feat(api): add GET endpoint for crowd list persons

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 14:25:11 +02:00
parent e14cfe8ae2
commit 69306206b1
6 changed files with 113 additions and 0 deletions
--- a/api/tests/Feature/CrowdList/CrowdListTest.php
+++ b/api/tests/Feature/CrowdList/CrowdListTest.php
@@ -377,6 +377,88 @@ class CrowdListTest extends TestCase
        $this->assertEquals(3, $listData['persons_count']);
    }

+    // ---- Persons Listing Tests ----
+
+    public function test_can_list_persons_in_crowd_list(): void
+    {
+        $crowdList = CrowdList::factory()->create([
+            'event_id' => $this->event->id,
+            'crowd_type_id' => $this->crowdType->id,
+        ]);
+
+        $persons = Person::factory()->count(3)->create([
+            'event_id' => $this->event->id,
+            'crowd_type_id' => $this->crowdType->id,
+        ]);
+
+        foreach ($persons as $person) {
+            $crowdList->persons()->attach($person->id, [
+                'added_at' => now()->toDateTimeString(),
+                'added_by_user_id' => $this->orgAdmin->id,
+            ]);
+        }
+
+        Sanctum::actingAs($this->orgAdmin);
+
+        $response = $this->getJson("/api/v1/events/{$this->event->id}/crowd-lists/{$crowdList->id}/persons");
+
+        $response->assertOk();
+        $this->assertCount(3, $response->json('data'));
+
+        // Verify pivot data is present
+        $firstPerson = $response->json('data.0');
+        $this->assertArrayHasKey('crowd_list_pivot', $firstPerson);
+        $this->assertNotNull($firstPerson['crowd_list_pivot']['added_at']);
+        $this->assertEquals($this->orgAdmin->id, $firstPerson['crowd_list_pivot']['added_by_user_id']);
+    }
+
+    public function test_persons_list_is_paginated(): void
+    {
+        $crowdList = CrowdList::factory()->create([
+            'event_id' => $this->event->id,
+            'crowd_type_id' => $this->crowdType->id,
+        ]);
+
+        $persons = Person::factory()->count(3)->create([
+            'event_id' => $this->event->id,
+            'crowd_type_id' => $this->crowdType->id,
+        ]);
+
+        foreach ($persons as $person) {
+            $crowdList->persons()->attach($person->id, [
+                'added_at' => now()->toDateTimeString(),
+                'added_by_user_id' => $this->orgAdmin->id,
+            ]);
+        }
+
+        Sanctum::actingAs($this->orgAdmin);
+
+        $response = $this->getJson("/api/v1/events/{$this->event->id}/crowd-lists/{$crowdList->id}/persons");
+
+        $response->assertOk();
+        $response->assertJsonStructure([
+            'data',
+            'links',
+            'meta' => ['current_page', 'per_page', 'total', 'last_page'],
+        ]);
+        $this->assertEquals(3, $response->json('meta.total'));
+        $this->assertEquals(50, $response->json('meta.per_page'));
+    }
+
+    public function test_cross_org_cannot_list_crowd_list_persons(): void
+    {
+        $crowdList = CrowdList::factory()->create([
+            'event_id' => $this->event->id,
+            'crowd_type_id' => $this->crowdType->id,
+        ]);
+
+        Sanctum::actingAs($this->outsider);
+
+        $response = $this->getJson("/api/v1/events/{$this->event->id}/crowd-lists/{$crowdList->id}/persons");
+
+        $response->assertForbidden();
+    }
+
    // ---- Authorization Tests ----

    public function test_cross_org_cannot_access_crowd_lists(): void