bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: fase 2 backend — crowd types, persons, sections, shifts, invite flow

Browse Source 
- Crowd Types + Persons CRUD (73 tests)
- Festival Sections + Time Slots + Shifts CRUD met assign/claim flow (84 tests)
- Invite Flow + Member Management met InvitationService (109 tests)
- Schema v1.6 migraties volledig uitgevoerd
- DevSeeder bijgewerkt met crowd types voor testorganisatie
This commit is contained in:
bert.hausmans
2026-04-08 01:34:46 +02:00
parent c417a6647a
commit 9acb27af3a
114 changed files with 6916 additions and 984 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
api/app/Console/Commands/ExpireInvitations.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace App\Console\Commands;
use App\Services\InvitationService;
use Illuminate\Console\Command;
final class ExpireInvitations extends Command
{
protected $signature = 'invitations:expire';
protected $description = 'Mark all expired pending invitations as expired';
public function handle(InvitationService $invitationService): int
{
$count = $invitationService->expireOldInvitations();
$this->info("Marked {$count} invitation(s) as expired.");
return self::SUCCESS;
}
}

54
api/app/Http/Controllers/Api/V1/CompanyController.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreCompanyRequest;
use App\Http\Requests\Api\V1\UpdateCompanyRequest;
use App\Http\Resources\Api\V1\CompanyResource;
use App\Models\Company;
use App\Models\Organisation;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class CompanyController extends Controller
{
public function index(Organisation $organisation): AnonymousResourceCollection
{
Gate::authorize('viewAny', [Company::class, $organisation]);
$companies = $organisation->companies()->get();
return CompanyResource::collection($companies);
}
public function store(StoreCompanyRequest $request, Organisation $organisation): JsonResponse
{
Gate::authorize('create', [Company::class, $organisation]);
$company = $organisation->companies()->create($request->validated());
return $this->created(new CompanyResource($company));
}
public function update(UpdateCompanyRequest $request, Organisation $organisation, Company $company): JsonResponse
{
Gate::authorize('update', [$company, $organisation]);
$company->update($request->validated());
return $this->success(new CompanyResource($company->fresh()));
}
public function destroy(Organisation $organisation, Company $company): JsonResponse
{
Gate::authorize('delete', [$company, $organisation]);
$company->delete();
return response()->json(null, 204);
}
}

83
api/app/Http/Controllers/Api/V1/CrowdListController.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreCrowdListRequest;
use App\Http\Requests\Api\V1\UpdateCrowdListRequest;
use App\Http\Resources\Api\V1\CrowdListResource;
use App\Models\CrowdList;
use App\Models\Event;
use App\Models\Person;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class CrowdListController extends Controller
{
public function index(Event $event): AnonymousResourceCollection
{
Gate::authorize('viewAny', [CrowdList::class, $event]);
$crowdLists = $event->crowdLists()->withCount('persons')->get();
return CrowdListResource::collection($crowdLists);
}
public function store(StoreCrowdListRequest $request, Event $event): JsonResponse
{
Gate::authorize('create', [CrowdList::class, $event]);
$crowdList = $event->crowdLists()->create($request->validated());
return $this->created(new CrowdListResource($crowdList));
}
public function update(UpdateCrowdListRequest $request, Event $event, CrowdList $crowdList): JsonResponse
{
Gate::authorize('update', [$crowdList, $event]);
$crowdList->update($request->validated());
return $this->success(new CrowdListResource($crowdList->fresh()));
}
public function destroy(Event $event, CrowdList $crowdList): JsonResponse
{
Gate::authorize('delete', [$crowdList, $event]);
$crowdList->delete();
return response()->json(null, 204);
}
public function addPerson(Request $request, Event $event, CrowdList $crowdList): JsonResponse
{
Gate::authorize('managePerson', [$crowdList, $event]);
$validated = $request->validate([
'person_id' => ['required', 'ulid', 'exists:persons,id'],
]);
$crowdList->persons()->syncWithoutDetaching([
$validated['person_id'] => [
'added_at' => now(),
'added_by_user_id' => $request->user()->id,
],
]);
return $this->success(new CrowdListResource($crowdList->fresh()->loadCount('persons')));
}
public function removePerson(Event $event, CrowdList $crowdList, Person $person): JsonResponse
{
Gate::authorize('managePerson', [$crowdList, $event]);
$crowdList->persons()->detach($person->id);
return response()->json(null, 204);
}
}

58
api/app/Http/Controllers/Api/V1/CrowdTypeController.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreCrowdTypeRequest;
use App\Http\Requests\Api\V1\UpdateCrowdTypeRequest;
use App\Http\Resources\Api\V1\CrowdTypeResource;
use App\Models\CrowdType;
use App\Models\Organisation;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class CrowdTypeController extends Controller
{
public function index(Organisation $organisation): AnonymousResourceCollection
{
Gate::authorize('viewAny', [CrowdType::class, $organisation]);
$crowdTypes = $organisation->crowdTypes()->where('is_active', true)->get();
return CrowdTypeResource::collection($crowdTypes);
}
public function store(StoreCrowdTypeRequest $request, Organisation $organisation): JsonResponse
{
Gate::authorize('create', [CrowdType::class, $organisation]);
$crowdType = $organisation->crowdTypes()->create($request->validated());
return $this->created(new CrowdTypeResource($crowdType));
}
public function update(UpdateCrowdTypeRequest $request, Organisation $organisation, CrowdType $crowdType): JsonResponse
{
Gate::authorize('update', [$crowdType, $organisation]);
$crowdType->update($request->validated());
return $this->success(new CrowdTypeResource($crowdType->fresh()));
}
public function destroy(Organisation $organisation, CrowdType $crowdType): JsonResponse
{
Gate::authorize('delete', [$crowdType, $organisation]);
if ($crowdType->persons()->exists()) {
$crowdType->update(['is_active' => false]);
} else {
$crowdType->delete();
}
return response()->json(null, 204);
}
}

