ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
8aac5bdb46
TenantAtlas/app/Support/Middleware/DenyNonMemberTenantAccess.php
Ahmed Darrazi 3b1dd98f52 feat(rbac): Implement Tenant RBAC v1 
This commit introduces a comprehensive Role-Based Access Control (RBAC) system for TenantAtlas.

- Implements authentication via Microsoft Entra ID (OIDC).
- Manages authorization on a per-Suite-Tenant basis using a  table.
- Follows a capabilities-first approach, using Gates and Policies.
- Includes a break-glass mechanism for platform superadmins.
- Adds policies for bootstrapping tenants and managing admin responsibilities.
2026-01-25 16:01:50 +01:00

38 lines
813 B
PHP
Raw Blame History

<?php
namespace App\Support\Middleware;
use App\Models\Tenant;
use App\Models\User;
use App\Services\Auth\CapabilityResolver;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class DenyNonMemberTenantAccess
{
/**
* @param Closure(Request): Response $next
*/
public function handle(Request $request, Closure $next): Response
{
$tenant = $request->route()?->parameter('tenant');
if (! $tenant instanceof Tenant) {
return $next($request);
}
$user = $request->user();
if (! $user instanceof User) {
return $next($request);
}
if (! app(CapabilityResolver::class)->isMember($user, $tenant)) {
abort(404);
}
return $next($request);
}
}
Reference in New Issue View Git Blame Copy Permalink