feat: resolve active unit from request in controllers and services

- Apply ResolvesActiveUnit trait to all unit-scoped controllers
- StudentService and HolidayService resolve unit via active_unit_id
  from request before falling back to the user's first unit

app/Http/Controllers/ClassPackageController.php

@@ -2,14 +2,16 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Controllers\Concerns\ResolvesActiveUnit;
 use App\Services\ClassPackageService;
 use App\Http\Requests\ClassPackageRequest;
 use App\Http\Resources\ClassPackageResource;
 use Illuminate\Http\JsonResponse;
-use Illuminate\Support\Facades\Auth;
 
 class ClassPackageController extends Controller
 {
+    use ResolvesActiveUnit;
+
     public function __construct(
         protected ClassPackageService $service,
     ) {}
@@ -22,7 +24,7 @@ public function index(): JsonResponse
 
     public function byUnit(): JsonResponse
     {
-        $unitId = Auth::user()->load('units')->units->first()?->id;
+        $unitId = $this->activeUnitId();
         if (!$unitId) {
             return $this->successResponse(payload: []);
         }

app/Http/Controllers/ClassPackageUnitController.php

@@ -2,21 +2,23 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Controllers\Concerns\ResolvesActiveUnit;
 use App\Services\ClassPackageUnitService;
 use App\Http\Requests\ClassPackageUnitRequest;
 use App\Http\Resources\ClassPackageUnitResource;
 use Illuminate\Http\JsonResponse;
-use Illuminate\Support\Facades\Auth;
 
 class ClassPackageUnitController extends Controller
 {
+    use ResolvesActiveUnit;
+
     public function __construct(
         protected ClassPackageUnitService $service,
     ) {}
 
     public function index(): JsonResponse
     {
-        $unitId = Auth::user()->load('units')->units->first()?->id;
+        $unitId = $this->activeUnitId();
         if (!$unitId) {
             return $this->successResponse(payload: []);
         }
@@ -27,7 +29,7 @@ public function index(): JsonResponse
 
     public function byUnit(): JsonResponse
     {
-        $unitId = Auth::user()->load('units')->units->first()?->id;
+        $unitId = $this->activeUnitId();
         if (!$unitId) {
             return $this->successResponse(payload: []);
         }
@@ -37,7 +39,7 @@ public function byUnit(): JsonResponse
 
     public function store(ClassPackageUnitRequest $request): JsonResponse
     {
-        $unitId = Auth::user()->load('units')->units->first()?->id;
+        $unitId = $this->activeUnitId();
         $data   = array_merge($request->validated(), ['unit_id' => $unitId]);
         $item   = $this->service->create($data);
         return $this->successResponse(payload: new ClassPackageUnitResource($item), message: __('messages.created'), code: 201);

app/Http/Controllers/FranchiseeContractController.php

@@ -2,16 +2,18 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Controllers\Concerns\ResolvesActiveUnit;
 use App\Services\FranchiseeContractService;
 use App\Http\Requests\FranchiseeContractRequest;
 use App\Http\Resources\FranchiseeContractResource;
 use App\Http\Resources\FranchiseeContractTaxHistoryResource;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
 
 class FranchiseeContractController extends Controller
 {
+    use ResolvesActiveUnit;
+
     public function __construct(
         protected FranchiseeContractService $service,
     ) {}
@@ -95,8 +97,6 @@ public function taxHistoryMe(int $id): JsonResponse
 
     private function currentUnitId(): ?int
     {
-        $user = Auth::user()?->load('units');
-
-        return $user?->units->first()?->id;
+        return $this->activeUnitId();
     }
 }

app/Http/Controllers/StudentContractController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Controllers\Concerns\ResolvesActiveUnit;
 use App\Models\UnitFinancial;
 use App\Services\StudentContractService;
 use App\Http\Requests\StudentContractRequest;
@@ -9,10 +10,11 @@
 use App\Http\Resources\StudentContractInstallmentResource;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
 
 class StudentContractController extends Controller
 {
+    use ResolvesActiveUnit;
+
     public function __construct(
         protected StudentContractService $service,
     ) {}
@@ -39,7 +41,7 @@ public function franchisorCancelled(): JsonResponse
 
     public function index(): JsonResponse
     {
-        $unitId    = Auth::user()->load('units')->units->first()?->id;
+        $unitId    = $this->activeUnitId();
         $studentId = request()->integer('student_id') ?: null;
         $items     = $this->service->getAll($unitId, $studentId);
         return $this->successResponse(payload: StudentContractResource::collection($items));
@@ -47,7 +49,7 @@ public function index(): JsonResponse
 
