"Global Multi-Company Access" permission for non-admin users

app/Http/Controllers/Api/CompaniesController.php

@@ -211,7 +211,7 @@ public function selectlist(Request $request): array
         // When FMCS is enabled and the user is not a superuser, restrict the list to
         // companies they belong to (primary company_id + pivot companies). This lets
         // non-superusers select a company from their own set when creating assets, etc.
-        if (Setting::getSettings()->full_multiple_companies_support == '1' && ! auth()->user()->isSuperUser()) {
+        if (Setting::getSettings()->full_multiple_companies_support == '1' && ! (auth()->user()->isSuperUser() || auth()->user()->isMultiCompany())) {
             $userCompanyIds = auth()->user()->allCompanies()->pluck('id');
             if ($userCompanyIds->isNotEmpty()) {
                 $companies->whereIn('companies.id', $userCompanyIds);

app/Models/Company.php

@@ -152,7 +152,7 @@ public static function getIdForCurrentUser($unescaped_input)
             $current_user = auth()->user();
 
             // Super users should be able to set a company to whatever they need
-            if ($current_user->isSuperUser()) {
+            if ($current_user->isSuperUser() || $current_user->isMultiCompany()) {
                 return self::getIdFromInput($unescaped_input);
             } else {
                 $userCompanyIds = self::getCurrentUserCompanyIds();
@@ -215,7 +215,7 @@ public static function isCurrentUserHasAccess($companyable)
         }
 
         if (auth()->user()) {
-            if (auth()->user()->isSuperUser()) {
+            if (auth()->user()->isSuperUser() || auth()->user()->isMultiCompany()) {
                 return true;
             }
 
@@ -272,7 +272,7 @@ public static function getIdsForCurrentUser(array $requestedIds): array
 
         $current_user = auth()->user();
 
-        if ($current_user->isSuperUser()) {
+        if ($current_user->isSuperUser() || $current_user->isMultiCompany()) {
             return $requestedIds;
         }
 
@@ -283,13 +283,14 @@ public static function getIdsForCurrentUser(array $requestedIds): array
 
     public static function isCurrentUserAuthorized()
     {
-        return (! self::isFullMultipleCompanySupportEnabled()) || (auth()->user()->isSuperUser());
+        return (! self::isFullMultipleCompanySupportEnabled()) || (auth()->user()->isSuperUser() || auth()->user()->isMultiCompany());
     }
 
     public static function canManageUsersCompanies()
     {
         return ! self::isFullMultipleCompanySupportEnabled()
             || auth()->user()->isSuperUser()
+            || auth()->user()->isMultiCompany()
             || ! empty(self::getCurrentUserCompanyIds());
     }
 
@@ -320,7 +321,7 @@ public function isDeletable()
      */
     public static function getIdForUser($unescaped_input)
     {
-        if (! self::isFullMultipleCompanySupportEnabled() || auth()->user()->isSuperUser()) {
+        if (! self::isFullMultipleCompanySupportEnabled() || auth()->user()->isSuperUser() || auth()->user()->isMultiCompany()) {
             return self::getIdFromInput($unescaped_input);
         } else {
             return self::getIdForCurrentUser($unescaped_input);
@@ -376,7 +377,7 @@ public function components()
     public static function scopeCompanyables($query, $column = 'company_id', $table_name = null)
     {
         // If not logged in and hitting this, assume we are on the command line and don't scope?
-        if (! self::isFullMultipleCompanySupportEnabled() || (Auth::hasUser() && auth()->user()->isSuperUser()) || (! Auth::hasUser())) {
+        if (! self::isFullMultipleCompanySupportEnabled() || (Auth::hasUser() && (auth()->user()->isSuperUser() || auth()->user()->isMultiCompany())) || (! Auth::hasUser())) {
             return $query;
         } else {
             return self::scopeCompanyablesDirectly($query, $column, $table_name);
@@ -500,7 +501,7 @@ public static function scopeCompanyableChildren(array $companyable_names, $query
 
         if (count($companyable_names) == 0) {
             throw new Exception('No Companyable Children to scope');
-        } elseif (! self::isFullMultipleCompanySupportEnabled() || (Auth::hasUser() && auth()->user()->isSuperUser())) {
+        } elseif (! self::isFullMultipleCompanySupportEnabled() || (Auth::hasUser() && (auth()->user()->isSuperUser() || auth()->user()->isMultiCompany()))) {
             return $query;
         } else {
             $f = function ($q) {

app/Models/User.php

@@ -566,6 +566,11 @@ public function isAdmin()
         return $this->checkPermissionSection('admin');
     }
 
+    public function isMultiCompany()
+    {
+        return $this->checkPermissionSection('multicompany');
+    }
+
     /**
      * Checks if the user can edit their own profile
      *

app/Providers/AuthServiceProvider.php

@@ -173,6 +173,12 @@ public function boot()
             }
         });
 
+        Gate::define('multicompany', function ($user) {
+            if ($user->hasAccess('multicompany')) {
+                return true;
+            }
+        });
+
         // Can the user import CSVs?
         Gate::define('import', function ($user) {
             if ($user->hasAccess('import')) {

config/permissions.php

@@ -22,6 +22,13 @@
         ],
     ],
 
+    'Multicompany' => [
+        [
+            'permission' => 'multicompany',
+            'display' => true,
+        ],
+    ],
+
     'Import' => [
         [
             'permission' => 'import',

resources/lang/en-US/permissions.php

@@ -23,6 +23,10 @@
         'name' => 'Admin Access',
         'note' => 'Determines whether the user has access to most aspects of the system EXCEPT the System Admin Settings. These users will be able to manage users, locations, categories, etc, but ARE constrained by Full Multiple Company Support if it is enabled.',
     ],
+    'multicompany' => [
+        'name' => 'All Companies Access',
+        'note' => 'This will allow users to access for all companies in FMCS mode.',
+    ],
 
     'import' => [
         'name' => 'CSV Import',