/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.ttf?e18bbf611f2a2e43afc071aa2f4e1512) format("truetype"), url(/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.svg?f721466883998665b87923b92dea655b#glyphicons_halflingsregular) format("svg");

src: url("/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.eot?f4769f9bdb7466be65088239c12046d1?#iefix") format("embedded-opentype"), url("/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.woff2?448c34a56d699c29117adc64c43affeb") format("woff2"), url("/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.woff?fa2772327f55d8198301fdb8bcfc8158") format("woff"), url("/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.ttf?e18bbf611f2a2e43afc071aa2f4e1512") format("truetype"), url("/fonts/vendor/bootstrap-sass/bootstrap/glyphicons-halflings-regular.svg?f721466883998665b87923b92dea655b#glyphicons_halflingsregular") format("svg");

🧰 Tools

🪛 Stylelint (17.6.0)

[error] 323-323: Expected quotes around "url" function argument (function-url-quotes)

(function-url-quotes)

---

[error] 323-323: Expected quotes around "url" function argument (function-url-quotes)

(function-url-quotes)

---

[error] 323-323: Expected quotes around "url" function argument (function-url-quotes)

(function-url-quotes)

---

[error] 323-323: Expected quotes around "url" function argument (function-url-quotes)

(function-url-quotes)

---

[error] 323-323: Expected quotes around "url" function argument (function-url-quotes)

(function-url-quotes)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@public/css/vendor.css` at line 323, The src declaration for the glyphicons
font is failing stylelint's function-url-quotes rule; update every url(...) on
the src line (the URLs referencing
glyphicons-halflings-regular.eot/woff2/woff.ttf.svg) to use quoted strings
inside url(), e.g. url("/fonts/vendor/...") for each occurrence so all url()
arguments are consistently quoted and the rule passes.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Protect this database wipe behind an authorized POST action.

This route sits outside the auth group, so the sidebar role check is bypassed by a direct request. Because it's a GET, it also skips CSRF protection and can be triggered by a crawler, prefetch, or stray link click. Make it a CSRF-protected POST and enforce admin/owner authorization server-side; the sidebar entry can then submit a form instead of navigating directly.

🔒 Proposed fix

-Route::get('/data/reset', [DataController::class, 'resetAndImportData'])->name('data.reset');
+Route::post('/data/reset', 'DataController@resetAndImportData')
+    ->middleware('auth')
+    ->name('data.reset');

Add your existing admin/owner middleware or a controller-level authorization check on top of auth.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	Route::get('/data/reset', [DataController::class, 'resetAndImportData'])->name('data.reset');
	Route::post('/data/reset', 'DataController@resetAndImportData')
	->middleware('auth')
	->name('data.reset');

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@routes/web.php` at line 239, The route exposing
DataController::resetAndImportData is a dangerous unauthenticated GET; change
the Route::get('/data/reset', ...) to a POST route and protect it with
authentication and your admin/owner middleware (e.g. wrap with auth and admin
middleware or add authorize checks in DataController::resetAndImportData), so
the action requires CSRF and elevated privileges; also update the UI/sidebar to
submit a POST form (with CSRF token) instead of navigating via link.

[coderabbitai]

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

❌ Failed to clone repository into sandbox. Please try again.