Refactor routes and controllers for RESTful resource access

Updated controllers and routes to use RESTful resource-based URLs and parameter passing for groups, users, and notification channels. Added user isolation checks for domain and group access, ensuring proper data filtering based on isolation mode. Adjusted views to match new route structure and improved security and maintainability by removing reliance on query parameters for resource identification.

app/Views/groups/edit.php

@@ -17,9 +17,8 @@ ob_start();
         </div>
         
         <div class="p-6">
-            <form method="POST" action="/groups/update" class="space-y-5">
+            <form method="POST" action="/groups/<?= $group['id'] ?>/update" class="space-y-5">
                 <?= csrf_field() ?>
-                <input type="hidden" name="id" value="<?= $group['id'] ?>">
 
                 <div class="grid grid-cols-1 md:grid-cols-2 gap-5">
                     <!-- Group Name -->
@@ -112,12 +111,12 @@ ob_start();
                                     <i class="fas fa-paper-plane mr-1"></i>
                                     Test
                                 </button>
-                                <a href="/channels/toggle?id=<?= $channel['id'] ?>&group_id=<?= $group['id'] ?>" 
+                                <a href="/groups/<?= $group['id'] ?>/channels/<?= $channel['id'] ?>/toggle" 
                                    class="flex-1 px-3 py-2 bg-yellow-50 text-yellow-700 rounded text-center text-sm hover:bg-yellow-100 transition-colors duration-150">
                                     <i class="fas fa-<?= $channel['is_active'] ? 'pause' : 'play' ?> mr-1"></i>
                                     <?= $channel['is_active'] ? 'Disable' : 'Enable' ?>
                                 </a>
-                                <a href="/channels/delete?id=<?= $channel['id'] ?>&group_id=<?= $group['id'] ?>" 
+                                <a href="/groups/<?= $group['id'] ?>/channels/<?= $channel['id'] ?>/delete" 
                                    class="flex-1 px-3 py-2 bg-red-50 text-red-700 rounded text-center text-sm hover:bg-red-100 transition-colors duration-150"
                                    onclick="return confirm('Delete this channel?')">
                                     <i class="fas fa-trash mr-1"></i>
@@ -136,9 +135,8 @@ ob_start();
                     Add New Channel
                 </h3>
 
-                <form method="POST" action="/channels/add" id="channelForm" class="space-y-5">
+                <form method="POST" action="/groups/<?= $group['id'] ?>/channels" id="channelForm" class="space-y-5">
                     <?= csrf_field() ?>
-                    <input type="hidden" name="group_id" value="<?= $group['id'] ?>">
 
                     <!-- Channel Type -->
                     <div>
@@ -388,7 +386,7 @@ function toggleChannelFields() {
 }
 
 // Form validation before submit
-const addChannelForm = document.querySelector('form[action="/channels/add"]');
+const addChannelForm = document.querySelector('form[action="/groups/<?= $group['id'] ?>/channels"]');
 if (addChannelForm) {
     addChannelForm.addEventListener('submit', function(e) {
     const channelType = document.getElementById('channel_type').value;

app/Views/groups/index.php

@@ -110,7 +110,7 @@ ob_start();
                             </td>
                             <td class="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
                                 <div class="flex items-center justify-end space-x-2">
-                                    <a href="/groups/edit?id=<?= $group['id'] ?>" class="text-blue-600 hover:text-blue-800" title="Manage">
+                                    <a href="/groups/<?= $group['id'] ?>/edit" class="text-blue-600 hover:text-blue-800" title="Manage">
                                         <i class="fas fa-cog"></i>
                                     </a>
                                     <?php if (\Core\Auth::isAdmin()): ?>
@@ -120,7 +120,7 @@ ob_start();
                                             <i class="fas fa-exchange-alt"></i>
                                         </button>
                                     <?php endif; ?>
-                                    <a href="/groups/delete?id=<?= $group['id'] ?>" 
+                                    <a href="/groups/<?= $group['id'] ?>/delete" 
                                        class="text-red-600 hover:text-red-800" 
                                        title="Delete"
                                        onclick="return confirm('Are you sure? Domains will be unassigned from this group.')">
@@ -162,10 +162,10 @@ ob_start();
                     </div>
                     
                     <div class="flex space-x-2">
-                        <a href="/groups/edit?id=<?= $group['id'] ?>" class="flex-1 px-3 py-1.5 bg-blue-50 text-blue-600 rounded text-center text-sm hover:bg-blue-100 transition-colors">
+                        <a href="/groups/<?= $group['id'] ?>/edit" class="flex-1 px-3 py-1.5 bg-blue-50 text-blue-600 rounded text-center text-sm hover:bg-blue-100 transition-colors">
                             <i class="fas fa-cog mr-1"></i> Manage
                         </a>
-                        <a href="/groups/delete?id=<?= $group['id'] ?>" 
+                        <a href="/groups/<?= $group['id'] ?>/delete" 
                            class="flex-1 px-3 py-1.5 bg-red-50 text-red-600 rounded text-center text-sm hover:bg-red-100 transition-colors"
                            onclick="return confirm('Are you sure? Domains will be unassigned from this group.')">
                             <i class="fas fa-trash mr-1"></i> Delete