presensi/DASHBOARD_FEATURE_AUDIT.md

# Full Dashboard Feature Audit Summary

**Goal:** Understand why only a few menus appear in the dashboard UI even though many modules exist.

---

## 1. LIST ALL EXISTING DASHBOARD PAGES

**Sources scanned:** `app/Config/Routes.php`, all `app/Modules/*/Routes.php`, `DashboardPageController`, `DashboardAcademicController`, any controller rendering `layouts/main`.

**Finding:** All dashboard **web** routes are defined in `app/Config/Routes.php` only. No module defines HTML page routes; modules define only API routes.

| # | route | controller | view | required_filter | roles_allowed_if_known |
|---|--------|------------|------|------------------|------------------------|
| 1 | `GET /dashboard` | `DashboardPageController::index` | `dashboard/index` | `dashboard_page_auth` | Any authenticated user |
| 2 | `GET /dashboard/attendance/report/(:num)` | `DashboardPageController::attendanceReport` | `dashboard/attendance_report` | `dashboard_page_auth` | Any authenticated user |
| 3 | `GET /dashboard/schedule/today` | `DashboardPageController::scheduleToday` | `dashboard/schedule_today` | `dashboard_page_auth` | Any authenticated user |
| 4 | `GET /dashboard/academic/schedule-builder/(:num)` | `DashboardAcademicController::scheduleBuilder` | `dashboard/schedule_builder` | `dashboard_admin_page` | **ADMIN only** |

**JSON output (as requested):**

```json
[
  {
    "route": "GET /dashboard",
    "controller": "DashboardPageController::index",
    "view": "dashboard/index",
    "required_filter": "dashboard_page_auth",
    "roles_allowed_if_known": "any authenticated"
  },
  {
    "route": "GET /dashboard/attendance/report/(:num)",
    "controller": "DashboardPageController::attendanceReport",
    "view": "dashboard/attendance_report",
    "required_filter": "dashboard_page_auth",
    "roles_allowed_if_known": "any authenticated"
  },
  {
    "route": "GET /dashboard/schedule/today",
    "controller": "DashboardPageController::scheduleToday",
    "view": "dashboard/schedule_today",
    "required_filter": "dashboard_page_auth",
    "roles_allowed_if_known": "any authenticated"
  },
  {
    "route": "GET /dashboard/academic/schedule-builder/(:num)",
    "controller": "DashboardAcademicController::scheduleBuilder",
    "view": "dashboard/schedule_builder",
    "required_filter": "dashboard_admin_page",
    "roles_allowed_if_known": "ADMIN"
  }
]
```

---

## 2. LIST ALL DASHBOARD API ENDPOINTS

**Sources:** `app/Modules/Dashboard/Routes.php`, `app/Modules/Attendance/Routes.php`, `app/Modules/Academic/Routes.php`, `app/Config/Routes.php` (api/users).  
**Note:** `api/dashboard/*` is protected by global filter `dashboard_auth` in `app/Config/Filters.php` (session required).

### Grouped by feature

**schedules**
- `GET /api/dashboard/schedules/today` — Today's schedules (role-filtered).
- `GET /api/dashboard/schedules/current` — Current lesson or next (role-filtered).
- `GET /api/academic/schedules/class/(:num)` — Weekly schedule grid for class (admin_only).
- `POST /api/academic/schedules/bulk-save` — Bulk save schedules (admin_only).
- `GET /api/academic/lesson-slots` — List lesson slots (admin_only).
- `GET /api/academic/subjects` — List subjects (admin_only).

**attendance**
- `GET /api/dashboard/attendance/progress/current` — Live attendance progress for current schedule.
- `POST /api/attendance/checkin` — Device/mobile check-in (no dashboard filter; used by devices).
- `GET /api/attendance/report/schedule/(:num)` — Schedule report data (used by attendance report page).

**realtime**
- `GET /api/dashboard/summary` — Dashboard summary.
- `GET /api/dashboard/realtime` — Realtime stats.
- `GET /api/dashboard/stream` — SSE stream for live attendance.
- `GET /api/dashboard/devices` — Devices list.

