app/Scopes/UserAccessScope.php
<?php
namespace App\Scopes;
use App\Exceptions\Entities\AuthorizationException;
use App\Enums\Role;
use Illuminate\Contracts\Database\Query\Builder;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Scope;
use Throwable;
class UserAccessScope implements Scope
{
/**
* @param Builder $builder
* @param Model $model
* @return Builder|null
* @throws Throwable
*/
public function apply(Builder $builder, Model $model): ?Builder
{
if (!auth()->hasUser()) {
return null;
}
if (app()->runningInConsole()) {
return $builder;
}
$user = optional(request())->user();
throw_unless($user, new AuthorizationException);
if ($user->hasRole([Role::ADMIN, Role::MANAGER, Role::AUDITOR])) {
return $builder;
}
return $builder
->where('id', $user->id)
->orWhereHas('projectsRelation', static fn(Builder $builder) => $builder
->whereIn('project_id', static fn(Builder $builder) => $builder
->from('projects_users')
->select('project_id')
->where(static fn(Builder $builder) => $builder
->where('user_id', $user->id)
->where('role_id', Role::MANAGER->value))
->orWhere(static fn(Builder $builder) => $builder
->where('user_id', $user->id)
->where('role_id', Role::AUDITOR->value))));
}
}