refactor: align codebase with EventCrew domain and trim legacy band stack

- Update API: events, users, policies, routes, resources, migrations
- Remove deprecated models/resources (customers, setlists, invitations, etc.)
- Refresh admin app and docs; remove apps/band

Made-with: Cursor

api/app/Enums/EventStatus.php

@@ -1,37 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Enums;
-
-enum EventStatus: string
-{
-    case Draft = 'draft';
-    case Pending = 'pending';
-    case Confirmed = 'confirmed';
-    case Completed = 'completed';
-    case Cancelled = 'cancelled';
-
-    public function label(): string
-    {
-        return match ($this) {
-            self::Draft => 'Draft',
-            self::Pending => 'Pending Confirmation',
-            self::Confirmed => 'Confirmed',
-            self::Completed => 'Completed',
-            self::Cancelled => 'Cancelled',
-        };
-    }
-
-    public function color(): string
-    {
-        return match ($this) {
-            self::Draft => 'secondary',
-            self::Pending => 'warning',
-            self::Confirmed => 'success',
-            self::Completed => 'info',
-            self::Cancelled => 'error',
-        };
-    }
-}
-

api/app/Enums/EventVisibility.php

@@ -1,22 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Enums;
-
-enum EventVisibility: string
-{
-    case Private = 'private';
-    case Members = 'members';
-    case Public = 'public';
-
-    public function label(): string
-    {
-        return match ($this) {
-            self::Private => 'Private',
-            self::Members => 'Members Only',
-            self::Public => 'Public',
-        };
-    }
-}
-

api/app/Enums/RsvpStatus.php

@@ -1,34 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Enums;
-
-enum RsvpStatus: string
-{
-    case Pending = 'pending';
-    case Available = 'available';
-    case Unavailable = 'unavailable';
-    case Tentative = 'tentative';
-
-    public function label(): string
-    {
-        return match ($this) {
-            self::Pending => 'Pending',
-            self::Available => 'Available',
-            self::Unavailable => 'Unavailable',
-            self::Tentative => 'Tentative',
-        };
-    }
-
-    public function color(): string
-    {
-        return match ($this) {
-            self::Pending => 'secondary',
-            self::Available => 'success',
-            self::Unavailable => 'error',
-            self::Tentative => 'warning',
-        };
-    }
-}
-

api/app/Http/Controllers/Api/V1/AuthController.php

@@ -1,75 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Controllers\Api\V1;
-
-use App\Http\Controllers\Controller;
-use App\Http\Requests\Api\V1\LoginRequest;
-use App\Http\Requests\Api\V1\RegisterRequest;
-use App\Http\Resources\Api\V1\UserResource;
-use App\Models\User;
-use Illuminate\Http\JsonResponse;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Hash;
-
-final class AuthController extends Controller
-{
-    public function login(LoginRequest $request): JsonResponse
-    {
-        $credentials = $request->only('email', 'password');
-
-        if (!Auth::attempt($credentials)) {
-            return $this->unauthorized('Invalid credentials');
-        }
-
-        $user = Auth::user();
-
-        if (!$user->isActive()) {
-            Auth::logout();
-            return $this->forbidden('Your account is inactive');
-        }
-
-        $token = $user->createToken('auth-token')->plainTextToken;
-
-        return $this->success([
-            'user' => new UserResource($user),
-            'token' => $token,
-        ], 'Login successful');
-    }
-
-    public function register(RegisterRequest $request): JsonResponse
-    {
-        $user = User::create([
-            'name' => $request->name,
-            'email' => $request->email,
-            'password' => Hash::make($request->password),
-            'type' => 'member',
-            'role' => 'member',
-            'status' => 'active',
-        ]);
-
-        $token = $user->createToken('auth-token')->plainTextToken;
-
-        return $this->created([
-            'user' => new UserResource($user),
-            'token' => $token,
-        ], 'Registration successful');
-    }
-
-    public function user(Request $request): JsonResponse
-    {
-        return $this->success(
-            new UserResource($request->user())
-        );
-    }
-
-    public function logout(Request $request): JsonResponse
-    {
-        $request->user()->currentAccessToken()->delete();
-
-        return $this->success(null, 'Logged out successfully');
-    }
-}
-

api/app/Http/Controllers/Api/V1/EventController.php

@@ -4,151 +4,55 @@ declare(strict_types=1);
 
 namespace App\Http\Controllers\Api\V1;
 
-use App\Enums\RsvpStatus;
 use App\Http\Controllers\Controller;
-use App\Http\Requests\Api\V1\InviteToEventRequest;
-use App\Http\Requests\Api\V1\RsvpEventRequest;
 use App\Http\Requests\Api\V1\StoreEventRequest;
 use App\Http\Requests\Api\V1\UpdateEventRequest;
-use App\Http\Resources\Api\V1\EventCollection;
-use App\Http\Resources\Api\V1\EventInvitationResource;
 use App\Http\Resources\Api\V1\EventResource;
 use App\Models\Event;
-use App\Models\EventInvitation;
+use App\Models\Organisation;
 use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
 use Illuminate\Support\Facades\Gate;
 
 final class EventController extends Controller
 {
-    /**
-     * Display a listing of events.
-     */
-    public function index(): EventCollection
+    public function index(Organisation $organisation): AnonymousResourceCollection
     {
-        Gate::authorize('viewAny', Event::class);
+        Gate::authorize('viewAny', [Event::class, $organisation]);
 
-        $events = Event::query()
-            ->with(['location', 'customer'])
-            ->latest('event_date')
+        $events = $organisation->events()
+            ->latest('start_date')
             ->paginate();
 
-        return new EventCollection($events);
+        return EventResource::collection($events);
     }
 
-    /**
-     * Store a newly created event.
-     */
-    public function store(StoreEventRequest $request): JsonResponse
-    {
-        Gate::authorize('create', Event::class);
-
-        $data = $request->validated();
-        $data['created_by'] = auth()->id();
-        $data['currency'] = $data['currency'] ?? 'EUR';
-
-        $event = Event::create($data);
-
-        return $this->created(
-            new EventResource($event->load(['location', 'customer'])),
-            'Event created successfully'
-        );
-    }
-
-    /**
-     * Display the specified event.
-     */
-    public function show(Event $event): EventResource
+    public function show(Organisation $organisation, Event $event): JsonResponse
     {
         Gate::authorize('view', $event);
 
-        return new EventResource(
-            $event->load(['location', 'customer', 'setlist.items.musicNumber', 'invitations.user', 'creator'])
-        );
+        abort_unless($event->organisation_id === $organisation->id, 404);
+
+        return $this->success(new EventResource($event->load('organisation')));
     }
 
