HD Sports Zone Bookmark 25L-1 — Employee Portal Access / Permission Separation Prep

Builder Help Strip

Manager build workflow: Build → Review → Publish → Employee View

Quick links are consolidated here so managers do not have to hunt through the larger navigation. This strip is visual only. It does not change saves, publishing, schedule rows, employee views, notifications, locking, payroll, Time Clock, POS, reservations, payments, waivers, or customer profiles.

Build Schedule Soft Conflicts Checklist Workflow Employee Portal

1. Build Use existing builder.

2. Draft Draft until published.

3. Review Check conflicts.

4. Publish Existing publish flow.

5. Employees Published self-view.

Manager Schedule Builder — Safe Workflow

Build here. Review conflicts before publishing. Employees view only published schedules.

Use this screen for the existing manager build workflow. Before publishing, review unavailable blocks and soft conflicts. After publishing, employees should use the Employee Portal, My Schedule, Weekly Schedule, or Print Weekly.

Phase 25P-1 only adds clarity and support links. It does not change draft saves, publishing, schedule locking, employee text/email notifications, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

Review Soft Conflicts Builder Checklist Workflow Guide Employee Portal

1. Build Use the current builder workflow.

2. Review Check unavailable blocks and soft conflicts.

3. Publish Publish only after manager review.

4. Employee View Employees use published self-view pages.

Draft Status / Publish Readiness

Treat this as draft work until the manager intentionally publishes it.

Before publishing, confirm the date range, employee coverage, shift times, and soft conflicts. Once published, employees should use the Employee Portal and self-view pages for their final schedule.

Phase 25P-2 adds labels and readiness guidance only. It does not change save buttons, publish buttons, schedule rows, draft data, published data, employee visibility, notifications, locking, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

Draft Until Published Review Conflicts Publish Checklist Employee View

Draft Build and review shifts here.

Coverage Confirm staff, roles, dates, and times.

Conflict Review Review soft conflicts before publish.

Published Employees use published self-view pages.

Publish Review Reminder

Review soft conflicts before publishing this schedule.

Before the manager publishes, check unavailable blocks, appointments, manager holds, duplicate shift issues, and any soft conflicts. Conflicts are still review warnings only; this does not hard-block scheduling.

Phase 25P-3 adds this publish-review callout only. It does not change save buttons, publish buttons, draft rows, published rows, employee visibility, schedule locking, employee text/email notifications, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

Open Soft Conflicts Publish Checklist Draft Labels Employee View

Unavailable Review unavailable blocks.

Appointments Check appointment overlap.

Manager Holds Review manager holds.

Coverage Check staff coverage.

Publish Publish after review.

Employee View Reminder

Employees should view published schedules only from Employee Portal.

After the manager publishes, employees should use Employee Portal, My Schedule, Weekly Schedule, or Print Weekly. Managers should avoid sending employees to builder, diagnostics, route catalogs, checklists, or developer tools.

Phase 25P-4 adds this reminder only. It does not change publish behavior, employee schedule data, employee permissions, schedule locking, employee text/email notifications, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

Employee Portal My Schedule Weekly Print Weekly

Draft Manager-only build work.

Review Conflicts and coverage.

Publish Existing manager action.

Employee View Published self-view pages.

Employee Scheduling

Production Home Visual Cleanup Completion Data Readiness Inventory Data Source Map Save/Publish Action Inventory Production Form Map Draft Save Preflight Draft Save UX Guidance Create / Edit Schedule Review Conflicts Publish Published Schedule Print Employee Portal My Schedule Help

Admin / Diagnostics

Old Hub Access Prep Mapping Audit Access Preview Access Checklist Guard Design Smoke Test Production Smoke Test 25L Completion Access Resolver Resolver Smoke Test Fallback Preview Filter Preview Filter Smoke Test Self-View Plan Self-View Smoke Test My Schedule Self-View My Schedule Smoke Test Weekly Plan Weekly Plan Smoke Test Weekly Self-View Weekly Smoke Test Print Plan Print Plan Smoke Test Print Self-View Print Smoke Test Access Completion Cleanup Plan Completion

Diagnostic/build pages remain available for troubleshooting, but they are intentionally separated from daily manager and employee workflow. Manager Simple Menu Developer Tools Navigation Smoke Test Navigation Completion Builder Inventory Builder Route Catalog Builder Workflow Guide Builder Checklist Builder Diagnostics Builder Completion Builder Screen Cleanup Draft Status Clarity Soft Conflict Reminder Employee View Reminder Builder Help Strip

Access Separation Prep Summary

No enforcement is being added yet. This page only inventories the possible mapping between logged-in users, employee/staff records, and published shifts.

