Enforce tenant member permissions

app/Http/Controllers/Api/Tenant/EventGuestNotificationController.php

@@ -11,6 +11,7 @@ use App\Models\Event;
 use App\Models\GuestNotification;
 use App\Models\GuestPolicySetting;
 use App\Services\GuestNotificationService;
+use App\Support\TenantMemberPermissions;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;
@@ -23,6 +24,7 @@ class EventGuestNotificationController extends Controller
     public function index(Request $request, Event $event): JsonResponse
     {
         $this->assertEventTenant($request, $event);
+        TenantMemberPermissions::ensureEventPermission($request, $event, 'guest-notifications:manage');
 
         $limit = max(1, min(100, (int) $request->integer('limit', 25)));
 
@@ -38,6 +40,7 @@ class EventGuestNotificationController extends Controller
     public function store(BroadcastGuestNotificationRequest $request, Event $event): JsonResponse
     {
         $this->assertEventTenant($request, $event);
+        TenantMemberPermissions::ensureEventPermission($request, $event, 'guest-notifications:manage');
 
         $data = $request->validated();