Faza 2: multi-tenancy + Filament dual panels + seed PSauto

Schema centrală:
- companies (slug unique, status, plan_id, settings JSON, trial/active dates)
- super_admins (operator platform)
- plans (free/basic/pro)

Schema tenant (toate cu company_id NOT NULL):
- users (UNIQUE company_id+email)
- clients
- vehicles

Tenancy core:
- App\Tenancy\TenantManager singleton
- App\Models\Concerns\BelongsToTenant trait + TenantScope
- ResolveTenant middleware (slug → Company, 404 pentru rezervate/missing)
- CheckTenantStatus middleware (suspended/expired/archived)
- Fail-safe: TenantScope returns 0 rows când tenant nu e rezolvat

Auth guards:
- 'central' guard cu super_admins provider (panou platform)
- 'web' guard cu users provider (per-tenant)

Filament panels:
- CentralPanelProvider la service.mir.md/admin
- TenantPanelProvider la <slug>.service.mir.md/app
- CompanyResource (central): CRUD companii cu status badge + filtre
- ClientResource (tenant): CRUD clienți cu status, sursă, sold
- VehicleResource (tenant): CRUD mașini cu marcă/model/VIN

Seed:
- 3 plans (free/basic/pro)
- super-admin: vasyka.moraru@gmail.com / admin123
- demo company 'psauto' cu admin user admin@psauto.md / admin123
- 3 clienți + 3 mașini preluate din AutoCRM.html

