@php // SECURITY: Always get fresh role from authenticated user to prevent any tampering $userRole = auth()->user()->role; $userHasPermissions = auth()->user()->permissions()->count() > 0; // SECURITY: Appraisers (role 4) can NEVER see admin/office admin menus // If somehow an appraiser menu contains admin items, filter them out if ($userRole === 4) { // Appraisers should only see appraiser-specific routes $allowedRoutes = ['appraiser.dashboard', 'appraiser.document', 'appraiser.skillset', 'appraiser.payrollreport', 'ticket', 'appraiser.profile']; $menu = collect($menu)->filter(function($item) use ($allowedRoutes) { if (isset($item['route']) && !in_array($item['route'], $allowedRoutes)) { return false; } if (isset($item['submenu']['items'])) { $item['submenu']['items'] = collect($item['submenu']['items'])->filter(function($subitem) use ($allowedRoutes) { return !isset($subitem['route']) || in_array($subitem['route'], $allowedRoutes); })->values()->toArray(); return !empty($item['submenu']['items']); } return true; })->values()->toArray(); } @endphp
    @foreach($menu as $index => $item) @php $hasSubmenu = isset($item['submenu']); $submenuItems = $hasSubmenu ? $item['submenu']['items'] : []; // Show all if role is 3/4 or user has no permissions $showAll = in_array($userRole, [3,4]) || !$userHasPermissions; // Check permission for parent menu $hasPermission = $showAll || !isset($item['permission']) || auth()->user()->hasPermission($item['permission']); if(!$hasPermission) continue; // Skip parent if no permission // Filter submenu items by permission $filteredSubmenu = collect($submenuItems)->filter(function($subitem) use ($showAll) { return $showAll || !isset($subitem['permission']) || auth()->user()->hasPermission($subitem['permission']); })->values(); // Skip top-level menu if it has a submenu but no visible items if($hasSubmenu && $filteredSubmenu->isEmpty()) continue; $isActiveParent = $hasSubmenu && $filteredSubmenu->pluck('route')->contains($routeName); $isActiveItem = isset($item['route']) && $routeName == $item['route']; @endphp
  • @php $itemUrl = '#'; if (isset($item['route'])) { try { $itemUrl = route($item['route']); } catch (\Exception $exception) { // Route doesn't exist, use # as fallback $itemUrl = '#'; // Clear exception variable to prevent any scope issues unset($exception); } } @endphp {{ $hasSubmenu ? $item['submenu']['label'] : $item['label'] }} @if($hasSubmenu) @endif @if($hasSubmenu)
      @foreach($filteredSubmenu as $subitem) @php $isActive = $routeName == ($subitem['route'] ?? ''); $subitemUrl = '#'; if (isset($subitem['route'])) { try { $subitemUrl = route($subitem['route'], $subitem['params'] ?? []); } catch (\Exception $exception) { // Route doesn't exist, use # as fallback $subitemUrl = '#'; // Clear exception variable to prevent any scope issues unset($exception); } } @endphp
    •   {{ $subitem['label'] }}
      • @endforeach
    @endif
    • @endforeach