From 11788cee93e49dd1b239481587524c435849c7e1 Mon Sep 17 00:00:00 2001
From: Sasa Tokic <sasatokic@gmail.com>
Date: Thu, 7 Dec 2023 12:20:23 +0100
Subject: [PATCH] actually check permissions...

---
 config/sales-management.php                   |   1 +
 src/Policies/SalesManagementPolicy.php        |   4 +
 .../SalesManagementPolicyContract.php         |   2 +
 src/SalesManagementServiceProvider.php        |  21 ++--
 .../views/campaign/actions.blade.php          |   4 +-
 src/resources/views/campaign/show.blade.php   |   6 +-
 .../partials/left-navigation.blade.php        |  16 +--
 src/resources/views/messages/index.blade.php  |   2 +-
 src/resources/views/workflows/index.blade.php |   2 +-
 src/routes/web.php                            | 117 +++++++++++-------
 10 files changed, 104 insertions(+), 71 deletions(-)

diff --git a/config/sales-management.php b/config/sales-management.php
index 94826ec..70080cf 100644
--- a/config/sales-management.php
+++ b/config/sales-management.php
@@ -6,6 +6,7 @@
     'logoLink' => '/',
     'tablePrefix' => 'sales_management_',
     'prefix' => '',
+    'permission_prefix' => 'sales_management',
     'middleware' => ['web', 'auth'],
     'userModel' => \App\Models\User::class,
     'emails' => [
diff --git a/src/Policies/SalesManagementPolicy.php b/src/Policies/SalesManagementPolicy.php
index aacaf49..c9a4206 100644
--- a/src/Policies/SalesManagementPolicy.php
+++ b/src/Policies/SalesManagementPolicy.php
@@ -48,6 +48,10 @@ public function viewMessages()
     {
         return true;
     }
+    public function viewActivities()
+    {
+        return true;
+    }
 
     public function sendEmails()
     {
diff --git a/src/Policies/SalesManagementPolicyContract.php b/src/Policies/SalesManagementPolicyContract.php
index 55e2c34..d63fb99 100644
--- a/src/Policies/SalesManagementPolicyContract.php
+++ b/src/Policies/SalesManagementPolicyContract.php
@@ -23,4 +23,6 @@ public function viewWorkflows();
     public function viewMessages();
 
     public function sendEmails();
+
+    public function viewActivities();
 }
diff --git a/src/SalesManagementServiceProvider.php b/src/SalesManagementServiceProvider.php
index 81da746..e7ad5dc 100644
--- a/src/SalesManagementServiceProvider.php
+++ b/src/SalesManagementServiceProvider.php
@@ -74,15 +74,16 @@ public function loadViewComponents()
 
