fix: ThreadController to use Business route model binding

All methods now accept Business $business as a route parameter instead of incorrectly trying to access $request->user()->business which doesn't exist in this app's architecture.
2025-12-03 13:04:14 -07:00
1 changed files with 11 additions and 30 deletions
--- a/app/Http/Controllers/Seller/Crm/ThreadController.php
+++ b/app/Http/Controllers/Seller/Crm/ThreadController.php
@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Seller\Crm;

 use App\Http\Controllers\Controller;
+use App\Models\Business;
 use App\Models\Crm\CrmActiveView;
 use App\Models\Crm\CrmChannel;
 use App\Models\Crm\CrmInternalNote;
@@ -24,10 +25,8 @@ class ThreadController extends Controller
    /**
     * Display unified inbox
     */
-    public function index(Request $request)
+    public function index(Request $request, Business $business)
    {
-        $business = $request->user()->business;
-
        $query = CrmThread::forBusiness($business->id)
            ->with(['contact', 'assignee', 'messages' => fn ($q) => $q->latest()->limit(1)])
            ->withCount('messages');
@@ -77,10 +76,8 @@ class ThreadController extends Controller
    /**
     * Show a single thread
     */
-    public function show(Request $request, CrmThread $thread)
+    public function show(Request $request, Business $business, CrmThread $thread)
    {
-        $business = $request->user()->business;
-
        // SECURITY: Verify business ownership
        if ($thread->business_id !== $business->id) {
            abort(404);
@@ -128,10 +125,8 @@ class ThreadController extends Controller
    /**
     * Send a reply in thread
     */
-    public function reply(Request $request, CrmThread $thread)
+    public function reply(Request $request, Business $business, CrmThread $thread)
    {
-        $business = $request->user()->business;
-
        if ($thread->business_id !== $business->id) {
            abort(404);
        }
@@ -177,10 +172,8 @@ class ThreadController extends Controller
    /**
     * Assign thread to user
     */
-    public function assign(Request $request, CrmThread $thread)
+    public function assign(Request $request, Business $business, CrmThread $thread)
    {
-        $business = $request->user()->business;
-
        if ($thread->business_id !== $business->id) {
            abort(404);
        }
@@ -206,10 +199,8 @@ class ThreadController extends Controller
    /**
     * Close thread
     */
-    public function close(Request $request, CrmThread $thread)
+    public function close(Request $request, Business $business, CrmThread $thread)
    {
-        $business = $request->user()->business;
-
        if ($thread->business_id !== $business->id) {
            abort(404);
        }
@@ -222,10 +213,8 @@ class ThreadController extends Controller
    /**
     * Reopen thread
     */
-    public function reopen(Request $request, CrmThread $thread)
+    public function reopen(Request $request, Business $business, CrmThread $thread)
    {
-        $business = $request->user()->business;
-
        if ($thread->business_id !== $business->id) {
            abort(404);
        }
@@ -241,10 +230,8 @@ class ThreadController extends Controller
    /**
     * Snooze thread
     */
-    public function snooze(Request $request, CrmThread $thread)
+    public function snooze(Request $request, Business $business, CrmThread $thread)
    {
-        $business = $request->user()->business;
-
        if ($thread->business_id !== $business->id) {
            abort(404);
        }
@@ -264,10 +251,8 @@ class ThreadController extends Controller
    /**
     * Add internal note
     */
-    public function addNote(Request $request, CrmThread $thread)
+    public function addNote(Request $request, Business $business, CrmThread $thread)
    {
-        $business = $request->user()->business;
-
        if ($thread->business_id !== $business->id) {
            abort(404);
        }
@@ -290,10 +275,8 @@ class ThreadController extends Controller
    /**
     * Generate AI reply draft
     */
-    public function generateAiReply(Request $request, CrmThread $thread)
+    public function generateAiReply(Request $request, Business $business, CrmThread $thread)
    {
-        $business = $request->user()->business;
-
        if ($thread->business_id !== $business->id) {
            abort(404);
        }
@@ -313,10 +296,8 @@ class ThreadController extends Controller
    /**
     * Heartbeat for active viewing
     */
-    public function heartbeat(Request $request, CrmThread $thread)
+    public function heartbeat(Request $request, Business $business, CrmThread $thread)
    {
-        $business = $request->user()->business;
-
        if ($thread->business_id !== $business->id) {
            return response()->json(['error' => 'Unauthorized'], 403);
        }