Generated Jun 4, 2026 11:24 PM

Read Only Access Prep Mode

Diagnostics only. No permissions are enforced.

1 Auth Guards Found

Configured Laravel auth guards detected from config only.

2 Identity Tables Found

Potential user/employee/staff tables detected.

6 Published Shift Identity Columns

Potential employee/user/staff columns on published shifts.

3 High Confidence Mapping Candidates

Likely access mapping options to review before enforcement.

None Permission Changes

No middleware, guards, roles, or policies are changed.

Preserved Boundaries

Read-only access prep No permission enforcement No auth config changes No middleware changes No database writes No migrations No route deletion No page deletion No schedule edits No published schedule edits No draft schedule edits No employee texts No employee emails No notifications No payroll changes No Time Clock rules changes No POS shifts changes No reservations changes No payments changes No waivers changes No customer profile changes No exports generated No PDF generation No CSV export No schedule locking No hard schedule blocking changes

Auth Guard Inventory

Guard	Driver	Provider
web	session	users

Auth Provider Inventory

Provider	Driver	Model
users	eloquent	App\Models\User

Potential Identity Tables

Table	Status	Rows	Identity Columns	Purpose
Users users	Present	0	id user_id employee_id staff_id email name status	Common Laravel login table.
Employees employees	Missing	0	id user_id employee_id staff_id email name status	Possible employee profile table.
HD Employees hd_employees	Present	4	id user_id employee_id staff_id email name status	Possible HD-specific employee table.
Staff staff	Missing	0	id user_id employee_id staff_id email name status	Possible staff profile table.
HD Staff hd_staff	Missing	0	id user_id employee_id staff_id email name status	Possible HD-specific staff table.

Published Shift Identity Columns

Column	Status	Purpose
Employee ID hd_published_shifts.employee_id	Present	Likely direct employee profile reference.
Staff ID hd_published_shifts.staff_id	Not Detected	Likely direct staff profile reference.
User ID hd_published_shifts.user_id	Not Detected	Likely direct authenticated user reference.
Published Schedule Period ID hd_published_shifts.published_schedule_period_id	Present	Links shift to published schedule period.
Source Schedule Period ID hd_published_shifts.source_schedule_period_id	Present	Links shift back to source draft period if present.
Work Date hd_published_shifts.work_date	Present	Used for date-limited access display.
Starts At hd_published_shifts.starts_at	Present	Used for schedule display.
Ends At hd_published_shifts.ends_at	Present	Used for schedule display.

Mapping Candidates to Review

Candidate Mapping	Confidence	Status	Recommendation
hd_published_shifts.user_id → users.id	High	Needs Review One or both sides of this mapping were not detected.	Best candidate if published shifts store user_id and employees log in through users.
hd_published_shifts.employee_id → employees.id	High	Needs Review One or both sides of this mapping were not detected.	Good candidate if employees table is the actual employee profile table.
hd_published_shifts.employee_id → hd_employees.id	High	Available Both published shift column and identity table column exist.	Good candidate if hd_employees is the HD-specific employee profile table.
hd_published_shifts.staff_id → staff.id	Medium	Needs Review One or both sides of this mapping were not detected.	Possible candidate if schedules are assigned to staff records.
hd_published_shifts.staff_id → hd_staff.id	Medium	Needs Review One or both sides of this mapping were not detected.	Possible candidate if schedules are assigned to HD staff records.
hd_published_shifts.user_id → employees.user_id	Medium	Needs Review One or both sides of this mapping were not detected.	Possible bridge if employees table stores user_id and published shifts store user_id.
hd_published_shifts.user_id → hd_employees.user_id	Medium	Needs Review One or both sides of this mapping were not detected.	Possible bridge if hd_employees table stores user_id and published shifts store user_id.

