ProviderConnectionPolicy::class, ]; public function boot(): void { $this->registerPolicies(); $tenantResolver = app(CapabilityResolver::class); $workspaceResolver = app(WorkspaceCapabilityResolver::class); $defineTenantCapability = function (string $capability) use ($tenantResolver): void { Gate::define($capability, function (User $user, ?Tenant $tenant = null) use ($tenantResolver, $capability): bool { if (! $tenant instanceof Tenant) { return false; } return $tenantResolver->can($user, $tenant, $capability); }); }; $defineWorkspaceCapability = function (string $capability) use ($workspaceResolver): void { Gate::define($capability, function (User $user, ?Workspace $workspace = null) use ($workspaceResolver, $capability): bool { if (! $workspace instanceof Workspace) { return false; } return $workspaceResolver->can($user, $workspace, $capability); }); }; foreach (Capabilities::all() as $capability) { if (str_starts_with($capability, 'workspace')) { $defineWorkspaceCapability($capability); continue; } $defineTenantCapability($capability); } foreach (PlatformCapabilities::all() as $capability) { Gate::define($capability, function (PlatformUser $user) use ($capability): bool { return $user->hasCapability($capability); }); } } }