103 lines
3.3 KiB
PHP
103 lines
3.3 KiB
PHP
<?php
|
||
|
||
declare(strict_types=1);
|
||
|
||
namespace App\Models\Scopes;
|
||
|
||
use App\Models\FormBuilder\FormField;
|
||
use App\Models\FormBuilder\FormFieldLibrary;
|
||
use App\Models\FormBuilder\FormSchema;
|
||
use Illuminate\Database\Eloquent\Builder;
|
||
use Illuminate\Database\Eloquent\Model;
|
||
use Illuminate\Database\Eloquent\Scope;
|
||
|
||
/**
|
||
* Multi-tenant isolation for `form_field_validation_rules`. Sibling to
|
||
* `FormFieldBindingScope` — the two share the same UNION shape over the
|
||
* polymorphic owner's two possible parents (`form_field → form_schema →
|
||
* organisation_id` ∪ `form_field_library → organisation_id`).
|
||
*
|
||
* Duplicate code with `FormFieldBindingScope` is acknowledged; base-class
|
||
* extraction is deferred to WS-5d per the architect addendum Q3 decision:
|
||
* premature abstraction from two is still premature, and WS-5d adds a
|
||
* third sibling that will make what truly varies visible.
|
||
*
|
||
* Organisation context resolution mirrors `OrganisationScope` — explicit
|
||
* override via constructor, then `organisation` / `event` route parameter
|
||
* fallbacks. CLI, queues, and unauthenticated flows skip the scope.
|
||
*
|
||
* Escape hatch:
|
||
* `FormFieldValidationRule::withoutGlobalScope(FormFieldValidationRuleScope::class)`.
|
||
*/
|
||
final class FormFieldValidationRuleScope implements Scope
|
||
{
|
||
public function __construct(
|
||
private readonly ?string $organisationId = null,
|
||
) {}
|
||
|
||
public function apply(Builder $builder, Model $model): void
|
||
{
|
||
$orgId = $this->resolveOrganisationId();
|
||
if ($orgId === null) {
|
||
return;
|
||
}
|
||
|
||
$fieldIds = FormField::query()
|
||
->withoutGlobalScope(OrganisationScope::class)
|
||
->whereIn(
|
||
'form_schema_id',
|
||
FormSchema::query()
|
||
->withoutGlobalScope(OrganisationScope::class)
|
||
->where('organisation_id', $orgId)
|
||
->select('id'),
|
||
)
|
||
->select('id');
|
||
|
||
$libraryIds = FormFieldLibrary::query()
|
||
->withoutGlobalScope(OrganisationScope::class)
|
||
->where('organisation_id', $orgId)
|
||
->select('id');
|
||
|
||
$table = $model->getTable();
|
||
|
||
$builder->where(function (Builder $outer) use ($table, $fieldIds, $libraryIds): void {
|
||
$outer->where(function (Builder $q) use ($table, $fieldIds): void {
|
||
$q->where("$table.owner_type", 'form_field')
|
||
->whereIn("$table.owner_id", $fieldIds);
|
||
})->orWhere(function (Builder $q) use ($table, $libraryIds): void {
|
||
$q->where("$table.owner_type", 'form_field_library')
|
||
->whereIn("$table.owner_id", $libraryIds);
|
||
});
|
||
});
|
||
}
|
||
|
||
private function resolveOrganisationId(): ?string
|
||
{
|
||
if ($this->organisationId !== null) {
|
||
return $this->organisationId;
|
||
}
|
||
|
||
$route = request()->route();
|
||
if ($route === null) {
|
||
return null;
|
||
}
|
||
|
||
$org = $route->parameter('organisation');
|
||
|
||
if ($org instanceof \App\Models\Organisation) {
|
||
return $org->id;
|
||
}
|
||
|
||
if (is_string($org) && $org !== '') {
|
||
return $org;
|
||
}
|
||
|
||
$event = $route->parameter('event');
|
||
if ($event instanceof \App\Models\Event) {
|
||
return $event->organisation_id;
|
||
}
|
||
|
||
return null;
|
||
}
|
||
}
|