-    /**
-     * Update the specified event.
-     */
-    public function update(UpdateEventRequest $request, Event $event): JsonResponse
+    public function store(StoreEventRequest $request, Organisation $organisation): JsonResponse
+    {
+        Gate::authorize('create', [Event::class, $organisation]);
+
+        $event = $organisation->events()->create($request->validated());
+
+        return $this->created(new EventResource($event));
+    }
+
+    public function update(UpdateEventRequest $request, Organisation $organisation, Event $event): JsonResponse
     {
         Gate::authorize('update', $event);
 
+        abort_unless($event->organisation_id === $organisation->id, 404);
+
         $event->update($request->validated());
 
-        return $this->success(
-            new EventResource($event->load(['location', 'customer'])),
-            'Event updated successfully'
-        );
-    }
-
-    /**
-     * Remove the specified event.
-     */
-    public function destroy(Event $event): JsonResponse
-    {
-        Gate::authorize('delete', $event);
-
-        $event->delete();
-
-        return $this->success(null, 'Event deleted successfully');
-    }
-
-    /**
-     * Invite members to an event.
-     */
-    public function invite(InviteToEventRequest $request, Event $event): JsonResponse
-    {
-        Gate::authorize('invite', $event);
-
-        $userIds = $request->validated()['user_ids'];
-        $invitedCount = 0;
-
-        foreach ($userIds as $userId) {
-            // Skip if already invited
-            if ($event->invitations()->where('user_id', $userId)->exists()) {
-                continue;
-            }
-
-            $event->invitations()->create([
-                'user_id' => $userId,
-                'rsvp_status' => RsvpStatus::Pending,
-                'invited_at' => now(),
-            ]);
-
-            $invitedCount++;
-        }
-
-        return $this->success(
-            EventInvitationResource::collection(
-                $event->invitations()->with('user')->get()
-            ),
-            "{$invitedCount} member(s) invited successfully"
-        );
-    }
-
-    /**
-     * Respond to an event invitation (RSVP).
-     */
-    public function rsvp(RsvpEventRequest $request, Event $event): JsonResponse
-    {
-        Gate::authorize('rsvp', $event);
-
-        $invitation = EventInvitation::where('event_id', $event->id)
-            ->where('user_id', auth()->id())
-            ->firstOrFail();
-
-        $data = $request->validated();
-
-        $invitation->update([
-            'rsvp_status' => $data['status'],
-            'rsvp_note' => $data['note'] ?? null,
-            'rsvp_responded_at' => now(),
-        ]);
-
-        return $this->success(
-            new EventInvitationResource($invitation->load('user')),
-            'RSVP updated successfully'
-        );
+        return $this->success(new EventResource($event->fresh()));
     }
 }
-

api/app/Http/Controllers/Api/V1/LoginController.php

@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Api\V1\LoginRequest;
+use App\Http\Resources\Api\V1\UserResource;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Auth;
+
+final class LoginController extends Controller
+{
+    public function __invoke(LoginRequest $request): JsonResponse
+    {
+        if (!Auth::attempt($request->only('email', 'password'))) {
+            return $this->unauthorized('Invalid credentials');
+        }
+
+        $user = Auth::user()->load(['organisations', 'roles']);
+        $token = $user->createToken('auth-token')->plainTextToken;
+
+        return $this->success([
+            'user' => new UserResource($user),
+            'token' => $token,
+        ], 'Login successful');
+    }
+}

api/app/Http/Controllers/Api/V1/LogoutController.php

@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+
+final class LogoutController extends Controller
+{
+    public function __invoke(Request $request): JsonResponse
+    {
+        $request->user()->currentAccessToken()->delete();
+
+        return $this->success(null, 'Logged out successfully');
+    }
+}

api/app/Http/Controllers/Api/V1/MeController.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Http\Controllers\Controller;
+use App\Http\Resources\Api\V1\UserResource;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+
+final class MeController extends Controller
+{
+    public function __invoke(Request $request): JsonResponse
+    {
+        $user = $request->user()->load(['organisations', 'events']);
+
+        return $this->success(new UserResource($user));
+    }
+}

api/app/Http/Controllers/Api/V1/OrganisationController.php

@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Api\V1\StoreOrganisationRequest;
+use App\Http\Requests\Api\V1\UpdateOrganisationRequest;
+use App\Http\Resources\Api\V1\OrganisationResource;
+use App\Models\Organisation;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
+use Illuminate\Support\Facades\Gate;
+
+final class OrganisationController extends Controller
+{
+    public function index(): AnonymousResourceCollection
+    {
+        Gate::authorize('viewAny', Organisation::class);
+
+        $user = auth()->user();
+
+        $organisations = $user->hasRole('super_admin')
+            ? Organisation::query()->paginate()
+            : $user->organisations()->paginate();
+
+        return OrganisationResource::collection($organisations);
+    }
+
+    public function show(Organisation $organisation): JsonResponse
+    {
+        Gate::authorize('view', $organisation);
+
+        return $this->success(new OrganisationResource($organisation));
+    }
+
+    public function store(StoreOrganisationRequest $request): JsonResponse
+    {
+        Gate::authorize('create', Organisation::class);
+
+        $organisation = Organisation::create($request->validated());
+
+        return $this->created(new OrganisationResource($organisation));
+    }
+
+    public function update(UpdateOrganisationRequest $request, Organisation $organisation): JsonResponse
+    {
+        Gate::authorize('update', $organisation);
+
+        $organisation->update($request->validated());
+
+        return $this->success(new OrganisationResource($organisation->fresh()));
+    }
+}

api/app/Http/Middleware/PortalTokenMiddleware.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class PortalTokenMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        return $next($request);
+    }
+}

api/app/Http/Requests/Api/V1/InviteToEventRequest.php

@@ -1,32 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Requests\Api\V1;
-
-use Illuminate\Foundation\Http\FormRequest;
-
-final class InviteToEventRequest extends FormRequest
-{
-    public function authorize(): bool
-    {
-        return true;
-    }
-
-    public function rules(): array
-    {
-        return [
-            'user_ids' => ['required', 'array', 'min:1'],
-            'user_ids.*' => ['required', 'ulid', 'exists:users,id'],
-        ];
-    }
-
-    public function messages(): array
-    {
-        return [
-            'user_ids.required' => 'Please select at least one member to invite.',
-            'user_ids.*.exists' => 'One or more selected members do not exist.',
-        ];
-    }
-}
-