**reports**
- Attendance report page uses: `GET /api/attendance/report/schedule/(:num)` (plus date query). No dedicated “reports” API group.

**devices**
- `GET /api/dashboard/devices` — Used by dashboard UI.
- `POST /api/device/login` — Device auth (not dashboard UI).
- `GET /api/mobile/ping`, `GET /api/mobile/bootstrap` — Mobile (not dashboard UI).

**analytics**
- No dedicated analytics API. Summary/realtime are the closest.

**other (used for dashboard UI)**
- `GET /api/users?role=GURU_MAPEL` — Schedule Builder teacher dropdown (admin_only).

---

## 3. SIDEBAR MENU SOURCE

**Location:** `app/Views/partials/sidebar.php`  
**Included by:** `app/Views/layouts/main.php` via `<?= view('partials/sidebar') ?>`.  
No separate “layouts/sidebar.php”; no config/menu builder found.

### How menu items are added

- **Fully static:** The sidebar is a single PHP file with hardcoded `<a href="...">` links.
- **No config:** No array or config file drives the menu.
- **No role logic:** The same HTML is rendered for every role; there is no `if (user has role X) show link Y`.
- **No dynamic highlighting:** The first item (Dashboard) uses `bg-primary/10 text-primary`; no logic sets “active” by current URI.

### Current sidebar entries

| Order | Label           | href | Notes |
|-------|-----------------|------|--------|
| 1     | Dashboard       | `/dashboard` | Real route. |
| 2     | Daily Schedule  | `/dashboard/schedule/today` | Real route. |
| 3     | Schedule Builder| `/dashboard/academic/schedule-builder/1` | Real route; class ID hardcoded to 1. |
| 4     | Students        | `#` | Placeholder; no page. |
| 5     | Attendance      | `#` | Placeholder; no page. |
| 6     | Devices         | `#` | Placeholder; no page. |

### Why some features are not visible

1. **Attendance Report** — There is a full page (`/dashboard/attendance/report/{id}`) but **no sidebar link**. Users only reach it via “Open Attendance” on the main dashboard (current lesson) or on Daily Schedule (per row). So the feature exists but is not in the menu.
2. **Students, Attendance (list), Devices** — Sidebar shows labels and icons but links are `#`. There are no corresponding dashboard pages or list views in the codebase; only placeholders.
3. **Current Lesson** — Not a separate page; it’s a **card on the main dashboard** plus live progress. No sidebar entry (by design).
4. **Academic setup** — Lesson slots, subjects, schedule management exist as **APIs** (admin_only) and one **page** (Schedule Builder). There is no “Academic Setup” or “Lesson Slots” menu item; only “Schedule Builder” with a fixed class ID.

---

## 4. DETECT MISSING MENU ITEMS

**Comparison:** Existing dashboard pages (Section 1) vs actual sidebar links (Section 3).

| route | feature_name | reason_not_visible |
|-------|--------------|--------------------|
| `GET /dashboard/attendance/report/(:num)` | Attendance Report (per schedule) | No sidebar entry; only reachable via “Open Attendance” on dashboard or daily schedule. |

**Missing menu list (structured):**

```json
[
  {
    "route": "GET /dashboard/attendance/report/(:num)",
    "feature_name": "Attendance Report",
    "reason_not_visible": "Not in sidebar; only linked from Current Lesson card and Daily Schedule row (Open Attendance)."
  }
]
```

**Pages that are in the sidebar:** Dashboard, Daily Schedule, Schedule Builder.  
**Placeholder items (no real route):** Students, Attendance (list), Devices — these are visible in the menu but point to `#` and have no backend page.

