[ADVAPP-1848]: Correct authorization to project users based on define project access (#1981)

* [ADVAPP-1848]: Update / Create models and migrations

* Update code formatting and copyright headers

* [ADVAPP-1848]: Add relation managers

* Update code formatting and copyright headers

* [ADVAPP-1848]: Add pages

* [ADVAPP-1848]: Update ProjectPolicy

* [ADVAPP-1848]: Remove Filament Changes

* [ADVAPP-1848]: Fix missing import

* [ADVAPP-1848]: Add Feature

* Update code formatting and copyright headers

* [ADVAPP-1848]: Add scope

* Update code formatting and copyright headers

* [ADVAPP-1848]: Add scope to project model

* [ADVAPP-1848]: Fix liniting issue.

* [ADVAPP-1848]: Add an early return

* [ADVAPP-1848]: Cleanup the ProjectPolicy

* [ADVAPP-1848]: Fix grammer

* [ADVAPP-1848]: Add Relation Managers

* Update code formatting and copyright headers

* [ADVAPP-1848]: Get everything working

* [ADVAPP-1848]: Get a suite of unit tests

* [ADVAPP-1848]: Update Unit tests

* [ADVAPP-1848]: Add a comment to update the file

* [ADVAPP-1848]: Remove comment

* [ADVAPP-1848]: Fix broken tests

* [ADVAPP-1848]: Move attribute below the docblock

* [ADVAPP-1848]: Fix the failing test

* [ADVAPP-1848]: Get the next test passing

* [ADVAPP-1848]: Remove the only

* [ADVAPP-1848]: Revert the project observer

* [ADVAPP-1848]: Update tests

* [ADVAPP-1848]: Update the observer

* [ADVAPP-1848]: Update the observer

* [ADVAPP-1848]: Update the test

* [ADVAPP-1848]: Update the policy

* [ADVAPP-1848]: Fix unit tests

* [ADVAPP-1848]: Fix unit tests

* [ADVAPP-1848]: Comment out observer

* [ADVAPP-1848]: Fix observer?

* [ADVAPP-1848]: Unguard non-fillable properties in factory

* [ADVAPP-1848]: Remove the only

* [ADVAPP-1848]: Fix liniting issue

* [ADVAPP-1848]: Remove observer

* [ADVAPP-1848]: Add the Observer back

* Update code formatting and copyright headers

* [ADVAPP-1848]: Update a test that fails

* [ADVAPP-1848]: Update a failing test

* [ADVAPP-1848]: Update a failing test

* [ADVAPP-1848]: Update a failing test

* [ADVAPP-1848]: Update a failing test

* [ADVAPP-1848]: Update failing tests

* [ADVAPP-1848]: Update failing tests

* [ADVAPP-1848]: Update failing tests

* [ADVAPP-1848]: Update failing tests

* [ADVAPP-1848]: Fix linting issue

* [ADVAPP-1848]: Fix linting issue

* [ADVAPP-1848]: Fix unit tests revert factory

* [ADVAPP-1848]: Fix unit test

* Ignore the specific phpstan error we don't want

Signed-off-by: Kevin Ullyott <kevin.ullyott@canyongbs.com>

---------

Signed-off-by: Kevin Ullyott <kevin.ullyott@canyongbs.com>
Co-authored-by: Karl Murray <karl.murray@canyongbs.com>
Co-authored-by: Kevin Ullyott <kevin.ullyott@canyongbs.com>

Author: 3 people

app-modules/project/database/factories/ProjectFactory.php

@@ -45,7 +45,6 @@
 class ProjectFactory extends Factory
 {
     /**
-     *
      * @return array<string, mixed>
      */
     public function definition(): array

app-modules/project/database/migrations/2025_10_09_133738_create_project_manager_users_table.php

@@ -0,0 +1,56 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2025, Canyon GBS LLC. All rights reserved.
+
+    Advising App™ is licensed under the Elastic License 2.0. For more details,
+    see https://github.com/canyongbs/advisingapp/blob/main/LICENSE.
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Advising App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    https://www.canyongbs.com or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+use Illuminate\Database\Migrations\Migration;
+use Tpetry\PostgresqlEnhanced\Schema\Blueprint;
+use Tpetry\PostgresqlEnhanced\Support\Facades\Schema;
+
+return new class () extends Migration {
+    public function up(): void
+    {
+        Schema::create('project_manager_users', function (Blueprint $table) {
+            $table->uuid('id')->primary();
+            $table->foreignUuid('project_id')->constrained()->cascadeOnDelete();
+            $table->foreignUuid('user_id')->constrained()->cascadeOnDelete();
+            $table->timestamps();
+        });
+    }
+
+    public function down(): void
+    {
+        Schema::dropIfExists('project_manager_users');
+    }
+};

app-modules/project/database/migrations/2025_10_09_133739_create_project_manager_teams_table.php

@@ -0,0 +1,56 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2025, Canyon GBS LLC. All rights reserved.
+
+    Advising App™ is licensed under the Elastic License 2.0. For more details,
+    see https://github.com/canyongbs/advisingapp/blob/main/LICENSE.
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Advising App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    https://www.canyongbs.com or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+use Illuminate\Database\Migrations\Migration;
+use Tpetry\PostgresqlEnhanced\Schema\Blueprint;
+use Tpetry\PostgresqlEnhanced\Support\Facades\Schema;
+
+return new class () extends Migration {
+    public function up(): void
+    {
+        Schema::create('project_manager_teams', function (Blueprint $table) {
+            $table->uuid('id')->primary();
+            $table->foreignUuid('project_id')->constrained()->cascadeOnDelete();
+            $table->foreignUuid('team_id')->constrained()->cascadeOnDelete();
+            $table->timestamps();
+        });
+    }
+
+    public function down(): void
+    {
+        Schema::dropIfExists('project_manager_teams');
+    }
+};

app-modules/project/database/migrations/2025_10_09_133810_create_project_auditor_users_table.php