     public function store(StudentContractRequest $request): JsonResponse
     {
-        $unitId = Auth::user()->load('units')->units->first()?->id;
+        $unitId = $this->activeUnitId();
         $data   = array_merge($request->validated(), ['unit_id' => $unitId]);
         $item   = $this->service->create($data);
         return $this->successResponse(payload: new StudentContractResource($item), message: __('messages.created'), code: 201);

app/Http/Controllers/SupportTicketController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Controllers\Concerns\ResolvesActiveUnit;
 use App\Services\SupportTicketService;
 use App\Http\Requests\SupportTicketRequest;
 use App\Http\Resources\SupportTicketResource;
@@ -9,6 +10,8 @@
 
 class SupportTicketController extends Controller
 {
+    use ResolvesActiveUnit;
+
     public function __construct(
         protected SupportTicketService $service,
     ) {}
@@ -23,7 +26,7 @@ public function index(): JsonResponse
         if ($this->isMatriz($user)) {
             $query->where(fn($q) => $q->where('origin', '!=', 'unit')->orWhere('scope', '!=', 'internal'));
         } else {
-            $query->visibleToUnit($user->units()->first()?->id);
+            $query->visibleToUnit($this->activeUnitId($user));
         }
 
         return $this->successResponse(
@@ -40,7 +43,7 @@ public function store(SupportTicketRequest $request): JsonResponse
         $data['origin'] = $isMatriz ? 'matriz' : 'unit';
         $data['applicant_user_id'] = $user->id;
         $data['responsable_user_id'] = $user->id;
-        $data['applicant_unit_id'] = $isMatriz ? null : $user->units()->first()?->id;
+        $data['applicant_unit_id'] = $isMatriz ? null : $this->activeUnitId($user);
         $data['status'] = 'in_progress';
 
         // Broadcast: Matriz para todas as unidades
@@ -70,7 +73,7 @@ public function store(SupportTicketRequest $request): JsonResponse
         } else {
             // Franchisee
             $data['target_unit_id'] = (($data['scope'] ?? null) === 'internal')
-                ? $user->units()->first()?->id
+                ? $this->activeUnitId($user)
                 : null; // 'specific' do Franchisee = "para Matriz"
         }
 
@@ -128,6 +131,6 @@ private function canManage(\App\Models\User $user, \App\Models\SupportTicket $ti
         // Franchisee só pode gerenciar tickets internos que ela mesma criou
         return $ticket->origin === 'unit'
             && $ticket->scope === 'internal'
-            && $ticket->applicant_unit_id === $user->units()->first()?->id;
+            && $ticket->applicant_unit_id === $this->activeUnitId($user);
     }
 }

app/Http/Controllers/UnitController.php

@@ -2,14 +2,16 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Controllers\Concerns\ResolvesActiveUnit;
 use App\Services\UnitService;
 use App\Http\Requests\UnitRequest;
 use App\Http\Resources\UnitResource;
 use Illuminate\Http\JsonResponse;
-use Illuminate\Support\Facades\Auth;
 
 class UnitController extends Controller
 {
+    use ResolvesActiveUnit;
+
     public function __construct(
         protected UnitService $service,
     ) {}
@@ -48,30 +50,26 @@ public function destroy(int $id): JsonResponse
 
     public function showMe(): JsonResponse
     {
-        $user = Auth::user()->load('units');
-
-        $unit = $user->units->first();
+        $unitId = $this->activeUnitId();
 
-        if (!$unit) {
+        if (!$unitId) {
             return $this->errorResponse(message: 'Unidade não encontrada', code: 404);
         }
 
-        $item = $this->service->findById($unit->id);
+        $item = $this->service->findById($unitId);
 
         return $this->successResponse(payload: new UnitResource($item));
     }
 
     public function updateMe(UnitRequest $request): JsonResponse
     {
-        $user = Auth::user()->load('units');
-
-        $unit = $user->units->first();
+        $unitId = $this->activeUnitId();
 
-        if (!$unit) {
+        if (!$unitId) {
             return $this->errorResponse(message: 'Unidade não encontrada', code: 404);
         }
 
-        $item = $this->service->update($unit->id, $request->safe()->only(['avatar']));
+        $item = $this->service->update($unitId, $request->safe()->only(['avatar']));
 
         return $this->successResponse(payload: new UnitResource($item), message: __('messages.updated'));
     }

app/Http/Controllers/UnitFinancialController.php

@@ -2,15 +2,17 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Controllers\Concerns\ResolvesActiveUnit;
 use App\Services\UnitFinancialService;
 use App\Http\Requests\UnitFinancialRequest;
 use App\Http\Resources\UnitFinancialResource;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
 
 class UnitFinancialController extends Controller
 {
+    use ResolvesActiveUnit;
+
     public function __construct(
         protected UnitFinancialService $service,
     ) {}
@@ -21,11 +23,9 @@ public function show(Request $request): JsonResponse
         return $this->successResponse(payload: $item ? new UnitFinancialResource($item) : null);
     }
 
