# Student Portal Usage

Date: 2026-05-05

## Routes

Canonical student portal routes live under `/portal`:

- `/portal` - dashboard
- `/portal/courses` - enrolled courses
- `/portal/courses/{enrollment}` - course workspace
- `/portal/materials/{material}/download` - protected material download
- `/portal/schedule` - personal schedule
- `/portal/payments` - personal payments
- `/portal/certificates` - personal certificates
- `/portal/profile` - profile and consents
- `/portal/notifications` - notification inbox
- `/portal/support` - support placeholder/page

Legacy URLs such as `/dashboard`, `/courses`, `/my-schedule`, `/payments`, `/my-certificates`, `/profile`, and `/support` redirect to the canonical `/portal` URLs.

## Access Rules

All student portal routes are loaded through the student route group and protected by:

- `web`
- `auth`
- `student_portal`
- `profile_completed`

`/portal/complete-profile` remains available to authenticated students with an incomplete profile.

Only users with the `student` role can enter the portal directly. Admin and teacher access must use a dedicated impersonation/support feature if needed later.

## Data Visibility

Student portal data must always be scoped to the authenticated student:

- Enrollments are viewable only when `enrollment.registration.user_id` equals the authenticated user id.
- Cohorts are visible in the portal only through a confirmed, active, completed, or deposit-paid enrollment.
- Payments are visible only when attached to the authenticated student's enrollment/registration.
- Materials are downloadable only when visible to students and attached to a cohort where the student has an eligible enrollment.
- Certificates must be viewed/downloaded only by their owner through protected routes.

Livewire components that receive route models should call `authorize()` in `mount()` and queries should still filter by `auth()->id()` as a second layer.

## Layout

`resources/views/layouts/portal.blade.php` is the canonical student shell. It provides:

- Desktop sidebar.
- Mobile bottom navigation.
- Topbar with student profile, language switch, logout, and notifications.
- RTL/LTR-aware document direction.

`resources/views/layouts/student.blade.php` is kept as a compatibility wrapper only.

## Audit Events

Student self-service changes should be logged with PII minimization:

- `portal.profile.updated`
- `portal.consents.updated`

Legacy audit keys are still written for compatibility with existing reports.