bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: companies CRUD with person dialog integration and navigation

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-10 11:16:01 +02:00
parent 169a078a92
commit 4388811be9
14 changed files with 984 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
api/app/Http/Controllers/Api/V1/CompanyController.php
View File

@@ -20,7 +20,10 @@ final class CompanyController extends Controller
{
Gate::authorize('viewAny', [Company::class, $organisation]);
$companies = $organisation->companies()->get();
$companies = $organisation->companies()
->withCount('persons')
->ordered()
->get();
return CompanyResource::collection($companies);
}
@@ -34,6 +37,15 @@ final class CompanyController extends Controller
return $this->created(new CompanyResource($company));
}
public function show(Organisation $organisation, Company $company): JsonResponse
{
Gate::authorize('view', [$company, $organisation]);
$company->loadCount('persons');
return $this->success(new CompanyResource($company));
}
public function update(UpdateCompanyRequest $request, Organisation $organisation, Company $company): JsonResponse
{
Gate::authorize('update', [$company, $organisation]);

6
api/app/Http/Requests/Api/V1/StoreCompanyRequest.php
View File

@@ -17,10 +17,10 @@ final class StoreCompanyRequest extends FormRequest
public function rules(): array
{
return [
'name' => ['required', 'string', 'max:255'],
'name' => ['required', 'string', 'max:100'],
'type' => ['required', 'in:supplier,partner,agency,venue,other'],
'contact_name' => ['nullable', 'string', 'max:255'],
'contact_email' => ['nullable', 'email', 'max:255'],
'contact_name' => ['nullable', 'string', 'max:100'],
'contact_email' => ['nullable', 'email', 'max:100'],
'contact_phone' => ['nullable', 'string', 'max:30'],
];
}

6
api/app/Http/Requests/Api/V1/UpdateCompanyRequest.php
View File

@@ -17,10 +17,10 @@ final class UpdateCompanyRequest extends FormRequest
public function rules(): array
{
return [
'name' => ['sometimes', 'string', 'max:255'],
'name' => ['sometimes', 'string', 'max:100'],
'type' => ['sometimes', 'in:supplier,partner,agency,venue,other'],
'contact_name' => ['nullable', 'string', 'max:255'],
'contact_email' => ['nullable', 'email', 'max:255'],
'contact_name' => ['nullable', 'string', 'max:100'],
'contact_email' => ['nullable', 'email', 'max:100'],
'contact_phone' => ['nullable', 'string', 'max:30'],
];
}

1
api/app/Http/Resources/Api/V1/CompanyResource.php
View File

@@ -19,6 +19,7 @@ final class CompanyResource extends JsonResource
'contact_name' => $this->contact_name,
'contact_email' => $this->contact_email,
'contact_phone' => $this->contact_phone,
'persons_count' => $this->whenCounted('persons'),
'created_at' => $this->created_at->toIso8601String(),
];
}

7
api/app/Models/Company.php
View File

@@ -7,6 +7,7 @@ namespace App\Models;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
@@ -35,4 +36,10 @@ final class Company extends Model
{
return $this->hasMany(Person::class);
}
/** @param Builder<self> $query */
public function scopeOrdered(Builder $query): Builder
{
return $query->orderBy('name');
}
}

10
api/app/Policies/CompanyPolicy.php
View File

@@ -16,6 +16,16 @@ final class CompanyPolicy
|| $organisation->users()->where('user_id', $user->id)->exists();
}
public function view(User $user, Company $company, Organisation $organisation): bool
{
if ($company->organisation_id !== $organisation->id) {
return false;
}
return $user->hasRole('super_admin')
|| $organisation->users()->where('user_id', $user->id)->exists();
}
public function create(User $user, Organisation $organisation): bool
{
return $this->canManageOrganisation($user, $organisation);

