bert.hausmans/band-management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: align codebase with EventCrew domain and trim legacy band stack

Browse Source 
- Update API: events, users, policies, routes, resources, migrations
- Remove deprecated models/resources (customers, setlists, invitations, etc.)
- Refresh admin app and docs; remove apps/band

Made-with: Cursor
This commit is contained in:
bert.hausmans
2026-03-29 23:19:06 +02:00
parent 34e12e00b3
commit 1cb7674d52
1034 changed files with 7453 additions and 8743 deletions
Download Patch File Download Diff File Expand all files Collapse all files

701
.cursor/rules/100_laravel.mdc
View File

@@ -1,5 +1,5 @@
---
description: Laravel API development guidelines
description: Laravel API development guidelines for EventCrew multi-tenant platform
globs: ["api/**/*.php"]
alwaysApply: true
---
@@ -8,52 +8,25 @@ alwaysApply: true
## PHP Conventions
- Use PHP 8.3+ features: constructor property promotion, readonly properties, match expressions
- Use `match` operator over `switch` wherever possible
- Import all classes with `use` statements; avoid fully-qualified class names inline
- Use named arguments for functions with 3+ parameters
- Use PHP 8.2+ features: constructor property promotion, readonly properties, match expressions, enums
- Use `declare(strict_types=1);` in all files
- Use `match` over `switch` wherever possible
- Import all classes with `use` statements
- Prefer early returns over nested conditionals
```php
// ✅ Good - constructor property promotion
public function __construct(
private readonly UserRepository $users,
private readonly Mailer $mailer,
) {}
// ✅ Good - early return
public function handle(Request $request): Response
{
if (!$request->user()) {
return response()->json(['error' => 'Unauthorized'], 401);
}
// Main logic here
}
// ❌ Avoid - nested conditionals
public function handle(Request $request): Response
{
if ($request->user()) {
// Nested logic
} else {
return response()->json(['error' => 'Unauthorized'], 401);
}
}
```
## Core Principles
1. **API-only** - No Blade views, no web routes
2. **Thin controllers** - Business logic in Actions
3. **Consistent responses** - Use API Resources and response trait
4. **Validate everything** - Use Form Requests
5. **Authorize properly** - Use Policies
6. **Test thoroughly** - Feature tests for all endpoints
1. **API-only** - No Blade views, no web routes. Every response is JSON.
2. **Multi-tenant** - Every query scoped on `organisation_id` via Global Scope.
3. **Resource Controllers** - Use index/show/store/update/destroy.
4. **Validate via Form Requests** - Never inline `validate()`.
5. **Authorize via Policies** - Never hardcode role strings in controllers.
6. **Respond via API Resources** - Never return model attributes directly.
7. **ULID primary keys** - Via HasUlids trait on all business models.
## File Templates
### Model
### Model (with OrganisationScope)
```php
<?php
@@ -68,83 +41,78 @@ use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
use Illuminate\Database\Eloquent\Builder;
final class Event extends Model
class Event extends Model
{
use HasFactory;
use HasUlids;
use SoftDeletes;
protected $fillable = [
'title',
'description',
'location_id',
'customer_id',
'setlist_id',
'event_date',
'start_time',
'end_time',
'fee',
'currency',
'organisation_id',
'name',
'slug',
'start_date',
'end_date',
'timezone',
'status',
'visibility',
'rsvp_deadline',
'notes',
'internal_notes',
'created_by',
];
protected $casts = [
'event_date' => 'date',
'start_time' => 'datetime:H:i',
'end_time' => 'datetime:H:i',
'fee' => 'decimal:2',
'start_date' => 'date',
'end_date' => 'date',
'status' => EventStatus::class,
'rsvp_deadline' => 'datetime',
];
// Global Scope: always scope on organisation
protected static function booted(): void
{
static::addGlobalScope('organisation', function (Builder $builder) {
if ($organisationId = auth()->user()?->current_organisation_id) {
$builder->where('organisation_id', $organisationId);
}
});
}
// Relationships
public function location(): BelongsTo
public function organisation(): BelongsTo
{
return $this->belongsTo(Location::class);
return $this->belongsTo(Organisation::class);
}
public function customer(): BelongsTo
public function festivalSections(): HasMany
{
