group(function () { Route::post('/login', [ApiAuthController::class, 'login']); Route::middleware(['auth:sanctum', \App\Http\Middleware\EnsureTokenMatchesTenant::class])->group(function () { Route::get('/me', [ApiAuthController::class, 'me']); Route::post('/logout', [ApiAuthController::class, 'logout']); Route::apiResource('clients', ClientApiController::class); Route::apiResource('vehicles', VehicleApiController::class); Route::apiResource('work-orders', WorkOrderApiController::class); // RBAC management — guarded by ADMIN_USERS_* / ADMIN_ROLES_MANAGE. Route::apiResource('users', UserApiController::class); Route::post('users/{user}/activate', [UserApiController::class, 'activate']); Route::post('users/{user}/deactivate', [UserApiController::class, 'deactivate']); Route::post('users/{user}/resend-invitation', [UserApiController::class, 'resendInvitation']); Route::post('users/{user}/force-password-reset', [UserApiController::class, 'forcePasswordReset']); Route::get('users/{user}/sessions', [UserApiController::class, 'sessions']); Route::delete('users/{user}/sessions', [UserApiController::class, 'revokeAllSessions']); Route::delete('users/{user}/sessions/{sessionId}', [UserApiController::class, 'revokeSession']); Route::get('users/{user}/roles', [UserApiController::class, 'roles']); Route::post('users/{user}/roles', [UserApiController::class, 'assignRole']); Route::delete('users/{user}/roles/{role}', [UserApiController::class, 'removeRole']); Route::get('users/{user}/permissions', [UserApiController::class, 'permissions']); Route::post('users/{user}/permission-overrides', [UserApiController::class, 'addOverride']); Route::delete('users/{user}/permission-overrides/{permission}', [UserApiController::class, 'removeOverride']); Route::apiResource('roles', RoleApiController::class); Route::get('roles/{role}/permissions', [RoleApiController::class, 'permissions']); Route::put('roles/{role}/permissions', [RoleApiController::class, 'syncPermissions']); Route::get('permissions', [RoleApiController::class, 'permissionCatalog']); }); });