70
api/app/Http/Controllers/Api/V1/FestivalSectionController.php Normal file
View File

@@ -0,0 +1,70 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\ReorderFestivalSectionsRequest;
use App\Http\Requests\Api\V1\StoreFestivalSectionRequest;
use App\Http\Requests\Api\V1\UpdateFestivalSectionRequest;
use App\Http\Resources\Api\V1\FestivalSectionResource;
use App\Models\Event;
use App\Models\FestivalSection;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class FestivalSectionController extends Controller
{
public function index(Event $event): AnonymousResourceCollection
{
Gate::authorize('viewAny', [FestivalSection::class, $event]);
$sections = $event->festivalSections()->ordered()->get();
return FestivalSectionResource::collection($sections);
}
public function store(StoreFestivalSectionRequest $request, Event $event): JsonResponse
{
Gate::authorize('create', [FestivalSection::class, $event]);
$section = $event->festivalSections()->create($request->validated());
return $this->created(new FestivalSectionResource($section));
}
public function update(UpdateFestivalSectionRequest $request, Event $event, FestivalSection $section): JsonResponse
{
Gate::authorize('update', [$section, $event]);
$section->update($request->validated());
return $this->success(new FestivalSectionResource($section->fresh()));
}
public function destroy(Event $event, FestivalSection $section): JsonResponse
{
Gate::authorize('delete', [$section, $event]);
$section->delete();
return response()->json(null, 204);
}
public function reorder(ReorderFestivalSectionsRequest $request, Event $event): JsonResponse
{
Gate::authorize('reorder', [FestivalSection::class, $event]);
foreach ($request->validated('sections') as $item) {
$event->festivalSections()
->where('id', $item['id'])
->update(['sort_order' => $item['sort_order']]);
}
$sections = $event->festivalSections()->ordered()->get();
return $this->success(FestivalSectionResource::collection($sections));
}
}

86
api/app/Http/Controllers/Api/V1/InvitationController.php Normal file
View File

@@ -0,0 +1,86 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\AcceptInvitationRequest;
use App\Http\Requests\Api\V1\StoreInvitationRequest;
use App\Http\Resources\Api\V1\InvitationResource;
use App\Models\Organisation;
use App\Models\UserInvitation;
use App\Services\InvitationService;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Gate;
final class InvitationController extends Controller
{
public function __construct(
private readonly InvitationService $invitationService,
) {}
public function invite(StoreInvitationRequest $request, Organisation $organisation): JsonResponse
{
Gate::authorize('invite', $organisation);
$invitation = $this->invitationService->invite(
$organisation,
$request->validated('email'),
$request->validated('role'),
$request->user(),
);
return $this->created(
new InvitationResource($invitation->load(['organisation', 'invitedBy'])),
'Uitnodiging verstuurd',
);
}
public function show(string $token): JsonResponse
{
$invitation = UserInvitation::where('token', $token)
->with(['organisation', 'invitedBy'])
->first();
if (! $invitation) {
return $this->notFound('Uitnodiging niet gevonden');
}
return $this->success(new InvitationResource($invitation));
}
public function accept(AcceptInvitationRequest $request, string $token): JsonResponse
{
$invitation = UserInvitation::where('token', $token)->firstOrFail();
$user = $this->invitationService->accept(
$invitation,
$request->validated('password'),
);
$sanctumToken = $user->createToken('auth-token')->plainTextToken;
return $this->success([
'user' => [
'id' => $user->id,
'name' => $user->name,
'email' => $user->email,
],
'token' => $sanctumToken,
], 'Uitnodiging geaccepteerd');
}
public function revoke(Organisation $organisation, UserInvitation $invitation): JsonResponse
{
Gate::authorize('invite', $organisation);
if (! $invitation->isPending()) {
return $this->error('Alleen openstaande uitnodigingen kunnen worden ingetrokken.', 422);
}
$invitation->markAsExpired();
return response()->json(null, 204);
}
}

54
api/app/Http/Controllers/Api/V1/LocationController.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreLocationRequest;
use App\Http\Requests\Api\V1\UpdateLocationRequest;
use App\Http\Resources\Api\V1\LocationResource;
use App\Models\Event;
use App\Models\Location;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class LocationController extends Controller
{
public function index(Event $event): AnonymousResourceCollection
{
Gate::authorize('viewAny', [Location::class, $event]);
$locations = $event->locations()->orderBy('name')->get();
return LocationResource::collection($locations);
}
public function store(StoreLocationRequest $request, Event $event): JsonResponse
{
Gate::authorize('create', [Location::class, $event]);
$location = $event->locations()->create($request->validated());
return $this->created(new LocationResource($location));
}
public function update(UpdateLocationRequest $request, Event $event, Location $location): JsonResponse
{
Gate::authorize('update', [$location, $event]);
$location->update($request->validated());
return $this->success(new LocationResource($location->fresh()));
}
public function destroy(Event $event, Location $location): JsonResponse
{
Gate::authorize('delete', [$location, $event]);
$location->delete();
return response()->json(null, 204);
}
}

