linkedModelId($descriptor); $tenantId = $descriptor->tenantId; if ($policyVersionId === null || $tenantId === null || $tenantId <= 0) { return $this->unresolved($descriptor); } $version = PolicyVersion::query() ->with(['policy', 'tenant']) ->whereKey($policyVersionId) ->where('tenant_id', $tenantId) ->first(); if (! $version instanceof PolicyVersion) { return $this->missing($descriptor); } if (! $this->canOpenPolicyVersion($version)) { return $this->inaccessible($descriptor); } $policyName = $version->policy?->display_name; $secondary = 'Version '.(string) $version->version_number; if (is_string($version->capture_purpose?->value) && $version->capture_purpose->value !== '') { $secondary .= ' · '.str_replace('_', ' ', $version->capture_purpose->value); } return $this->resolved( descriptor: $descriptor, primaryLabel: is_string($policyName) && trim($policyName) !== '' ? $policyName : 'Policy version', secondaryLabel: $secondary, linkTarget: new ReferenceLinkTarget( targetKind: ReferenceClass::PolicyVersion->value, url: PolicyVersionResource::getUrl('view', ['record' => $version], tenant: $version->tenant), actionLabel: 'View policy version', contextBadge: 'Tenant', ), ); } private function canOpenPolicyVersion(PolicyVersion $version): bool { $tenant = $version->tenant; if (! $tenant instanceof Tenant || ! $this->canOpenTenantRecord($tenant, Capabilities::TENANT_VIEW)) { return false; } if (in_array((string) $version->capture_purpose?->value, ['baseline_capture', 'baseline_compare'], true)) { $user = auth()->user(); return $user instanceof User && $this->capabilityResolver->isMember($user, $tenant) && $this->capabilityResolver->can($user, $tenant, Capabilities::TENANT_SYNC); } return true; } private function canOpenTenantRecord(?Tenant $tenant, string $capability): bool { $user = auth()->user(); return $tenant instanceof Tenant && $user instanceof User && $this->capabilityResolver->isMember($user, $tenant) && $this->capabilityResolver->can($user, $tenant, $capability); } }