Saad Ibn-Ezzoubayr
c89d1879bf
- Story 1.1: Permission enum, config, AuthorizesPermissions & HasWorkspaceScope traits, member→worker migration - Story 1.2: Team page with member list, invitation system with queued email - Story 1.3: Role assignment (Manager/Worker) and member removal with activity logging - Story 1.4: Owner-only permission toggle matrix for Managers (manage team, view logs, configure portal) - Story 1.5: Role-based access enforcement — Workers see only assigned declarations/clients, sidebar scoping - Story 1.6: Workspace switcher dropdown for multi-workspace users with session-based switching - 83 new/modified files, 182 tests passing with zero regressions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
31 lines
761 B
PHP
31 lines
761 B
PHP
<?php
|
|
|
|
namespace App\Concerns;
|
|
|
|
use App\Models\Workspace;
|
|
use Illuminate\Database\Eloquent\Model;
|
|
|
|
trait HasWorkspaceScope
|
|
{
|
|
/**
|
|
* Resolve the current workspace from the session.
|
|
*/
|
|
protected function currentWorkspace(): Workspace
|
|
{
|
|
return auth()->user()->workspaces()
|
|
->where('workspaces.id', session('current_workspace_id'))
|
|
->firstOrFail();
|
|
}
|
|
|
|
/**
|
|
* Verify the given resource belongs to the current workspace.
|
|
* Aborts with 404 if the resource does not belong to the workspace.
|
|
*/
|
|
protected function authorizeWorkspaceAccess(Model $resource): void
|
|
{
|
|
if ($resource->workspace_id !== (int) session('current_workspace_id')) {
|
|
abort(404);
|
|
}
|
|
}
|
|
}
|