84
api/app/Http/Controllers/Api/V1/MemberController.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\UpdateMemberRequest;
use App\Http\Resources\Api\V1\MemberCollection;
use App\Http\Resources\Api\V1\MemberResource;
use App\Models\Organisation;
use App\Models\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Gate;
final class MemberController extends Controller
{
public function index(Organisation $organisation): MemberCollection
{
Gate::authorize('view', $organisation);
$members = $organisation->users()->get();
return new MemberCollection($members);
}
public function update(UpdateMemberRequest $request, Organisation $organisation, User $user): JsonResponse
{
Gate::authorize('invite', $organisation);
if ($request->user()->id === $user->id) {
return $this->error('Je kunt je eigen rol niet wijzigen.', 422);
}
$currentRole = $organisation->users()
->where('user_id', $user->id)
->first()?->pivot?->role;
if ($currentRole === 'org_admin' && $request->validated('role') !== 'org_admin') {
$adminCount = $organisation->users()
->wherePivot('role', 'org_admin')
->count();
if ($adminCount <= 1) {
return $this->error('De laatste org_admin kan niet worden gedegradeerd.', 422);
}
}
$organisation->users()->updateExistingPivot($user->id, [
'role' => $request->validated('role'),
]);
return $this->success(
new MemberResource($organisation->users()->where('user_id', $user->id)->first()),
);
}
public function destroy(Organisation $organisation, User $user): JsonResponse
{
Gate::authorize('invite', $organisation);
if (request()->user()->id === $user->id) {
return $this->error('Je kunt je eigen account niet verwijderen uit de organisatie.', 422);
}
$currentRole = $organisation->users()
->where('user_id', $user->id)
->first()?->pivot?->role;
if ($currentRole === 'org_admin') {
$adminCount = $organisation->users()
->wherePivot('role', 'org_admin')
->count();
if ($adminCount <= 1) {
return $this->error('De laatste org_admin kan niet worden verwijderd.', 422);
}
}
$organisation->users()->detach($user->id);
return response()->json(null, 204);
}
}

82
api/app/Http/Controllers/Api/V1/PersonController.php Normal file
View File

@@ -0,0 +1,82 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StorePersonRequest;
use App\Http\Requests\Api\V1\UpdatePersonRequest;
use App\Http\Resources\Api\V1\PersonCollection;
use App\Http\Resources\Api\V1\PersonResource;
use App\Models\Event;
use App\Models\Person;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
final class PersonController extends Controller
{
public function index(Request $request, Event $event): PersonCollection
{
Gate::authorize('viewAny', [Person::class, $event]);
$query = $event->persons()->with('crowdType');
if ($request->filled('crowd_type_id')) {
$query->where('crowd_type_id', $request->input('crowd_type_id'));
}
if ($request->filled('status')) {
$query->where('status', $request->input('status'));
}
return new PersonCollection($query->get());
}
public function show(Event $event, Person $person): JsonResponse
{
Gate::authorize('view', [$person, $event]);
$person->load(['crowdType', 'company']);
return $this->success(new PersonResource($person));
}
public function store(StorePersonRequest $request, Event $event): JsonResponse
{
Gate::authorize('create', [Person::class, $event]);
$person = $event->persons()->create($request->validated());
return $this->created(new PersonResource($person->fresh()->load('crowdType')));
}
public function update(UpdatePersonRequest $request, Event $event, Person $person): JsonResponse
{
Gate::authorize('update', [$person, $event]);
$person->update($request->validated());
$person->load(['crowdType', 'company']);
return $this->success(new PersonResource($person->fresh()->load(['crowdType', 'company'])));
}
public function destroy(Event $event, Person $person): JsonResponse
{
Gate::authorize('delete', [$person, $event]);
$person->delete();
return response()->json(null, 204);
}
public function approve(Event $event, Person $person): JsonResponse
{
Gate::authorize('approve', [$person, $event]);
$person->update(['status' => 'approved']);
return $this->success(new PersonResource($person->fresh()->load('crowdType')));
}
}

