attributes->get('tenant'); if (! $tenant instanceof Tenant) { $tenant = $this->resolveTenant($request); $request->attributes->set('tenant', $tenant); $request->attributes->set('tenant_id', $tenant->id); $request->merge([ 'tenant' => $tenant, 'tenant_id' => $tenant->id, ]); } if ($this->requiresPackageCheck($request) && !$this->canPerformAction($request, $tenant)) { return response()->json([ 'error' => 'Package limits exceeded. Please purchase or upgrade a package.', ], 402); } return $next($request); } private function requiresPackageCheck(Request $request): bool { return $request->isMethod('post') && ( $request->routeIs('api.v1.tenant.events.store') || $request->routeIs('api.v1.tenant.photos.store') // Assuming photo upload route ); } private function canPerformAction(Request $request, Tenant $tenant): bool { if ($request->routeIs('api.v1.tenant.events.store')) { // Check tenant package for event creation $resellerPackage = $tenant->activeResellerPackage(); if ($resellerPackage) { return $resellerPackage->used_events < $resellerPackage->package->max_events_per_year; } return false; } if ($request->routeIs('api.v1.tenant.photos.store')) { $eventId = $request->input('event_id'); if (!$eventId) { return false; } $event = Event::findOrFail($eventId); if ($event->tenant_id !== $tenant->id) { return false; } $eventPackage = $event->eventPackage; if (!$eventPackage) { return false; } return $eventPackage->used_photos < $eventPackage->package->max_photos; } return true; } private function resolveTenant(Request $request): Tenant { $user = $request->user(); if ($user && isset($user->tenant) && $user->tenant instanceof Tenant) { return $user->tenant; } $tenantId = $request->attributes->get('tenant_id'); if (! $tenantId && $user && isset($user->tenant_id)) { $tenantId = $user->tenant_id; } if (! $tenantId) { abort(401, 'Unauthenticated'); } return Tenant::findOrFail($tenantId); } }