---

## 5. ROLE FILTER CHECK

**Filters used on dashboard-related routes:**

| Filter | Purpose | Used on |
|--------|---------|--------|
| `dashboard_page_auth` | Must be logged in (session). No role check. Redirects to `/login` if not authenticated. | `GET /dashboard`, `GET /dashboard/attendance/report/(:num)`, `GET /dashboard/schedule/today` |
| `dashboard_admin_page` | Must be logged in **and** have role **ADMIN**. Otherwise redirect to `/dashboard` with error. | `GET /dashboard/academic/schedule-builder/(:num)` |
| `admin_only` | API filter: must be logged in and ADMIN. Returns 401/403 JSON for API. | All `api/academic/*`, `GET /api/users` |
| `dashboard_auth` | Session required for API. Applied globally to `api/dashboard/*` in `Config/Filters.php`. No role check. | All `api/dashboard/*` |

**Which roles can see which pages:**

- **Dashboard (main), Daily Schedule, Attendance Report:** Any **authenticated** user (any role). Backend may still filter data by role (e.g. schedules by WALI_KELAS, GURU_MAPEL, ORANG_TUA).
- **Schedule Builder:** **ADMIN only.** Others get redirect to `/dashboard` with “Akses hanya untuk Admin.”
- **API:**  
  - `api/dashboard/*`: any authenticated user (data filtered by role in services).  
  - `api/academic/*` and `api/users`: **ADMIN only** (403 if not admin).

The sidebar does **not** hide Schedule Builder for non-admins; a non-admin who clicks it is redirected after the filter runs.

---

## 6. FINAL SUMMARY

### Current dashboard capability level

- **Implemented and reachable from UI:** Main dashboard (realtime + current lesson + live progress), Daily Schedule, Schedule Builder (class 1 hardcoded), Attendance Report (via links only, not menu).
- **Implemented but not exposed in menu:** Attendance Report as a direct menu item; no “list of schedules” or “pick a class” for Schedule Builder.
- **Placeholder only:** Students, Attendance (list), Devices — labels in sidebar but no pages or list views.

### Features implemented but hidden or partially hidden

1. **Attendance Report** — Full page and API exist; no sidebar link. Users must use “Open Attendance” from dashboard or daily schedule.
2. **Schedule Builder** — Only one class (ID 1) linked from sidebar; no class selector or list.
3. **Current Lesson + Live Progress** — On main dashboard only; no separate “Current Lesson” menu (by design).
4. **Academic APIs** — Lesson slots, subjects, schedules CRUD and bulk-save exist for admin; only Schedule Builder page is in the menu.

### Why only a few menus “work”

- **Three items** point to real routes: Dashboard, Daily Schedule, Schedule Builder.
- **One real page** (Attendance Report) has **no** sidebar entry.
- **Three items** (Students, Attendance, Devices) are **placeholders** (`href="#"`) with no backend pages.

So the menu looks like “many” items, but only three are real destinations; one important page is missing from the menu, and three are non-functional placeholders.

### Recommended menu structure for school system

Aligning with your desired structure and current codebase:

| # | Menu label        | Purpose | Current status / suggestion |
|---|-------------------|--------|------------------------------|
| 1 | Dashboard         | Home, current lesson, realtime | Exists. Keep. |
| 2 | Daily Schedule    | Today’s schedules by role | Exists. Keep. |
| 3 | Current Lesson    | — | No separate page; keep as card on Dashboard. Optional: menu item that scrolls to or highlights that card. |
| 4 | Attendance Reports| List or pick schedule → report | Add link: e.g. “Attendance Reports” → new page that lists schedules (or today’s) with “Open Report” per row, or link to a report index. Currently only per-schedule report exists. |
| 5 | Schedule Builder  | Weekly schedule per class | Exists; add class selector or “Schedule Builder” → page that selects class then redirects to `schedule-builder/(:num)`. |
| 6 | Academic Setup    | Lesson slots, subjects, maybe classes | No page yet. Add menu item when you have a page (e.g. lesson slots + subjects management). APIs exist (admin_only). |
| 7 | Devices          | Device list / management | Add when you have a dashboard page for devices. API `GET /api/dashboard/devices` exists. |
| 8 | Analytics        | Future | No implementation; add when built. |

**Concrete next steps (no code change in this audit):**

- Add a **sidebar link** for “Attendance Reports” (e.g. to a report index or today’s schedules with report links).
- Replace **Students**, **Attendance**, **Devices** placeholders: either add real routes and link them or remove/hide until implemented.
- Add **class selection** for Schedule Builder (new page or dropdown) so the menu is not tied to class 1 only.
- Optionally add **Academic Setup** and **Devices** when corresponding pages exist; keep **Analytics** for later.

---

*End of audit. No code was modified.*