148
api/app/Http/Controllers/Api/V1/ShiftController.php Normal file
View File

@@ -0,0 +1,148 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\AssignShiftRequest;
use App\Http\Requests\Api\V1\StoreShiftRequest;
use App\Http\Requests\Api\V1\UpdateShiftRequest;
use App\Http\Resources\Api\V1\ShiftAssignmentResource;
use App\Http\Resources\Api\V1\ShiftResource;
use App\Models\Event;
use App\Models\FestivalSection;
use App\Models\Shift;
use App\Models\ShiftAssignment;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class ShiftController extends Controller
{
public function index(Event $event, FestivalSection $section): AnonymousResourceCollection
{
Gate::authorize('viewAny', [Shift::class, $event]);
$shifts = $section->shifts()
->with(['timeSlot', 'location'])
->get();
return ShiftResource::collection($shifts);
}
public function store(StoreShiftRequest $request, Event $event, FestivalSection $section): JsonResponse
{
Gate::authorize('create', [Shift::class, $event]);
$shift = $section->shifts()->create($request->validated());
$shift->load(['timeSlot', 'location']);
return $this->created(new ShiftResource($shift));
}
public function update(UpdateShiftRequest $request, Event $event, FestivalSection $section, Shift $shift): JsonResponse
{
Gate::authorize('update', [$shift, $event, $section]);
$shift->update($request->validated());
$shift->load(['timeSlot', 'location']);
return $this->success(new ShiftResource($shift->fresh()->load(['timeSlot', 'location'])));
}
public function destroy(Event $event, FestivalSection $section, Shift $shift): JsonResponse
{
Gate::authorize('delete', [$shift, $event, $section]);
$shift->delete();
return response()->json(null, 204);
}
public function assign(AssignShiftRequest $request, Event $event, FestivalSection $section, Shift $shift): JsonResponse
{
Gate::authorize('assign', [$shift, $event, $section]);
$personId = $request->validated('person_id');
// Check if shift is full
$approvedCount = $shift->shiftAssignments()->where('status', 'approved')->count();
if ($approvedCount >= $shift->slots_total) {
return $this->error('Shift is vol — alle slots zijn bezet.', 422);
}
// Check overlap conflict if allow_overlap is false
if (! $shift->allow_overlap) {
$conflict = ShiftAssignment::where('person_id', $personId)
->where('time_slot_id', $shift->time_slot_id)
->whereNotIn('status', ['rejected', 'cancelled'])
->exists();
if ($conflict) {
return $this->error('Deze persoon is al ingepland voor dit tijdslot.', 422);
}
}
$autoApprove = $section->crew_auto_accepts;
$assignment = $shift->shiftAssignments()->create([
'person_id' => $personId,
'time_slot_id' => $shift->time_slot_id,
'status' => $autoApprove ? 'approved' : 'approved',
'auto_approved' => $autoApprove,
'assigned_by' => $request->user()->id,
'assigned_at' => now(),
'approved_at' => now(),
]);
// Update shift status if full
$newApprovedCount = $shift->shiftAssignments()->where('status', 'approved')->count();
if ($newApprovedCount >= $shift->slots_total) {
$shift->update(['status' => 'full']);
}
return $this->created(new ShiftAssignmentResource($assignment));
}
public function claim(AssignShiftRequest $request, Event $event, FestivalSection $section, Shift $shift): JsonResponse
{
Gate::authorize('claim', [$shift, $event, $section]);
$personId = $request->validated('person_id');
// Check claiming slots available
$claimedCount = $shift->shiftAssignments()
->whereNotIn('status', ['rejected', 'cancelled'])
->count();
if ($shift->slots_open_for_claiming <= 0 || $claimedCount >= $shift->slots_open_for_claiming) {
return $this->error('Geen claimbare slots beschikbaar voor deze shift.', 422);
}
// Check overlap conflict if allow_overlap is false
if (! $shift->allow_overlap) {
$conflict = ShiftAssignment::where('person_id', $personId)
->where('time_slot_id', $shift->time_slot_id)
->whereNotIn('status', ['rejected', 'cancelled'])
->exists();
if ($conflict) {
return $this->error('Deze persoon is al ingepland voor dit tijdslot.', 422);
}
}
$autoApprove = $section->crew_auto_accepts;
$assignment = $shift->shiftAssignments()->create([
'person_id' => $personId,
'time_slot_id' => $shift->time_slot_id,
'status' => $autoApprove ? 'approved' : 'pending_approval',
'auto_approved' => $autoApprove,
'assigned_at' => now(),
'approved_at' => $autoApprove ? now() : null,
]);
return $this->created(new ShiftAssignmentResource($assignment));
}
}

54
api/app/Http/Controllers/Api/V1/TimeSlotController.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreTimeSlotRequest;
use App\Http\Requests\Api\V1\UpdateTimeSlotRequest;
use App\Http\Resources\Api\V1\TimeSlotResource;
use App\Models\Event;
use App\Models\TimeSlot;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class TimeSlotController extends Controller
{
public function index(Event $event): AnonymousResourceCollection
{
Gate::authorize('viewAny', [TimeSlot::class, $event]);
$timeSlots = $event->timeSlots()->orderBy('date')->orderBy('start_time')->get();
return TimeSlotResource::collection($timeSlots);
}
public function store(StoreTimeSlotRequest $request, Event $event): JsonResponse
{
Gate::authorize('create', [TimeSlot::class, $event]);
$timeSlot = $event->timeSlots()->create($request->validated());
return $this->created(new TimeSlotResource($timeSlot));
}
public function update(UpdateTimeSlotRequest $request, Event $event, TimeSlot $timeSlot): JsonResponse
{
Gate::authorize('update', [$timeSlot, $event]);
$timeSlot->update($request->validated());
return $this->success(new TimeSlotResource($timeSlot->fresh()));
}
public function destroy(Event $event, TimeSlot $timeSlot): JsonResponse
{
Gate::authorize('delete', [$timeSlot, $event]);
$timeSlot->delete();
return response()->json(null, 204);
}
}

29
api/app/Http/Requests/Api/V1/AcceptInvitationRequest.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use App\Models\User;
use App\Models\UserInvitation;
use Illuminate\Foundation\Http\FormRequest;
final class AcceptInvitationRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
$invitation = UserInvitation::where('token', $this->route('token'))->first();
$userExists = $invitation && User::where('email', $invitation->email)->exists();
return [
'name' => [$userExists ? 'nullable' : 'required', 'string', 'max:255'],
'password' => [$userExists ? 'nullable' : 'required', 'string', 'min:8', 'confirmed'],
];
}
}

23
api/app/Http/Requests/Api/V1/AssignShiftRequest.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class AssignShiftRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'person_id' => ['required', 'ulid', 'exists:persons,id'],
];
}
}

25
api/app/Http/Requests/Api/V1/ReorderFestivalSectionsRequest.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class ReorderFestivalSectionsRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'sections' => ['required', 'array'],
'sections.*.id' => ['required', 'ulid'],
'sections.*.sort_order' => ['required', 'integer', 'min:0'],
];
}
}