@@ -0,0 +1,56 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2025, Canyon GBS LLC. All rights reserved.
+
+    Advising App™ is licensed under the Elastic License 2.0. For more details,
+    see https://github.com/canyongbs/advisingapp/blob/main/LICENSE.
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Advising App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    https://www.canyongbs.com or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+use Illuminate\Database\Migrations\Migration;
+use Tpetry\PostgresqlEnhanced\Schema\Blueprint;
+use Tpetry\PostgresqlEnhanced\Support\Facades\Schema;
+
+return new class () extends Migration {
+    public function up(): void
+    {
+        Schema::create('project_auditor_users', function (Blueprint $table) {
+            $table->uuid('id')->primary();
+            $table->foreignUuid('project_id')->constrained()->cascadeOnDelete();
+            $table->foreignUuid('user_id')->constrained()->cascadeOnDelete();
+            $table->timestamps();
+        });
+    }
+
+    public function down(): void
+    {
+        Schema::dropIfExists('project_auditor_users');
+    }
+};

app-modules/project/database/migrations/2025_10_09_133832_create_project_auditor_teams_table.php

@@ -0,0 +1,56 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2025, Canyon GBS LLC. All rights reserved.
+
+    Advising App™ is licensed under the Elastic License 2.0. For more details,
+    see https://github.com/canyongbs/advisingapp/blob/main/LICENSE.
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Advising App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    https://www.canyongbs.com or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+use Illuminate\Database\Migrations\Migration;
+use Tpetry\PostgresqlEnhanced\Schema\Blueprint;
+use Tpetry\PostgresqlEnhanced\Support\Facades\Schema;
+
+return new class () extends Migration {
+    public function up(): void
+    {
+        Schema::create('project_auditor_teams', function (Blueprint $table) {
+            $table->uuid('id')->primary();
+            $table->foreignUuid('project_id')->constrained()->cascadeOnDelete();
+            $table->foreignUuid('team_id')->constrained()->cascadeOnDelete();
+            $table->timestamps();
+        });
+    }
+
+    public function down(): void
+    {
+        Schema::dropIfExists('project_auditor_teams');
+    }
+};

app-modules/project/src/Filament/Resources/Projects/Pages/ManageAuditors.php

@@ -0,0 +1,69 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2025, Canyon GBS LLC. All rights reserved.
+
+    Advising App™ is licensed under the Elastic License 2.0. For more details,
+    see https://github.com/canyongbs/advisingapp/blob/main/LICENSE.
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Advising App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    https://www.canyongbs.com or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+namespace AdvisingApp\Project\Filament\Resources\Projects\Pages;
+
+use AdvisingApp\Project\Filament\Resources\Projects\ProjectResource;
+use AdvisingApp\Project\Filament\Resources\Projects\RelationManagers\AuditorTeamsRelationManager;
+use AdvisingApp\Project\Filament\Resources\Projects\RelationManagers\AuditorUsersRelationManager;
+use Filament\Resources\Pages\ManageRelatedRecords;
+
+class ManageAuditors extends ManageRelatedRecords
+{
+    protected static string $resource = ProjectResource::class;
+
+    protected static string $relationship = 'auditorUsers';
+
+    public static function getNavigationLabel(): string
+    {
+        return 'Auditors';
+    }
+
+    public function getRelationManagers(): array
+    {
+        return [
+            AuditorUsersRelationManager::class,
+            AuditorTeamsRelationManager::class,
+        ];
+    }
+
+    public static function canAccess(array $arguments = []): bool
+    {
+        $user = auth()->user();
+
+        return $user->can(['project.view-any', 'project.*.view']) && parent::canAccess($arguments);
+    }
+}

app-modules/project/src/Filament/Resources/Projects/Pages/ManageManagers.php

@@ -0,0 +1,69 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2025, Canyon GBS LLC. All rights reserved.
+
+    Advising App™ is licensed under the Elastic License 2.0. For more details,
+    see https://github.com/canyongbs/advisingapp/blob/main/LICENSE.
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Advising App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    https://www.canyongbs.com or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+namespace AdvisingApp\Project\Filament\Resources\Projects\Pages;
+
+use AdvisingApp\Project\Filament\Resources\Projects\ProjectResource;
+use AdvisingApp\Project\Filament\Resources\Projects\RelationManagers\ManagerTeamsRelationManager;
+use AdvisingApp\Project\Filament\Resources\Projects\RelationManagers\ManagerUsersRelationManager;
+use Filament\Resources\Pages\ManageRelatedRecords;
+
+class ManageManagers extends ManageRelatedRecords
+{
+    protected static string $resource = ProjectResource::class;
+
+    protected static string $relationship = 'managerUsers';
+
+    public static function getNavigationLabel(): string
+    {
+        return 'Managers';
+    }
+
+    public function getRelationManagers(): array
+    {
+        return [
+            ManagerUsersRelationManager::class,
+            ManagerTeamsRelationManager::class,
+        ];
+    }
+
+    public static function canAccess(array $arguments = []): bool
+    {
+        $user = auth()->user();
+
+        return $user->can(['project.view-any', 'project.*.view']) && parent::canAccess($arguments);
+    }
+}