     public function defineAbilities()
     {
-        Gate::define(config('sales-management.prefix') . '.view-dashboard', [config('sales-management.policy'), 'viewDashboard']);
-        Gate::define(config('sales-management.prefix') . '.view-contacts', [config('sales-management.policy'), 'viewContacts']);
-        Gate::define(config('sales-management.prefix') . '.view-lists', [config('sales-management.policy'), 'viewLists']);
-        Gate::define(config('sales-management.prefix') . '.view-campaigns', [config('sales-management.policy'), 'viewCampaigns']);
-        Gate::define(config('sales-management.prefix') . '.view-pipelines', [config('sales-management.policy'), 'viewPipelines']);
-        Gate::define(config('sales-management.prefix') . '.view-tags', [config('sales-management.policy'), 'viewTags']);
-        Gate::define(config('sales-management.prefix') . '.view-docs', [config('sales-management.policy'), 'viewDocs']);
-        Gate::define(config('sales-management.prefix') . '.view-workflows', [config('sales-management.policy'), 'viewWorkflows']);
-        Gate::define(config('sales-management.prefix') . '.view-messages', [config('sales-management.policy'), 'viewMessages']);
-        Gate::define(config('sales-management.prefix') . '.send-emails', [config('sales-management.policy'), 'sendEmails']);
+        Gate::define(config('sales-management.permission_prefix') . '.view-dashboard', [config('sales-management.policy'), 'viewDashboard']);
+        Gate::define(config('sales-management.permission_prefix') . '.view-contacts', [config('sales-management.policy'), 'viewContacts']);
+        Gate::define(config('sales-management.permission_prefix') . '.view-lists', [config('sales-management.policy'), 'viewLists']);
+        Gate::define(config('sales-management.permission_prefix') . '.view-campaigns', [config('sales-management.policy'), 'viewCampaigns']);
+        Gate::define(config('sales-management.permission_prefix') . '.view-pipelines', [config('sales-management.policy'), 'viewPipelines']);
+        Gate::define(config('sales-management.permission_prefix') . '.view-tags', [config('sales-management.policy'), 'viewTags']);
+        Gate::define(config('sales-management.permission_prefix') . '.view-docs', [config('sales-management.policy'), 'viewDocs']);
+        Gate::define(config('sales-management.permission_prefix') . '.view-workflows', [config('sales-management.policy'), 'viewWorkflows']);
+        Gate::define(config('sales-management.permission_prefix') . '.view-messages', [config('sales-management.policy'), 'viewMessages']);
+        Gate::define(config('sales-management.permission_prefix') . '.send-emails', [config('sales-management.policy'), 'sendEmails']);
+        Gate::define(config('sales-management.permission_prefix') . '.view-activities', [config('sales-management.policy'), 'viewActivities']);
     }
 }
diff --git a/src/resources/views/campaign/actions.blade.php b/src/resources/views/campaign/actions.blade.php
index 64981f6..6369408 100644
--- a/src/resources/views/campaign/actions.blade.php
+++ b/src/resources/views/campaign/actions.blade.php
@@ -6,10 +6,10 @@
         </button>
 
