'datetime', 'last_login_at' => 'datetime', 'email_authentication_at' => 'datetime', 'password' => 'hashed', 'app_authentication_secret' => 'encrypted', 'app_authentication_recovery_codes' => 'encrypted:array', ]; } public function canAccessPanel(Panel $panel): bool { return $panel->getId() === 'tenant' && $this->status === 'active'; } public function isAdmin(): bool { return $this->role === 'admin' || $this->role === 'owner' || $this->hasAnyRole(['admin', 'owner']); } public function isOwner(): bool { return $this->role === 'owner' || $this->hasRole('owner'); } public function isAccountant(): bool { return $this->role === 'accountant' || $this->hasRole('accountant'); } public function isMechanic(): bool { return in_array($this->role, ['mechanic', 'master'], true) || $this->hasAnyRole(['mechanic']); } /** Shortcut for permission check using App\Auth\Permissions slug. */ public function canDo(string $permission): bool { // Owner + admin always pass — safety net for misconfigured permission grants. if ($this->isAdmin()) return true; try { return $this->can($permission); } catch (\Throwable $e) { return false; } } /** Has 2FA app authentication enabled (Filament native). */ public function hasTwoFactorEnabled(): bool { return $this->app_authentication_secret !== null; } public function hasEmailAuthentication(): bool { return $this->email_authentication_at !== null; } public function toggleEmailAuthentication(bool $condition): void { $this->forceFill([ 'email_authentication_at' => $condition ? now() : null, ])->saveQuietly(); } public function getAppAuthenticationSecret(): ?string { return $this->app_authentication_secret; } public function saveAppAuthenticationSecret(?string $secret): void { $this->forceFill(['app_authentication_secret' => $secret])->saveQuietly(); } public function getAppAuthenticationHolderName(): string { return $this->email; } public function getAppAuthenticationRecoveryCodes(): ?array { return $this->app_authentication_recovery_codes; } public function saveAppAuthenticationRecoveryCodes(?array $codes): void { $this->forceFill(['app_authentication_recovery_codes' => $codes])->saveQuietly(); } }