Limit-Status im Upload-Flow anzeigen (Warnbanner + Sperrzustände).

Upload-Fehlercodes auswerten und freundliche Dialoge zeigen.
2025-11-01 19:50:17 +01:00
parent 2c14493604
commit 79b209de9a
55 changed files with 3348 additions and 462 deletions
--- a/app/Http/Middleware/TenantIsolation.php
+++ b/app/Http/Middleware/TenantIsolation.php
@@ -2,9 +2,12 @@

 namespace App\Http\Middleware;

+use App\Support\ApiError;
 use Closure;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\DB;
+use Symfony\Component\HttpFoundation\Response;

 class TenantIsolation
 {
@@ -15,15 +18,15 @@ class TenantIsolation
    {
        $tenantId = $request->attributes->get('tenant_id');

-        if (!$tenantId) {
-            return response()->json(['error' => 'Tenant ID not found in token'], 401);
+        if (! $tenantId) {
+            return $this->missingTenantIdResponse();
        }

        // Get the tenant from request (query param, route param, or header)
        $requestTenantId = $this->getTenantIdFromRequest($request);

        if ($requestTenantId && $requestTenantId != $tenantId) {
-            return response()->json(['error' => 'Tenant isolation violation'], 403);
+            return $this->tenantIsolationViolationResponse((int) $tenantId, (int) $requestTenantId);
        }

        // Set tenant context for query scoping
@@ -32,7 +35,6 @@ class TenantIsolation
            $connection->statement('SET @tenant_id = ?', [$tenantId]);
        }

-
        // Add tenant context to request for easy access in controllers
        $request->attributes->set('current_tenant_id', $tenantId);

@@ -62,4 +64,28 @@ class TenantIsolation
        // 4. For tenant-specific resources, use token tenant_id
        return null;
    }
+
+    private function missingTenantIdResponse(): JsonResponse
+    {
+        return ApiError::response(
+            'tenant_context_missing',
+            'Tenant Context Missing',
+            'Tenant ID not found in access token.',
+            Response::HTTP_UNAUTHORIZED
+        );
+    }
+
+    private function tenantIsolationViolationResponse(int $tokenTenantId, int $requestTenantId): JsonResponse
+    {
+        return ApiError::response(
+            'tenant_isolation_violation',
+            'Tenant Isolation Violation',
+            'The requested resource belongs to a different tenant.',
+            Response::HTTP_FORBIDDEN,
+            [
+                'token_tenant_id' => $tokenTenantId,
+                'request_tenant_id' => $requestTenantId,
+            ]
+        );
+    }
 }