Fix dashboard security: redirect roles + hide financial data
- Trainers/head trainers redirect to /trainer dashboard on login
- Receptionists redirect to /receptionist dashboard
- Guardians (parents) redirect to /guardian dashboard
- Financial data (revenue, invoices, payments) only queried if user
has 'invoices.list' permission — returns null/empty otherwise
- Blade sections wrapped in @can('invoices.list') so even direct
URL access shows no sensitive financial info to unauthorized roles
Co-Authored-By:
Claude Opus 4.6 <noreply@anthropic.com>
Showing
Please register or sign in to comment