# Phase 11: Instructor Dashboard

## Multi-Tenant Authorship Workflow
We logically separated the core LMS generation into a pipeline where internal staff evaluate content before it hits the storefront. Instructors possess an isolated ecosystem.

## Restrictions & Policies
1. **Route Level Restrictions**: Instructors engage only under `Route::middleware(['auth', 'role:instructor'])->prefix('instructor')`.
2. **Controller Level Restrictions**: Inside `Instructor\CourseController`, every method explicitly guarantees `$course->instructor_id === auth()->id()`. This prevents parameter tampering via ID manipulation.
3. **Draft States**: Instructors *cannot* directly `publish` a course. A created course assumes the `draft` state. They can edit components inside `draft`. Plunging `submitForReview()` mutates the course into `pending_review`.
4. **Lockdown**: An instructor is locked out of editing the `title`, `price`, `modules`, or `video payload` once they hit `pending_review` or the `published` state. Changes to live revenue-generating content must bounce off Support explicitly.

## Data Visibility
- `DashboardController@index` dynamically maps total platform revenue scaling against the specific instructor's parsed course IDs, preventing data leakages of overall CEPI performance.
- Instructors are securely routed to an `enrollments` blade extracting *ONLY* `$course->enrollments` linked explicitly to their ID map.

## Next Steps
The LMS is complete technically. Our final objective is **Phase 12: Security & Deployment**, physically deploying the logic out on a stable production scale while verifying IP limits, security headers, caching engines, and rate limiters.