bert.hausmans/band-management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: align codebase with EventCrew domain and trim legacy band stack

Browse Source 
- Update API: events, users, policies, routes, resources, migrations
- Remove deprecated models/resources (customers, setlists, invitations, etc.)
- Refresh admin app and docs; remove apps/band

Made-with: Cursor
This commit is contained in:
bert.hausmans
2026-03-29 23:19:06 +02:00
parent 34e12e00b3
commit 1cb7674d52
1034 changed files with 7453 additions and 8743 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
api/tests/Feature/Auth/LoginTest.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Auth;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class LoginTest extends TestCase
{
use RefreshDatabase;
public function test_user_can_login_with_valid_credentials(): void
{
$user = User::factory()->create();
$response = $this->postJson('/api/v1/auth/login', [
'email' => $user->email,
'password' => 'password',
]);
$response->assertOk()
->assertJsonStructure([
'success',
'data' => ['user' => ['id', 'name', 'email'], 'token'],
'message',
])
->assertJson(['success' => true]);
}
public function test_login_fails_with_invalid_credentials(): void
{
$user = User::factory()->create();
$response = $this->postJson('/api/v1/auth/login', [
'email' => $user->email,
'password' => 'wrong-password',
]);
$response->assertUnauthorized();
}
public function test_login_requires_email_and_password(): void
{
$response = $this->postJson('/api/v1/auth/login', []);
$response->assertUnprocessable()
->assertJsonValidationErrors(['email', 'password']);
}
}

33
api/tests/Feature/Auth/LogoutTest.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Auth;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class LogoutTest extends TestCase
{
use RefreshDatabase;
public function test_authenticated_user_can_logout(): void
{
$user = User::factory()->create();
Sanctum::actingAs($user);
$response = $this->postJson('/api/v1/auth/logout');
$response->assertOk()
->assertJson(['success' => true]);
}
public function test_unauthenticated_user_cannot_logout(): void
{
$response = $this->postJson('/api/v1/auth/logout');
$response->assertUnauthorized();
}
}

45
api/tests/Feature/Auth/MeTest.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Auth;
use App\Models\Organisation;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class MeTest extends TestCase
{
use RefreshDatabase;
public function test_authenticated_user_can_get_profile(): void
{
$user = User::factory()->create();
$organisation = Organisation::factory()->create();
$organisation->users()->attach($user, ['role' => 'org_admin']);
Sanctum::actingAs($user);
$response = $this->getJson('/api/v1/auth/me');
$response->assertOk()
->assertJsonStructure([
'success',
'data' => [
'id', 'name', 'email', 'timezone', 'locale',
'organisations',
],
]);
$this->assertCount(1, $response->json('data.organisations'));
}
public function test_unauthenticated_user_cannot_get_profile(): void
{
$response = $this->getJson('/api/v1/auth/me');
$response->assertUnauthorized();
}
}

185
api/tests/Feature/Event/EventTest.php Normal file
View File

@@ -0,0 +1,185 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Event;
use App\Models\Event;
use App\Models\Organisation;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class EventTest extends TestCase
{
use RefreshDatabase;
private User $admin;
private User $orgAdmin;
private User $outsider;
private Organisation $organisation;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->admin = User::factory()->create();
$this->admin->assignRole('super_admin');
$this->organisation = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
$this->outsider = User::factory()->create();
}
// --- INDEX ---
public function test_org_admin_can_list_events(): void
{
Event::factory()->count(3)->create(['organisation_id' => $this->organisation->id]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events");
$response->assertOk();
$this->assertCount(3, $response->json('data'));
}
public function test_outsider_cannot_list_events(): void
{
Sanctum::actingAs($this->outsider);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events");
$response->assertForbidden();
}
public function test_unauthenticated_user_cannot_list_events(): void
{
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events");
$response->assertUnauthorized();
}
// --- SHOW ---
public function test_org_admin_can_view_event(): void
{
$event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}");
$response->assertOk()
->assertJson(['data' => ['id' => $event->id]]);
}
public function test_outsider_cannot_view_event(): void
{
$event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
Sanctum::actingAs($this->outsider);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}");
$response->assertForbidden();
}
// --- STORE ---
public function test_org_admin_can_create_event(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/events", [
'name' => 'Summer Festival 2026',
'slug' => 'summer-festival-2026',
'start_date' => '2026-07-01',
'end_date' => '2026-07-03',
]);
$response->assertCreated()
->assertJson(['data' => ['name' => 'Summer Festival 2026']]);
$this->assertDatabaseHas('events', [
'organisation_id' => $this->organisation->id,
'slug' => 'summer-festival-2026',
]);
}
public function test_outsider_cannot_create_event(): void
{
Sanctum::actingAs($this->outsider);
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/events", [
'name' => 'Hacked Event',
'slug' => 'hacked-event',
'start_date' => '2026-07-01',
'end_date' => '2026-07-03',
]);
$response->assertForbidden();
}
public function test_unauthenticated_user_cannot_create_event(): void
{
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/events", [
'name' => 'Anon Event',
'slug' => 'anon-event',
'start_date' => '2026-07-01',
'end_date' => '2026-07-03',
]);
$response->assertUnauthorized();
}
// --- UPDATE ---
public function test_org_admin_can_update_event(): void
{
$event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->putJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}", [
'name' => 'Updated Festival',
]);
$response->assertOk()
->assertJson(['data' => ['name' => 'Updated Festival']]);
}
public function test_outsider_cannot_update_event(): void
{
$event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
Sanctum::actingAs($this->outsider);
$response = $this->putJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}", [
'name' => 'Hacked',
]);
$response->assertForbidden();
}
// --- CROSS-ORG ---
public function test_event_from_other_org_returns_404(): void
{
$otherOrg = Organisation::factory()->create();
$event = Event::factory()->create(['organisation_id' => $otherOrg->id]);
Sanctum::actingAs($this->admin);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}");
$response->assertNotFound();
}
}

