Reflect wildcard permissions when calling Model::all()

[esyon]

Hey, I got the following permissions on my group model:
groups.*.dd950d4a-e1ce-4a9c-ac03-2d002c6d9e39, which is assigned to a specific user.

If the user with the permission is getting all groups via Groups::all() only the one permitted group should be shown.

I thought about a permissionScope to the group model, which then checks for existing IDs within the wildcard permission, but I don't know if this is the smartest way to do it.

What would be the best way to approach this?

Thanks a lot!

[Cluster2a]

We created a PermissionScope that filters the permissions by the current model.
We then assume that there is only one record with IDs, as we only work with one role per user and one wildcard permission per model.

public function apply(Builder $builder, Model $model): void
{
    if (auth()->user()) {
        $modelTable = $model->getTable();
        $permissions = auth()->user()->getAllPermissions()->filter(function ($permission) use ($modelTable) {
            return stripos($permission->name, $modelTable) !== false;
        })->pluck('name')->toArray();

        // if working with IDs there should be exactly one permission per model
        if (count($permissions) === 1) {
            $WildcardPermissionClass = $this->getWildcardClass();
            $userPermission = new $WildcardPermissionClass($permissions[0]);
            $targetPart = $userPermission->getParts()->get(2);
            if (!is_null($targetPart)) {
                $targets = collect($targetPart);
                if ($targets->count() > 0) {
                    $builder->whereIn($modelTable . '.id', $targets->toArray());
                }
            }
        }
    }
}