api/app/Http/Requests/Api/V1/RegisterRequest.php

@@ -1,38 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Requests\Api\V1;
-
-use Illuminate\Foundation\Http\FormRequest;
-use Illuminate\Validation\Rules\Password;
-
-final class RegisterRequest extends FormRequest
-{
-    public function authorize(): bool
-    {
-        return true;
-    }
-
-    public function rules(): array
-    {
-        return [
-            'name' => ['required', 'string', 'max:255'],
-            'email' => ['required', 'string', 'email', 'max:255', 'unique:users,email'],
-            'password' => ['required', 'string', 'confirmed', Password::defaults()],
-        ];
-    }
-
-    public function messages(): array
-    {
-        return [
-            'name.required' => 'Name is required',
-            'email.required' => 'Email is required',
-            'email.email' => 'Please enter a valid email address',
-            'email.unique' => 'This email is already registered',
-            'password.required' => 'Password is required',
-            'password.confirmed' => 'Password confirmation does not match',
-        ];
-    }
-}
-

api/app/Http/Requests/Api/V1/RsvpEventRequest.php

@@ -1,33 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Requests\Api\V1;
-
-use App\Enums\RsvpStatus;
-use Illuminate\Foundation\Http\FormRequest;
-use Illuminate\Validation\Rule;
-
-final class RsvpEventRequest extends FormRequest
-{
-    public function authorize(): bool
-    {
-        return true;
-    }
-
-    public function rules(): array
-    {
-        return [
-            'status' => ['required', Rule::enum(RsvpStatus::class)],
-            'note' => ['nullable', 'string', 'max:1000'],
-        ];
-    }
-
-    public function messages(): array
-    {
-        return [
-            'status.required' => 'Please select your availability status.',
-        ];
-    }
-}
-

api/app/Http/Requests/Api/V1/StoreEventRequest.php

@@ -4,10 +4,7 @@ declare(strict_types=1);
 
 namespace App\Http\Requests\Api\V1;
 
-use App\Enums\EventStatus;
-use App\Enums\EventVisibility;
 use Illuminate\Foundation\Http\FormRequest;
-use Illuminate\Validation\Rule;
 
 final class StoreEventRequest extends FormRequest
 {
@@ -16,37 +13,16 @@ final class StoreEventRequest extends FormRequest
         return true;
     }
 
+    /** @return array<string, mixed> */
     public function rules(): array
     {
         return [
-            'title' => ['required', 'string', 'max:255'],
-            'description' => ['nullable', 'string', 'max:5000'],
-            'location_id' => ['nullable', 'ulid', 'exists:locations,id'],
-            'customer_id' => ['nullable', 'ulid', 'exists:customers,id'],
-            'setlist_id' => ['nullable', 'ulid', 'exists:setlists,id'],
-            'event_date' => ['required', 'date', 'after_or_equal:today'],
-            'start_time' => ['required', 'date_format:H:i'],
-            'end_time' => ['nullable', 'date_format:H:i', 'after:start_time'],
-            'load_in_time' => ['nullable', 'date_format:H:i'],
-            'soundcheck_time' => ['nullable', 'date_format:H:i'],
-            'fee' => ['nullable', 'numeric', 'min:0', 'max:999999.99'],
-            'currency' => ['sometimes', 'string', 'size:3'],
-            'status' => ['sometimes', Rule::enum(EventStatus::class)],
-            'visibility' => ['sometimes', Rule::enum(EventVisibility::class)],
-            'rsvp_deadline' => ['nullable', 'date', 'before:event_date'],
-            'notes' => ['nullable', 'string', 'max:5000'],
-            'internal_notes' => ['nullable', 'string', 'max:5000'],
-            'is_public_setlist' => ['sometimes', 'boolean'],
-        ];
-    }
-
-    public function messages(): array
-    {
-        return [
-            'event_date.after_or_equal' => 'The event date must be today or a future date.',
-            'end_time.after' => 'The end time must be after the start time.',
-            'rsvp_deadline.before' => 'The RSVP deadline must be before the event date.',
+            'name' => ['required', 'string', 'max:255'],
+            'slug' => ['required', 'string', 'max:255', 'regex:/^[a-z0-9-]+$/'],
+            'start_date' => ['required', 'date'],
+            'end_date' => ['required', 'date', 'after_or_equal:start_date'],
+            'timezone' => ['sometimes', 'string', 'max:50'],
+            'status' => ['sometimes', 'string', 'in:draft,published,registration_open,buildup,showday,teardown,closed'],
         ];
     }
 }
-

api/app/Http/Requests/Api/V1/StoreOrganisationRequest.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\Api\V1;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+final class StoreOrganisationRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /** @return array<string, mixed> */
+    public function rules(): array
+    {
+        return [
+            'name' => ['required', 'string', 'max:255'],
+            'slug' => ['required', 'string', 'max:255', 'unique:organisations,slug', 'regex:/^[a-z0-9-]+$/'],
+            'billing_status' => ['sometimes', 'string', 'in:active,trial,suspended'],
+            'settings' => ['sometimes', 'array'],
+        ];
+    }
+}

api/app/Http/Requests/Api/V1/UpdateEventRequest.php

@@ -4,10 +4,7 @@ declare(strict_types=1);
 
 namespace App\Http\Requests\Api\V1;
 
-use App\Enums\EventStatus;
-use App\Enums\EventVisibility;
 use Illuminate\Foundation\Http\FormRequest;
-use Illuminate\Validation\Rule;
 
 final class UpdateEventRequest extends FormRequest
 {
@@ -16,35 +13,16 @@ final class UpdateEventRequest extends FormRequest
         return true;
     }
 
+    /** @return array<string, mixed> */
     public function rules(): array
     {
         return [
-            'title' => ['sometimes', 'string', 'max:255'],
-            'description' => ['nullable', 'string', 'max:5000'],
-            'location_id' => ['nullable', 'ulid', 'exists:locations,id'],
-            'customer_id' => ['nullable', 'ulid', 'exists:customers,id'],
-            'setlist_id' => ['nullable', 'ulid', 'exists:setlists,id'],
-            'event_date' => ['sometimes', 'date'],
-            'start_time' => ['sometimes', 'date_format:H:i'],
-            'end_time' => ['nullable', 'date_format:H:i'],
-            'load_in_time' => ['nullable', 'date_format:H:i'],
-            'soundcheck_time' => ['nullable', 'date_format:H:i'],
-            'fee' => ['nullable', 'numeric', 'min:0', 'max:999999.99'],
-            'currency' => ['sometimes', 'string', 'size:3'],
-            'status' => ['sometimes', Rule::enum(EventStatus::class)],
-            'visibility' => ['sometimes', Rule::enum(EventVisibility::class)],
-            'rsvp_deadline' => ['nullable', 'date'],
-            'notes' => ['nullable', 'string', 'max:5000'],
-            'internal_notes' => ['nullable', 'string', 'max:5000'],
-            'is_public_setlist' => ['sometimes', 'boolean'],
-        ];
-    }
-
-    public function messages(): array
-    {
-        return [
-            'end_time.after' => 'The end time must be after the start time.',
+            'name' => ['sometimes', 'string', 'max:255'],
+            'slug' => ['sometimes', 'string', 'max:255', 'regex:/^[a-z0-9-]+$/'],
+            'start_date' => ['sometimes', 'date'],
+            'end_date' => ['sometimes', 'date', 'after_or_equal:start_date'],
+            'timezone' => ['sometimes', 'string', 'max:50'],
+            'status' => ['sometimes', 'string', 'in:draft,published,registration_open,buildup,showday,teardown,closed'],
         ];
     }
 }
-