16
api/tests/Feature/ExampleTest.php
View File

@@ -2,18 +2,18 @@
namespace Tests\Feature;
// use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class ExampleTest extends TestCase
{
/**
* A basic test example.
*/
public function test_the_application_returns_a_successful_response(): void
{
$response = $this->get('/');
use RefreshDatabase;
$response->assertStatus(200);
public function test_the_api_returns_a_successful_response(): void
{
$response = $this->getJson('/api/v1');
$response->assertStatus(200)
->assertJson(['success' => true]);
}
}

158
api/tests/Feature/Organisation/OrganisationTest.php Normal file
View File

@@ -0,0 +1,158 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Organisation;
use App\Models\Organisation;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class OrganisationTest extends TestCase
{
use RefreshDatabase;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
}
// --- INDEX ---
public function test_super_admin_can_list_all_organisations(): void
{
$admin = User::factory()->create();
$admin->assignRole('super_admin');
Organisation::factory()->count(3)->create();
Sanctum::actingAs($admin);
$response = $this->getJson('/api/v1/organisations');
$response->assertOk();
$this->assertCount(3, $response->json('data'));
}
public function test_org_member_sees_only_own_organisations(): void
{
$user = User::factory()->create();
$ownOrg = Organisation::factory()->create();
$otherOrg = Organisation::factory()->create();
$ownOrg->users()->attach($user, ['role' => 'org_member']);
Sanctum::actingAs($user);
$response = $this->getJson('/api/v1/organisations');
$response->assertOk();
$this->assertCount(1, $response->json('data'));
$this->assertEquals($ownOrg->id, $response->json('data.0.id'));
}
public function test_unauthenticated_user_cannot_list_organisations(): void
{
$response = $this->getJson('/api/v1/organisations');
$response->assertUnauthorized();
}
// --- SHOW ---
public function test_org_member_can_view_own_organisation(): void
{
$user = User::factory()->create();
$org = Organisation::factory()->create();
$org->users()->attach($user, ['role' => 'org_member']);
Sanctum::actingAs($user);
$response = $this->getJson("/api/v1/organisations/{$org->id}");
$response->assertOk()
->assertJson(['data' => ['id' => $org->id]]);
}
public function test_user_cannot_view_other_organisation(): void
{
$user = User::factory()->create();
$org = Organisation::factory()->create();
Sanctum::actingAs($user);
$response = $this->getJson("/api/v1/organisations/{$org->id}");
$response->assertForbidden();
}
// --- STORE ---
public function test_super_admin_can_create_organisation(): void
{
$admin = User::factory()->create();
$admin->assignRole('super_admin');
Sanctum::actingAs($admin);
$response = $this->postJson('/api/v1/organisations', [
'name' => 'Test Org',
'slug' => 'test-org',
]);
$response->assertCreated()
->assertJson(['data' => ['name' => 'Test Org', 'slug' => 'test-org']]);
$this->assertDatabaseHas('organisations', ['slug' => 'test-org']);
}
public function test_non_admin_cannot_create_organisation(): void
{
$user = User::factory()->create();
Sanctum::actingAs($user);
$response = $this->postJson('/api/v1/organisations', [
'name' => 'Test Org',
'slug' => 'test-org',
]);
$response->assertForbidden();
}
// --- UPDATE ---
public function test_org_admin_can_update_organisation(): void
{
$user = User::factory()->create();
$org = Organisation::factory()->create();
$org->users()->attach($user, ['role' => 'org_admin']);
Sanctum::actingAs($user);
$response = $this->putJson("/api/v1/organisations/{$org->id}", [
'name' => 'Updated Name',
]);
$response->assertOk()
->assertJson(['data' => ['name' => 'Updated Name']]);
}
public function test_org_member_cannot_update_organisation(): void
{
$user = User::factory()->create();
$org = Organisation::factory()->create();
$org->users()->attach($user, ['role' => 'org_member']);
Sanctum::actingAs($user);
$response = $this->putJson("/api/v1/organisations/{$org->id}", [
'name' => 'Hacked Name',
]);
$response->assertForbidden();
}
}