container acl

app/Http/Controllers/API/ContainerController.php

@@ -30,7 +30,7 @@ class ContainerController extends Controller
      */
     public function index(Request $request)
     {
-        $containers = Container::query()->filter($request->all())->paginate();
+        $containers = Container::query()->allowed()->filter($request->all())->paginate();
 
         $foldsCount = Folder::query()
             ->where('object_type','container')
@@ -93,7 +93,7 @@ class ContainerController extends Controller
         }
 
         $container = new Container();
-        $container->mergeFillable(['company_id']);
+        $container->mergeFillable(['company_id', 'created_by']);
         $container->fill($formData);
         $container->save();
 

app/Models/Container.php

@@ -2,12 +2,14 @@
 
 namespace App\Models;
 
+use App\Models\Enums\ContainerACL;
 use App\Models\Scopes\CompanyScope;
 use EloquentFilter\Filterable;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\SoftDeletes;
+use Illuminate\Support\Facades\Auth;
 
 class Container extends Model
 {
@@ -30,7 +32,11 @@ class Container extends Model
 
     public function scopeAllowed(Builder $query, string $id = null)
     {
-
+        $query->where(function (Builder $query) {
+            return $query->where('acl', ContainerACL::PRIVATE->value)->where('created_by', Auth::id());
+        })->orWhere(function (Builder $query) {
+            return $query->where('acl', ContainerACL::CUSTOM->value)->where('whitelist', 'like', '%,' . Auth::id() . ',%');
+        });
     }
 
     public function library(): \Illuminate\Database\Eloquent\Relations\BelongsTo