TenantAtlas/app/Policies/ProviderConnectionPolicy.php

<?php

namespace App\Policies;

use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Models\User;
use App\Models\Workspace;
use App\Support\Workspaces\WorkspaceContext;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Auth\Access\Response;
use Illuminate\Support\Facades\Gate;

class ProviderConnectionPolicy
{
    use HandlesAuthorization;

    public function viewAny(User $user): bool
    {
        $workspace = $this->currentWorkspace();
        if (! $workspace instanceof Workspace) {
            return false;
        }

        $tenant = Tenant::current();

        return $tenant instanceof Tenant
            && (int) $tenant->workspace_id === (int) $workspace->getKey()
            && Gate::forUser($user)->allows('provider.view', $tenant);
    }

    public function view(User $user, ProviderConnection $connection): Response|bool
    {
        $workspace = $this->currentWorkspace();
        if (! $workspace instanceof Workspace) {
            return Response::denyAsNotFound();
        }

        $tenant = Tenant::current();

        if (! $tenant instanceof Tenant || (int) $tenant->workspace_id !== (int) $workspace->getKey()) {
            return Response::denyAsNotFound();
        }

        if (! Gate::forUser($user)->allows('provider.view', $tenant)) {
            return false;
        }

        if ((int) $connection->tenant_id !== (int) $tenant->getKey()) {
            return Response::denyAsNotFound();
        }

        if ((int) $connection->workspace_id !== (int) $workspace->getKey()) {
            return Response::denyAsNotFound();
        }

        return true;
    }

    public function create(User $user): bool
    {
        $workspace = $this->currentWorkspace();
        if (! $workspace instanceof Workspace) {
            return false;
        }

        $tenant = Tenant::current();

        return $tenant instanceof Tenant
            && (int) $tenant->workspace_id === (int) $workspace->getKey()
            && Gate::forUser($user)->allows('provider.manage', $tenant);
    }

    public function update(User $user, ProviderConnection $connection): Response|bool
    {
        $workspace = $this->currentWorkspace();
        if (! $workspace instanceof Workspace) {
            return Response::denyAsNotFound();
        }

        $tenant = Tenant::current();

        if (! $tenant instanceof Tenant || (int) $tenant->workspace_id !== (int) $workspace->getKey()) {
            return Response::denyAsNotFound();
        }

        if (! Gate::forUser($user)->allows('provider.view', $tenant)) {
            return false;
        }

        if ((int) $connection->tenant_id !== (int) $tenant->getKey()) {
            return Response::denyAsNotFound();
        }

        if ((int) $connection->workspace_id !== (int) $workspace->getKey()) {
            return Response::denyAsNotFound();
        }

        return true;
    }

    public function delete(User $user, ProviderConnection $connection): Response|bool
    {
        $workspace = $this->currentWorkspace();
        if (! $workspace instanceof Workspace) {
            return Response::denyAsNotFound();
        }

        $tenant = Tenant::current();

        if (! $tenant instanceof Tenant || (int) $tenant->workspace_id !== (int) $workspace->getKey()) {
            return Response::denyAsNotFound();
        }

        if (! Gate::forUser($user)->allows('provider.manage', $tenant)) {
            return false;
        }

        if ((int) $connection->tenant_id !== (int) $tenant->getKey()) {
            return Response::denyAsNotFound();
        }

        if ((int) $connection->workspace_id !== (int) $workspace->getKey()) {
            return Response::denyAsNotFound();
        }

        return false;
    }

    private function currentWorkspace(): ?Workspace
    {
        $workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request());

        return is_int($workspaceId)
            ? Workspace::query()->whereKey($workspaceId)->first()
            : null;
    }
}