belongsToOrg($user, $organisation); } public function view(User $user, FormSchema $schema): bool { return $this->sameOrg($user, $schema); } public function create(User $user, Organisation $organisation): bool { return $this->canManageOrg($user, $organisation); } public function update(User $user, FormSchema $schema): bool { return $this->sameOrg($user, $schema) && $this->canManage($user, $schema); } public function delete(User $user, FormSchema $schema): bool { return $this->sameOrg($user, $schema) && $this->canManage($user, $schema); } public function duplicate(User $user, FormSchema $schema): bool { return $this->update($user, $schema); } public function publish(User $user, FormSchema $schema): bool { return $this->update($user, $schema); } public function rotatePublicToken(User $user, FormSchema $schema): bool { return $this->update($user, $schema); } public function acquireEditLock(User $user, FormSchema $schema): bool { return $this->update($user, $schema); } private function sameOrg(User $user, FormSchema $schema): bool { return $this->belongsToOrg($user, $schema->organisation); } private function belongsToOrg(User $user, ?Organisation $organisation): bool { if ($user->hasRole('super_admin')) { return true; } if ($organisation === null) { return false; } return $organisation->users()->where('user_id', $user->id)->exists(); } private function canManageOrg(User $user, Organisation $organisation): bool { if ($user->hasRole('super_admin')) { return true; } return $organisation->users() ->where('user_id', $user->id) ->wherePivot('role', 'org_admin') ->exists(); } private function canManage(User $user, FormSchema $schema): bool { return $this->canManageOrg($user, $schema->organisation); } }