return $this->belongsTo(Customer::class);
return $this->hasMany(FestivalSection::class);
}
public function setlist(): BelongsTo
public function timeSlots(): HasMany
{
return $this->belongsTo(Setlist::class);
return $this->hasMany(TimeSlot::class);
}
public function creator(): BelongsTo
public function persons(): HasMany
{
return $this->belongsTo(User::class, 'created_by');
return $this->hasMany(Person::class);
}
public function invitations(): HasMany
public function artists(): HasMany
{
return $this->hasMany(EventInvitation::class);
return $this->hasMany(Artist::class);
}
// Scopes
public function scopeUpcoming($query)
public function scopeWithStatus(Builder $query, EventStatus $status): Builder
{
return $query->where('event_date', '>=', now()->toDateString())
->orderBy('event_date');
}
public function scopeConfirmed($query)
{
return $query->where('status', EventStatus::Confirmed);
return $query->where('status', $status);
}
}
```
### Enum
### Enum (EventStatus)
```php
<?php
@@ -156,30 +124,36 @@ namespace App\Enums;
enum EventStatus: string
{
case Draft = 'draft';
case Pending = 'pending';
case Confirmed = 'confirmed';
case Completed = 'completed';
case Cancelled = 'cancelled';
case Published = 'published';
case RegistrationOpen = 'registration_open';
case BuildUp = 'buildup';
case ShowDay = 'showday';
case TearDown = 'teardown';
case Closed = 'closed';
public function label(): string
{
return match ($this) {
self::Draft => 'Draft',
self::Pending => 'Pending Confirmation',
self::Confirmed => 'Confirmed',
self::Completed => 'Completed',
self::Cancelled => 'Cancelled',
self::Published => 'Published',
self::RegistrationOpen => 'Registration Open',
self::BuildUp => 'Build-Up',
self::ShowDay => 'Show Day',
self::TearDown => 'Tear-Down',
self::Closed => 'Closed',
};
}
public function color(): string
{
return match ($this) {
self::Draft => 'gray',
self::Pending => 'yellow',
self::Confirmed => 'green',
self::Completed => 'blue',
self::Cancelled => 'red',
self::Draft => 'secondary',
self::Published => 'info',
self::RegistrationOpen => 'primary',
self::BuildUp => 'warning',
self::ShowDay => 'success',
self::TearDown => 'warning',
self::Closed => 'secondary',
};
}
}
@@ -202,28 +176,17 @@ return new class extends Migration
{
Schema::create('events', function (Blueprint $table) {
$table->ulid('id')->primary();
$table->string('title');
$table->text('description')->nullable();
$table->foreignUlid('location_id')->nullable()->constrained()->nullOnDelete();
$table->foreignUlid('customer_id')->nullable()->constrained()->nullOnDelete();
$table->foreignUlid('setlist_id')->nullable()->constrained()->nullOnDelete();
$table->date('event_date');
$table->time('start_time');
$table->time('end_time')->nullable();
$table->time('load_in_time')->nullable();
$table->time('soundcheck_time')->nullable();
$table->decimal('fee', 10, 2)->nullable();
$table->string('currency', 3)->default('EUR');
$table->enum('status', ['draft', 'pending', 'confirmed', 'completed', 'cancelled'])->default('draft');
$table->enum('visibility', ['private', 'members', 'public'])->default('members');
$table->dateTime('rsvp_deadline')->nullable();
$table->text('notes')->nullable();
$table->text('internal_notes')->nullable();
$table->boolean('is_public_setlist')->default(false);
$table->foreignUlid('created_by')->constrained('users');
$table->foreignUlid('organisation_id')->constrained()->cascadeOnDelete();
$table->string('name');
$table->string('slug');
$table->date('start_date');
$table->date('end_date');
$table->string('timezone')->default('Europe/Amsterdam');
$table->string('status')->default('draft');
$table->timestamps();
$table->softDeletes();
$table->index(['event_date', 'status']);
$table->index(['organisation_id', 'status']);
});
}
@@ -234,7 +197,7 @@ return new class extends Migration
};
```
### Controller
### Controller (Resource Controller with Policy)
```php
<?php
@@ -243,60 +206,59 @@ declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Actions\Events\CreateEventAction;
use App\Actions\Events\UpdateEventAction;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreEventRequest;
use App\Http\Requests\Api\V1\UpdateEventRequest;
use App\Http\Resources\Api\V1\EventCollection;
use App\Http\Resources\Api\V1\EventResource;
