ahmido
a989ef1a23
Implements specs 070–072 (workspace foundation, workspace-scoped tenant selection, managed-tenants workspace enforcement).
Highlights
- Adds Workspace + WorkspaceMembership models/migrations + middleware to persist/enforce current workspace context.
- Scopes tenant selection to the current workspace.
- Makes legacy `/admin/managed-tenants*` routes redirect into workspace-scoped URLs.
- Enforces tenant routes under `/admin/t/{tenant}` to 404 when workspace context is missing or mismatched.
- Fixes Filament page Blade wrappers so header actions render on choose-workspace / choose-tenant / no-access pages.
Verification
- Pint: `vendor/bin/sail bin pint --dirty`
- Tests: `vendor/bin/sail artisan test --compact tests/Feature/Guards/NoAdHocFilamentAuthPatternsTest.php tests/Feature/Workspaces tests/Feature/Filament/ChooseTenantIsWorkspaceScopedTest.php tests/Feature/Filament/ChooseTenantRequiresWorkspaceTest.php tests/Feature/Filament/TenantSwitcherUrlResolvesTenantTest.php tests/Feature/ManagedTenants tests/Feature/AdminNewRedirectTest.php`
Notes
- Filament v5 / Livewire v4 compatible.
- Panel provider registration stays in `bootstrap/providers.php` (Laravel 11+ rule).
- No new heavy frontend assets added.
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #85
68 lines
2.0 KiB
PHP
68 lines
2.0 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use App\Models\User;
|
|
use App\Models\WorkspaceMembership;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Http\Response as HttpResponse;
|
|
use Illuminate\Support\Facades\Schema;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class EnsureWorkspaceSelected
|
|
{
|
|
/**
|
|
* Handle an incoming request.
|
|
*
|
|
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
|
*/
|
|
public function handle(Request $request, Closure $next): Response
|
|
{
|
|
$routeName = $request->route()?->getName();
|
|
|
|
if (is_string($routeName) && str_contains($routeName, '.auth.')) {
|
|
return $next($request);
|
|
}
|
|
|
|
$path = '/'.ltrim($request->path(), '/');
|
|
|
|
if (str_starts_with($path, '/admin/t/')) {
|
|
return $next($request);
|
|
}
|
|
|
|
if (in_array($path, ['/admin/no-access', '/admin/choose-workspace'], true)) {
|
|
return $next($request);
|
|
}
|
|
|
|
$user = $request->user();
|
|
|
|
if (! $user instanceof User) {
|
|
return $next($request);
|
|
}
|
|
|
|
/** @var WorkspaceContext $context */
|
|
$context = app(WorkspaceContext::class);
|
|
|
|
$workspace = $context->resolveInitialWorkspaceFor($user, $request);
|
|
|
|
if ($workspace !== null) {
|
|
return $next($request);
|
|
}
|
|
|
|
$membershipQuery = WorkspaceMembership::query()->where('user_id', $user->getKey());
|
|
|
|
$hasAnyActiveMembership = Schema::hasColumn('workspaces', 'archived_at')
|
|
? $membershipQuery
|
|
->join('workspaces', 'workspace_memberships.workspace_id', '=', 'workspaces.id')
|
|
->whereNull('workspaces.archived_at')
|
|
->exists()
|
|
: $membershipQuery->exists();
|
|
|
|
$target = $hasAnyActiveMembership ? '/admin/choose-workspace' : '/admin/no-access';
|
|
|
|
return new HttpResponse('', 302, ['Location' => $target]);
|
|
}
|
|
}
|