.service.mir.md.
* ResolveTenant middleware loads the current Company before any auth check.
*/
class TenantPanelProvider extends PanelProvider
{
public function panel(Panel $panel): Panel
{
return $panel
->id('tenant')
->path('app')
->login()
->brandName('AutoCRM')
->colors([
'primary' => Color::Blue,
])
->authGuard('web')
->discoverResources(in: app_path('Filament/Tenant/Resources'), for: 'App\\Filament\\Tenant\\Resources')
->discoverPages(in: app_path('Filament/Tenant/Pages'), for: 'App\\Filament\\Tenant\\Pages')
->pages([
Dashboard::class,
])
->discoverWidgets(in: app_path('Filament/Tenant/Widgets'), for: 'App\\Filament\\Tenant\\Widgets')
->widgets([
\App\Filament\Tenant\Widgets\StatsOverview::class,
\App\Filament\Tenant\Widgets\FinanceOverview::class,
\App\Filament\Tenant\Widgets\LowStockTable::class,
])
->middleware([
// CRITICAL: tenant resolution must run BEFORE Filament's
// Authenticate middleware (which is inserted by authMiddleware
// between ShareErrorsFromSession and AuthenticateSession).
// Otherwise User::find() during auth check has no tenant
// context → TenantScope returns 0 rows → user appears
// unauthenticated → endless redirect to /app/login.
ResolveTenant::class,
CheckTenantStatus::class,
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
AuthenticateSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
SubstituteBindings::class,
DisableBladeIconComponents::class,
DispatchServingFilamentEvent::class,
])
->authMiddleware([
Authenticate::class,
])
// PWA + theming injection
->renderHook(
PanelsRenderHook::HEAD_END,
fn (): string => Blade::render(<<<'BLADE'
@php
$t = app(\App\Tenancy\TenantManager::class)->current();
$themeColor = $t?->settings['theme_color'] ?? '#3B82F6';
$name = $t?->display_name ?? $t?->name ?? 'AutoCRM';
@endphp
BLADE)
)
->renderHook(
PanelsRenderHook::BODY_END,
fn (): string => <<<'HTML'
HTML
);
}
}