HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/be.naniguide.com/app/Model/AdLead.php
<?php

namespace App\Model;

use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;

class AdLead extends Model
{
    protected $table = 'ad_leads';

    protected $fillable = ['ad_lead_form_config_id', 'platform_lead_id', 'data', 'synced_at', 'subscriber_id'];

    protected $casts = ['data' => 'json', 'synced_at' => 'datetime'];

    public function config(): BelongsTo
    {
        return $this->belongsTo(AdLeadFormConfig::class, 'ad_lead_form_config_id');
    }

    public function subscriber(): BelongsTo
    {
        return $this->belongsTo(Subscriber::class, 'subscriber_id');
    }

    /**
     * R11.5 / C-9 — restrict reads to leads whose lead-form-config belongs to
     * the given customer. Customer-side controllers use this so cross-tenant
     * access 404s instead of leaking PII.
     */
    public function scopeOfCustomer(Builder $query, int $customerId): Builder
    {
        return $query->whereHas(
            'config',
            fn (Builder $q) => $q->where('customer_id', $customerId)
        );
    }
}