fix: disable team scope for admin pages

bohdan-shulha · bohdan-shulha · commit 51ad71cda2fb · 2024-10-15T19:16:14.000+02:00
diff --git a/app/Http/Middleware/AdminAccess.php b/app/Http/Middleware/AdminAccess.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Middleware;
 
+use App\Models\Scopes\TeamScope;
 use Closure;
 use Illuminate\Http\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -19,6 +20,8 @@ public function handle(Request $request, Closure $next): Response
             abort(403, 'Unauthorized action.');
         }
 
+        TeamScope::disable();
+
         return $next($request);
     }
 }
diff --git a/app/Models/Scopes/TeamScope.php b/app/Models/Scopes/TeamScope.php
@@ -10,11 +10,17 @@
 
 class TeamScope implements Scope
 {
+    private static $enabled = true;
+
     /**
      * Apply the scope to a given Eloquent query builder.
      */
     public function apply(Builder $builder, Model $model): void
     {
+        if (! self::$enabled) {
+            return;
+        }
+
         $user = auth()->user();
         if ($user) {
             // API Request
@@ -33,4 +39,14 @@ public function apply(Builder $builder, Model $model): void
         // X-Ptah-Token
         $builder->where($builder->qualifyColumn('team_id'), app(Team::class)->id);
     }
+
+    public static function disable(): void
+    {
+        self::$enabled = false;
+    }
+
+    public static function enable(): void
+    {
+        self::$enabled = true;
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`
`3`	`3`	`namespace App\Http\Middleware;`
`4`	`4`
	`5`	`+use App\Models\Scopes\TeamScope;`
`5`	`6`	`use Closure;`
`6`	`7`	`use Illuminate\Http\Request;`
`7`	`8`	`use Symfony\Component\HttpFoundation\Response;`
`@@ -19,6 +20,8 @@ public function handle(Request $request, Closure $next): Response`
`19`	`20`	`abort(403, 'Unauthorized action.');`
`20`	`21`	`}`
`21`	`22`
	`23`	`+ TeamScope::disable();`
	`24`	`+`
`22`	`25`	`return $next($request);`
`23`	`26`	`}`
`24`	`27`	`}`