EVENTS-SYSTEM

Technical Narrative

Production-style multi-tenant SaaS backend implementing strict tenant isolation via a global Eloquent scope, three-role authorization (super admin / tenant admin / end-user), and a transactional ticket-purchase service that uses row-level locking to prevent overselling under concurrency. Authentication is handled by Laravel Sanctum personal access tokens. Routes are segmented by audience (Super, Admin, User, Public) and protected by a two-layer authorization model, middleware gates routes, policies gate records.

• 01 //Built a multi-tenant events and ticketing REST API on Laravel 12 with Sanctum token authentication and Pest 4 test coverage.
• 02 //Engineered tenant data isolation through a global Eloquent scope and reusable trait, eliminating per-query tenant filtering across every controller and service.
• 03 //Designed a three-tier authorization model (super admin / tenant admin / end-user) with a two-layer enforcement strategy: middleware gating routes and Laravel policies gating records.
• 04 //Implemented a transactional ticket-purchase service using DB transactions and `lockForUpdate()` row-level locking to prevent oversell under concurrent purchases.
• 05 //Built a cross-tenant purchase guard that re-verifies ticket-type ownership inside the purchase service as defense-in-depth on top of the global tenant scope.
• 06 //Architected an audience-segmented controller layout (Super, Admin, Public, User, Auth namespaces) so each role exposes its own resource shape and validation surface.
• 07 //Modeled the full ticketing domain, tenants, events, ticket types with sale windows and inventory, orders, and per-seat attendee tickets with UUID reference codes — across versioned migrations.
• 08 //Shipped a demo seeder that provisions two tenants and one user per role, enabling reviewers to exercise every authorization path within minutes of cloning.