         <div class="dropdown-menu dropdown-menu-end">
-            @can(config('sales-management.prefix').'.view-workflows')
+            @can(config('sales-management.permission_prefix').'.view-workflows')
                 <a href="{{ route('workflows.index', $id) }}" class="dropdown-item">{{__('Workflows')}}</a>
             @endcan
-            @can(config('sales-management.prefix').'.view-messages')
+            @can(config('sales-management.permission_prefix').'.view-messages')
                 <a href="{{ route('messages.index', $id) }}" class="dropdown-item">{{__('Messages')}}</a>
             @endcan
             <a href="{{ route('campaign.show', $id) }}" class="dropdown-item">{{__('Show')}}</a>
diff --git a/src/resources/views/campaign/show.blade.php b/src/resources/views/campaign/show.blade.php
index 9c2dae5..d18ffb8 100644
--- a/src/resources/views/campaign/show.blade.php
+++ b/src/resources/views/campaign/show.blade.php
@@ -15,21 +15,21 @@
         <h1 class="h3 mb-3">{{ $campaign->name }}</h1>
         <h6 class="mb-3">{{ $campaign->description }}</h6>
         <div class="d-flex gap-2">
-            @can(config('sales-management.prefix').'.send-emails')
+            @can(config('sales-management.permission_prefix').'.send-emails')
                 <a href="{{ route('messages.create', $campaign->id) }}" class="btn btn-warning mb-3">
                 <span class="d-flex align-items-center">
                     <x-sales-management::icons.mail class="me-1"/> {{ __("Send email to leads") }}
                 </span>
                 </a>
             @endcan
-            @can(config('sales-management.prefix').'.view-workflows')
+            @can(config('sales-management.permission_prefix').'.view-workflows')
                 <a href="{{ route('workflows.index', $campaign->id) }}" class="btn btn-info mb-3">
                  <span class="d-flex align-items-center">
                     <x-sales-management::icons.workflow class="me-1"/> {{ __("Workflows") }}
                 </span>
                 </a>
             @endcan
-            @can(config('sales-management.prefix').'.view-messages')
+            @can(config('sales-management.permission_prefix').'.view-messages')
                 <a href="{{ route('messages.index', $campaign->id) }}" class="btn btn-info mb-3">
                  <span class="d-flex align-items-center">
                     <x-sales-management::icons.mail class="me-1"/> {{ __("Messages") }}
diff --git a/src/resources/views/layouts/partials/left-navigation.blade.php b/src/resources/views/layouts/partials/left-navigation.blade.php
index 5e6903f..6da6dc2 100644
--- a/src/resources/views/layouts/partials/left-navigation.blade.php
+++ b/src/resources/views/layouts/partials/left-navigation.blade.php
@@ -9,7 +9,7 @@
             <li class="sidebar-header">
                 {{__("Sales Management")}}
             </li>
-            @can(config('sales-management.prefix').'.view-dashboard')
+            @can(config('sales-management.permission_prefix').'.view-dashboard')
                 <li class="sidebar-item {{ request()->is('dashboard') ? 'active' : '' }}">
                     <a class="sidebar-link" href="{{ route('dashboard') }}">
                         <i class="align-middle" data-feather="sliders"></i> <span
@@ -17,7 +17,7 @@ class="align-middle">{{ __("Dashboard")}}</span>
                     </a>
                 </li>
             @endcan
-            @can(config('sales-management.prefix').'.view-contacts')
+            @can(config('sales-management.permission_prefix').'.view-contacts')
                 <li class="sidebar-item {{ request()->is('contacts*') ? 'active' : '' }}">
                     <a class="sidebar-link" href="{{ route('contacts.index') }}">
                         <i class="align-middle" data-feather="user"></i> <span
@@ -25,7 +25,7 @@ class="align-middle">{{ __("Contacts")}}</span>
                     </a>
                 </li>
             @endcan
-            @can(config('sales-management.prefix').'.view-lists')
+            @can(config('sales-management.permission_prefix').'.view-lists')
                 <li class="sidebar-item {{ request()->is('list*') ? 'active' : '' }}">
                     <a class="sidebar-link" href="{{ route('lists.index') }}">
                         <i class="align-middle" data-feather="clipboard"></i> <span
@@ -33,7 +33,7 @@ class="align-middle">{{ __("Lists")}}</span>
                     </a>
                 </li>
             @endcan
-            @can(config('sales-management.prefix').'.view-campaigns')
+            @can(config('sales-management.permission_prefix').'.view-campaigns')
                 <li class="sidebar-item {{ request()->is('campaign*') ? 'active' : '' }}">
                     <a class="sidebar-link" href="{{ route('campaign.index') }}">
                         <i class="align-middle me-2 fas fa-fw fa-bullhorn"></i> <span
@@ -41,7 +41,7 @@ class="align-middle">{{ __("Campaigns")}}</span>
                     </a>
                 </li>
             @endcan
-            @can(config('sales-management.prefix').'.view-activities')
+            @can(config('sales-management.permission_prefix').'.view-activities')
                 <li class="sidebar-item {{ request()->is('activities*') ? 'active' : '' }}">
                     <a class="sidebar-link" href="{{ route('lead-activities.index') }}">
                         <i class="align-middle me-2 fas fa-fw fa-phone"></i> <span
@@ -49,7 +49,7 @@ class="align-middle">{{ __("Activities")}}</span>
                     </a>
                 </li>
             @endcan
-            @can(config('sales-management.prefix').'.view-pipelines')
+            @can(config('sales-management.permission_prefix').'.view-pipelines')
                 <li class="sidebar-item {{ request()->is('pipelines*') ? 'active' : '' }}">
                     <a class="sidebar-link" href="{{ route('pipelines.index') }}">
                         <i class="align-middle" data-feather="list"></i> <span
@@ -57,7 +57,7 @@ class="align-middle">{{ __("Pipelines")}}</span>
                     </a>
                 </li>
             @endcan
-            @can(config('sales-management.prefix').'.view-tags')
+            @can(config('sales-management.permission_prefix').'.view-tags')
                 <li class="sidebar-item {{ request()->is('tags*') ? 'active' : '' }}">
                     <a class="sidebar-link" href="{{ route('tags.index') }}">
                         <i class="align-middle" data-feather="tag"></i> <span
@@ -65,7 +65,7 @@ class="align-middle">{{ __("Tags")}}</span>
                     </a>
                 </li>
             @endcan
-            @can(config('sales-management.prefix').'.view-docs')
+            @can(config('sales-management.permission_prefix').'.view-docs')
                 <li class="sidebar-item {{ request()->is('docs*') ? 'active' : '' }}">
                     <a class="sidebar-link" href="#docsMenu" data-bs-toggle="collapse" aria-expanded="false">
                         <i class="align-middle" data-feather="book"></i> <span class="align-middle">Docs</span>
diff --git a/src/resources/views/messages/index.blade.php b/src/resources/views/messages/index.blade.php
index 383f663..fb9f52c 100644
--- a/src/resources/views/messages/index.blade.php
+++ b/src/resources/views/messages/index.blade.php
@@ -14,7 +14,7 @@
 