api/app/Http/Requests/Api/V1/UpdateOrganisationRequest.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\Api\V1;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Validation\Rule;
+
+final class UpdateOrganisationRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /** @return array<string, mixed> */
+    public function rules(): array
+    {
+        return [
+            'name' => ['sometimes', 'string', 'max:255'],
+            'slug' => [
+                'sometimes', 'string', 'max:255', 'regex:/^[a-z0-9-]+$/',
+                Rule::unique('organisations', 'slug')->ignore($this->route('organisation')),
+            ],
+            'billing_status' => ['sometimes', 'string', 'in:active,trial,suspended'],
+            'settings' => ['sometimes', 'array'],
+        ];
+    }
+}

api/app/Http/Resources/Api/V1/CustomerResource.php

@@ -1,33 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Resources\Api\V1;
-
-use Illuminate\Http\Request;
-use Illuminate\Http\Resources\Json\JsonResource;
-
-final class CustomerResource extends JsonResource
-{
-    public function toArray(Request $request): array
-    {
-        return [
-            'id' => $this->id,
-            'name' => $this->name,
-            'company_name' => $this->company_name,
-            'type' => $this->type,
-            'email' => $this->email,
-            'phone' => $this->phone,
-            'address' => $this->address,
-            'city' => $this->city,
-            'postal_code' => $this->postal_code,
-            'country' => $this->country,
-            'notes' => $this->notes,
-            'is_portal_enabled' => $this->is_portal_enabled,
-            'display_name' => $this->displayName(),
-            'created_at' => $this->created_at->toIso8601String(),
-            'updated_at' => $this->updated_at->toIso8601String(),
-        ];
-    }
-}
-

api/app/Http/Resources/Api/V1/EventCollection.php

@@ -1,38 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Resources\Api\V1;
-
-use Illuminate\Http\Request;
-use Illuminate\Http\Resources\Json\ResourceCollection;
-
-final class EventCollection extends ResourceCollection
-{
-    public $collects = EventResource::class;
-
-    public function toArray(Request $request): array
-    {
-        return [
-            'data' => $this->collection,
-        ];
-    }
-
-    public function with(Request $request): array
-    {
-        return [
-            'success' => true,
-            'meta' => [
-                'pagination' => [
-                    'current_page' => $this->currentPage(),
-                    'per_page' => $this->perPage(),
-                    'total' => $this->total(),
-                    'last_page' => $this->lastPage(),
-                    'from' => $this->firstItem(),
-                    'to' => $this->lastItem(),
-                ],
-            ],
-        ];
-    }
-}
-

api/app/Http/Resources/Api/V1/EventInvitationResource.php

@@ -1,28 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Resources\Api\V1;
-
-use Illuminate\Http\Request;
-use Illuminate\Http\Resources\Json\JsonResource;
-
-final class EventInvitationResource extends JsonResource
-{
-    public function toArray(Request $request): array
-    {
-        return [
-            'id' => $this->id,
-            'event_id' => $this->event_id,
-            'user_id' => $this->user_id,
-            'rsvp_status' => $this->rsvp_status->value,
-            'rsvp_status_label' => $this->rsvp_status->label(),
-            'rsvp_status_color' => $this->rsvp_status->color(),
-            'rsvp_note' => $this->rsvp_note,
-            'rsvp_responded_at' => $this->rsvp_responded_at?->toIso8601String(),
-            'invited_at' => $this->invited_at?->toIso8601String(),
-            'user' => new UserResource($this->whenLoaded('user')),
-        ];
-    }
-}
-

api/app/Http/Resources/Api/V1/EventResource.php

@@ -13,35 +13,16 @@ final class EventResource extends JsonResource
     {
         return [
             'id' => $this->id,
-            'title' => $this->title,
-            'description' => $this->description,
-            'event_date' => $this->event_date->toDateString(),
-            'start_time' => $this->start_time?->format('H:i'),
-            'end_time' => $this->end_time?->format('H:i'),
-            'load_in_time' => $this->load_in_time?->format('H:i'),
-            'soundcheck_time' => $this->soundcheck_time?->format('H:i'),
-            'fee' => $this->fee,
-            'currency' => $this->currency,
-            'status' => $this->status->value,
-            'status_label' => $this->status->label(),
-            'status_color' => $this->status->color(),
-            'visibility' => $this->visibility->value,
-            'visibility_label' => $this->visibility->label(),
-            'rsvp_deadline' => $this->rsvp_deadline?->toIso8601String(),
-            'notes' => $this->notes,
-            'internal_notes' => $this->when(
-                $request->user()?->role === 'admin' || $request->user()?->role === 'booking_agent',
-                $this->internal_notes
-            ),
-            'is_public_setlist' => $this->is_public_setlist,
-            'location' => new LocationResource($this->whenLoaded('location')),
-            'customer' => new CustomerResource($this->whenLoaded('customer')),
-            'setlist' => new SetlistResource($this->whenLoaded('setlist')),
-            'invitations' => EventInvitationResource::collection($this->whenLoaded('invitations')),
-            'creator' => new UserResource($this->whenLoaded('creator')),
+            'organisation_id' => $this->organisation_id,
+            'name' => $this->name,
+            'slug' => $this->slug,
+            'start_date' => $this->start_date->toDateString(),
+            'end_date' => $this->end_date->toDateString(),
+            'timezone' => $this->timezone,
+            'status' => $this->status,
             'created_at' => $this->created_at->toIso8601String(),
             'updated_at' => $this->updated_at->toIso8601String(),
+            'organisation' => new OrganisationResource($this->whenLoaded('organisation')),
         ];
     }
 }
-