-    //
-
     public function showMe(): JsonResponse
     {
-        $unitId = Auth::user()?->load('units')->units->first()?->id;
+        $unitId = $this->activeUnitId();
 
         if (!$unitId) {
             return $this->errorResponse(message: 'Unidade não encontrada', code: 404);
@@ -50,7 +50,7 @@ public function upsert(UnitFinancialRequest $request): JsonResponse
 
     public function upsertMe(UnitFinancialRequest $request): JsonResponse
     {
-        $unitId = Auth::user()?->load('units')->units->first()?->id;
+        $unitId = $this->activeUnitId();
 
         if (!$unitId) {
             return $this->errorResponse(message: 'Unidade não encontrada', code: 404);

app/Http/Controllers/UnitHistoryController.php

@@ -2,15 +2,17 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Controllers\Concerns\ResolvesActiveUnit;
 use App\Services\UnitHistoryService;
 use App\Http\Requests\UnitHistoryRequest;
 use App\Http\Resources\UnitHistoryResource;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
 
 class UnitHistoryController extends Controller
 {
+    use ResolvesActiveUnit;
+
     public function __construct(
         protected UnitHistoryService $service,
     ) {}
@@ -64,8 +66,6 @@ public function indexMe(): JsonResponse
 
     private function currentUnitId(): ?int
     {
-        $user = Auth::user()?->load('units');
-
-        return $user?->units->first()?->id;
+        return $this->activeUnitId();
     }
 }

app/Http/Controllers/UnitMediaController.php

@@ -2,15 +2,17 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Controllers\Concerns\ResolvesActiveUnit;
 use App\Services\UnitMediaService;
 use App\Http\Requests\UnitMediaRequest;
 use App\Http\Resources\UnitMediaResource;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
 
 class UnitMediaController extends Controller
 {
+    use ResolvesActiveUnit;
+
     public function __construct(
         protected UnitMediaService $service,
     ) {}
@@ -83,8 +85,6 @@ public function storeMe(UnitMediaRequest $request): JsonResponse
 
     private function currentUnitId(): ?int
     {
-        $user = Auth::user()?->load('units');
-
-        return $user?->units->first()?->id;
+        return $this->activeUnitId();
     }
 }

app/Http/Controllers/UnitPartnerController.php

@@ -2,15 +2,17 @@
 
 namespace App\Http\Controllers;
 
+use App\Http\Controllers\Concerns\ResolvesActiveUnit;
 use App\Services\UnitPartnerService;
 use App\Http\Requests\UnitPartnerRequest;
 use App\Http\Resources\UnitPartnerResource;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
 
 class UnitPartnerController extends Controller
 {
+    use ResolvesActiveUnit;
+
     public function __construct(
         protected UnitPartnerService $service,
     ) {}
@@ -120,8 +122,6 @@ public function destroyMe(int $id): JsonResponse
 
     private function currentUnitId(): ?int
     {
-        $user = Auth::user()?->load('units');
-
-        return $user?->units->first()?->id;
+        return $this->activeUnitId();
     }
 }

app/Services/HolidayService.php

@@ -54,6 +54,14 @@ public function delete(int $id): bool
 
     private function resolveUnitId(User $user): int
     {
+        $activeUnitId = request()->input('active_unit_id');
+
+        if ($activeUnitId) {
+            $unit = $user->units()->where('units.id', $activeUnitId)->first();
+            abort_if(!$unit, 403, 'Unidade não autorizada para este usuário.');
+            return $unit->id;
+        }
+
         $unit = $user->units()->first();
         abort_if(!$unit, 403, 'Usuário sem unidade associada.');
         return $unit->id;

app/Services/StudentService.php

@@ -126,6 +126,14 @@ private function handlePhoto(array $data, ?string $oldPhotoPath = null): array
 
     private function resolveUnitId(User $user): int
     {
+        $activeUnitId = request()->input('active_unit_id');
+
+        if ($activeUnitId) {
+            $unit = $user->units()->where('units.id', $activeUnitId)->first();
+            abort_if(!$unit, 403, 'Unidade não autorizada para este usuário.');
+            return $unit->id;
+        }
+
         $unit = $user->units()->first();
         abort_if(!$unit, 403, 'Usuário sem unidade associada.');
         return $unit->id;