bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: consolidate frontend API layer, add query-client, and harden backend Fase 1

Browse Source 
Frontend:
- Consolidate duplicate API layers into single src/lib/axios.ts per app
- Remove src/lib/api-client.ts and src/utils/api.ts (admin)
- Add src/lib/query-client.ts with TanStack Query config per app
- Update all imports and auto-import config

Backend:
- Fix organisations.billing_status default to 'trial'
- Fix user_invitations.invited_by_user_id to nullOnDelete
- Add MeResource with separated app_roles and pivot-based org roles
- Add cross-org check to EventPolicy view() and update()
- Restrict EventPolicy create/update to org_admin/event_manager (not org_member)
- Attach creator as org_admin on organisation store
- Add query scopes to Event and UserInvitation models
- Improve factories with Dutch test data
- Expand test suite from 29 to 41 tests (90 assertions)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-07 17:35:34 +02:00
parent 611c311854
commit 0d24506c89
36 changed files with 454 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
api/tests/Feature/Organisation/OrganisationTest.php
View File

@@ -41,7 +41,7 @@ class OrganisationTest extends TestCase
{
$user = User::factory()->create();
$ownOrg = Organisation::factory()->create();
$otherOrg = Organisation::factory()->create();
Organisation::factory()->create(); // other org
$ownOrg->users()->attach($user, ['role' => 'org_member']);
@@ -109,6 +109,28 @@ class OrganisationTest extends TestCase
$this->assertDatabaseHas('organisations', ['slug' => 'test-org']);
}
public function test_store_attaches_creator_as_org_admin(): void
{
$admin = User::factory()->create();
$admin->assignRole('super_admin');
Sanctum::actingAs($admin);
$response = $this->postJson('/api/v1/organisations', [
'name' => 'New Org',
'slug' => 'new-org',
]);
$response->assertCreated();
$org = Organisation::where('slug', 'new-org')->first();
$this->assertDatabaseHas('organisation_user', [
'user_id' => $admin->id,
'organisation_id' => $org->id,
'role' => 'org_admin',
]);
}
public function test_non_admin_cannot_create_organisation(): void
{
$user = User::factory()->create();
@@ -123,6 +145,36 @@ class OrganisationTest extends TestCase
$response->assertForbidden();
}
public function test_store_with_invalid_data_returns_422(): void
{
$admin = User::factory()->create();
$admin->assignRole('super_admin');
Sanctum::actingAs($admin);
$response = $this->postJson('/api/v1/organisations', []);
$response->assertUnprocessable()
->assertJsonValidationErrors(['name', 'slug']);
}
public function test_store_with_duplicate_slug_returns_422(): void
{
$admin = User::factory()->create();
$admin->assignRole('super_admin');
Organisation::factory()->create(['slug' => 'taken-slug']);
Sanctum::actingAs($admin);
$response = $this->postJson('/api/v1/organisations', [
'name' => 'New Org',
'slug' => 'taken-slug',
]);
$response->assertUnprocessable()
->assertJsonValidationErrors(['slug']);
}
// --- UPDATE ---
public function test_org_admin_can_update_organisation(): void
@@ -155,4 +207,18 @@ class OrganisationTest extends TestCase
$response->assertForbidden();
}
public function test_non_member_cannot_update_organisation(): void
{
$user = User::factory()->create();
$org = Organisation::factory()->create();
Sanctum::actingAs($user);
$response = $this->putJson("/api/v1/organisations/{$org->id}", [
'name' => 'Hacked Name',
]);
$response->assertForbidden();
}
}