use App\Models\Event;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
final class EventController extends Controller
class EventController extends Controller
{
public function index(): EventCollection
public function __construct()
{
$events = Event::query()
->with(['location', 'customer'])
->latest('event_date')
->paginate();
return new EventCollection($events);
$this->authorizeResource(Event::class, 'event');
}
public function store(StoreEventRequest $request, CreateEventAction $action): JsonResponse
public function index(): AnonymousResourceCollection
{
$event = $action->execute($request->validated());
$events = Event::query()
->with(['organisation', 'festivalSections'])
->latest('start_date')
->paginate();
return $this->created(
new EventResource($event->load(['location', 'customer'])),
'Event created successfully'
);
return EventResource::collection($events);
}
public function store(StoreEventRequest $request): JsonResponse
{
$event = Event::create($request->validated());
return (new EventResource($event))
->response()
->setStatusCode(201);
}
public function show(Event $event): EventResource
{
return new EventResource(
$event->load(['location', 'customer', 'setlist', 'invitations.user'])
$event->load(['organisation', 'festivalSections', 'timeSlots', 'persons'])
);
}
public function update(UpdateEventRequest $request, Event $event, UpdateEventAction $action): JsonResponse
public function update(UpdateEventRequest $request, Event $event): EventResource
{
$event = $action->execute($event, $request->validated());
$event->update($request->validated());
return $this->success(
new EventResource($event),
'Event updated successfully'
);
return new EventResource($event);
}
public function destroy(Event $event): JsonResponse
{
$event->delete();
return $this->success(null, 'Event deleted successfully');
return response()->json(null, 204);
}
}
```
@@ -311,45 +273,26 @@ declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use App\Enums\EventStatus;
use App\Enums\EventVisibility;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
final class StoreEventRequest extends FormRequest
class StoreEventRequest extends FormRequest
{
public function authorize(): bool
{
return true; // Or use policy
return true; // Handled by Policy via authorizeResource
}
public function rules(): array
{
return [
'title' => ['required', 'string', 'max:255'],
'description' => ['nullable', 'string', 'max:5000'],
'location_id' => ['nullable', 'ulid', 'exists:locations,id'],
'customer_id' => ['nullable', 'ulid', 'exists:customers,id'],
'setlist_id' => ['nullable', 'ulid', 'exists:setlists,id'],
'event_date' => ['required', 'date', 'after_or_equal:today'],
'start_time' => ['required', 'date_format:H:i'],
'end_time' => ['nullable', 'date_format:H:i', 'after:start_time'],
'load_in_time' => ['nullable', 'date_format:H:i'],
'soundcheck_time' => ['nullable', 'date_format:H:i'],
'fee' => ['nullable', 'numeric', 'min:0', 'max:999999.99'],
'currency' => ['sometimes', 'string', 'size:3'],
'organisation_id' => ['required', 'ulid', 'exists:organisations,id'],
'name' => ['required', 'string', 'max:255'],
'slug' => ['required', 'string', 'max:255', Rule::unique('events')->where('organisation_id', $this->organisation_id)],
'start_date' => ['required', 'date'],
'end_date' => ['required', 'date', 'after_or_equal:start_date'],
'timezone' => ['sometimes', 'string', 'timezone'],
'status' => ['sometimes', Rule::enum(EventStatus::class)],
'visibility' => ['sometimes', Rule::enum(EventVisibility::class)],
'rsvp_deadline' => ['nullable', 'date', 'before:event_date'],
'notes' => ['nullable', 'string', 'max:5000'],
'internal_notes' => ['nullable', 'string', 'max:5000'],
];
}
public function messages(): array
{
return [
'event_date.after_or_equal' => 'The event date must be today or a future date.',
'end_time.after' => 'The end time must be after the start time.',
];
}
}
@@ -367,35 +310,30 @@ namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class EventResource extends JsonResource
class EventResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'title' => $this->title,
'description' => $this->description,
'event_date' => $this->event_date->toDateString(),
'start_time' => $this->start_time?->format('H:i'),
'end_time' => $this->end_time?->format('H:i'),
'load_in_time' => $this->load_in_time?->format('H:i'),