         <h1 class="h3 mb-3">{{ __('Messages') }}</h1>
         <div class="d-flex mb-3 justify-content-between align-items-center">
-            @can(config('sales-management.prefix').'.view-workflows')
+            @can(config('sales-management.permission_prefix').'.view-workflows')
                 <a href="{{ route('workflows.index', $campaign->id) }}" class="btn btn-info ">
                  <span class="d-flex align-items-center">
                     <x-sales-management::icons.workflow class="me-1"/> {{ __("Workflows") }}
diff --git a/src/resources/views/workflows/index.blade.php b/src/resources/views/workflows/index.blade.php
index edce818..84e39e8 100644
--- a/src/resources/views/workflows/index.blade.php
+++ b/src/resources/views/workflows/index.blade.php
@@ -12,7 +12,7 @@
     <div class="container-fluid p-0">
         <h1 class="h3 mb-3">{{ __('Workflows') }}</h1>
         <div class="d-flex mb-3 justify-content-between align-items-center">
-            @can(config('sales-management.prefix').'.view-messages')
+            @can(config('sales-management.permission_prefix').'.view-messages')
                 <a href="{{ route('messages.index', $campaign->id) }}" class="btn btn-info">
                  <span class="d-flex align-items-center">
                     <x-sales-management::icons.mail class="me-1"/> {{ __("Messages") }}
diff --git a/src/routes/web.php b/src/routes/web.php
index cadc65a..b66dbfa 100644
--- a/src/routes/web.php
+++ b/src/routes/web.php
@@ -16,28 +16,35 @@
 use Teamtnt\SalesManagement\Http\Controllers\ContactListController;
 use Teamtnt\SalesManagement\Http\Controllers\DocsController;
 
-Route::get('/dashboard', [DashboardController::class, 'index'])->name('dashboard');
+
+Route::get('/dashboard', [DashboardController::class, 'index'])->name('dashboard')->can(config('sales-management.permission_prefix').'.view-dashboard');
 
 // Contacts
-Route::get('/contacts', [ContactsController::class, 'index'])->name('contacts.index');
-Route::get('/contacts/import/csv', [ContactsController::class, 'importCSV'])->name('contacts.import.csv');
-Route::post('/contacts/import/csv', [ContactsController::class, 'importCSVStore'])->name('contacts.import.csv.store');
-Route::get('/contacts/create', [ContactsController::class, 'create'])->name('contacts.create');
-Route::post('/contacts/store', [ContactsController::class, 'store'])->name('contacts.store');
-Route::get('/contacts/{contact:id}/edit', [ContactsController::class, 'edit'])->name('contacts.edit');
-Route::put('/contacts/{contact:id}/update', [ContactsController::class, 'update'])->name('contacts.update');
-Route::post('/contacts/{contact:id}/sync-tags', [ContactsController::class, 'syncTags'])->name('contacts.sync-tags');
-Route::delete('/contacts/{contact:id}/destroy', [ContactsController::class, 'destroy'])->name('contacts.destroy');
+Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-contacts'  ]], function () {
+    Route::get('/contacts', [ContactsController::class, 'index'])->name('contacts.index');
+    Route::get('/contacts/import/csv', [ContactsController::class, 'importCSV'])->name('contacts.import.csv');
+    Route::post('/contacts/import/csv', [ContactsController::class, 'importCSVStore'])->name('contacts.import.csv.store');
+    Route::get('/contacts/create', [ContactsController::class, 'create'])->name('contacts.create');
+    Route::post('/contacts/store', [ContactsController::class, 'store'])->name('contacts.store');
+    Route::get('/contacts/{contact:id}/edit', [ContactsController::class, 'edit'])->name('contacts.edit');
+    Route::put('/contacts/{contact:id}/update', [ContactsController::class, 'update'])->name('contacts.update');
+    Route::post('/contacts/{contact:id}/sync-tags', [ContactsController::class, 'syncTags'])->name('contacts.sync-tags');
+    Route::delete('/contacts/{contact:id}/destroy', [ContactsController::class, 'destroy'])->name('contacts.destroy');
+});
 
