resolvedTenant(); if (! $tenant instanceof Tenant) { return false; } if (! $user->canAccessTenant($tenant)) { return false; } return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::FINDING_EXCEPTION_VIEW); } public function view(User $user, FindingException $exception): Response|bool { $tenant = $this->authorizedTenantOrNull($user, $exception); if (! $tenant instanceof Tenant) { return Response::denyAsNotFound(); } return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::FINDING_EXCEPTION_VIEW); } public function approve(User $user, FindingException $exception): Response|bool { return $this->authorizeCanonicalApproval($user, $exception); } public function reject(User $user, FindingException $exception): Response|bool { return $this->authorizeCanonicalApproval($user, $exception); } private function authorizeCanonicalApproval(User $user, FindingException $exception): Response|bool { $tenant = $exception->tenant; if (! $tenant instanceof Tenant || ! $user->canAccessTenant($tenant)) { return Response::denyAsNotFound(); } $workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request()); if (! is_int($workspaceId) || $workspaceId !== (int) $exception->workspace_id) { return Response::denyAsNotFound(); } $workspace = $tenant->workspace; if (! $workspace instanceof Workspace) { return Response::denyAsNotFound(); } /** @var WorkspaceCapabilityResolver $resolver */ $resolver = app(WorkspaceCapabilityResolver::class); if (! $resolver->isMember($user, $workspace)) { return Response::denyAsNotFound(); } return $resolver->can($user, $workspace, Capabilities::FINDING_EXCEPTION_APPROVE) ? true : Response::deny(); } private function authorizedTenantOrNull(User $user, FindingException $exception): ?Tenant { $tenant = $this->resolvedTenant(); if (! $tenant instanceof Tenant) { return null; } if (! $user->canAccessTenant($tenant)) { return null; } if ((int) $exception->tenant_id !== (int) $tenant->getKey()) { return null; } if ((int) $exception->workspace_id !== (int) $tenant->workspace_id) { return null; } return $tenant; } private function resolvedTenant(): ?Tenant { if (Filament::getCurrentPanel()?->getId() === 'admin') { $workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request()); if (! is_int($workspaceId)) { return null; } $tenantId = app(WorkspaceContext::class)->lastTenantId(request()); if (! is_int($tenantId)) { return null; } $tenant = Tenant::query()->whereKey($tenantId)->first(); return $tenant instanceof Tenant && (int) $tenant->workspace_id === $workspaceId ? $tenant : null; } $tenant = Tenant::current(); return $tenant instanceof Tenant ? $tenant : null; } }