12-05-2026 Frontend dev

app/Policies/CompanyPolicy.php

@@ -0,0 +1,76 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Company;
+use App\Models\User;
+
+class CompanyPolicy
+{
+    public function before(User $user): ?bool
+    {
+        return $user->is_super_admin ? true : null;
+    }
+
+    public function viewAny(User $user): bool
+    {
+        return $user->canAccessCustomer();
+    }
+
+    public function view(User $user, Company $company): bool
+    {
+        if ($user->canAccessAdmin()) {
+            return true;
+        }
+
+        return $this->isLinked($user, $company);
+    }
+
+    public function create(User $user): bool
+    {
+        return $user->canAccessAdmin();
+    }
+
+    public function update(User $user, Company $company): bool
+    {
+        if ($user->canAccessAdmin()) {
+            return true;
+        }
+
+        return $this->isOwnerOrResponsible($user, $company);
+    }
+
+    public function delete(User $user, Company $company): bool
+    {
+        return $user->canAccessAdmin();
+    }
+
+    public function restore(User $user, Company $company): bool
+    {
+        return $user->canAccessAdmin();
+    }
+
+    public function forceDelete(User $user, Company $company): bool
+    {
+        return $user->is_super_admin === true;
+    }
+
+    private function isLinked(User $user, Company $company): bool
+    {
+        return $user->companies()->withoutGlobalScopes()->whereKey($company->id)->exists()
+            || $company->owner_user_id === $user->id;
+    }
+
+    private function isOwnerOrResponsible(User $user, Company $company): bool
+    {
+        if ($company->owner_user_id === $user->id) {
+            return true;
+        }
+
+        return $user->companies()
+            ->withoutGlobalScopes()
+            ->whereKey($company->id)
+            ->wherePivotIn('role', ['owner', 'responsible'])
+            ->exists();
+    }
+}