HD Sports Zone Bookmark 25L-6 — Employee Access Guard Design / No Enforcement

Read-only design page for a future employee schedule access resolver and guard structure. This phase does not create middleware, enforce permissions, change auth, edit middleware configuration, write data, expose employee names/emails, change schedules, send notifications, or touch payroll, Time Clock rules, POS shifts, reservations, payments, waivers, customer profiles, exports, PDFs, CSVs, schedule locking, or hard schedule blocking.

Guard Design Access Checklist Access Preview Mapping Audit Scheduling Hub Production Navigation
Builder Help Strip

Manager build workflow: Build → Review → Publish → Employee View

Quick links are consolidated here so managers do not have to hunt through the larger navigation. This strip is visual only. It does not change saves, publishing, schedule rows, employee views, notifications, locking, payroll, Time Clock, POS, reservations, payments, waivers, or customer profiles.

1. Build Use existing builder.
2. Draft Draft until published.
3. Review Check conflicts.
4. Publish Existing publish flow.
5. Employees Published self-view.
Manager Schedule Builder — Safe Workflow

Build here. Review conflicts before publishing. Employees view only published schedules.

Use this screen for the existing manager build workflow. Before publishing, review unavailable blocks and soft conflicts. After publishing, employees should use the Employee Portal, My Schedule, Weekly Schedule, or Print Weekly.

Phase 25P-1 only adds clarity and support links. It does not change draft saves, publishing, schedule locking, employee text/email notifications, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

1. Build Use the current builder workflow.
2. Review Check unavailable blocks and soft conflicts.
3. Publish Publish only after manager review.
4. Employee View Employees use published self-view pages.
Draft Status / Publish Readiness

Treat this as draft work until the manager intentionally publishes it.

Before publishing, confirm the date range, employee coverage, shift times, and soft conflicts. Once published, employees should use the Employee Portal and self-view pages for their final schedule.

Phase 25P-2 adds labels and readiness guidance only. It does not change save buttons, publish buttons, schedule rows, draft data, published data, employee visibility, notifications, locking, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

Draft Build and review shifts here.
Coverage Confirm staff, roles, dates, and times.
Conflict Review Review soft conflicts before publish.
Published Employees use published self-view pages.
Publish Review Reminder

Review soft conflicts before publishing this schedule.

Before the manager publishes, check unavailable blocks, appointments, manager holds, duplicate shift issues, and any soft conflicts. Conflicts are still review warnings only; this does not hard-block scheduling.

Phase 25P-3 adds this publish-review callout only. It does not change save buttons, publish buttons, draft rows, published rows, employee visibility, schedule locking, employee text/email notifications, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

Unavailable Review unavailable blocks.
Appointments Check appointment overlap.
Manager Holds Review manager holds.
Coverage Check staff coverage.
Publish Publish after review.
Employee View Reminder

Employees should view published schedules only from Employee Portal.

After the manager publishes, employees should use Employee Portal, My Schedule, Weekly Schedule, or Print Weekly. Managers should avoid sending employees to builder, diagnostics, route catalogs, checklists, or developer tools.

Phase 25P-4 adds this reminder only. It does not change publish behavior, employee schedule data, employee permissions, schedule locking, employee text/email notifications, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

Draft Manager-only build work.
Review Conflicts and coverage.
Publish Existing manager action.
Employee View Published self-view pages.
Employee Scheduling
Production Home Visual Cleanup Completion Data Readiness Inventory Data Source Map Save/Publish Action Inventory Production Form Map Draft Save Preflight Draft Save UX Guidance Create / Edit Schedule Review Conflicts Publish Published Schedule Print Employee Portal My Schedule Help
Admin / Diagnostics Diagnostic/build pages remain available for troubleshooting, but they are intentionally separated from daily manager and employee workflow. Manager Simple Menu Developer Tools Navigation Smoke Test Navigation Completion Builder Inventory Builder Route Catalog Builder Workflow Guide Builder Checklist Builder Diagnostics Builder Completion Builder Screen Cleanup Draft Status Clarity Soft Conflict Reminder Employee View Reminder Builder Help Strip

Guard Design Summary

No guard or middleware has been created. This page only documents the safe future structure before any enforcement work.

Generated Jun 4, 2026 11:26 PM

Read Only Design Mode

Design documentation only. No enforcement is applied.

1 Available Mapping Paths

Detected mapping paths for future access resolver design.

1 Strong Mapping Paths

Mapping paths with 95%+ distinct identity coverage.

5/0 Design Ready / Review

Readiness items marked ready versus needing review.

0 Critical Route Issues

Critical route checks not detected.

0/3 File/Table Issues

Missing expected files / missing expected tables.

