34 lines
834 B
PHP
34 lines
834 B
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use App\Models\User;
|
|
use Laravel\Sanctum\PersonalAccessToken;
|
|
|
|
class EnsureTenantCollaboratorToken extends EnsureTenantAdminToken
|
|
{
|
|
protected function allowedRoles(): array
|
|
{
|
|
return ['tenant_admin', 'super_admin', 'superadmin', 'admin', 'member'];
|
|
}
|
|
|
|
protected function forbiddenRoleMessage(): string
|
|
{
|
|
return 'Only tenant collaborators may access this resource.';
|
|
}
|
|
|
|
protected function abilityErrorMessage(): string
|
|
{
|
|
return 'Access token does not include the tenant-member ability.';
|
|
}
|
|
|
|
protected function hasRequiredAbilities(PersonalAccessToken $accessToken, User $user): bool
|
|
{
|
|
if ($accessToken->can('tenant-admin')) {
|
|
return true;
|
|
}
|
|
|
|
return $accessToken->can('tenant-member');
|
|
}
|
|
}
|