 // Companies
-Route::get('/companies', [CompanyController::class, 'index'])->name('companies.index');
-Route::get('/companies/create', [CompanyController::class, 'create'])->name('companies.create');
-Route::post('/companies/store', [CompanyController::class, 'store'])->name('companies.store');
-Route::get('/companies/{company:id}/edit', [CompanyController::class, 'edit'])->name('companies.edit');
-Route::put('/companies/{company:id}/update', [CompanyController::class, 'update'])->name('companies.update');
-Route::delete('/companies/{company:id}/destroy', [CompanyController::class, 'destroy'])->name('companies.destroy');
+Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-companies'  ]], function () {
+    Route::get('/companies', [CompanyController::class, 'index'])->name('companies.index');
+    Route::get('/companies/create', [CompanyController::class, 'create'])->name('companies.create');
+    Route::post('/companies/store', [CompanyController::class, 'store'])->name('companies.store');
+    Route::get('/companies/{company:id}/edit', [CompanyController::class, 'edit'])->name('companies.edit');
+    Route::put('/companies/{company:id}/update', [CompanyController::class, 'update'])->name('companies.update');
+    Route::delete('/companies/{company:id}/destroy', [CompanyController::class, 'destroy'])->name('companies.destroy');
+});
 
 // Contact lists
+Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-lists'  ]], function () {
+
 Route::get('/lists', [ContactListController::class, 'index'])->name('lists.index');
 Route::get('/lists/{contactList:id}/edit', [ContactListController::class, 'edit'])->name('lists.edit');
 Route::delete('/lists/{contactList:id}/destroy', [ContactListController::class, 'destroy'])->name('lists.destroy');
@@ -48,30 +55,37 @@
 Route::post('/lists/contact/from/stage', [ContactListController::class, 'createListFromPipelineStageStore'])->name('lists.create.from.stage.store');
 Route::get('/lists/create', [ContactListController::class, 'create'])->name('lists.create');
 Route::post('/lists/store', [ContactListController::class, 'store'])->name('lists.store');
+});
 
 // Deals
+Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-deals'  ]], function () {
 Route::get('/deals', [DealController::class, 'index'])->name('deals.index');
 Route::get('/deals/create', [DealController::class, 'create'])->name('deals.create');
 Route::post('/deals/store', [DealController::class, 'store'])->name('deals.store');
 Route::get('/deals/{deal:id}/edit', [DealController::class, 'edit'])->name('deals.edit');
 Route::put('/deals/{deal:id}/update', [DealController::class, 'update'])->name('deals.update');
 Route::delete('/deals/{deal:id}/destroy', [DealController::class, 'destroy'])->name('deals.destroy');
+});
+
 
-Route::post('/stage/chage', [CampaignController::class, 'stageChange'])->name('stage.change');
 
 // Tags
+Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-tags'  ]], function () {
 Route::get('/tags', [TagsController::class, 'index'])->name('tags.index');
 Route::get('/tags/create', [TagsController::class, 'create'])->name('tags.create');
 Route::post('/tags/store', [TagsController::class, 'store'])->name('tags.store');
 Route::get('/tags/{tag:id}/edit', [TagsController::class, 'edit'])->name('tags.edit');
 Route::put('/tags/{tag:id}/update', [TagsController::class, 'update'])->name('tags.update');
 Route::delete('/tags/{tag:id}/destroy', [TagsController::class, 'destroy'])->name('tags.destroy');
+});
 
 // Lead Activities
+Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-activities'  ]], function () {
 Route::get('/lead-activities', [LeadActivitiesController::class, 'index'])->name('lead-activities.index');
 Route::post('/lead-activities/{lead:id}/note/store', [LeadActivitiesController::class, 'store'])->name('store-lead-activity');
 Route::delete('/lead-activities/{lead:id}/note/{note:id}/destroy', [LeadActivitiesController::class, 'destroy'])->name('destroy-lead-activity');
 Route::get('/lead-activities/{leadActivity:id}/toggle-status', [LeadActivitiesController::class, 'toggleStatus'])->name('lead-activities.toggle-status');
+});
 
