*/ public function authorizedTenants(User $user, Workspace $workspace): array { $roles = RoleCapabilityMap::rolesWithCapability(Capabilities::TENANT_REVIEW_VIEW); return $user->tenants() ->where('tenants.workspace_id', (int) $workspace->getKey()) ->wherePivotIn('role', $roles) ->orderBy('tenants.name') ->get() ->keyBy(static fn (Tenant $tenant): int => (int) $tenant->getKey()) ->all(); } public function query(User $user, Workspace $workspace): Builder { $tenantIds = array_keys($this->authorizedTenants($user, $workspace)); return TenantReview::query() ->with(['tenant', 'evidenceSnapshot', 'currentExportReviewPack']) ->forWorkspace((int) $workspace->getKey()) ->whereIn('tenant_id', $tenantIds === [] ? [-1] : $tenantIds) ->latest('generated_at') ->latest('id'); } public function canAccessWorkspace(User $user, Workspace $workspace): bool { return WorkspaceMembership::query() ->where('workspace_id', (int) $workspace->getKey()) ->where('user_id', (int) $user->getKey()) ->exists(); } }