[FEAT] 優化帳號管理授權顯示邏輯與 UI 樣式一致性

app/Models/Machine/Machine.php

@@ -12,6 +12,26 @@ class Machine extends Model
     use HasFactory, TenantScoped;
     use \Illuminate\Database\Eloquent\SoftDeletes;
 
+    protected static function booted()
+    {
+        // 權限隔離：一般帳號登入時只能看到自己被分配的機台
+        static::addGlobalScope('machine_access', function (\Illuminate\Database\Eloquent\Builder $builder) {
+            $user = auth()->user();
+            // 如果是在 Console、或是系統管理員、或是租戶的「管理員」角色，則不限制 (可看該公司所有機台)
+            if (app()->runningInConsole() || !$user || $user->isSystemAdmin() || $user->hasRole('管理員') || $user->hasRole('super-admin')) {
+                return;
+            }
+
+            // 一般租戶帳號：限制只能看自己擁有的機台
+            $builder->whereExists(function ($query) use ($user) {
+                $query->select(\Illuminate\Support\Facades\DB::raw(1))
+                    ->from('machine_user')
+                    ->whereColumn('machine_user.machine_id', 'machines.id')
+                    ->where('machine_user.user_id', $user->id);
+            });
+        });
+    }
+
     protected $fillable = [
         'company_id',
         'name',
@@ -101,4 +121,8 @@ class Machine extends Model
         return $this->belongsTo(\App\Models\System\User::class, 'updater_id');
     }
 
+    public function users()
+    {
+        return $this->belongsToMany(\App\Models\System\User::class);
+    }
 }