 // Lead Notes
 Route::post('/lead-notes/{lead:id}/activity/store', [LeadNotesController::class, 'storeLeadNote'])->name('store-lead-note');
@@ -80,46 +94,57 @@
 Route::post('/lead-tags/{contact:id}/sync-tags', [LeadsController::class, 'syncTags'])->name('leads.sync-tags');
 
 // Pipelines
+Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-pipelines'  ]], function () {
 Route::get('/pipelines', [PipelineController::class, 'index'])->name('pipelines.index');
 Route::get('/pipelines/create', [PipelineController::class, 'create'])->name('pipelines.create');
 Route::post('/pipelines/store', [PipelineController::class, 'store'])->name('pipelines.store');
 Route::get('/pipelines/{pipeline:id}/edit', [PipelineController::class, 'edit'])->name('pipelines.edit');
 Route::put('/pipelines/{pipeline:id}/update', [PipelineController::class, 'update'])->name('pipelines.update');
 Route::delete('/pipelines/{pipeline:id}/destroy', [PipelineController::class, 'destroy'])->name('pipelines.destroy');
+});
 
-Route::get('/campaigns', [CampaignController::class, 'index'])->name('campaign.index');
-Route::get('/campaign/create', [CampaignController::class, 'create'])->name('campaign.create');
-Route::post('/campaign/store', [CampaignController::class, 'store'])->name('campaign.store');
-Route::get('/campaign/{campaign}', [CampaignController::class, 'show'])->name('campaign.show');
-Route::get('/campaign/{campaign}/edit', [CampaignController::class, 'edit'])->name('campaign.edit');
-Route::put('/campaign/{campaign}/update', [CampaignController::class, 'update'])->name('campaign.update');
-Route::delete('/campaign/{campaign:id}/destroy', [CampaignController::class, 'destroy'])->name('campaign.destroy');
+Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-campaigns'  ]], function () {
+    Route::get('/campaigns', [CampaignController::class, 'index'])->name('campaign.index');
+    Route::get('/campaign/create', [CampaignController::class, 'create'])->name('campaign.create');
+    Route::post('/campaign/store', [CampaignController::class, 'store'])->name('campaign.store');
+    Route::get('/campaign/{campaign}', [CampaignController::class, 'show'])->name('campaign.show');
+    Route::get('/campaign/{campaign}/edit', [CampaignController::class, 'edit'])->name('campaign.edit');
+    Route::put('/campaign/{campaign}/update', [CampaignController::class, 'update'])->name('campaign.update');
+    Route::delete('/campaign/{campaign:id}/destroy', [CampaignController::class, 'destroy'])->name('campaign.destroy');
+    Route::post('/stage/chage', [CampaignController::class, 'stageChange'])->name('stage.change');
+});
 
 Route::group(['prefix' => 'campaign/{campaign}'], function () {
     // Messages
-    Route::get('/messages', [MessagesController::class, 'index'])->name('messages.index');
-    Route::get('/messages/create', [MessagesController::class, 'create'])->name('messages.create');
-    Route::post('/messages/store', [MessagesController::class, 'store'])->name('messages.store');
-    Route::get('/messages/{message:id}/edit', [MessagesController::class, 'edit'])->name('messages.edit');
-    Route::put('/messages/{message:id}/update', [MessagesController::class, 'update'])->name('messages.update');
-    Route::delete('/messages/{message:id}/destroy', [MessagesController::class, 'destroy'])->name('messages.destroy');
-    Route::post('/messages/{message:id}/send', [MessagesController::class, 'sendToAllLeads'])->name('messages.send');
-    Route::post('/message/{lead:id}/send', [MessagesController::class, 'sendMessageToLead'])->name('send.message');
+    Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-messages'  ]], function () {
+        Route::get('/messages', [MessagesController::class, 'index'])->name('messages.index');
+        Route::get('/messages/create', [MessagesController::class, 'create'])->name('messages.create');
+        Route::post('/messages/store', [MessagesController::class, 'store'])->name('messages.store');
+        Route::get('/messages/{message:id}/edit', [MessagesController::class, 'edit'])->name('messages.edit');
+        Route::put('/messages/{message:id}/update', [MessagesController::class, 'update'])->name('messages.update');
+        Route::delete('/messages/{message:id}/destroy', [MessagesController::class, 'destroy'])->name('messages.destroy');
+        Route::post('/messages/{message:id}/send', [MessagesController::class, 'sendToAllLeads'])->name('messages.send');
+        Route::post('/message/{lead:id}/send', [MessagesController::class, 'sendMessageToLead'])->name('send.message');
+    });
 
