currentWorkspace($user); if (! $workspace instanceof Workspace) { return Response::denyAsNotFound(); } return $this->authorizeForWorkspace($user, $workspace, Capabilities::ALERTS_VIEW); } public function view(User $user, AlertDelivery $alertDelivery): bool|Response { $workspace = $this->currentWorkspace($user); if (! $workspace instanceof Workspace) { return Response::denyAsNotFound(); } if ((int) $alertDelivery->workspace_id !== (int) $workspace->getKey()) { return Response::denyAsNotFound(); } $tenant = $alertDelivery->tenant; if ($tenant === null) { return $this->authorizeForWorkspace($user, $workspace, Capabilities::ALERTS_VIEW); } if (! $user->canAccessTenant($tenant)) { return Response::denyAsNotFound(); } return $this->authorizeForWorkspace($user, $workspace, Capabilities::ALERTS_VIEW); } private function currentWorkspace(User $user): ?Workspace { $workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request()); if (! is_int($workspaceId)) { return null; } $workspace = Workspace::query()->whereKey($workspaceId)->first(); if (! $workspace instanceof Workspace) { return null; } /** @var WorkspaceCapabilityResolver $resolver */ $resolver = app(WorkspaceCapabilityResolver::class); if (! $resolver->isMember($user, $workspace)) { return null; } return $workspace; } private function authorizeForWorkspace(User $user, Workspace $workspace, string $capability): bool|Response { /** @var WorkspaceCapabilityResolver $resolver */ $resolver = app(WorkspaceCapabilityResolver::class); if (! $resolver->isMember($user, $workspace)) { return Response::denyAsNotFound(); } return $resolver->can($user, $workspace, $capability) ? Response::allow() : Response::deny(); } }