Recommended Future Access Rules

Employee portal access should eventually resolve the logged-in user to exactly one employee/staff identity.
Employee-facing schedule queries should filter hd_published_shifts by that resolved identity.
Managers/admins should keep access to preview employee schedules for troubleshooting.
Employees should not access publish, draft, diagnostics, route catalog, audit preview, or completion pages.
Permission enforcement should not start until the correct users-to-employees mapping is confirmed.
The first enforcement phase should be reversible and backed by route/middleware checks.

Do Not Enforce Yet

This first 25L phase is diagnostic only. Keep enforcement off until mapping is confirmed.

Do not add middleware enforcement in 25L-1.
Do not modify auth.php, guards, providers, policies, or roles in this phase.
Do not hide manager routes yet.
Do not change employee portal queries to require auth yet.
Do not write employee/user mapping records yet.
Do not send texts, emails, or reminders.
Do not connect payroll, Time Clock rules, POS shifts, reservations, payments, waivers, customer profiles, exports, PDFs, CSVs, or schedule locking.

Route Checks

Area	Critical	Method	Status	URI
Access Prep	Critical	GET	Detected	hd/employee-schedules/access-prep
Employee Portal Access Prep	Critical	GET	Detected	hd/employee-schedules/employee-portal/access-prep
Completion	Critical	GET	Detected	hd/employee-schedules/completion
Scheduling Hub	Critical	GET	Detected	hd/employee-schedules/hub
Help	Optional	GET	Detected	hd/employee-schedules/help
Checklist	Optional	GET	Detected	hd/employee-schedules/checklist
Employee Portal	Critical	GET	Detected	hd/employee-schedules/employee-portal
My Schedule	Critical	GET	Detected	hd/employee-schedules/employee-portal/my-schedule
Weekly View	Critical	GET	Detected	hd/employee-schedules/employee-portal/weekly
Weekly Print	Optional	GET	Detected	hd/employee-schedules/employee-portal/weekly/print
Published Viewer	Optional	GET	Detected	hd/employee-schedules/published/viewer
Draft Periods	Optional	GET	Detected	hd/employee-schedules/drafts/periods

Controller / View / Route File Checks

File	Status
Access Prep Controller /home/at4txjiyemp4/public_html/hdsportszone.com/app/Http/Controllers/Hd/EmployeeSchedules/EmployeeScheduleAccessPrepController.php	Present
Access Prep View /home/at4txjiyemp4/public_html/hdsportszone.com/resources/views/hd/employee_schedules/navigation/access_prep.blade.php	Present
Clean Navigation Partial /home/at4txjiyemp4/public_html/hdsportszone.com/resources/views/hd/employee_schedules/_clean_nav.blade.php	Present
Navigation Route File /home/at4txjiyemp4/public_html/hdsportszone.com/routes/hd_employee_schedule_navigation.php	Present
Employee Portal Route File /home/at4txjiyemp4/public_html/hdsportszone.com/routes/hd_employee_schedule_employee_portal.php	Present
Completion Controller /home/at4txjiyemp4/public_html/hdsportszone.com/app/Http/Controllers/Hd/EmployeeSchedules/EmployeeScheduleEmployeePortalCompletionController.php	Present

Table Checks

Table	Status	Rows	Purpose
Users users	Present	0	Possible login identity source.
Employees employees	Not Detected	0	Possible employee profile source.
HD Employees hd_employees	Present	4	Possible HD employee profile source.
Staff staff	Not Detected	0	Possible staff profile source.
HD Staff hd_staff	Not Detected	0	Possible HD staff profile source.
Published Shifts hd_published_shifts	Present	1	Published shift source used by employee portal.
Published Schedule Periods hd_published_schedule_periods	Present	1	Published period source.

Next Recommended Phase

25L-2 — Employee/User Mapping Audit
Recommended next phase can create a read-only mapping audit to show exactly which users can be matched to employee/staff records before enforcing access.

Stay read-only.
Show counts and mapping status, not sensitive personal data.
Confirm whether published shifts use employee_id, staff_id, or user_id.
Confirm which table is the real employee identity table.
Do not enforce permissions until the mapping is confirmed.
Do not send notifications or touch payroll, Time Clock, POS shifts, reservations, payments, waivers, customer profiles, exports, or locking.