     // Workflows
-    Route::get('/workflows', [WorkflowController::class, 'index'])->name('workflows.index');
-    Route::get('/workflows/create', [WorkflowController::class, 'create'])->name('workflows.create');
-    Route::post('/workflows/store', [WorkflowController::class, 'store'])->name('workflows.store');
-    Route::get('/workflows/{workflow:id}', [WorkflowController::class, 'show'])->name('workflows.show');
-    Route::get('/workflows/{workflow:id}/debug', [WorkflowController::class, 'debug'])->name('workflows.debug');
-    Route::get('/workflows/{workflow:id}/edit', [WorkflowController::class, 'edit'])->name('workflows.edit');
-    Route::post('/workflows/{workflow:id}/update', [WorkflowController::class, 'update'])->name('workflows.update');
-    Route::delete('/workflows/{workflow:id}/destroy', [WorkflowController::class, 'destroy'])->name('workflows.destroy');
-    Route::post('/workflows/{workflow:id}/publish', [WorkflowController::class, 'publish'])->name('workflows.publish');
-    Route::post('/workflows/{workflow:id}/unpublish', [WorkflowController::class, 'unpublish'])->name('workflows.unpublish');
-    Route::post('/workflows/{workflow:id}/run', [WorkflowController::class, 'run'])->name('workflows.run');
+    Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-workflows'  ]], function () {
+        Route::get('/workflows', [WorkflowController::class, 'index'])->name('workflows.index');
+        Route::get('/workflows/create', [WorkflowController::class, 'create'])->name('workflows.create');
+        Route::post('/workflows/store', [WorkflowController::class, 'store'])->name('workflows.store');
+        Route::get('/workflows/{workflow:id}', [WorkflowController::class, 'show'])->name('workflows.show');
+        Route::get('/workflows/{workflow:id}/debug', [WorkflowController::class, 'debug'])->name('workflows.debug');
+        Route::get('/workflows/{workflow:id}/edit', [WorkflowController::class, 'edit'])->name('workflows.edit');
+        Route::post('/workflows/{workflow:id}/update', [WorkflowController::class, 'update'])->name('workflows.update');
+        Route::delete('/workflows/{workflow:id}/destroy', [WorkflowController::class, 'destroy'])->name('workflows.destroy');
+        Route::post('/workflows/{workflow:id}/publish', [WorkflowController::class, 'publish'])->name('workflows.publish');
+        Route::post('/workflows/{workflow:id}/unpublish', [WorkflowController::class, 'unpublish'])->name('workflows.unpublish');
+        Route::post('/workflows/{workflow:id}/run', [WorkflowController::class, 'run'])->name('workflows.run');
+    });
 });
 
-Route::get('/docs/markdown', [DocsController::class, 'markdown'])->name('docs.markdown');
-Route::get('/docs/pipelines', [DocsController::class, 'pipelines'])->name('docs.pipelines');
-Route::get('/docs/workflow', [DocsController::class, 'workflow'])->name('docs.workflow');
+Route::group(['middleware' => ['can:'.config('sales-management.permission_prefix').'.view-docs'  ]], function () {
+    Route::get('/docs/markdown', [DocsController::class, 'markdown'])->name('docs.markdown');
+    Route::get('/docs/pipelines', [DocsController::class, 'pipelines'])->name('docs.pipelines');
+    Route::get('/docs/workflow', [DocsController::class, 'workflow'])->name('docs.workflow');
+});