Preserved Boundaries

Read-only design page No middleware created No permission enforcement No auth config changes No route middleware changes No database writes No migrations No employee PII output No route deletion No page deletion No schedule edits No published schedule edits No draft schedule edits No employee texts No employee emails No notifications No payroll changes No Time Clock rules changes No POS shifts changes No reservations changes No payments changes No waivers changes No customer profile changes No exports generated No PDF generation No CSV export No schedule locking No hard schedule blocking changes

Recommended Future Design

Recommended future resolver mapping
Status: Ready Candidate
Mapping: employee_id → hd_employees.id
Resolver Key: employee_id
Best future design when hd_employees is the active HD-specific roster.
Coverage: 100.0%
Confidence: High

Mapping Candidates

Mapping Confidence Status Resolver Key Distinct Shift Values Matched Values Coverage
Published Shifts user_id → Users id
hd_published_shifts.user_id → users.id
Best future design when published shifts store the authenticated user id directly. 		High Unavailable user_id 0 0 0.0%
Published Shifts employee_id → Employees id
hd_published_shifts.employee_id → employees.id
Best future design when employees table is the active staff roster. 		High Unavailable employee_id 0 0 0.0%
Published Shifts employee_id → HD Employees id
hd_published_shifts.employee_id → hd_employees.id
Best future design when hd_employees is the active HD-specific roster. 		High Strong employee_id 1 1 100.0%
Published Shifts staff_id → Staff id
hd_published_shifts.staff_id → staff.id
Possible future design when published shifts store staff ids. 		Medium Unavailable staff_id 0 0 0.0%
Published Shifts staff_id → HD Staff id
hd_published_shifts.staff_id → hd_staff.id
Possible future design when HD staff records are the active staff source. 		Medium Unavailable staff_id 0 0 0.0%
Published Shifts user_id → Employees user_id
hd_published_shifts.user_id → employees.user_id
Possible bridge design when employee records link to users. 		Medium Unavailable user_id 0 0 0.0%
Published Shifts user_id → HD Employees user_id
hd_published_shifts.user_id → hd_employees.user_id
Possible bridge design when HD employee records link to users. 		Medium Unavailable user_id 0 0 0.0%

Future Resolver Design

Component Type Purpose Status
EmployeeScheduleAccessResolver Future helper/service class Resolve the logged-in user into the correct schedule identity value. Design only
resolveUserScheduleIdentity($user) Future method Return employee_id, staff_id, or user_id depending on confirmed mapping. Design only
canManageEmployeeSchedules($user) Future method Allow managers/admins to preview and troubleshoot employee schedules. Design only
filterPublishedShiftsForUser($query, $user) Future method Apply the employee-only published-shift filter after identity resolution. Design only
unmapped employee fallback Future safe response Show a clear no-schedule/mapping-needed message instead of exposing all shifts. Design only

Future Middleware Design

Middleware Apply To Behavior Status
employee.schedule.self.preview Future preview-only route group first Logically test employee-only filtering without blocking current routes. Not created in this phase
employee.schedule.self Future employee portal self-view routes only Allow employees to see only their own published schedule after mapping is confirmed. Not created in this phase
employee.schedule.manager Future manager/admin routes only if needed Preserve manager/admin preview and troubleshooting access. Not created in this phase

Route Group Design

Employee Self-View Candidate Routes

Would eventually require employee identity resolution.

URI Status
hd/employee-schedules/employee-portal Detected
hd/employee-schedules/employee-portal/my-schedule Detected
hd/employee-schedules/employee-portal/weekly Detected
hd/employee-schedules/employee-portal/weekly/print Detected

Manager / Admin Routes

Should remain available to managers/admins for preview, troubleshooting, and scheduling workflow.

URI Status
hd/employee-schedules/hub Detected
hd/employee-schedules/drafts/periods Detected
hd/employee-schedules/published/viewer Detected
hd/employee-schedules/published/publish-action Detected
hd/employee-schedules/published/print Detected

Diagnostics / Design Routes

Should remain admin/developer-only after access enforcement is implemented later.

URI Status
hd/employee-schedules/access-prep Detected
hd/employee-schedules/user-mapping-audit Detected
hd/employee-schedules/access-preview Detected
hd/employee-schedules/access-preview/print Detected
hd/employee-schedules/access-preview/checklist Detected
hd/employee-schedules/access-guard-design Detected

Design Readiness

Area Status Item Why
Mapping Ready Candidate Strong or manager-approved mapping candidate exists. Future employee access filtering needs a confirmed identity mapping.
Employee Routes Ready Candidate Employee Portal, My Schedule, Weekly View, and Weekly Print routes are present. Future middleware should only be applied after the employee-facing route set is known.
Manager Routes Ready Candidate Manager scheduling routes remain available. Managers must retain troubleshooting and scheduling access.
Diagnostics Ready Candidate Access prep, mapping audit, preview, print, and checklist pages are present. Design and verification pages should remain available until enforcement is fully tested.
Safety Ready Candidate No enforcement, middleware, auth config, or database write is made in this phase. This phase is intentionally design-only.