27
api/app/Http/Requests/Api/V1/StoreCompanyRequest.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class StoreCompanyRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'name' => ['required', 'string', 'max:255'],
'type' => ['required', 'in:supplier,partner,agency,venue,other'],
'contact_name' => ['nullable', 'string', 'max:255'],
'contact_email' => ['nullable', 'email', 'max:255'],
'contact_phone' => ['nullable', 'string', 'max:30'],
];
}
}

28
api/app/Http/Requests/Api/V1/StoreCrowdListRequest.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class StoreCrowdListRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'crowd_type_id' => ['required', 'ulid', 'exists:crowd_types,id'],
'name' => ['required', 'string', 'max:255'],
'type' => ['required', 'in:internal,external'],
'recipient_company_id' => ['nullable', 'ulid', 'exists:companies,id'],
'auto_approve' => ['sometimes', 'boolean'],
'max_persons' => ['nullable', 'integer', 'min:1'],
];
}
}

26
api/app/Http/Requests/Api/V1/StoreCrowdTypeRequest.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class StoreCrowdTypeRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'name' => ['required', 'string', 'max:100'],
'system_type' => ['required', 'in:CREW,GUEST,ARTIST,VOLUNTEER,PRESS,PARTNER,SUPPLIER'],
'color' => ['required', 'regex:/^#[0-9A-Fa-f]{6}$/'],
'icon' => ['nullable', 'string', 'max:50'],
];
}
}

27
api/app/Http/Requests/Api/V1/StoreFestivalSectionRequest.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class StoreFestivalSectionRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'name' => ['required', 'string', 'max:255'],
'sort_order' => ['nullable', 'integer', 'min:0'],
'type' => ['nullable', 'in:standard,cross_event'],
'crew_auto_accepts' => ['nullable', 'boolean'],
'responder_self_checkin' => ['nullable', 'boolean'],
];
}
}

24
api/app/Http/Requests/Api/V1/StoreInvitationRequest.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class StoreInvitationRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'email' => ['required', 'email', 'max:255'],
'role' => ['required', 'in:org_admin,org_member,event_manager,staff_coordinator,volunteer_coordinator'],
];
}
}

28
api/app/Http/Requests/Api/V1/StoreLocationRequest.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class StoreLocationRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'name' => ['required', 'string', 'max:255'],
'address' => ['nullable', 'string', 'max:255'],
'lat' => ['nullable', 'numeric', 'between:-90,90'],
'lng' => ['nullable', 'numeric', 'between:-180,180'],
'description' => ['nullable', 'string'],
'access_instructions' => ['nullable', 'string'],
];
}
}

29
api/app/Http/Requests/Api/V1/StorePersonRequest.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class StorePersonRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'crowd_type_id' => ['required', 'ulid', 'exists:crowd_types,id'],
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'email', 'max:255'],
'phone' => ['nullable', 'string', 'max:30'],
'company_id' => ['nullable', 'ulid', 'exists:companies,id'],
'status' => ['nullable', 'in:invited,applied,pending,approved,rejected,no_show'],
'custom_fields' => ['nullable', 'array'],
];
}
}

36
api/app/Http/Requests/Api/V1/StoreShiftRequest.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class StoreShiftRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'time_slot_id' => ['required', 'ulid', 'exists:time_slots,id'],
'location_id' => ['nullable', 'ulid', 'exists:locations,id'],
'title' => ['nullable', 'string', 'max:255'],
'description' => ['nullable', 'string'],
'instructions' => ['nullable', 'string'],
'coordinator_notes' => ['nullable', 'string'],
'slots_total' => ['required', 'integer', 'min:1'],
'slots_open_for_claiming' => ['required', 'integer', 'min:0', 'lte:slots_total'],
'report_time' => ['nullable', 'date_format:H:i'],
'actual_start_time' => ['nullable', 'date_format:H:i'],
'actual_end_time' => ['nullable', 'date_format:H:i'],
'is_lead_role' => ['nullable', 'boolean'],
'allow_overlap' => ['nullable', 'boolean'],
'status' => ['nullable', 'in:draft,open,full,in_progress,completed,cancelled'],
];
}
}

28
api/app/Http/Requests/Api/V1/StoreTimeSlotRequest.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class StoreTimeSlotRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'name' => ['required', 'string', 'max:255'],
'person_type' => ['required', 'in:CREW,VOLUNTEER,PRESS,PHOTO,PARTNER'],
'date' => ['required', 'date'],
'start_time' => ['required', 'date_format:H:i'],
'end_time' => ['required', 'date_format:H:i'],
'duration_hours' => ['nullable', 'numeric', 'min:0.5', 'max:24'],
];
}
}

27
api/app/Http/Requests/Api/V1/UpdateCompanyRequest.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class UpdateCompanyRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'name' => ['sometimes', 'string', 'max:255'],
'type' => ['sometimes', 'in:supplier,partner,agency,venue,other'],
'contact_name' => ['nullable', 'string', 'max:255'],
'contact_email' => ['nullable', 'email', 'max:255'],
'contact_phone' => ['nullable', 'string', 'max:30'],
];
}
}

28
api/app/Http/Requests/Api/V1/UpdateCrowdListRequest.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class UpdateCrowdListRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'crowd_type_id' => ['sometimes', 'ulid', 'exists:crowd_types,id'],
'name' => ['sometimes', 'string', 'max:255'],
'type' => ['sometimes', 'in:internal,external'],
'recipient_company_id' => ['nullable', 'ulid', 'exists:companies,id'],
'auto_approve' => ['sometimes', 'boolean'],
'max_persons' => ['nullable', 'integer', 'min:1'],
];
}
}

