Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
80.00% |
4 / 5 |
|
50.00% |
1 / 2 |
CRAP | |
0.00% |
0 / 1 |
| ResendAllInvitationsRequest | |
80.00% |
4 / 5 |
|
50.00% |
1 / 2 |
3.07 | |
0.00% |
0 / 1 |
| authorize | |
75.00% |
3 / 4 |
|
0.00% |
0 / 1 |
2.06 | |||
| rules | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace App\Http\Requests\v2\Company; |
| 4 | |
| 5 | use App\Http\Models\Auth\Role; |
| 6 | use Illuminate\Foundation\Http\FormRequest; |
| 7 | |
| 8 | /** |
| 9 | * Request for resending all pending invitations for a company. |
| 10 | * |
| 11 | * Authorization requires either: |
| 12 | * - A Global Admin who belongs to the target company (company membership enforced |
| 13 | * at middleware level by check.company.admin before this request is resolved) |
| 14 | * - A Vengreso Admin (cross-company access, also passed by check.company.admin) |
| 15 | * |
| 16 | * The `check.company.admin` middleware injects `current_role` into the request, |
| 17 | * which this authorize() method reads to enforce the role restriction. |
| 18 | * Group Admin and Reporting Admin users from the same company are denied. |
| 19 | * |
| 20 | * No body parameters are required — the company is identified by the {slug} route segment. |
| 21 | */ |
| 22 | class ResendAllInvitationsRequest extends FormRequest |
| 23 | { |
| 24 | /** |
| 25 | * Determine if the user is authorized to make this request. |
| 26 | * |
| 27 | * Allows only Global Admin (of the company) or Vengreso Admin through. |
| 28 | * Group Admin, Reporting Admin, and regular Users are denied with 403. |
| 29 | */ |
| 30 | public function authorize(): bool |
| 31 | { |
| 32 | $role = $this->current_role; |
| 33 | |
| 34 | if (! $role) { |
| 35 | return false; |
| 36 | } |
| 37 | |
| 38 | return in_array($role, [Role::GLOBAL_ADMIN, Role::VENGRESO_ADMIN], true); |
| 39 | } |
| 40 | |
| 41 | /** |
| 42 | * Get the validation rules that apply to the request. |
| 43 | * |
| 44 | * No body parameters are required for this endpoint. |
| 45 | * |
| 46 | * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string> |
| 47 | */ |
| 48 | public function rules(): array |
| 49 | { |
| 50 | return []; |
| 51 | } |
| 52 | } |