Enhancements to Rate Management in the Platform

Streamlining Rate Management in the Platform

We've been working on the Reimpact platform to improve how rates are managed, focusing on global applicability and enhanced security. Here's a breakdown of the changes.

Global Rate Application

Previously, rates were tied to specific companies. We've transitioned to a model where rates are global, scoped by a priority_product_id. This allows for more flexible and consistent rate application across the platform.

Migration Changes

The public.rates table has been updated to reflect this change:

• company_id is now nullable, indicating that rates are no longer directly associated with a specific company.
• Added priority_product_id column to scope rates globally.
• Added updated_by column for auditing purposes.

// Example migration snippet
Schema::table('rates', function (Blueprint $table) {
    $table->dropForeign(['company_id']);
    $table->dropColumn('company_id');
    $table->unsignedBigInteger('priority_product_id')->nullable()->after('id');
    $table->foreign('priority_product_id')->references('id')->on('priority_products');
    $table->unsignedBigInteger('updated_by')->nullable()->after('rate');
    $table->foreign('updated_by')->references('id')->on('users');
    $table->timestamp('updated_at')->nullable()->after('created_at');
});

Enhanced Security

To ensure data integrity, we've restricted create, edit, and delete actions on rates to superadmin users only. This prevents unauthorized modifications and maintains a clear audit trail.

Policy Enforcement

Policies have been implemented to enforce these restrictions, ensuring that only superadmins can modify rate data.

// Example policy snippet
public function update(User $user, Rate $rate)
{
    return $user->isSuperAdmin();
}

Code Quality Improvements

We've also addressed PHPStan errors across the codebase, specifically in TenantAwareBuilder, policies, and MassiveUpload components. This ensures code consistency and reduces the risk of runtime errors.

Key Takeaway

By decoupling rates from companies and restricting access to superadmins, we've created a more flexible and secure rate management system. If you're managing global configurations, consider a similar approach of scoping by a product or feature ID and implementing strict access controls.