api/app/Http/Resources/Api/V1/LocationResource.php

@@ -1,33 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Resources\Api\V1;
-
-use Illuminate\Http\Request;
-use Illuminate\Http\Resources\Json\JsonResource;
-
-final class LocationResource extends JsonResource
-{
-    public function toArray(Request $request): array
-    {
-        return [
-            'id' => $this->id,
-            'name' => $this->name,
-            'address' => $this->address,
-            'city' => $this->city,
-            'postal_code' => $this->postal_code,
-            'country' => $this->country,
-            'latitude' => $this->latitude,
-            'longitude' => $this->longitude,
-            'capacity' => $this->capacity,
-            'contact_name' => $this->contact_name,
-            'contact_email' => $this->contact_email,
-            'contact_phone' => $this->contact_phone,
-            'notes' => $this->notes,
-            'created_at' => $this->created_at->toIso8601String(),
-            'updated_at' => $this->updated_at->toIso8601String(),
-        ];
-    }
-}
-

api/app/Http/Resources/Api/V1/MusicAttachmentResource.php

@@ -1,26 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Resources\Api\V1;
-
-use Illuminate\Http\Request;
-use Illuminate\Http\Resources\Json\JsonResource;
-
-final class MusicAttachmentResource extends JsonResource
-{
-    public function toArray(Request $request): array
-    {
-        return [
-            'id' => $this->id,
-            'music_number_id' => $this->music_number_id,
-            'file_name' => $this->file_name,
-            'original_name' => $this->original_name,
-            'file_type' => $this->file_type,
-            'file_size' => $this->file_size,
-            'mime_type' => $this->mime_type,
-            'created_at' => $this->created_at->toIso8601String(),
-        ];
-    }
-}
-

api/app/Http/Resources/Api/V1/MusicNumberResource.php

@@ -1,34 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Resources\Api\V1;
-
-use Illuminate\Http\Request;
-use Illuminate\Http\Resources\Json\JsonResource;
-
-final class MusicNumberResource extends JsonResource
-{
-    public function toArray(Request $request): array
-    {
-        return [
-            'id' => $this->id,
-            'title' => $this->title,
-            'artist' => $this->artist,
-            'genre' => $this->genre,
-            'duration_seconds' => $this->duration_seconds,
-            'key' => $this->key,
-            'tempo_bpm' => $this->tempo_bpm,
-            'time_signature' => $this->time_signature,
-            'lyrics' => $this->lyrics,
-            'notes' => $this->notes,
-            'tags' => $this->tags,
-            'play_count' => $this->play_count,
-            'is_active' => $this->is_active,
-            'attachments' => MusicAttachmentResource::collection($this->whenLoaded('attachments')),
-            'created_at' => $this->created_at->toIso8601String(),
-            'updated_at' => $this->updated_at->toIso8601String(),
-        ];
-    }
-}
-

api/app/Http/Resources/Api/V1/OrganisationResource.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api\V1;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+final class OrganisationResource extends JsonResource
+{
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => $this->id,
+            'name' => $this->name,
+            'slug' => $this->slug,
+            'billing_status' => $this->billing_status,
+            'settings' => $this->settings,
+            'created_at' => $this->created_at->toIso8601String(),
+            'updated_at' => $this->updated_at->toIso8601String(),
+        ];
+    }
+}

api/app/Http/Resources/Api/V1/SetlistItemResource.php

@@ -1,27 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Resources\Api\V1;
-
-use Illuminate\Http\Request;
-use Illuminate\Http\Resources\Json\JsonResource;
-
-final class SetlistItemResource extends JsonResource
-{
-    public function toArray(Request $request): array
-    {
-        return [
-            'id' => $this->id,
-            'setlist_id' => $this->setlist_id,
-            'music_number_id' => $this->music_number_id,
-            'position' => $this->position,
-            'set_number' => $this->set_number,
-            'is_break' => $this->is_break,
-            'break_duration_seconds' => $this->break_duration_seconds,
-            'notes' => $this->notes,
-            'music_number' => new MusicNumberResource($this->whenLoaded('musicNumber')),
-        ];
-    }
-}
-

api/app/Http/Resources/Api/V1/SetlistResource.php

@@ -1,29 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Resources\Api\V1;
-
-use Illuminate\Http\Request;
-use Illuminate\Http\Resources\Json\JsonResource;
-
-final class SetlistResource extends JsonResource
-{
-    public function toArray(Request $request): array
-    {
-        return [
-            'id' => $this->id,
-            'name' => $this->name,
-            'description' => $this->description,
-            'total_duration_seconds' => $this->total_duration_seconds,
-            'formatted_duration' => $this->formattedDuration(),
-            'is_template' => $this->is_template,
-            'is_archived' => $this->is_archived,
-            'items' => SetlistItemResource::collection($this->whenLoaded('items')),
-            'creator' => new UserResource($this->whenLoaded('creator')),
-            'created_at' => $this->created_at->toIso8601String(),
-            'updated_at' => $this->updated_at->toIso8601String(),
-        ];
-    }
-}
-

api/app/Http/Resources/Api/V1/UserResource.php

@@ -15,17 +15,28 @@ final class UserResource extends JsonResource
             'id' => $this->id,
             'name' => $this->name,
             'email' => $this->email,
-            'phone' => $this->phone,
-            'bio' => $this->bio,
-            'instruments' => $this->instruments,
-            'avatar' => $this->avatar_path ? asset('storage/' . $this->avatar_path) : null,
-            'type' => $this->type,
-            'role' => $this->role,
-            'status' => $this->status,
+            'roles' => $this->getRoleNames()->values()->all(),
+            'timezone' => $this->timezone,
+            'locale' => $this->locale,
+            'avatar' => $this->avatar,
             'email_verified_at' => $this->email_verified_at?->toIso8601String(),
             'created_at' => $this->created_at->toIso8601String(),
             'updated_at' => $this->updated_at->toIso8601String(),
+            'organisations' => $this->whenLoaded('organisations', fn () =>
+                $this->organisations->map(fn ($org) => [
+                    'id' => $org->id,
+                    'name' => $org->name,
+                    'slug' => $org->slug,
+                    'role' => $org->pivot->role,
+                ])
+            ),
+            'event_roles' => $this->whenLoaded('events', fn () =>
+                $this->events->map(fn ($event) => [
+                    'event_id' => $event->id,
+                    'event_name' => $event->name,
+                    'role' => $event->pivot->role,
+                ])
+            ),
         ];
     }
 }
-

api/app/Models/Customer.php

@@ -1,64 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Models;
-
-use Illuminate\Database\Eloquent\Concerns\HasUlids;
-use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Model;
-use Illuminate\Database\Eloquent\Relations\BelongsTo;
-use Illuminate\Database\Eloquent\Relations\HasMany;
-
-final class Customer extends Model
-{
-    use HasFactory;
-    use HasUlids;
-
-    protected $fillable = [
-        'name',
-        'company_name',
-        'type',
-        'email',
-        'phone',
-        'address',
-        'city',
-        'postal_code',
-        'country',
-        'notes',
-        'is_portal_enabled',
-        'user_id',
-    ];
-
-    protected function casts(): array
-    {
-        return [
-            'is_portal_enabled' => 'boolean',
-        ];
-    }
-
-    // Relationships
-
-    public function user(): BelongsTo
-    {
-        return $this->belongsTo(User::class);
-    }
-
-    public function events(): HasMany
-    {
-        return $this->hasMany(Event::class);
-    }
-
-    // Helper methods
-
-    public function isCompany(): bool
-    {
-        return $this->type === 'company';
-    }
-
-    public function displayName(): string
-    {
-        return $this->company_name ?? $this->name;
-    }
-}
-

api/app/Models/Event.php

@@ -4,129 +4,52 @@ declare(strict_types=1);
 
 namespace App\Models;
 