'soundcheck_time' => $this->soundcheck_time?->format('H:i'),
'fee' => $this->fee,
'currency' => $this->currency,
'organisation_id' => $this->organisation_id,
'name' => $this->name,
'slug' => $this->slug,
'start_date' => $this->start_date->toDateString(),
'end_date' => $this->end_date->toDateString(),
'timezone' => $this->timezone,
'status' => $this->status->value,
'status_label' => $this->status->label(),
'visibility' => $this->visibility,
'rsvp_deadline' => $this->rsvp_deadline?->toIso8601String(),
'notes' => $this->notes,
'internal_notes' => $this->when(
$request->user()?->isAdmin(),
$this->internal_notes
'status_color' => $this->status->color(),
'festival_sections' => FestivalSectionResource::collection(
$this->whenLoaded('festivalSections')
),
'location' => new LocationResource($this->whenLoaded('location')),
'customer' => new CustomerResource($this->whenLoaded('customer')),
'setlist' => new SetlistResource($this->whenLoaded('setlist')),
'invitations' => EventInvitationResource::collection(
$this->whenLoaded('invitations')
'time_slots' => TimeSlotResource::collection(
$this->whenLoaded('timeSlots')
),
'persons_count' => $this->when(
$this->persons_count !== null,
$this->persons_count
),
'created_at' => $this->created_at->toIso8601String(),
'updated_at' => $this->updated_at->toIso8601String(),
@@ -404,147 +342,7 @@ final class EventResource extends JsonResource
}
```
### Resource Collection
```php
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\ResourceCollection;
final class EventCollection extends ResourceCollection
{
public $collects = EventResource::class;
public function toArray(Request $request): array
{
return [
'data' => $this->collection,
];
}
public function with(Request $request): array
{
return [
'success' => true,
'meta' => [
'pagination' => [
'current_page' => $this->currentPage(),
'per_page' => $this->perPage(),
'total' => $this->total(),
'last_page' => $this->lastPage(),
'from' => $this->firstItem(),
'to' => $this->lastItem(),
],
],
];
}
}
```
### Action Class
```php
<?php
declare(strict_types=1);
namespace App\Actions\Events;
use App\Models\Event;
use Illuminate\Support\Facades\Auth;
final class CreateEventAction
{
public function execute(array $data): Event
{
$data['created_by'] = Auth::id();
return Event::create($data);
}
}
```
### API Response Trait
```php
<?php
declare(strict_types=1);
namespace App\Traits;
use Illuminate\Http\JsonResponse;
trait ApiResponse
{
protected function success(mixed $data = null, string $message = 'Success', int $code = 200): JsonResponse
{
return response()->json([
'success' => true,
'data' => $data,
'message' => $message,
], $code);
}
protected function created(mixed $data = null, string $message = 'Created'): JsonResponse
{
return $this->success($data, $message, 201);
}
protected function error(string $message, int $code = 400, array $errors = []): JsonResponse
{
$response = [
'success' => false,
'message' => $message,
];
if (!empty($errors)) {
$response['errors'] = $errors;
}
return response()->json($response, $code);
}
protected function notFound(string $message = 'Resource not found'): JsonResponse
{
return $this->error($message, 404);
}
protected function unauthorized(string $message = 'Unauthorized'): JsonResponse
{
return $this->error($message, 401);
}
protected function forbidden(string $message = 'Forbidden'): JsonResponse
{
return $this->error($message, 403);
}
}
```
### Base Controller
```php
<?php
declare(strict_types=1);
namespace App\Http\Controllers;
use App\Traits\ApiResponse;
abstract class Controller
{
use ApiResponse;
}
```
### Policy
### Policy (with Spatie Roles)
```php
<?php
@@ -556,31 +354,33 @@ namespace App\Policies;
use App\Models\Event;
use App\Models\User;
final class EventPolicy
class EventPolicy
{
public function viewAny(User $user): bool
{
return true;
return $user->hasAnyRole(['super_admin', 'org_admin', 'org_member', 'org_readonly']);
}
public function view(User $user, Event $event): bool
{
return true;
return $user->belongsToOrganisation($event->organisation_id);
}
public function create(User $user): bool
{
return $user->isAdmin() || $user->isBookingAgent();
return $user->hasAnyRole(['super_admin', 'org_admin']);
}
public function update(User $user, Event $event): bool
{
return $user->isAdmin() || $user->isBookingAgent();
