HD Sports Zone Bookmark 25M-1 — Employee Schedule Access Resolver / Controlled Implementation Start

Preview-only employee schedule access resolver. This adds safe helper logic for identifying the current user’s likely schedule identity, but it does not enforce permissions, apply middleware, change auth, change employee portal queries, write data, show employee names/emails, send notifications, or touch payroll, Time Clock rules, POS shifts, reservations, payments, waivers, customer profiles, exports, PDFs, CSVs, schedule locking, or hard schedule blocking.

Access Resolver 25L Completion Production Home Employee Portal Resolver Smoke Test Fallback Preview
Builder Help Strip

Manager build workflow: Build → Review → Publish → Employee View

Quick links are consolidated here so managers do not have to hunt through the larger navigation. This strip is visual only. It does not change saves, publishing, schedule rows, employee views, notifications, locking, payroll, Time Clock, POS, reservations, payments, waivers, or customer profiles.

1. Build Use existing builder.
2. Draft Draft until published.
3. Review Check conflicts.
4. Publish Existing publish flow.
5. Employees Published self-view.
Manager Schedule Builder — Safe Workflow

Build here. Review conflicts before publishing. Employees view only published schedules.

Use this screen for the existing manager build workflow. Before publishing, review unavailable blocks and soft conflicts. After publishing, employees should use the Employee Portal, My Schedule, Weekly Schedule, or Print Weekly.

Phase 25P-1 only adds clarity and support links. It does not change draft saves, publishing, schedule locking, employee text/email notifications, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

1. Build Use the current builder workflow.
2. Review Check unavailable blocks and soft conflicts.
3. Publish Publish only after manager review.
4. Employee View Employees use published self-view pages.
Draft Status / Publish Readiness

Treat this as draft work until the manager intentionally publishes it.

Before publishing, confirm the date range, employee coverage, shift times, and soft conflicts. Once published, employees should use the Employee Portal and self-view pages for their final schedule.

Phase 25P-2 adds labels and readiness guidance only. It does not change save buttons, publish buttons, schedule rows, draft data, published data, employee visibility, notifications, locking, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

Draft Build and review shifts here.
Coverage Confirm staff, roles, dates, and times.
Conflict Review Review soft conflicts before publish.
Published Employees use published self-view pages.
Publish Review Reminder

Review soft conflicts before publishing this schedule.

Before the manager publishes, check unavailable blocks, appointments, manager holds, duplicate shift issues, and any soft conflicts. Conflicts are still review warnings only; this does not hard-block scheduling.

Phase 25P-3 adds this publish-review callout only. It does not change save buttons, publish buttons, draft rows, published rows, employee visibility, schedule locking, employee text/email notifications, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

Unavailable Review unavailable blocks.
Appointments Check appointment overlap.
Manager Holds Review manager holds.
Coverage Check staff coverage.
Publish Publish after review.
Employee View Reminder

Employees should view published schedules only from Employee Portal.

After the manager publishes, employees should use Employee Portal, My Schedule, Weekly Schedule, or Print Weekly. Managers should avoid sending employees to builder, diagnostics, route catalogs, checklists, or developer tools.

Phase 25P-4 adds this reminder only. It does not change publish behavior, employee schedule data, employee permissions, schedule locking, employee text/email notifications, payroll, Time Clock, POS shifts, reservations, payments, waivers, or customer profiles.

Draft Manager-only build work.
Review Conflicts and coverage.
Publish Existing manager action.
Employee View Published self-view pages.
Employee Scheduling
Production Home Visual Cleanup Completion Data Readiness Inventory Data Source Map Save/Publish Action Inventory Production Form Map Draft Save Preflight Draft Save UX Guidance Create / Edit Schedule Review Conflicts Publish Published Schedule Print Employee Portal My Schedule Help
Admin / Diagnostics Diagnostic/build pages remain available for troubleshooting, but they are intentionally separated from daily manager and employee workflow. Manager Simple Menu Developer Tools Navigation Smoke Test Navigation Completion Builder Inventory Builder Route Catalog Builder Workflow Guide Builder Checklist Builder Diagnostics Builder Completion Builder Screen Cleanup Draft Status Clarity Soft Conflict Reminder Employee View Reminder Builder Help Strip

Resolver Preview Summary

No employee access enforcement is active. This page only previews how a future helper could resolve the logged-in user to a schedule identity.

Generated Jun 5, 2026 12:20 AM

Preview Only Resolver Mode

Helper logic is available but not enforced.

Not Detected Logged-In User

Names and emails are intentionally hidden.

1 Identity Candidates

Possible safe schedule identity paths checked.

0 Previewable Candidates

Candidates with an identity value and published shift column.

0 Published Shift Matches

Total matches across preview candidates.

1 Strong Mapping Paths

Mapping audit paths with 95%+ coverage.

Preserved Boundaries

Resolver preview only No middleware created No middleware applied No permission enforcement No auth config changes No route middleware changes No database writes No migrations No employee PII output No existing routes removed No existing pages deleted No schedule edits No published schedule edits No draft schedule edits No employee texts No employee emails No notifications No payroll changes No Time Clock rules changes No POS shifts changes No reservations changes No payments changes No waivers changes No customer profile changes No exports generated No PDF generation No CSV export No schedule locking No hard schedule blocking changes

Safe Logged-In User Summary

Logged In User Employee Attribute Staff Attribute Safe Note
Not Detected None No employee_id attribute detected No staff_id attribute detected No logged-in user detected in this request.

Recommended Candidate

No resolved employee identity yet
Candidate: No candidate selected
Identity: No identity value
Published Shift Column: None
Published Shift Matches: 0
Future enforcement must show no schedule for unmapped users and instruct them to contact a manager.

