Route Names & Risk Matrix

Halaman ini memetakan route name (as) dari routes/admin.php ke tujuan operasional dan tingkat risiko aksi.

Kategori risiko

Low: baca data/listing
Medium: update konfigurasi non-kritis
High: approval/reject/suspend/delete atau aksi yang mempengaruhi transaksi/akses user

Aksi berisiko tinggi (prioritas audit)

Route name (`as`)	Method/Path (prefix `/admin`)	Controller@method	Tujuan	Risiko
`user_detail.suspend`	`GET users/detail/{users}/suspend`	`Users\UserController@suspend`	Suspend user	High
`user_detail.reactivate`	`GET users/detail/{users}/reactivate`	`Users\UserController@reactivate`	Reactivate user	High
`user_detail.delete`	`DELETE users/detail/{users}`	`Users\UserController@delete`	Hapus akun user	High
`user_kyc.approve`	`POST users/kyc/{users}/approve`	`Users\AuthenticationInfoController@approve`	Approve KYC	High
`user_kyc.reject`	`POST users/kyc/{users}/reject`	`Users\AuthenticationInfoController@reject`	Reject KYC	High
`user_kyc.suspend`	`POST users/kyc/{users}/suspend`	`Users\AuthenticationInfoController@suspend`	Suspend KYC/user	High
`pending_deposit.approve1`	`GET wallets/pending-deposit/{cashDeposits}/approve1`	`Wallets\CashDepositController@approve1`	Approve deposit tahap 1	High
`pending_deposit.approve2`	`GET wallets/pending-deposit/{cashDeposits}/approve2`	`Wallets\CashDepositController@approve2`	Approve deposit tahap 2	High
`pending_deposit.reject`	`POST wallets/pending-deposit/{cashDeposits}/reject`	`Wallets\CashDepositController@reject`	Tolak deposit	High
`withdrawal.approve1`	`GET wallets/withdrawal/{userWithdrawals}/approve1`	`Wallets\UserWithdrawalController@approve1`	Approve withdraw tahap 1	High
`withdrawal.approve2`	`GET wallets/withdrawal/{userWithdrawals}/approve2`	`Wallets\UserWithdrawalController@approve2`	Approve withdraw tahap 2	High
`withdrawal.reject`	`GET wallets/withdrawal/{userWithdrawals}/reject`	`Wallets\UserWithdrawalController@reject`	Tolak withdraw	High
`configuration.updateStatus`	`POST wallets/configuration/update-status`	`Wallets\WalletConfigurationController@updateStatus`	Buka/tutup deposit/withdraw	High
`administrator.delete`	`DELETE setting/administrator/{admin}/delete`	`Settings\AdministratorController@delete`	Hapus admin	High
`administrator_role.delete`	`DELETE setting/role/{role}/delete`	`Settings\AdministratorRoleController@delete`	Hapus role	High
`maintenance_mode.update_status`	`PUT setting/maintenance/status`	`Settings\MaintenanceController@updateStatus`	Toggle maintenance mode	High
`maintenance_mode.add_whitelist`	`POST setting/maintenance/whitelist`	`Settings\MaintenanceController@addWhitelist`	Tambah bypass maintenance	High
`maintenance_mode.remove_whitelist`	`DELETE setting/maintenance/whitelist/{id}`	`Settings\MaintenanceController@removeWhitelist`	Hapus bypass maintenance	High
`send` (email blast)	`POST setting/email-blast/{id}/send`	`Settings\EmailBlastController@send`	Kirim mass email	High
`destroy` (`settings/data`)	`DELETE settings/data/{setting}`	`Settings\SettingController@destroy`	Hapus setting global	High

Aksi medium (konfigurasi penting)

Route name (`as`)	Method/Path	Tujuan	Risiko
`withdrawal_setting.update`	`PUT/PATCH wallets/withdrawal-setting/{dicts}/update`	Ubah rule withdrawal	Medium
`listed_coins.update`	`PUT/PATCH setting/listed-coins/{coin}/update`	Update listed coin	Medium
`listed_coins.asset_information.update`	`PUT/PATCH setting/listed-coins/{symbol}/asset-information/update`	Update konten info aset	Medium
`txpair.update`	`PUT/PATCH setting/txpair/{txpair}/update`	Ubah pair trading	Medium
`currency.update`	`PUT/PATCH setting/currency/{currency}/update`	Ubah mata uang	Medium
`fireblock.update_gas_station`	`PUT setting/fireblock/gas-station/`	Update gas station global	Medium
`gas_fee.update`	`PUT setting/gas-fee/update/{id}`	Update gas fee	Medium
`sync_gas_fee`	`GET setting/gas-fee/sync-gas-fee/{id}`	Sinkronisasi gas fee	Medium

Aksi low (read/reporting)

population_summary.index, user_detail.index, user_kyc.index
deposit.index, withdrawal.index, summary.index
operation.index, real_time_balance.index, tax_report.*
asset_transaction_report.*, quarterly_risk_assessment.index
report.cfx.index, report.kki.index, report.icc.index

Rekomendasi kontrol

Wajibkan role-based permission ketat untuk semua route High.
Simpan audit trail siapa mengeksekusi route approve/reject/delete.
Terapkan dual-control untuk aksi approval final (approve2) dan maintenance toggle.
Batasi endpoint uji (send.notification, fcm.test) hanya untuk role tertentu.

Kategori risiko​

Aksi berisiko tinggi (prioritas audit)​

Aksi medium (konfigurasi penting)​

Aksi low (read/reporting)​

Rekomendasi kontrol​

Kategori risiko

Aksi berisiko tinggi (prioritas audit)

Aksi medium (konfigurasi penting)

Aksi low (read/reporting)

Rekomendasi kontrol