*/ private const ALLOWED_PINNED_SPACES = [ '/dashboard/profile', '/dashboard/notifications', '/dashboard/comments/received', '/dashboard/followers', '/dashboard/following', '/dashboard/favorites', '/dashboard/artworks', '/dashboard/gallery', '/dashboard/awards', '/creator/stories', '/studio', ]; protected $table = 'dashboard_preferences'; protected $primaryKey = 'user_id'; public $incrementing = false; protected $keyType = 'int'; protected $fillable = [ 'user_id', 'pinned_spaces', ]; protected function casts(): array { return [ 'pinned_spaces' => 'array', ]; } public function user(): BelongsTo { return $this->belongsTo(User::class, 'user_id'); } /** * @param array $hrefs * @return list */ public static function sanitizePinnedSpaces(array $hrefs): array { $allowed = array_fill_keys(self::ALLOWED_PINNED_SPACES, true); $sanitized = []; foreach ($hrefs as $href) { if (! is_string($href) || ! isset($allowed[$href])) { continue; } if (in_array($href, $sanitized, true)) { continue; } $sanitized[] = $href; if (count($sanitized) >= self::MAX_PINNED_SPACES) { break; } } return $sanitized; } /** * @return list */ public static function pinnedSpacesForUser(User $user): array { $preference = static::query()->find($user->id); $spaces = $preference?->pinned_spaces; return is_array($spaces) ? static::sanitizePinnedSpaces($spaces) : []; } }