Candidate Identity Paths

Candidate Source Identity Published Column Shift Matches Status Safe Note
No logged-in user detected
not_logged_in		 auth No identity value None 0 Not available Future enforcement should show an access-required message, not all schedules.

Mapping Health

Mapping Confidence Status Distinct Shift Values Matched Values Coverage
Published Shifts user_id → Users id
hd_published_shifts.user_id → users.id 		High Unavailable 0 0 0.0%
Published Shifts employee_id → Employees id
hd_published_shifts.employee_id → employees.id 		High Unavailable 0 0 0.0%
Published Shifts employee_id → HD Employees id
hd_published_shifts.employee_id → hd_employees.id 		High Strong 1 1 100.0%
Published Shifts staff_id → Staff id
hd_published_shifts.staff_id → staff.id 		Medium Unavailable 0 0 0.0%
Published Shifts staff_id → HD Staff id
hd_published_shifts.staff_id → hd_staff.id 		Medium Unavailable 0 0 0.0%
Published Shifts user_id → Employees user_id
hd_published_shifts.user_id → employees.user_id 		Medium Unavailable 0 0 0.0%
Published Shifts user_id → HD Employees user_id
hd_published_shifts.user_id → hd_employees.user_id 		Medium Unavailable 0 0 0.0%

Safe Future Filter Plan

  1. Resolve logged-in user: Use Auth::user() to identify the current account.
  2. Resolve schedule identity: Determine whether the schedule should filter by user_id, employee_id, or staff_id.
  3. Filter published shifts only: Future employee self-view should only read published schedule data.
  4. Never expose all shifts on failure: If identity mapping fails, show no schedule and a manager-contact message.
  5. Keep manager/admin override: Managers need a safe troubleshooting and preview path.

Fallback Rules

  • No logged-in user: future enforcement should show an access-required message.
  • Logged-in user cannot be mapped: future enforcement should show no schedule and a manager-contact message.
  • Mapped user has no published shifts: show an empty schedule message.
  • Manager/admin preview: clearly label that the manager is previewing access behavior.
  • Never show all shifts to an unmapped employee user.

Not Enforced In This Phase

This resolver is not attached to middleware yet. This resolver does not modify route middleware. This resolver does not modify config/auth.php. This resolver does not change employee portal queries yet. This resolver does not write to the database. This resolver does not send notifications. This resolver does not touch payroll, Time Clock rules, POS shifts, reservations, payments, waivers, customer profiles, exports, PDFs, CSVs, schedule locking, or hard schedule blocking.

Route Checks

Area Critical Status URI Open
Access Resolver Preview Critical Detected hd/employee-schedules/access-resolver Open
Employee Portal Access Resolver Preview Critical Detected hd/employee-schedules/employee-portal/access-resolver Open
25L Completion Critical Detected hd/employee-schedules/production/completion Open
Production Home Critical Detected hd/employee-schedules/production Open
Production Smoke Test Optional Detected hd/employee-schedules/production/smoke-test Open
Access Guard Design Optional Detected hd/employee-schedules/access-guard-design Open
Access Checklist Optional Detected hd/employee-schedules/access-preview/checklist Open
Mapping Audit Optional Detected hd/employee-schedules/user-mapping-audit Open
Employee Portal Critical Detected hd/employee-schedules/employee-portal Open
My Schedule Critical Detected hd/employee-schedules/employee-portal/my-schedule Open
Weekly View Critical Detected hd/employee-schedules/employee-portal/weekly Open

Controller / View / Route File Checks

File Status
Access Resolver Service
/home/at4txjiyemp4/public_html/hdsportszone.com/app/Support/Hd/EmployeeSchedules/EmployeeScheduleAccessResolver.php 		Present
Access Resolver Preview Controller
/home/at4txjiyemp4/public_html/hdsportszone.com/app/Http/Controllers/Hd/EmployeeSchedules/EmployeeScheduleAccessResolverPreviewController.php 		Present
Access Resolver Preview View
/home/at4txjiyemp4/public_html/hdsportszone.com/resources/views/hd/employee_schedules/navigation/access_resolver_preview.blade.php 		Present
Slim Clean Navigation Partial
/home/at4txjiyemp4/public_html/hdsportszone.com/resources/views/hd/employee_schedules/_clean_nav.blade.php 		Present
Navigation Route File
/home/at4txjiyemp4/public_html/hdsportszone.com/routes/hd_employee_schedule_navigation.php 		Present

Table Checks

Table Status Rows Purpose
Users
users 		Present 0 Login identity source.
Employees
employees 		Not Detected 0 Potential employee identity source.
HD Employees
hd_employees 		Present 4 Potential HD employee identity source.
Staff
staff 		Not Detected 0 Potential staff identity source.
HD Staff
hd_staff 		Not Detected 0 Potential HD staff identity source.
Published Schedule Periods
hd_published_schedule_periods 		Present 1 Published schedule period source.
Published Shifts
hd_published_shifts 		Present 1 Published shift source for future filtering.

Next Recommended Phase

25M-2 — Access Resolver Smoke Test / No Enforcement
Recommended next phase should verify the resolver service, preview route, mapping health, and fallback behavior without applying middleware or changing employee portal queries.
  1. Keep it read-only.
  2. Verify resolver service exists and can safely resolve candidate identity paths.
  3. Confirm names/emails are not exposed.
  4. Confirm no middleware/auth files were modified.
  5. Do not apply employee-only filtering yet.
  6. Do not send notifications or touch payroll, Time Clock, POS shifts, reservations, payments, waivers, customer profiles, exports, or locking.