Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
CRAP | |
100.00% |
1 / 1 |
| ResolveUserCompanies | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
2 | |
100.00% |
1 / 1 |
| handle | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
2 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace App\Http\Middleware; |
| 4 | |
| 5 | use App\Services\UserCompanies; |
| 6 | use Closure; |
| 7 | use Illuminate\Http\Request; |
| 8 | |
| 9 | /** |
| 10 | * FIRE-1146: Resolve the authenticated user's company_id list once per |
| 11 | * request and attach it to the request attribute bag so downstream |
| 12 | * controllers don't each re-run the same `TblCompanyUsers::where(...)` |
| 13 | * query. |
| 14 | * |
| 15 | * Reads the user id from `$request->user()` first (set by |
| 16 | * AuthenticateWithToken). Falls back to the server-trusted |
| 17 | * `Backend-User-Id` header (also set by AuthenticateWithToken) — never |
| 18 | * to the client-supplied `User-Id` header. |
| 19 | * |
| 20 | * Must be registered AFTER `auth.token` in any route group that needs it. |
| 21 | */ |
| 22 | class ResolveUserCompanies |
| 23 | { |
| 24 | public function handle(Request $request, Closure $next) |
| 25 | { |
| 26 | $userId = (int) ($request->user()?->id ?? $request->header('Backend-User-Id', 0)); |
| 27 | |
| 28 | if ($userId > 0) { |
| 29 | $request->attributes->set( |
| 30 | 'user_company_ids', |
| 31 | UserCompanies::forUser($userId), |
| 32 | ); |
| 33 | } |
| 34 | |
| 35 | return $next($request); |
| 36 | } |
| 37 | } |