Future Query Rules

  1. Employee self-view queries should only read from published schedule tables.
  2. Employee self-view queries should never fall back to showing all shifts if identity resolution fails.
  3. Manager/admin preview queries may retain full schedule visibility after role checks are confirmed.
  4. Soft conflicts should remain informational and should not block schedule display.
  5. Draft schedules should not be visible through employee self-view routes.
  6. Publish-action routes should not be available to employee self-view users.

Fallback Rules

  1. If no logged-in user is available, show a safe access-required message in a future enforcement phase.
  2. If a user cannot be mapped to an employee/staff identity, show no schedule and a manager-contact message.
  3. If the mapped identity has no published shifts, show an empty schedule message.
  4. If manager/admin preview is active, clearly label the page as manager preview.
  5. Never expose all employee shifts as a fallback for unmapped employee users.

Do Not Build Yet

This phase is design-only. The following items remain intentionally untouched.
Do not create middleware files in this phase. Do not edit app/Http/Kernel.php or bootstrap middleware configuration in this phase. Do not edit config/auth.php in this phase. Do not apply middleware to live employee portal routes in this phase. Do not change employee portal query behavior in this phase. Do not create or update mapping records in this phase. Do not display employee names or email addresses in diagnostics. Do not send texts, emails, reminders, or notifications. Do not touch payroll, Time Clock rules, POS shifts, reservations, payments, waivers, customer profiles, exports, PDFs, CSVs, schedule locking, or hard blocking.

Route Checks

Area Critical Method Status URI
Access Guard Design Critical GET Detected hd/employee-schedules/access-guard-design
Employee Portal Access Guard Design Critical GET Detected hd/employee-schedules/employee-portal/access-guard-design
Access Preview Checklist Critical GET Detected hd/employee-schedules/access-preview/checklist
Access Preview Print Optional GET Detected hd/employee-schedules/access-preview/print
Access Preview Critical GET Detected hd/employee-schedules/access-preview
User Mapping Audit Critical GET Detected hd/employee-schedules/user-mapping-audit
Access Prep Optional GET Detected hd/employee-schedules/access-prep
Scheduling Hub Critical GET Detected hd/employee-schedules/hub
Employee Portal Critical GET Detected hd/employee-schedules/employee-portal
My Schedule Critical GET Detected hd/employee-schedules/employee-portal/my-schedule
Weekly View Critical GET Detected hd/employee-schedules/employee-portal/weekly
Weekly Print Optional GET Detected hd/employee-schedules/employee-portal/weekly/print

Controller / View / Route File Checks

File Status
Access Guard Design Controller
/home/at4txjiyemp4/public_html/hdsportszone.com/app/Http/Controllers/Hd/EmployeeSchedules/EmployeeScheduleAccessGuardDesignController.php 		Present
Access Guard Design View
/home/at4txjiyemp4/public_html/hdsportszone.com/resources/views/hd/employee_schedules/navigation/access_guard_design.blade.php 		Present
Access Preview Checklist Controller
/home/at4txjiyemp4/public_html/hdsportszone.com/app/Http/Controllers/Hd/EmployeeSchedules/EmployeeScheduleAccessPreviewChecklistController.php 		Present
Access Preview Controller
/home/at4txjiyemp4/public_html/hdsportszone.com/app/Http/Controllers/Hd/EmployeeSchedules/EmployeeScheduleAccessPreviewController.php 		Present
User Mapping Audit Controller
/home/at4txjiyemp4/public_html/hdsportszone.com/app/Http/Controllers/Hd/EmployeeSchedules/EmployeeScheduleUserMappingAuditController.php 		Present
Clean Navigation Partial
/home/at4txjiyemp4/public_html/hdsportszone.com/resources/views/hd/employee_schedules/_clean_nav.blade.php 		Present
Navigation Route File
/home/at4txjiyemp4/public_html/hdsportszone.com/routes/hd_employee_schedule_navigation.php 		Present

Table Checks

Table Status Rows Purpose
Users
users 		Present 0 Possible login identity source.
Employees
employees 		Not Detected 0 Possible employee profile source.
HD Employees
hd_employees 		Present 4 Possible HD employee profile source.
Staff
staff 		Not Detected 0 Possible staff profile source.
HD Staff
hd_staff 		Not Detected 0 Possible HD staff profile source.
Published Shifts
hd_published_shifts 		Present 1 Employee portal published shift source.
Published Schedule Periods
hd_published_schedule_periods 		Present 1 Published period source.

Next Recommended Phase

25L-7 — Employee Access Guard Design Smoke Test / No Enforcement
Recommended next phase can add a read-only smoke test for the guard design module before any future implementation work.
  1. Keep it read-only.
  2. Verify guard design, checklist, preview, print, mapping audit, and access prep pages.
  3. Verify no middleware or auth files were changed.
  4. Do not apply middleware to live routes yet.
  5. Do not change employee portal queries yet.
  6. Do not send notifications or touch payroll, Time Clock, POS shifts, reservations, payments, waivers, customer profiles, exports, or locking.