252
api/tests/Feature/Company/CompanyTest.php Normal file
View File

@@ -0,0 +1,252 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Company;
use App\Models\Company;
use App\Models\Organisation;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class CompanyTest extends TestCase
{
use RefreshDatabase;
private User $orgAdmin;
private User $outsider;
private Organisation $organisation;
private Organisation $otherOrganisation;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->organisation = Organisation::factory()->create();
$this->otherOrganisation = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
$this->outsider = User::factory()->create();
$this->otherOrganisation->users()->attach($this->outsider, ['role' => 'org_admin']);
}
public function test_index_returns_companies_for_organisation(): void
{
Company::factory()->count(3)->create(['organisation_id' => $this->organisation->id]);
// Company on other org should not appear
Company::factory()->create(['organisation_id' => $this->otherOrganisation->id]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies");
$response->assertOk();
$this->assertCount(3, $response->json('data'));
}
public function test_index_returns_companies_ordered_by_name(): void
{
Company::factory()->create(['organisation_id' => $this->organisation->id, 'name' => 'Zebra BV']);
Company::factory()->create(['organisation_id' => $this->organisation->id, 'name' => 'Alpha BV']);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies");
$response->assertOk();
$names = collect($response->json('data'))->pluck('name')->all();
$this->assertSame(['Alpha BV', 'Zebra BV'], $names);
}
public function test_index_includes_persons_count(): void
{
$company = Company::factory()->create(['organisation_id' => $this->organisation->id]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies");
$response->assertOk();
$this->assertArrayHasKey('persons_count', $response->json('data.0'));
}
public function test_index_unauthenticated_returns_401(): void
{
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies");
$response->assertUnauthorized();
}
public function test_index_cross_org_returns_403(): void
{
Sanctum::actingAs($this->outsider);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies");
$response->assertForbidden();
}
public function test_store_creates_company(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/companies", [
'name' => 'Catering Janssen',
'type' => 'supplier',
'contact_name' => 'Jan Janssen',
'contact_email' => 'jan@janssen.nl',
'contact_phone' => '+31612345678',
]);
$response->assertCreated()
->assertJson(['data' => ['name' => 'Catering Janssen', 'type' => 'supplier']]);
$this->assertDatabaseHas('companies', [
'organisation_id' => $this->organisation->id,
'name' => 'Catering Janssen',
'type' => 'supplier',
]);
}
public function test_store_unauthenticated_returns_401(): void
{
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/companies", [
'name' => 'Test BV',
'type' => 'supplier',
]);
$response->assertUnauthorized();
}
public function test_store_cross_org_returns_403(): void
{
Sanctum::actingAs($this->outsider);
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/companies", [
'name' => 'Test BV',
'type' => 'supplier',
]);
$response->assertForbidden();
}
public function test_store_missing_name_returns_422(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/companies", [
'type' => 'supplier',
]);
$response->assertUnprocessable()
->assertJsonValidationErrors('name');
}
public function test_store_invalid_type_returns_422(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/companies", [
'name' => 'Test BV',
'type' => 'invalid_type',
]);
$response->assertUnprocessable()
->assertJsonValidationErrors('type');
}
public function test_show_returns_company(): void
{
$company = Company::factory()->create([
'organisation_id' => $this->organisation->id,
'name' => 'Test BV',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}");
$response->assertOk()
->assertJson(['data' => ['name' => 'Test BV']]);
}
public function test_show_cross_org_returns_403(): void
{
$company = Company::factory()->create([
'organisation_id' => $this->organisation->id,
]);
Sanctum::actingAs($this->outsider);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}");
$response->assertForbidden();
}
public function test_update_company(): void
{
$company = Company::factory()->create([
'organisation_id' => $this->organisation->id,
'name' => 'Old Name',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->putJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}", [
'name' => 'New Name',
'type' => 'partner',
]);
$response->assertOk()
->assertJson(['data' => ['name' => 'New Name', 'type' => 'partner']]);
}
public function test_update_cross_org_returns_403(): void
{
$company = Company::factory()->create([
'organisation_id' => $this->organisation->id,
]);
Sanctum::actingAs($this->outsider);
$response = $this->putJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}", [
'name' => 'Hacked',
]);
$response->assertForbidden();
}
public function test_destroy_soft_deletes_company(): void
{
$company = Company::factory()->create([
'organisation_id' => $this->organisation->id,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->deleteJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}");
$response->assertNoContent();
$this->assertSoftDeleted('companies', ['id' => $company->id]);
}
public function test_destroy_cross_org_returns_403(): void
{
$company = Company::factory()->create([
'organisation_id' => $this->organisation->id,
]);
Sanctum::actingAs($this->outsider);
$response = $this->deleteJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}");
$response->assertForbidden();
}
}