Bootstrap:
- TrustProxies (Cloudflare→Traefik HTTPS detection)
- forceScheme/forceRootUrl când APP_URL e HTTPS
- Helper global tenant() în app/helpers.php (autoload via composer)
- RUN_SEED env var în entrypoint pentru db:seed condiționat
This commit is contained in:
2026-05-05 21:29:52 +00:00
parent 125566cb81
commit 4b1635d045
48 changed files with 1510 additions and 386 deletions
+81
View File
@@ -0,0 +1,81 @@
<?php
namespace App\Models\Central;
use App\Models\Tenant\User;
use Illuminate\Database\Eloquent\SoftDeletes;
use Stancl\Tenancy\Database\Models\Tenant as BaseTenant;
use Stancl\Tenancy\Contracts\TenantWithDatabase;
use Stancl\Tenancy\Database\Concerns\HasDatabase;
use Stancl\Tenancy\Database\Concerns\HasDomains;
/**
* Tenant model extends Stancl Tenant for compatibility with the package
* (so we can use stancl helpers later if we want to switch to multi-DB).
*
* In single-DB mode we don't use HasDatabase. Domain identification is
* handled by our own ResolveTenant middleware (slug-based, not DNS records).
*/
class Company extends BaseTenant
{
use SoftDeletes;
protected $table = 'companies';
public $incrementing = true;
protected $guarded = [];
protected $casts = [
'settings' => 'array',
'data' => 'array',
'trial_ends_at' => 'datetime',
'active_until' => 'datetime',
];
/** Stancl expects this to know what columns are NOT in the JSON `data` blob. */
public static function getCustomColumns(): array
{
return [
'id',
'slug', 'name', 'display_name', 'city', 'phone', 'email', 'contact_name',
'status', 'plan_id',
'trial_ends_at', 'active_until',
'settings',
'created_at', 'updated_at', 'deleted_at',
];
}
public function plan()
{
return $this->belongsTo(Plan::class);
}
public function users()
{
return $this->hasMany(User::class);
}
public function isActive(): bool
{
return in_array($this->status, ['active', 'trial'], true);
}
public function isAccessible(): bool
{
if ($this->status === 'archived' || $this->status === 'suspended') {
return false;
}
if ($this->status === 'expired') {
return false;
}
return true;
}
/** Get the URL for this tenant. */
public function url(?string $path = '/'): string
{
$central = config('app.central_domain') ?: 'service.mir.md';
return "https://{$this->slug}.{$central}{$path}";
}
}
+27
View File
@@ -0,0 +1,27 @@
<?php
namespace App\Models\Central;
use Illuminate\Database\Eloquent\Model;
class Plan extends Model
{
protected $fillable = [
'slug', 'name', 'price_monthly', 'price_yearly', 'currency',
'features', 'limits', 'is_active', 'is_public',
];
protected $casts = [
'features' => 'array',
'limits' => 'array',
'is_active' => 'boolean',
'is_public' => 'boolean',
'price_monthly' => 'decimal:2',
'price_yearly' => 'decimal:2',
];
public function companies()
{
return $this->hasMany(Company::class);
}
}
+40
View File
@@ -0,0 +1,40 @@
<?php
namespace App\Models\Central;
use Filament\Models\Contracts\FilamentUser;
use Filament\Panel;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
class SuperAdmin extends Authenticatable implements FilamentUser
{
use HasFactory, Notifiable;
protected $table = 'super_admins';
protected $fillable = [
'name', 'email', 'password', 'is_active', 'last_login_at',
];
protected $hidden = [
'password', 'remember_token',
];
protected function casts(): array
{
return [
'email_verified_at' => 'datetime',
'last_login_at' => 'datetime',
'password' => 'hashed',
'is_active' => 'boolean',
];
}
public function canAccessPanel(Panel $panel): bool
{
return $panel->getId() === 'central' && $this->is_active;
}
}
+36
View File
@@ -0,0 +1,36 @@
<?php
namespace App\Models\Concerns;
use App\Models\Central\Company;
use App\Models\Scopes\TenantScope;
use App\Tenancy\TenantManager;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
/**
* Trait applied on every tenant-scoped Eloquent model.
* - Adds the global TenantScope so every query is filtered by company_id.
* - On create, auto-fills company_id from the current tenant.
* - Provides a `company()` relationship.
*/
trait BelongsToTenant
{
protected static function bootBelongsToTenant(): void
{
static::addGlobalScope(new TenantScope);
static::creating(function ($model) {
if (empty($model->company_id)) {
$tenant = app(TenantManager::class);
if ($tenant->isResolved()) {
$model->company_id = $tenant->currentId();
}
}
});
}
public function company(): BelongsTo
{
return $this->belongsTo(Company::class);
}
}
+33
View File
@@ -0,0 +1,33 @@
<?php
namespace App\Models\Scopes;
use App\Tenancy\TenantManager;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Scope;
/**
* Auto-filter every query by the current tenant's company_id.
* No-op when no tenant is resolved (central panel context).
*/
class TenantScope implements Scope
{
public function apply(Builder $builder, Model $model): void
{
$tenant = app(TenantManager::class);
if (! $tenant->isResolved()) {
// Fail-safe: no tenant set → return zero rows (prevents accidental
// cross-tenant leak). Use withoutGlobalScopes() in central panel
// to query across all tenants intentionally.
$builder->whereRaw('0 = 1');
return;
}
$builder->where(
$model->getTable() . '.company_id',
$tenant->currentId()
);
}
}
+39
View File
@@ -0,0 +1,39 @@
<?php
namespace App\Models\Tenant;
use App\Models\Concerns\BelongsToTenant;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
class Client extends Model
{
use BelongsToTenant, SoftDeletes;
protected $fillable = [
'company_id', 'type', 'name', 'company_name',
'phone', 'phone_alt', 'email',
'telegram', 'whatsapp', 'viber',
'source', 'marketing_channel', 'status',
'balance', 'discount_pct', 'notes',
'assigned_to', 'last_contact_at',
];
protected $casts = [
'balance' => 'decimal:2',
'discount_pct' => 'decimal:2',
'last_contact_at' => 'datetime',
];
public function vehicles(): HasMany
{
return $this->hasMany(Vehicle::class);
}
public function assignedTo(): BelongsTo
{
return $this->belongsTo(User::class, 'assigned_to');
}
}
+51
View File
@@ -0,0 +1,51 @@
<?php
namespace App\Models\Tenant;
use App\Models\Concerns\BelongsToTenant;
use Filament\Models\Contracts\FilamentUser;
use Filament\Panel;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
/**
* Tenant-bound user. Belongs to exactly one Company.
* UNIQUE(company_id, email) same email can exist in different tenants
* as completely separate accounts.
*/
class User extends Authenticatable implements FilamentUser
{
use BelongsToTenant, HasFactory, Notifiable, SoftDeletes;
protected $fillable = [
'company_id', 'name', 'email', 'phone', 'avatar_url',
'role', 'status', 'locale',
'email_verified_at', 'password', 'last_login_at',
];
protected $hidden = [
'password', 'remember_token',
];
protected function casts(): array
{
return [
'email_verified_at' => 'datetime',
'last_login_at' => 'datetime',
'password' => 'hashed',
];
}
public function canAccessPanel(Panel $panel): bool
{
return $panel->getId() === 'tenant'
&& $this->status === 'active';
}
public function isAdmin(): bool
{
return $this->role === 'admin';
}
}
+29
View File
@@ -0,0 +1,29 @@
<?php
namespace App\Models\Tenant;
use App\Models\Concerns\BelongsToTenant;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\SoftDeletes;
class Vehicle extends Model
{
use BelongsToTenant, SoftDeletes;
protected $fillable = [
'company_id', 'client_id',
'make', 'model', 'year', 'vin', 'plate',
'engine', 'gearbox', 'fuel', 'mileage', 'color', 'notes',
];
public function client(): BelongsTo
{
return $this->belongsTo(Client::class);
}
public function getDisplayNameAttribute(): string
{
return trim("{$this->make} {$this->model} " . ($this->year ?: ''));
}
}
-49
View File
@@ -1,49 +0,0 @@
<?php
namespace App\Models;
// use Illuminate\Contracts\Auth\MustVerifyEmail;
use Database\Factories\UserFactory;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
class User extends Authenticatable
{
/** @use HasFactory<UserFactory> */
use HasFactory, Notifiable;
/**
* The attributes that are mass assignable.
*
* @var list<string>
*/
protected $fillable = [
'name',
'email',
'password',
];
/**
* The attributes that should be hidden for serialization.
*
* @var list<string>
*/
protected $hidden = [
'password',
'remember_token',
];
/**
* Get the attributes that should be cast.
*
* @return array<string, string>
*/
protected function casts(): array
{
return [
'email_verified_at' => 'datetime',
'password' => 'hashed',
];
}
}