26
api/app/Http/Requests/Api/V1/UpdateCrowdTypeRequest.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class UpdateCrowdTypeRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'name' => ['sometimes', 'string', 'max:100'],
'color' => ['sometimes', 'regex:/^#[0-9A-Fa-f]{6}$/'],
'icon' => ['nullable', 'string', 'max:50'],
'is_active' => ['sometimes', 'boolean'],
];
}
}

33
api/app/Http/Requests/Api/V1/UpdateFestivalSectionRequest.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class UpdateFestivalSectionRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'name' => ['sometimes', 'string', 'max:255'],
'sort_order' => ['sometimes', 'integer', 'min:0'],
'type' => ['sometimes', 'in:standard,cross_event'],
'crew_auto_accepts' => ['sometimes', 'boolean'],
'responder_self_checkin' => ['sometimes', 'boolean'],
'crew_need' => ['nullable', 'integer', 'min:0'],
'crew_invited_to_events' => ['sometimes', 'boolean'],
'added_to_timeline' => ['sometimes', 'boolean'],
'timed_accreditations' => ['sometimes', 'boolean'],
'crew_accreditation_level' => ['nullable', 'string', 'max:50'],
'public_form_accreditation_level' => ['nullable', 'string', 'max:50'],
];
}
}

28
api/app/Http/Requests/Api/V1/UpdateLocationRequest.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class UpdateLocationRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'name' => ['sometimes', 'string', 'max:255'],
'address' => ['nullable', 'string', 'max:255'],
'lat' => ['nullable', 'numeric', 'between:-90,90'],
'lng' => ['nullable', 'numeric', 'between:-180,180'],
'description' => ['nullable', 'string'],
'access_instructions' => ['nullable', 'string'],
];
}
}

23
api/app/Http/Requests/Api/V1/UpdateMemberRequest.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class UpdateMemberRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'role' => ['required', 'in:org_admin,org_member,event_manager,staff_coordinator,volunteer_coordinator'],
];
}
}

31
api/app/Http/Requests/Api/V1/UpdatePersonRequest.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class UpdatePersonRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'crowd_type_id' => ['sometimes', 'ulid', 'exists:crowd_types,id'],
'name' => ['sometimes', 'string', 'max:255'],
'email' => ['sometimes', 'email', 'max:255'],
'phone' => ['nullable', 'string', 'max:30'],
'company_id' => ['nullable', 'ulid', 'exists:companies,id'],
'status' => ['sometimes', 'in:invited,applied,pending,approved,rejected,no_show'],
'is_blacklisted' => ['sometimes', 'boolean'],
'admin_notes' => ['nullable', 'string'],
'custom_fields' => ['nullable', 'array'],
];
}
}

36
api/app/Http/Requests/Api/V1/UpdateShiftRequest.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class UpdateShiftRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'time_slot_id' => ['sometimes', 'ulid', 'exists:time_slots,id'],
'location_id' => ['nullable', 'ulid', 'exists:locations,id'],
'title' => ['nullable', 'string', 'max:255'],
'description' => ['nullable', 'string'],
'instructions' => ['nullable', 'string'],
'coordinator_notes' => ['nullable', 'string'],
'slots_total' => ['sometimes', 'integer', 'min:1'],
'slots_open_for_claiming' => ['sometimes', 'integer', 'min:0'],
'report_time' => ['nullable', 'date_format:H:i'],
'actual_start_time' => ['nullable', 'date_format:H:i'],
'actual_end_time' => ['nullable', 'date_format:H:i'],
'is_lead_role' => ['nullable', 'boolean'],
'allow_overlap' => ['nullable', 'boolean'],
'status' => ['sometimes', 'in:draft,open,full,in_progress,completed,cancelled'],
];
}
}

28
api/app/Http/Requests/Api/V1/UpdateTimeSlotRequest.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
final class UpdateTimeSlotRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
/** @return array<string, mixed> */
public function rules(): array
{
return [
'name' => ['sometimes', 'string', 'max:255'],
'person_type' => ['sometimes', 'in:CREW,VOLUNTEER,PRESS,PHOTO,PARTNER'],
'date' => ['sometimes', 'date'],
'start_time' => ['sometimes', 'date_format:H:i'],
'end_time' => ['sometimes', 'date_format:H:i'],
'duration_hours' => ['nullable', 'numeric', 'min:0.5', 'max:24'],
];
}
}

25
api/app/Http/Resources/Api/V1/CompanyResource.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class CompanyResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'organisation_id' => $this->organisation_id,
'name' => $this->name,
'type' => $this->type,
'contact_name' => $this->contact_name,
'contact_email' => $this->contact_email,
'contact_phone' => $this->contact_phone,
'created_at' => $this->created_at->toIso8601String(),
];
}
}

27
api/app/Http/Resources/Api/V1/CrowdListResource.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class CrowdListResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'event_id' => $this->event_id,
'crowd_type_id' => $this->crowd_type_id,
'name' => $this->name,
'type' => $this->type,
'recipient_company_id' => $this->recipient_company_id,
'auto_approve' => $this->auto_approve,
'max_persons' => $this->max_persons,
'created_at' => $this->created_at->toIso8601String(),
'persons_count' => $this->whenCounted('persons'),
];
}
}

24
api/app/Http/Resources/Api/V1/CrowdTypeResource.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class CrowdTypeResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'organisation_id' => $this->organisation_id,
'name' => $this->name,
'system_type' => $this->system_type,
'color' => $this->color,
'icon' => $this->icon,
'is_active' => $this->is_active,
];
}
}

