051db1842d
Spec 107: Workspace Chooser v1 (Enterprise) + In-App Switch Entry Point ## Core changes - Refactor EnsureWorkspaceSelected middleware: 7-step algorithm with auto-resume (single membership + last_workspace_id), stale session detection, ?choose=1 forced chooser, workspace-optional path bypass - Create WorkspaceRedirectResolver for DRY tenant-count branching (0→managed-tenants, 1→tenant-dashboard, >1→choose-tenant) - Add WorkspaceAutoSelected + WorkspaceSelected audit enum cases - Rewrite ChooseWorkspace page: role badges, tenant counts, wire:click selection, audit logging, WorkspaceRedirectResolver - Add 'Switch workspace' user menu item in AdminPanelProvider - Rewrite SwitchWorkspaceController with audit + resolver - Replace inline tenant branching in routes/web.php with resolver ## New test files (6) - WorkspaceRedirectResolverTest (5 tests Spec 107: Workspace Chooser v1 (Enterprise) + In-App Switch Entry Point ## Core changes - Refactor EnsureWorkspaceSelected middleware: 7-step algorithmst ## Core changes - Refactor EnsureWorkspaceSelected middleware: 7-stepes - Refactor Ensng auto-resume (single membership + last_workspace_id), stale sessioid detection, ?choose=1 forced chooser, w (security invariant preserve- Create WorkspaceRedirectResolver for DRY tenant-count branching (0→managed-tenants, 1→tenant-dashboapped (8163 assertions)
81 lines
2.2 KiB
PHP
81 lines
2.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Services\Audit\WorkspaceAuditLogger;
|
|
use App\Support\Audit\AuditActionId;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use App\Support\Workspaces\WorkspaceIntendedUrl;
|
|
use App\Support\Workspaces\WorkspaceRedirectResolver;
|
|
use Illuminate\Http\RedirectResponse;
|
|
use Illuminate\Http\Request;
|
|
|
|
final class SwitchWorkspaceController
|
|
{
|
|
public function __invoke(Request $request): RedirectResponse
|
|
{
|
|
$user = auth()->user();
|
|
|
|
if (! $user instanceof User) {
|
|
abort(403);
|
|
}
|
|
|
|
$validated = $request->validate([
|
|
'workspace_id' => ['required', 'integer'],
|
|
]);
|
|
|
|
$workspace = Workspace::query()->whereKey($validated['workspace_id'])->first();
|
|
|
|
if (! $workspace instanceof Workspace) {
|
|
abort(404);
|
|
}
|
|
|
|
if (! empty($workspace->archived_at)) {
|
|
abort(404);
|
|
}
|
|
|
|
$context = app(WorkspaceContext::class);
|
|
|
|
if (! $context->isMember($user, $workspace)) {
|
|
abort(404);
|
|
}
|
|
|
|
$prevWorkspaceId = $context->currentWorkspaceId($request);
|
|
|
|
$context->setCurrentWorkspace($workspace, $user, $request);
|
|
|
|
/** @var WorkspaceAuditLogger $auditLogger */
|
|
$auditLogger = app(WorkspaceAuditLogger::class);
|
|
|
|
$auditLogger->log(
|
|
workspace: $workspace,
|
|
action: AuditActionId::WorkspaceSelected->value,
|
|
context: [
|
|
'metadata' => [
|
|
'method' => 'manual',
|
|
'reason' => 'context_bar',
|
|
'prev_workspace_id' => $prevWorkspaceId,
|
|
],
|
|
],
|
|
actor: $user,
|
|
resourceType: 'workspace',
|
|
resourceId: (string) $workspace->getKey(),
|
|
);
|
|
|
|
$intendedUrl = WorkspaceIntendedUrl::consume($request);
|
|
|
|
if ($intendedUrl !== null) {
|
|
return redirect()->to($intendedUrl);
|
|
}
|
|
|
|
/** @var WorkspaceRedirectResolver $resolver */
|
|
$resolver = app(WorkspaceRedirectResolver::class);
|
|
|
|
return redirect()->to($resolver->resolve($workspace, $user));
|
|
}
|
|
}
|