return $user->hasAnyRole(['super_admin', 'org_admin'])
&& $user->belongsToOrganisation($event->organisation_id);
}
public function delete(User $user, Event $event): bool
{
return $user->isAdmin();
return $user->hasAnyRole(['super_admin', 'org_admin'])
&& $user->belongsToOrganisation($event->organisation_id);
}
}
```
@@ -592,195 +392,90 @@ final class EventPolicy
declare(strict_types=1);
use App\Http\Controllers\Api\V1\AuthController;
use App\Http\Controllers\Api\V1\EventController;
use App\Http\Controllers\Api\V1\LocationController;
use App\Http\Controllers\Api\V1\MemberController;
use App\Http\Controllers\Api\V1\MusicController;
use App\Http\Controllers\Api\V1\SetlistController;
use App\Http\Controllers\Api\V1\CustomerController;
use App\Http\Controllers\Api\V1;
use Illuminate\Support\Facades\Route;
Route::prefix('v1')->group(function () {
// Public routes
Route::post('auth/login', [AuthController::class, 'login']);
Route::post('auth/register', [AuthController::class, 'register']);
Route::post('auth/forgot-password', [AuthController::class, 'forgotPassword']);
Route::post('auth/reset-password', [AuthController::class, 'resetPassword']);
Route::post('auth/login', [V1\AuthController::class, 'login']);
Route::post('portal/token-auth', [V1\PortalAuthController::class, 'tokenAuth']);
// Protected routes
// Protected routes (login-based)
Route::middleware('auth:sanctum')->group(function () {
// Auth
Route::get('auth/user', [AuthController::class, 'user']);
Route::post('auth/logout', [AuthController::class, 'logout']);
Route::post('auth/logout', [V1\AuthController::class, 'logout']);
Route::get('auth/me', [V1\AuthController::class, 'me']);
// Resources
Route::apiResource('events', EventController::class);
Route::post('events/{event}/invite', [EventController::class, 'invite']);
Route::post('events/{event}/rsvp', [EventController::class, 'rsvp']);
// Organisations
Route::apiResource('organisations', V1\OrganisationController::class);
Route::post('organisations/{organisation}/invite', [V1\OrganisationController::class, 'invite']);
Route::apiResource('members', MemberController::class);
Route::apiResource('music', MusicController::class);
Route::apiResource('setlists', SetlistController::class);
Route::apiResource('locations', LocationController::class);
Route::apiResource('customers', CustomerController::class);
// Events (nested under organisations)
Route::apiResource('organisations.events', V1\EventController::class)->shallow();
// Festival Sections (nested under events)
Route::apiResource('events.festival-sections', V1\FestivalSectionController::class)->shallow();
// Time Slots
Route::apiResource('events.time-slots', V1\TimeSlotController::class)->shallow();
// Shifts (nested under sections)
Route::apiResource('festival-sections.shifts', V1\ShiftController::class)->shallow();
Route::post('shifts/{shift}/assign', [V1\ShiftController::class, 'assign']);
Route::post('shifts/{shift}/claim', [V1\ShiftController::class, 'claim']);
// Persons
Route::apiResource('events.persons', V1\PersonController::class)->shallow();
Route::post('persons/{person}/approve', [V1\PersonController::class, 'approve']);
Route::post('persons/{person}/checkin', [V1\PersonController::class, 'checkin']);
// Artists
Route::apiResource('events.artists', V1\ArtistController::class)->shallow();
// Accreditation
Route::apiResource('events.accreditation-items', V1\AccreditationItemController::class)->shallow();
Route::apiResource('events.access-zones', V1\AccessZoneController::class)->shallow();
// Briefings
Route::apiResource('events.briefings', V1\BriefingController::class)->shallow();
Route::post('briefings/{briefing}/send', [V1\BriefingController::class, 'send']);
});
// Token-based portal routes
Route::middleware('portal.token')->prefix('portal')->group(function () {
Route::get('artist', [V1\PortalArtistController::class, 'show']);
Route::post('advancing', [V1\PortalArtistController::class, 'submitAdvance']);
Route::get('supplier', [V1\PortalSupplierController::class, 'show']);
Route::post('production-request', [V1\PortalSupplierController::class, 'submit']);
});
});
```
## Soft Delete Strategy
**Soft delete ON**: Organisation, Event, FestivalSection, Shift, ShiftAssignment, Person, Artist, Company, ProductionRequest.