29
api/app/Http/Resources/Api/V1/FestivalSectionResource.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class FestivalSectionResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'event_id' => $this->event_id,
'name' => $this->name,
'type' => $this->type,
'sort_order' => $this->sort_order,
'crew_need' => $this->crew_need,
'crew_auto_accepts' => $this->crew_auto_accepts,
'responder_self_checkin' => $this->responder_self_checkin,
'added_to_timeline' => $this->added_to_timeline,
'crew_accreditation_level' => $this->crew_accreditation_level,
'created_at' => $this->created_at->toIso8601String(),
'shifts_count' => $this->whenCounted('shifts'),
];
}
}

29
api/app/Http/Resources/Api/V1/InvitationResource.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class InvitationResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'email' => $this->email,
'role' => $this->role,
'status' => $this->isExpired() && $this->isPending() ? 'expired' : $this->status,
'expires_at' => $this->expires_at->toIso8601String(),
'created_at' => $this->created_at->toIso8601String(),
'organisation' => $this->whenLoaded('organisation', fn () => [
'name' => $this->organisation->name,
]),
'invited_by' => $this->whenLoaded('invitedBy', fn () => [
'name' => $this->invitedBy?->name,
]),
];
}
}

26
api/app/Http/Resources/Api/V1/LocationResource.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class LocationResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'event_id' => $this->event_id,
'name' => $this->name,
'address' => $this->address,
'lat' => $this->lat,
'lng' => $this->lng,
'description' => $this->description,
'access_instructions' => $this->access_instructions,
'created_at' => $this->created_at->toIso8601String(),
];
}
}

37
api/app/Http/Resources/Api/V1/MemberCollection.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use App\Models\UserInvitation;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\ResourceCollection;
final class MemberCollection extends ResourceCollection
{
public $collects = MemberResource::class;
public function toArray(Request $request): array
{
return [
'data' => $this->collection,
];
}
/** @return array<string, mixed> */
public function with(Request $request): array
{
$organisation = $request->route('organisation');
return [
'meta' => [
'total_members' => $this->collection->count(),
'pending_invitations_count' => UserInvitation::where('organisation_id', $organisation->id)
->pending()
->where('expires_at', '>', now())
->count(),
],
];
}
}

29
api/app/Http/Resources/Api/V1/MemberResource.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class MemberResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'name' => $this->name,
'email' => $this->email,
'role' => $this->pivot?->role,
'avatar' => $this->avatar,
'event_roles' => $this->whenLoaded('events', fn () =>
$this->events->map(fn ($event) => [
'event_id' => $event->id,
'event_name' => $event->name,
'role' => $event->pivot->role,
])
),
];
}
}

44
api/app/Http/Resources/Api/V1/PersonCollection.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\ResourceCollection;
final class PersonCollection extends ResourceCollection
{
public $collects = PersonResource::class;
public function toArray(Request $request): array
{
return [
'data' => $this->collection,
];
}
public function with(Request $request): array
{
$persons = $this->collection;
$byCrowdType = $persons->groupBy(fn ($person) => $person->crowd_type_id);
$crowdTypeMeta = [];
foreach ($byCrowdType as $crowdTypeId => $group) {
$crowdTypeMeta[$crowdTypeId] = [
'approved_count' => $group->where('status', 'approved')->count(),
'pending_count' => $group->where('status', 'pending')->count(),
];
}
return [
'meta' => [
'total' => $persons->count(),
'approved_count' => $persons->where('status', 'approved')->count(),
'pending_count' => $persons->where('status', 'pending')->count(),
'by_crowd_type' => $crowdTypeMeta,
],
];
}
}

29
api/app/Http/Resources/Api/V1/PersonResource.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class PersonResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'event_id' => $this->event_id,
'name' => $this->name,
'email' => $this->email,
'phone' => $this->phone,
'status' => $this->status,
'is_blacklisted' => $this->is_blacklisted,
'admin_notes' => $this->admin_notes,
'custom_fields' => $this->custom_fields,
'created_at' => $this->created_at->toIso8601String(),
'crowd_type' => new CrowdTypeResource($this->whenLoaded('crowdType')),
'company' => new CompanyResource($this->whenLoaded('company')),
];
}
}

24
api/app/Http/Resources/Api/V1/ShiftAssignmentResource.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class ShiftAssignmentResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'shift_id' => $this->shift_id,
'person_id' => $this->person_id,
'status' => $this->status,
'auto_approved' => $this->auto_approved,
'assigned_at' => $this->assigned_at?->toIso8601String(),
'approved_at' => $this->approved_at?->toIso8601String(),
];
}
}

71
api/app/Http/Resources/Api/V1/ShiftResource.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class ShiftResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'festival_section_id' => $this->festival_section_id,
'time_slot_id' => $this->time_slot_id,
'location_id' => $this->location_id,
'title' => $this->title,
'description' => $this->description,
'instructions' => $this->instructions,
'coordinator_notes' => $this->when(
$this->shouldShowCoordinatorNotes($request),
$this->coordinator_notes,
),
'slots_total' => $this->slots_total,
'slots_open_for_claiming' => $this->slots_open_for_claiming,
'is_lead_role' => $this->is_lead_role,
'report_time' => $this->report_time,
'actual_start_time' => $this->actual_start_time,
'actual_end_time' => $this->actual_end_time,
'allow_overlap' => $this->allow_overlap,
'status' => $this->status,
'filled_slots' => $this->filled_slots,
'fill_rate' => $this->fill_rate,
'effective_start_time' => $this->effective_start_time,
'effective_end_time' => $this->effective_end_time,
'created_at' => $this->created_at->toIso8601String(),
'time_slot' => new TimeSlotResource($this->whenLoaded('timeSlot')),
'location' => new LocationResource($this->whenLoaded('location')),
'festival_section' => new FestivalSectionResource($this->whenLoaded('festivalSection')),
];
}
private function shouldShowCoordinatorNotes(Request $request): bool
{
$user = $request->user();
if (! $user) {
return false;
}
if ($user->hasRole('super_admin')) {
return true;
}
$shift = $this->resource;
$event = $shift->festivalSection?->event;
if (! $event) {
return false;
}
return $event->organisation->users()
->where('user_id', $user->id)
->wherePivot('role', 'org_admin')
->exists()
|| $event->users()
->where('user_id', $user->id)
->wherePivot('role', 'event_manager')
->exists();
}
}

