user(); $activeType = session('activeProfileType'); $activeId = session('activeProfileId'); if (!$user || !$activeType || !$activeId) { return false; } $typeMap = [ 'App\Models\Admin' => ['prefix' => 'Admin', 'suffix' => 'admin'], 'App\Models\Bank' => ['prefix' => 'Bank', 'suffix' => 'bank-manager'], 'App\Models\Organization' => ['prefix' => 'Organization', 'suffix' => 'organization-manager'], ]; if (!isset($typeMap[$activeType])) { return false; } $roleName = "{$typeMap[$activeType]['prefix']}\\{$activeId}\\{$typeMap[$activeType]['suffix']}"; if (!$user->hasRole($roleName)) { return false; } $role = Role::where('name', $roleName)->first(); if (!$role) { return false; } return $role->permissions->where('name', 'manage profiles')->count() > 0; } /** * Determines if the active profile can view incomplete profiles. * * Only Admin and Bank profiles can view incomplete profiles. * This is a simple profile type check, independent of permission system. * * @return bool */ protected function canViewIncompleteProfiles() { if (!function_exists('getActiveProfile')) { return false; } $activeProfile = getActiveProfile(); if (!$activeProfile) { return false; } $activeProfileClass = get_class($activeProfile); // Only Admin and Bank profiles can view incomplete profiles return in_array($activeProfileClass, [ 'App\Models\Admin', 'App\Models\Bank', ]); } /** * Determines if the currently authenticated user can create payments as the active profile. * * Users with the coordinator role (organization-coordinator / bank-coordinator) have * full access to the profile EXCEPT payment execution. Only manager roles can pay. * * @return bool */ protected function getCanCreatePayments() { $user = Auth::guard('web')->user(); $activeType = session('activeProfileType'); $activeId = session('activeProfileId'); // User profiles can always pay (no elevated profile restriction) if ($activeType === 'App\Models\User') { return true; } if (!$user || !$activeType || !$activeId) { return false; } $managerRoleMap = [ 'App\Models\Organization' => "Organization\\{$activeId}\\organization-manager", 'App\Models\Bank' => "Bank\\{$activeId}\\bank-manager", ]; if (!isset($managerRoleMap[$activeType])) { return false; } return $user->hasRole($managerRoleMap[$activeType]); } /** * Determines if the currently authenticated user has permission to manage accounts. * * @return bool */ protected function getCanManageAccounts() { $user = Auth::guard('web')->user(); $activeType = session('activeProfileType'); $activeId = session('activeProfileId'); if (!$user || !$activeType || !$activeId) { return false; } $typeMap = [ 'App\Models\Admin' => ['prefix' => 'Admin', 'suffix' => 'admin'], 'App\Models\Bank' => ['prefix' => 'Bank', 'suffix' => 'bank-manager'], 'App\Models\Organization' => ['prefix' => 'Organization', 'suffix' => 'organization-manager'], ]; if (!isset($typeMap[$activeType])) { return false; } $roleName = "{$typeMap[$activeType]['prefix']}\\{$activeId}\\{$typeMap[$activeType]['suffix']}"; if (!$user->hasRole($roleName)) { return false; } $role = Role::where('name', $roleName)->first(); if (!$role) { return false; } return $role->permissions->where('name', 'manage accounts')->count() > 0; } }