-use App\Enums\EventStatus;
-use App\Enums\EventVisibility;
-use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Concerns\HasUlids;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Database\Eloquent\SoftDeletes;
 
 final class Event extends Model
 {
     use HasFactory;
     use HasUlids;
+    use SoftDeletes;
 
     protected $fillable = [
-        'title',
-        'description',
-        'location_id',
-        'customer_id',
-        'setlist_id',
-        'event_date',
-        'start_time',
-        'end_time',
-        'load_in_time',
-        'soundcheck_time',
-        'fee',
-        'currency',
+        'organisation_id',
+        'name',
+        'slug',
+        'start_date',
+        'end_date',
+        'timezone',
         'status',
-        'visibility',
-        'rsvp_deadline',
-        'notes',
-        'internal_notes',
-        'is_public_setlist',
-        'created_by',
     ];
 
     protected function casts(): array
     {
         return [
-            'event_date' => 'date',
-            'start_time' => 'datetime:H:i',
-            'end_time' => 'datetime:H:i',
-            'load_in_time' => 'datetime:H:i',
-            'soundcheck_time' => 'datetime:H:i',
-            'fee' => 'decimal:2',
-            'status' => EventStatus::class,
-            'visibility' => EventVisibility::class,
-            'rsvp_deadline' => 'datetime',
-            'is_public_setlist' => 'boolean',
+            'start_date' => 'date',
+            'end_date' => 'date',
         ];
     }
 
-    // Relationships
-
-    public function location(): BelongsTo
+    public function organisation(): BelongsTo
     {
-        return $this->belongsTo(Location::class);
+        return $this->belongsTo(Organisation::class);
     }
 
-    public function customer(): BelongsTo
+    public function users(): BelongsToMany
     {
-        return $this->belongsTo(Customer::class);
-    }
-
-    public function setlist(): BelongsTo
-    {
-        return $this->belongsTo(Setlist::class);
-    }
-
-    public function creator(): BelongsTo
-    {
-        return $this->belongsTo(User::class, 'created_by');
+        return $this->belongsToMany(User::class, 'event_user_roles')
+            ->withPivot('role')
+            ->withTimestamps();
     }
 
     public function invitations(): HasMany
     {
-        return $this->hasMany(EventInvitation::class);
-    }
-
-    // Scopes
-
-    public function scopeUpcoming(Builder $query): Builder
-    {
-        return $query->where('event_date', '>=', now()->toDateString())
-            ->orderBy('event_date');
-    }
-
-    public function scopePast(Builder $query): Builder
-    {
-        return $query->where('event_date', '<', now()->toDateString())
-            ->orderByDesc('event_date');
-    }
-
-    public function scopeConfirmed(Builder $query): Builder
-    {
-        return $query->where('status', EventStatus::Confirmed);
-    }
-
-    public function scopeForUser(Builder $query, User $user): Builder
-    {
-        return $query->whereHas('invitations', fn (Builder $q) => $q->where('user_id', $user->id));
-    }
-
-    // Helper methods
-
-    public function isUpcoming(): bool
-    {
-        return $this->event_date->isFuture() || $this->event_date->isToday();
-    }
-
-    public function isPast(): bool
-    {
-        return $this->event_date->isPast() && !$this->event_date->isToday();
-    }
-
-    public function isConfirmed(): bool
-    {
-        return $this->status === EventStatus::Confirmed;
-    }
-
-    public function isCancelled(): bool
-    {
-        return $this->status === EventStatus::Cancelled;
+        return $this->hasMany(UserInvitation::class);
     }
 }
-

api/app/Models/EventInvitation.php

@@ -1,65 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Models;
-
-use App\Enums\RsvpStatus;
-use Illuminate\Database\Eloquent\Concerns\HasUlids;
-use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Model;
-use Illuminate\Database\Eloquent\Relations\BelongsTo;
-
-final class EventInvitation extends Model
-{
-    use HasFactory;
-    use HasUlids;
-
-    protected $fillable = [
-        'event_id',
-        'user_id',
-        'rsvp_status',
-        'rsvp_note',
-        'rsvp_responded_at',
-        'invited_at',
-    ];
-
-    protected function casts(): array
-    {
-        return [
-            'rsvp_status' => RsvpStatus::class,
-            'rsvp_responded_at' => 'datetime',
-            'invited_at' => 'datetime',
-        ];
-    }
-
-    // Relationships
-
-    public function event(): BelongsTo
-    {
-        return $this->belongsTo(Event::class);
-    }
-
-    public function user(): BelongsTo
-    {
-        return $this->belongsTo(User::class);
-    }
-
-    // Helper methods
-
-    public function isPending(): bool
-    {
-        return $this->rsvp_status === RsvpStatus::Pending;
-    }
-
-    public function isAvailable(): bool
-    {
-        return $this->rsvp_status === RsvpStatus::Available;
-    }
-
-    public function hasResponded(): bool
-    {
-        return $this->rsvp_responded_at !== null;
-    }
-}
-

api/app/Models/Location.php

@@ -1,48 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Models;
-
-use Illuminate\Database\Eloquent\Concerns\HasUlids;
-use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Model;
-use Illuminate\Database\Eloquent\Relations\HasMany;
-
-final class Location extends Model
-{
-    use HasFactory;
-    use HasUlids;
-
-    protected $fillable = [
-        'name',
-        'address',
-        'city',
-        'postal_code',
-        'country',
-        'latitude',
-        'longitude',
-        'capacity',
-        'contact_name',
-        'contact_email',
-        'contact_phone',
-        'notes',
-    ];
-
-    protected function casts(): array
-    {
-        return [
-            'latitude' => 'decimal:7',
-            'longitude' => 'decimal:7',
-            'capacity' => 'integer',
-        ];
-    }
-
-    // Relationships
-
-    public function events(): HasMany
-    {
-        return $this->hasMany(Event::class);
-    }
-}
-

