Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
70.00% covered (warning)
70.00%
7 / 10
0.00% covered (danger)
0.00%
0 / 1
 CRAP
0.00% covered (danger)
0.00%
0 / 1
EnsureCompanyAdmin
70.00% covered (warning)
70.00%
7 / 10
0.00% covered (danger)
0.00%
0 / 1
 4.43
0.00% covered (danger)
0.00%
0 / 1
 handle
70.00% covered (warning)
70.00%
7 / 10
0.00% covered (danger)
0.00%
0 / 1
 4.43
1<?php
2
3namespace App\Http\Middleware;
4
5use App\Http\Models\Auth\Role;
6use App\Http\Models\Auth\User;
7use Closure;
8use Illuminate\Http\Request;
9
10/**
11 * Ensures the authenticated user has a company admin role (Global Admin or Vengreso Admin).
12 *
13 * Unlike CheckCompanyAdmin, this middleware does NOT require a {slug} route parameter.
14 * It derives the company from the authenticated user's company_id and checks their role.
15 */
16class EnsureCompanyAdmin
17{
18    /**
19     * Handle an incoming request.
20     *
21     * @param Request $request
22     * @param Closure $next
23     * @return mixed
24     */
25    public function handle(Request $request, Closure $next)
26    {
27        $user = $request->user();
28
29        if (! $user instanceof User) {
30            return response()->json(['error' => 'Unauthorized'], 403);
31        }
32
33        if (! $user->company_id) {
34            return response()->json(['error' => 'User is not associated with a company'], 403);
35        }
36
37        $roles = $user->role;
38        $role = role($roles);
39
40        if (! in_array($role, [Role::GLOBAL_ADMIN, Role::VENGRESO_ADMIN], true)) {
41            return response()->json(['error' => 'Unauthorized. Company admin access required.'], 403);
42        }
43
44        return $next($request);
45    }
46}