Restrict user access to tenant

code4romania · Dec 3, 2024 · f99a22c · f99a22c
1 parent 9b74906
commit f99a22c
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 0 deletions.
diff --git a/app/Http/Middleware/EnsureUserIsActive.php b/app/Http/Middleware/EnsureUserIsActive.php
@@ -0,0 +1,76 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Middleware;
+
+use App\Enums\UserStatus as UserStatusEnum;
+use App\Models\Scopes\BelongsToCurrentTenant;
+use App\Models\User;
+use App\Models\UserStatus;
+use Closure;
+use Filament\Facades\Filament;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class EnsureUserIsActive
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        if ($this->userAndInstitutionIsActive()) {
+            return $next($request);
+        }
+
+        Filament::auth()->logout();
+
+        $request->session()->invalidate();
+        $request->session()->regenerateToken();
+
+        return redirect()->to(Filament::getCurrentPanel()->getLoginUrl())
+            ->with('error', __('user.inactive_error'));
+    }
+
+    public function userAndInstitutionIsActive(): bool
+    {
+        $userActiveOrganizations = UserStatus::query()
+            ->where('user_id', auth()->id())
+            ->withoutGlobalScopes([BelongsToCurrentTenant::class])
+            ->with('organization.institution')
+            ->whereIn('status', [UserStatusEnum::PENDING->value, UserStatusEnum::ACTIVE->value])
+            ->get()
+            ->filter(fn (UserStatus $userStatus) => ! $userStatus->organization?->institution->isInactivated());
+
+        if ($userActiveOrganizations->isEmpty()) {
+            return false;
+        }
+
+        /** @var User $user */
+        $user = auth()->user();
+
+        if ($user->isAdmin() && Filament::getCurrentPanel()->getId() === 'admin')
+        {
+            return UserStatus::query()
+                ->where('user_id', auth()->id())
+                ->whereNull('organization_id')
+                ->withoutGlobalScopes([BelongsToCurrentTenant::class])
+                ->whereIn('status', [UserStatusEnum::PENDING->value, UserStatusEnum::ACTIVE->value])
+                ->exists();
+        }
+
+        if ($userActiveOrganizations->pluck('organization_id')->contains($user->latest_organization_id)) {
+            return true;
+        }
+
+        $user->latest_organization_id = $userActiveOrganizations
+            ->first()
+            ?->organization_id;
+
+        $user->save();
+
+        if ($user->latest_organization_id) {
+            return $this->userAndInstitutionIsActive();
+        }
+
+        return false;
+    }
+}
diff --git a/app/Providers/Filament/AdminPanelProvider.php b/app/Providers/Filament/AdminPanelProvider.php
@@ -6,6 +6,7 @@
 
 use App\Filament\Admin\Pages;
 use App\Filament\Admin\Resources\ServiceResource;
+use App\Http\Middleware\EnsureUserIsActive;
 use App\Livewire\Welcome;
 use Filament\Forms\Components\DateTimePicker;
 use Filament\Http\Middleware\Authenticate;
@@ -122,6 +123,7 @@ public function panel(Panel $panel): Panel
             ])
             ->authMiddleware([
                 Authenticate::class,
+                EnsureUserIsActive::class,
             ]);
     }
 

diff --git a/app/Providers/Filament/OrganizationPanelProvider.php b/app/Providers/Filament/OrganizationPanelProvider.php
@@ -6,6 +6,7 @@
 
 use App\Filament\Organizations\Pages;
 use App\Filament\Organizations\Pages\Profile\UserPersonalInfo;
+use App\Http\Middleware\EnsureUserIsActive;
 use App\Http\Middleware\UpdateDefaultTenant;
 use App\Livewire\Welcome;
 use App\Models\Organization;
@@ -143,6 +144,7 @@ public function panel(Panel $panel): Panel
             ])
             ->authMiddleware([
                 Authenticate::class,
+                EnsureUserIsActive::class,
             ])
             ->tenant(Organization::class, 'slug')
             ->tenantRoutePrefix('org')