api/app/Models/MusicAttachment.php

@@ -1,41 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Models;
-
-use Illuminate\Database\Eloquent\Concerns\HasUlids;
-use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Model;
-use Illuminate\Database\Eloquent\Relations\BelongsTo;
-
-final class MusicAttachment extends Model
-{
-    use HasFactory;
-    use HasUlids;
-
-    protected $fillable = [
-        'music_number_id',
-        'file_name',
-        'original_name',
-        'file_path',
-        'file_type',
-        'file_size',
-        'mime_type',
-    ];
-
-    protected function casts(): array
-    {
-        return [
-            'file_size' => 'integer',
-        ];
-    }
-
-    // Relationships
-
-    public function musicNumber(): BelongsTo
-    {
-        return $this->belongsTo(MusicNumber::class);
-    }
-}
-

api/app/Models/MusicNumber.php

@@ -1,81 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Models;
-
-use Illuminate\Database\Eloquent\Concerns\HasUlids;
-use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Model;
-use Illuminate\Database\Eloquent\Relations\BelongsTo;
-use Illuminate\Database\Eloquent\Relations\HasMany;
-
-final class MusicNumber extends Model
-{
-    use HasFactory;
-    use HasUlids;
-
-    protected $fillable = [
-        'title',
-        'artist',
-        'genre',
-        'duration_seconds',
-        'key',
-        'tempo_bpm',
-        'time_signature',
-        'lyrics',
-        'notes',
-        'tags',
-        'play_count',
-        'is_active',
-        'created_by',
-    ];
-
-    protected function casts(): array
-    {
-        return [
-            'duration_seconds' => 'integer',
-            'tempo_bpm' => 'integer',
-            'tags' => 'array',
-            'play_count' => 'integer',
-            'is_active' => 'boolean',
-        ];
-    }
-
-    // Relationships
-
-    public function creator(): BelongsTo
-    {
-        return $this->belongsTo(User::class, 'created_by');
-    }
-
-    public function attachments(): HasMany
-    {
-        return $this->hasMany(MusicAttachment::class);
-    }
-
-    public function setlistItems(): HasMany
-    {
-        return $this->hasMany(SetlistItem::class);
-    }
-
-    // Helper methods
-
-    public function formattedDuration(): string
-    {
-        if (!$this->duration_seconds) {
-            return '0:00';
-        }
-
-        $minutes = floor($this->duration_seconds / 60);
-        $seconds = $this->duration_seconds % 60;
-
-        return sprintf('%d:%02d', $minutes, $seconds);
-    }
-
-    public function isActive(): bool
-    {
-        return $this->is_active;
-    }
-}
-

api/app/Models/Organisation.php

@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Concerns\HasUlids;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
+use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Database\Eloquent\SoftDeletes;
+
+final class Organisation extends Model
+{
+    use HasFactory;
+    use HasUlids;
+    use SoftDeletes;
+
+    protected $fillable = [
+        'name',
+        'slug',
+        'billing_status',
+        'settings',
+    ];
+
+    protected function casts(): array
+    {
+        return [
+            'settings' => 'array',
+        ];
+    }
+
+    public function users(): BelongsToMany
+    {
+        return $this->belongsToMany(User::class, 'organisation_user')
+            ->withPivot('role')
+            ->withTimestamps();
+    }
+
+    public function events(): HasMany
+    {
+        return $this->hasMany(Event::class);
+    }
+
+    public function invitations(): HasMany
+    {
+        return $this->hasMany(UserInvitation::class);
+    }
+}

api/app/Models/Scopes/OrganisationScope.php

@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Models\Scopes;
+
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Scope;
+
+final class OrganisationScope implements Scope
+{
+    public function __construct(
+        private readonly string $organisationId,
+    ) {}
+
+    public function apply(Builder $builder, Model $model): void
+    {
+        $builder->where($model->getTable() . '.organisation_id', $this->organisationId);
+    }
+}

api/app/Models/Setlist.php

@@ -1,77 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Models;
-
-use Illuminate\Database\Eloquent\Concerns\HasUlids;
-use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Model;
-use Illuminate\Database\Eloquent\Relations\BelongsTo;
-use Illuminate\Database\Eloquent\Relations\HasMany;
-
-final class Setlist extends Model
-{
-    use HasFactory;
-    use HasUlids;
-
-    protected $fillable = [
-        'name',
-        'description',
-        'total_duration_seconds',
-        'is_template',
-        'is_archived',
-        'created_by',
-    ];
-
-    protected function casts(): array
-    {
-        return [
-            'total_duration_seconds' => 'integer',
-            'is_template' => 'boolean',
-            'is_archived' => 'boolean',
-        ];
-    }
-
-    // Relationships
-
-    public function creator(): BelongsTo
-    {
-        return $this->belongsTo(User::class, 'created_by');
-    }
-
-    public function items(): HasMany
-    {
-        return $this->hasMany(SetlistItem::class)->orderBy('position');
-    }
-
-    public function events(): HasMany
-    {
-        return $this->hasMany(Event::class);
-    }
-
-    // Helper methods
-
-    public function isTemplate(): bool
-    {
-        return $this->is_template;
-    }
-
-    public function isArchived(): bool
-    {
-        return $this->is_archived;
-    }
-
-    public function formattedDuration(): string
-    {
-        if (!$this->total_duration_seconds) {
-            return '0:00';
-        }
-
-        $minutes = floor($this->total_duration_seconds / 60);
-        $seconds = $this->total_duration_seconds % 60;
-
-        return sprintf('%d:%02d', $minutes, $seconds);
-    }
-}
-

api/app/Models/SetlistItem.php

@@ -1,68 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Models;
-
-use Illuminate\Database\Eloquent\Concerns\HasUlids;
-use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Model;
-use Illuminate\Database\Eloquent\Relations\BelongsTo;
-
-final class SetlistItem extends Model
-{
-    use HasFactory;
-    use HasUlids;
-
-    protected $fillable = [
-        'setlist_id',
-        'music_number_id',
-        'position',
-        'set_number',
-        'is_break',
-        'break_duration_seconds',
-        'notes',
-    ];
-
-    protected function casts(): array
-    {
-        return [
-            'position' => 'integer',
-            'set_number' => 'integer',
-            'is_break' => 'boolean',
-            'break_duration_seconds' => 'integer',
-        ];
-    }
-
-    // Relationships
-
-    public function setlist(): BelongsTo
-    {
-        return $this->belongsTo(Setlist::class);
-    }
-
-    public function musicNumber(): BelongsTo
-    {
-        return $this->belongsTo(MusicNumber::class);
-    }
-
-    // Helper methods
-
-    public function isBreak(): bool
-    {
-        return $this->is_break;
-    }
-
-    public function formattedBreakDuration(): string
-    {
-        if (!$this->is_break || !$this->break_duration_seconds) {
-            return '';
-        }
-
-        $minutes = floor($this->break_duration_seconds / 60);
-        $seconds = $this->break_duration_seconds % 60;
-
-        return sprintf('%d:%02d', $minutes, $seconds);
-    }
-}
-

