linkedModelId($descriptor); $tenantId = $descriptor->tenantId; if ($policyId === null || $tenantId === null || $tenantId <= 0) { return $this->unresolved($descriptor); } $policy = Policy::query() ->with('tenant') ->whereKey($policyId) ->where('tenant_id', $tenantId) ->first(); if (! $policy instanceof Policy) { return $this->missing($descriptor); } if (! $this->canOpenTenantRecord($policy->tenant, Capabilities::TENANT_VIEW)) { return $this->inaccessible($descriptor); } return $this->resolved( descriptor: $descriptor, primaryLabel: (string) ($policy->display_name ?: 'Policy'), secondaryLabel: 'Policy #'.$policy->getKey(), linkTarget: new ReferenceLinkTarget( targetKind: ReferenceClass::Policy->value, url: PolicyResource::getUrl('view', ['record' => $policy], tenant: $policy->tenant), actionLabel: 'View policy', contextBadge: 'Tenant', ), ); } private function canOpenTenantRecord(?Tenant $tenant, string $capability): bool { $user = auth()->user(); return $tenant instanceof Tenant && $user instanceof User && $this->capabilityResolver->isMember($user, $tenant) && $this->capabilityResolver->can($user, $tenant, $capability); } }