Disallow client single if shadow_pro_id != NULL

app/Http/Kernel.php

@@ -67,5 +67,6 @@ class Kernel extends HttpKernel
         'pro.auth.redirect' => \App\Http\Middleware\RedirectAuthenticatedPro::class,
         'pro.auth.admin' => \App\Http\Middleware\EnsureAdminPro::class,
         'pro.auth.can-access-patient' => \App\Http\Middleware\EnsureProCanAccessPatient::class,
+        'client.not-shadow-of-pro' => \App\Http\Middleware\EnsureClientIsNotShadowOfPro::class,
     ];
 }

app/Http/Middleware/EnsureClientIsNotShadowOfPro.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Models\AppSession;
+use Closure;
+
+class EnsureClientIsNotShadowOfPro
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $patient = \request()->route('patient');
+        if(!!$patient) {
+            if(!!$patient->shadow_pro_id) {
+                abort(403);
+            }
+        }
+        return $next($request);
+    }
+}

routes/web.php

@@ -357,7 +357,7 @@ Route::middleware('pro.auth')->group(function () {
 
     Route::name('patients.view.')->prefix('patients/view/{patient}')->group(function () {
 
-        Route::middleware('pro.auth.can-access-patient')->group(function () {
+        Route::middleware(['pro.auth.can-access-patient', 'client.not-shadow-of-pro'])->group(function () {
 
             Route::get('', 'PatientController@dashboard')->name('dashboard');
             Route::get('canvas-migrate', 'PatientController@canvasMigrate')->name('migrate-canvas');