File: /home/xedaptot/ai.naniguide.com/app/Model/AdLead.php
<?php
namespace App\Model;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
class AdLead extends Model
{
protected $table = 'ad_leads';
protected $fillable = ['ad_lead_form_config_id', 'platform_lead_id', 'data', 'synced_at', 'subscriber_id'];
protected $casts = ['data' => 'json', 'synced_at' => 'datetime'];
public function config(): BelongsTo
{
return $this->belongsTo(AdLeadFormConfig::class, 'ad_lead_form_config_id');
}
public function subscriber(): BelongsTo
{
return $this->belongsTo(Subscriber::class, 'subscriber_id');
}
/**
* R11.5 / C-9 — restrict reads to leads whose lead-form-config belongs to
* the given customer. Customer-side controllers use this so cross-tenant
* access 404s instead of leaking PII.
*/
public function scopeOfCustomer(Builder $query, int $customerId): Builder
{
return $query->whereHas(
'config',
fn (Builder $q) => $q->where('customer_id', $customerId)
);
}
}