ibnezzoubayr/L-Ami-Fiduciaire
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
l-ami-fiduciaire-v1.0.0
L-Ami-Fiduciaire/app/Concerns/AuthorizesPermissions.php
Saad Ibn-Ezzoubayr c89d1879bf feat: complete Epic 1 — team management & permission system 
- Story 1.1: Permission enum, config, AuthorizesPermissions & HasWorkspaceScope traits, member→worker migration
- Story 1.2: Team page with member list, invitation system with queued email
- Story 1.3: Role assignment (Manager/Worker) and member removal with activity logging
- Story 1.4: Owner-only permission toggle matrix for Managers (manage team, view logs, configure portal)
- Story 1.5: Role-based access enforcement — Workers see only assigned declarations/clients, sidebar scoping
- Story 1.6: Workspace switcher dropdown for multi-workspace users with session-based switching
- 83 new/modified files, 182 tests passing with zero regressions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:12:50 +00:00

35 lines
875 B
PHP
Raw Permalink Blame History

<?php
namespace App\Concerns;
use App\Enums\WorkspaceUserRole;
trait AuthorizesPermissions
{
/**
* Authorize the current user has the given permission.
*
* Owner: always passes.
* Worker: always fails (abort 404).
* Manager: checks the permissions JSON column on workspace_user pivot.
* Unknown permission keys default to false.
*/
protected function authorizePermission(string $permission): void
{
$workspaceUser = auth()->user()->currentWorkspaceUser();
if ($workspaceUser->role->is(WorkspaceUserRole::Owner)) {
return;
}
if ($workspaceUser->role->is(WorkspaceUserRole::Worker)) {
abort(404);
}
// Manager: check JSON permissions column
if (! ($workspaceUser->permissions[$permission] ?? false)) {
abort(404);
}
}
}
Reference in New Issue View Git Blame Copy Permalink