**Soft delete OFF** (immutable audit records): CheckIn, BriefingSend, MessageReply, ShiftWaitlist, VolunteerFestivalHistory.
## Best Practices
### Always Use
- `declare(strict_types=1)` at the top of every file
- `final` keyword for Action classes, Form Requests, Resources
- `declare(strict_types=1)` at top of every file
- HasUlids trait for ULID primary keys on business models
- OrganisationScope for multi-tenant data isolation
- Type hints for all parameters and return types
- Named arguments for better readability
- Enums for status fields and fixed options
- ULIDs for all primary keys
- Eager loading to prevent N+1 queries
- API Resources for all responses
- API Resources for all responses (never raw models)
- Spatie roles and Policies for authorization
- Composite indexes as documented in design document
### Avoid
- Business logic in controllers
- String constants (use enums)
- Auto-increment IDs
- Direct model creation in controllers
- Business logic in controllers (use Services for complex logic)
- String constants for statuses (use enums)
- Auto-increment IDs for business tables (use ULIDs)
- Returning raw models (use Resources)
- Hardcoded strings for error messages
## DTOs (Data Transfer Objects)
Use DTOs for complex data passing between layers:
```php
<?php
declare(strict_types=1);
namespace App\DTOs;
readonly class CreateEventDTO
{
public function __construct(
public string $title,
public string $eventDate,
public string $startTime,
public ?string $description = null,
public ?string $locationId = null,
public ?string $customerId = null,
public ?string $endTime = null,
public ?float $fee = null,
) {}
public static function from(array $data): self
{
return new self(
title: $data['title'],
eventDate: $data['event_date'],
startTime: $data['start_time'],
description: $data['description'] ?? null,
locationId: $data['location_id'] ?? null,
customerId: $data['customer_id'] ?? null,
endTime: $data['end_time'] ?? null,
fee: $data['fee'] ?? null,
);
}
}
// Usage
$dto = CreateEventDTO::from($request->validated());
$event = $action->execute($dto);
```
## Helpers
Use Laravel helpers instead of facades:
```php
// ✅ Good
auth()->id()
auth()->user()
now()
str($string)->slug()
collect($array)->filter()
cache()->remember('key', 3600, fn() => $value)
// ❌ Avoid
Auth::id()
Carbon::now()
Str::slug($string)
Cache::remember(...)
```
## Error Handling
Create domain-specific exceptions:
```php
<?php
declare(strict_types=1);
namespace App\Exceptions;
use Exception;
use Illuminate\Http\JsonResponse;
class EventNotFoundException extends Exception
{
public function render(): JsonResponse
{
return response()->json([
'success' => false,
'message' => 'Event not found',
], 404);
}
}
class EventAlreadyConfirmedException extends Exception
{
public function render(): JsonResponse
{
return response()->json([
'success' => false,
'message' => 'Event has already been confirmed and cannot be modified',
], 422);
}
}
// Usage in Action
if ($event->isConfirmed()) {
throw new EventAlreadyConfirmedException();
}
```
## Query Scopes
Add reusable query scopes to models:
```php
// In Event model
public function scopeUpcoming(Builder $query): Builder
{
return $query->where('event_date', '>=', now()->toDateString())
->orderBy('event_date');
}
public function scopeForUser(Builder $query, User $user): Builder
{
return $query->whereHas('invitations', fn ($q) =>
$q->where('user_id', $user->id)
);
}
public function scopeConfirmed(Builder $query): Builder
{
return $query->where('status', EventStatus::Confirmed);
}
// Usage
Event::upcoming()->confirmed()->get();
Event::forUser($user)->upcoming()->get();
```
- Hardcoded role checks in controllers (use Policies)
- JSON columns for data that needs to be filtered/sorted
- `Model::all()` without organisation scoping