api/app/Models/User.php

@@ -6,28 +6,29 @@ namespace App\Models;
 
 use Illuminate\Database\Eloquent\Concerns\HasUlids;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
+use Illuminate\Database\Eloquent\SoftDeletes;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Laravel\Sanctum\HasApiTokens;
+use Spatie\Permission\Traits\HasRoles;
 
 final class User extends Authenticatable
 {
     use HasApiTokens;
     use HasFactory;
+    use HasRoles;
     use HasUlids;
     use Notifiable;
+    use SoftDeletes;
 
     protected $fillable = [
         'name',
         'email',
-        'phone',
-        'bio',
-        'instruments',
-        'avatar_path',
-        'type',
-        'role',
-        'status',
         'password',
+        'timezone',
+        'locale',
+        'avatar',
     ];
 
     protected $hidden = [
@@ -40,39 +41,20 @@ final class User extends Authenticatable
         return [
             'email_verified_at' => 'datetime',
             'password' => 'hashed',
-            'instruments' => 'array',
         ];
     }
 
-    // Helper methods
-
-    public function isAdmin(): bool
+    public function organisations(): BelongsToMany
     {
-        return $this->role === 'admin';
+        return $this->belongsToMany(Organisation::class, 'organisation_user')
+            ->withPivot('role')
+            ->withTimestamps();
     }
 
-    public function isBookingAgent(): bool
+    public function events(): BelongsToMany
     {
-        return $this->role === 'booking_agent';
-    }
-
-    public function isMusicManager(): bool
-    {
-        return $this->role === 'music_manager';
-    }
-
-    public function isMember(): bool
-    {
-        return $this->type === 'member';
-    }
-
-    public function isCustomer(): bool
-    {
-        return $this->type === 'customer';
-    }
-
-    public function isActive(): bool
-    {
-        return $this->status === 'active';
+        return $this->belongsToMany(Event::class, 'event_user_roles')
+            ->withPivot('role')
+            ->withTimestamps();
     }
 }

api/app/Models/UserInvitation.php

@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Concerns\HasUlids;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+
+final class UserInvitation extends Model
+{
+    use HasFactory;
+    use HasUlids;
+
+    protected $fillable = [
+        'email',
+        'invited_by_user_id',
+        'organisation_id',
+        'event_id',
+        'role',
+        'token',
+        'status',
+        'expires_at',
+    ];
+
+    protected function casts(): array
+    {
+        return [
+            'expires_at' => 'datetime',
+        ];
+    }
+
+    public function invitedBy(): BelongsTo
+    {
+        return $this->belongsTo(User::class, 'invited_by_user_id');
+    }
+
+    public function organisation(): BelongsTo
+    {
+        return $this->belongsTo(Organisation::class);
+    }
+
+    public function event(): BelongsTo
+    {
+        return $this->belongsTo(Event::class);
+    }
+}

api/app/Policies/EventPolicy.php

@@ -5,79 +5,44 @@ declare(strict_types=1);
 namespace App\Policies;
 
 use App\Models\Event;
+use App\Models\Organisation;
 use App\Models\User;
 
 final class EventPolicy
 {
-    /**
-     * Determine whether the user can view any events.
-     */
-    public function viewAny(User $user): bool
+    public function viewAny(User $user, Organisation $organisation): bool
     {
-        return true;
+        return $user->hasRole('super_admin')
+            || $organisation->users()->where('user_id', $user->id)->exists();
     }
 
-    /**
-     * Determine whether the user can view the event.
-     */
     public function view(User $user, Event $event): bool
     {
-        // Admins and booking agents can view all events
-        if ($this->isAdminOrBookingAgent($user)) {
+        return $user->hasRole('super_admin')
+            || $event->organisation->users()->where('user_id', $user->id)->exists();
+    }
+
+    public function create(User $user, Organisation $organisation): bool
+    {
+        if ($user->hasRole('super_admin')) {
             return true;
         }
 
-        // Members can view events they're invited to
-        return $event->invitations()->where('user_id', $user->id)->exists();
+        return $organisation->users()
+            ->where('user_id', $user->id)
+            ->wherePivotIn('role', ['org_admin', 'org_member'])
+            ->exists();
     }
 
-    /**
-     * Determine whether the user can create events.
-     */
-    public function create(User $user): bool
-    {
-        return $this->isAdminOrBookingAgent($user);
-    }
-
-    /**
-     * Determine whether the user can update the event.
-     */
     public function update(User $user, Event $event): bool
     {
-        return $this->isAdminOrBookingAgent($user);
-    }
+        if ($user->hasRole('super_admin')) {
+            return true;
+        }
 
-    /**
-     * Determine whether the user can delete the event.
-     */
-    public function delete(User $user, Event $event): bool
-    {
-        return $user->role === 'admin';
-    }
-
-    /**
-     * Determine whether the user can invite members to the event.
-     */
-    public function invite(User $user, Event $event): bool
-    {
-        return $this->isAdminOrBookingAgent($user);
-    }
-
-    /**
-     * Determine whether the user can RSVP to the event.
-     */
-    public function rsvp(User $user, Event $event): bool
-    {
-        // User must be invited to RSVP
-        return $event->invitations()->where('user_id', $user->id)->exists();
-    }
-
-    /**
-     * Check if the user is an admin or booking agent.
-     */
-    private function isAdminOrBookingAgent(User $user): bool
-    {
-        return in_array($user->role, ['admin', 'booking_agent'], true);
+        return $event->organisation->users()
+            ->where('user_id', $user->id)
+            ->wherePivotIn('role', ['org_admin', 'org_member'])
+            ->exists();
     }
 }
-

api/app/Policies/OrganisationPolicy.php

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Policies;
+
+use App\Models\Organisation;
+use App\Models\User;
+
+final class OrganisationPolicy
+{
+    public function viewAny(User $user): bool
+    {
+        // All authenticated users can list their organisations
+        return true;
+    }
+
+    public function view(User $user, Organisation $organisation): bool
+    {
+        return $user->hasRole('super_admin')
+            || $organisation->users()->where('user_id', $user->id)->exists();
+    }
+
+    public function create(User $user): bool
+    {
+        return $user->hasRole('super_admin');
+    }
+
+    public function update(User $user, Organisation $organisation): bool
+    {
+        if ($user->hasRole('super_admin')) {
+            return true;
+        }
+
+        return $organisation->users()
+            ->where('user_id', $user->id)
+            ->wherePivot('role', 'org_admin')
+            ->exists();
+    }
+}