Eliminate Company\CompaniesController, introduce owner role

Redistribute methods: - show() -> BootstrapController::currentCompany() - store(), destroy(), userCompanies() -> Admin\CompaniesController - transferOwnership() -> CompanySettingsController Security fix: introduce 'owner' role for company-level admin, distinct from 'super admin' which is now global platform admin only. - CompanyService::setupRoles() creates 'owner' role per company - Company creation assigns scoped 'owner' role instead of global 'super admin' - Seeders updated to assign 'owner' Migration renames all existing company-scoped 'super admin' roles to 'owner' and ensures every company owner has the role assigned.
2026-04-15 17:24:10 +00:00 · 2026-04-03 22:33:56 +02:00
parent 5912995164
commit 00d5abae5f
10 changed files with 151 additions and 111 deletions
--- a/app/Http/Controllers/Admin/CompaniesController.php
+++ b/app/Http/Controllers/Admin/CompaniesController.php
@@ -2,14 +2,22 @@

 namespace App\Http\Controllers\Admin;

+use App\Facades\Hashids;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\AdminCompanyUpdateRequest;
+use App\Http\Requests\CompaniesRequest;
 use App\Http\Resources\CompanyResource;
 use App\Models\Company;
+use App\Services\CompanyService;
 use Illuminate\Http\Request;
+use Silber\Bouncer\BouncerFacade;

 class CompaniesController extends Controller
 {
+    public function __construct(
+        private readonly CompanyService $companyService,
+    ) {}
+
    public function index(Request $request)
    {
        $companies = Company::query()
@@ -54,4 +62,56 @@ class CompaniesController extends Controller

        return new CompanyResource($company);
    }
+
+    public function store(CompaniesRequest $request)
+    {
+        $this->authorize('create company');
+
+        $user = $request->user();
+
+        $company = Company::create($request->getCompanyPayload());
+        $company->unique_hash = Hashids::connection(Company::class)->encode($company->id);
+        $company->save();
+        $this->companyService->setupDefaults($company);
+        $user->companies()->attach($company->id);
+
+        BouncerFacade::scope()->to($company->id);
+        $user->assign('owner');
+
+        if ($request->address) {
+            $company->address()->create($request->address);
+        }
+
+        return new CompanyResource($company);
+    }
+
+    public function destroy(Request $request)
+    {
+        $company = Company::find($request->header('company'));
+
+        $this->authorize('delete company', $company);
+
+        $user = $request->user();
+
+        if ($request->name !== $company->name) {
+            return respondJson('company_name_must_match_with_given_name', 'Company name must match with given name');
+        }
+
+        if ($user->loadCount('companies')->companies_count <= 1) {
+            return respondJson('You_cannot_delete_all_companies', 'You cannot delete all companies');
+        }
+
+        $this->companyService->delete($company, $user);
+
+        return response()->json([
+            'success' => true,
+        ]);
+    }
+
+    public function userCompanies(Request $request)
+    {
+        $companies = $request->user()->companies;
+
+        return CompanyResource::collection($companies);
+    }
 }