feat: consolidate frontend API layer, add query-client, and harden backend Fase 1

Frontend: - Consolidate duplicate API layers into single src/lib/axios.ts per app - Remove src/lib/api-client.ts and src/utils/api.ts (admin) - Add src/lib/query-client.ts with TanStack Query config per app - Update all imports and auto-import config Backend: - Fix organisations.billing_status default to 'trial' - Fix user_invitations.invited_by_user_id to nullOnDelete - Add MeResource with separated app_roles and pivot-based org roles - Add cross-org check to EventPolicy view() and update() - Restrict EventPolicy create/update to org_admin/event_manager (not org_member) - Attach creator as org_admin on organisation store - Add query scopes to Event and UserInvitation models - Improve factories with Dutch test data - Expand test suite from 29 to 41 tests (90 assertions) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 17:35:34 +02:00
parent 611c311854
commit 0d24506c89
36 changed files with 454 additions and 118 deletions
--- a/api/tests/Feature/Auth/MeTest.php
+++ b/api/tests/Feature/Auth/MeTest.php
@@ -6,6 +6,7 @@ namespace Tests\Feature\Auth;

 use App\Models\Organisation;
 use App\Models\User;
+use Database\Seeders\RoleSeeder;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Laravel\Sanctum\Sanctum;
 use Tests\TestCase;
@@ -14,6 +15,12 @@ class MeTest extends TestCase
 {
    use RefreshDatabase;

+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->seed(RoleSeeder::class);
+    }
+
    public function test_authenticated_user_can_get_profile(): void
    {
        $user = User::factory()->create();
@@ -29,13 +36,27 @@ class MeTest extends TestCase
                'success',
                'data' => [
                    'id', 'name', 'email', 'timezone', 'locale',
-                    'organisations',
+                    'organisations', 'app_roles', 'permissions',
                ],
            ]);

        $this->assertCount(1, $response->json('data.organisations'));
    }

+    public function test_me_returns_app_roles_and_permissions(): void
+    {
+        $user = User::factory()->create();
+        $user->assignRole('super_admin');
+
+        Sanctum::actingAs($user);
+
+        $response = $this->getJson('/api/v1/auth/me');
+
+        $response->assertOk();
+        $this->assertContains('super_admin', $response->json('data.app_roles'));
+        $this->assertIsArray($response->json('data.permissions'));
+    }
+
    public function test_unauthenticated_user_cannot_get_profile(): void
    {
        $response = $this->getJson('/api/v1/auth/me');