feat:adds ability to share portfolios

also includes basic permissions and authorization

app/Imports/ValidatesPortfolioPermissions.php

@@ -3,6 +3,7 @@
 namespace App\Imports;
 
 use Exception;
+use App\Models\Portfolio;
 
 trait ValidatesPortfolioPermissions {
     
@@ -12,7 +13,10 @@ trait ValidatesPortfolioPermissions {
         
         $collection->pluck('portfolio_id')->unique()->each(function($portfolio) use ($portfolios) {
 
-            if (!$portfolios->contains($portfolio)) {
+            if (
+                !$portfolios->contains($portfolio)
+                || auth()->user()->cannot('fullAccess', Portfolio::find($portfolio))
+            ) {
     
                 throw new Exception('You do not have permission to access that portfolio.');
             }

app/Models/Portfolio.php

@@ -26,9 +26,9 @@ class Portfolio extends Model
     {
         parent::boot();
         
-        static::saved(function ($model) {
+        static::saved(function ($portfolio) {
 
-            self::syncUsers($model);
+            self::ensurePortfolioHasOwner($portfolio);
         });
     }
 
@@ -42,7 +42,7 @@ class Portfolio extends Model
 
     public function users()
     {
-        return $this->belongsToMany(User::class)->withPivot('owner');
+        return $this->belongsToMany(User::class)->withPivot(['owner', 'full_access', 'invite_accepted_at']);
     }
 
     public function holdings()
@@ -76,21 +76,23 @@ class Portfolio extends Model
 
     public function getOwnerIdAttribute()
     {
-        return $this->users()->firstWhere('owner', 1)?->id;
+        return $this->owner?->id;
     }
 
-    public static function syncUsers(self $model) 
+    public function getOwnerAttribute()
+    {
+        return $this->users()->firstWhere('owner', 1);
+    }
+
+    public static function ensurePortfolioHasOwner(self $portfolio) 
     {
         // make sure we don't remove owner access
-        $user_id[$model->owner_id ?? auth()->user()->id] = ['owner' => true];
+        if (!$portfolio->owner_id) {
+            $users[auth()->user()->id] = ['owner' => true];
 
-        // // add other users
-        // foreach(request()->users ?? [] as $id) {
-        //     $user_id[$id] = ['owner' => false];
-        // };
-
-        // save
-        $model->users()->sync($user_id);
+            // save
+            $portfolio->users()->sync($users);
+        }
     }
 
     public function syncDailyChanges(): void

app/Models/User.php

@@ -52,7 +52,7 @@ class User extends Authenticatable implements MustVerifyEmail
 
     public function portfolios()
     {
-        return $this->belongsToMany(Portfolio::class)->withPivot('owner');
+        return $this->belongsToMany(Portfolio::class)->withPivot(['owner', 'full_access', 'invite_accepted_at']);
     }
 
     public function daily_changes()

app/Policies/PortfolioPolicy.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\User;
+use App\Models\Portfolio;
+
+class PortfolioPolicy
+{
+
+    /**
+     * 
+     */
+    public function readOnly(User $user, Portfolio $portfolio)
+    {
+        $pivot = $portfolio->users()->where('user_id', $user->id)->first();
+
+        return $pivot;
+    }
+
+    /**
+     * 
+     */
+    public function fullAccess(User $user, Portfolio $portfolio)
+    {
+        $pivot = $portfolio->users()->where('user_id', $user->id)->first();
+
+        return $pivot && ($pivot->pivot->full_access || $pivot->pivot->owner);
+    }
+
+    /**
+     * 
+     */
+    public function owner(User $user, Portfolio $portfolio)
+    {
+        $pivot = $portfolio->users()->where('user_id', $user->id)->first();
+
+        return $pivot && $pivot->pivot->owner;
+    }
+}