26
api/app/Http/Resources/Api/V1/TimeSlotResource.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api\V1;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
final class TimeSlotResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'event_id' => $this->event_id,
'name' => $this->name,
'person_type' => $this->person_type,
'date' => $this->date->toDateString(),
'start_time' => $this->start_time,
'end_time' => $this->end_time,
'duration_hours' => $this->duration_hours,
'created_at' => $this->created_at->toIso8601String(),
];
}
}

44
api/app/Mail/InvitationMail.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
namespace App\Mail;
use App\Models\UserInvitation;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable;
use Illuminate\Mail\Mailables\Content;
use Illuminate\Mail\Mailables\Envelope;
use Illuminate\Queue\SerializesModels;
final class InvitationMail extends Mailable implements ShouldQueue
{
use Queueable;
use SerializesModels;
public function __construct(
public readonly UserInvitation $invitation,
) {}
public function envelope(): Envelope
{
return new Envelope(
subject: "Je bent uitgenodigd voor {$this->invitation->organisation->name}",
);
}
public function content(): Content
{
return new Content(
markdown: 'emails.invitation',
with: [
'acceptUrl' => config('app.frontend_app_url') . '/invitations/' . $this->invitation->token . '/accept',
'organisationName' => $this->invitation->organisation->name,
'inviterName' => $this->invitation->invitedBy?->name ?? 'Een beheerder',
'role' => $this->invitation->role,
'expiresAt' => $this->invitation->expires_at,
],
);
}
}

38
api/app/Models/Company.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
final class Company extends Model
{
use HasFactory;
use HasUlids;
use SoftDeletes;
protected $fillable = [
'organisation_id',
'name',
'type',
'contact_name',
'contact_email',
'contact_phone',
];
public function organisation(): BelongsTo
{
return $this->belongsTo(Organisation::class);
}
public function persons(): HasMany
{
return $this->hasMany(Person::class);
}
}

56
api/app/Models/CrowdList.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
final class CrowdList extends Model
{
use HasFactory;
use HasUlids;
protected $fillable = [
'event_id',
'crowd_type_id',
'name',
'type',
'recipient_company_id',
'auto_approve',
'max_persons',
];
protected function casts(): array
{
return [
'auto_approve' => 'boolean',
'max_persons' => 'integer',
];
}
public function event(): BelongsTo
{
return $this->belongsTo(Event::class);
}
public function crowdType(): BelongsTo
{
return $this->belongsTo(CrowdType::class);
}
public function recipientCompany(): BelongsTo
{
return $this->belongsTo(Company::class, 'recipient_company_id');
}
public function persons(): BelongsToMany
{
return $this->belongsToMany(Person::class, 'crowd_list_persons')
->withPivot('added_at', 'added_by_user_id');
}
}

43
api/app/Models/CrowdType.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
final class CrowdType extends Model
{
use HasFactory;
use HasUlids;
protected $fillable = [
'organisation_id',
'name',
'system_type',
'color',
'icon',
'is_active',
];
protected function casts(): array
{
return [
'is_active' => 'boolean',
];
}
public function organisation(): BelongsTo
{
return $this->belongsTo(Organisation::class);
}
public function persons(): HasMany
{
return $this->hasMany(Person::class);
}
}

25
api/app/Models/Event.php
View File

@@ -54,6 +54,31 @@ final class Event extends Model
return $this->hasMany(UserInvitation::class);
}
public function locations(): HasMany
{
return $this->hasMany(Location::class);
}
public function festivalSections(): HasMany
{
return $this->hasMany(FestivalSection::class);
}
public function timeSlots(): HasMany
{
return $this->hasMany(TimeSlot::class);
}
public function persons(): HasMany
{
return $this->hasMany(Person::class);
}
public function crowdLists(): HasMany
{
return $this->hasMany(CrowdList::class);
}
public function scopeDraft(Builder $query): Builder
{
return $query->where('status', 'draft');

61
api/app/Models/FestivalSection.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
final class FestivalSection extends Model
{
use HasFactory;
use HasUlids;
use SoftDeletes;
protected $fillable = [
'event_id',
'name',
'type',
'sort_order',
'crew_need',
'crew_auto_accepts',
'crew_invited_to_events',
'added_to_timeline',
'responder_self_checkin',
'crew_accreditation_level',
'public_form_accreditation_level',
'timed_accreditations',
];
protected function casts(): array
{
return [
'crew_auto_accepts' => 'boolean',
'crew_invited_to_events' => 'boolean',
'added_to_timeline' => 'boolean',
'responder_self_checkin' => 'boolean',
'timed_accreditations' => 'boolean',
];
}
public function event(): BelongsTo
{
return $this->belongsTo(Event::class);
}
public function shifts(): HasMany
{
return $this->hasMany(Shift::class);
}
public function scopeOrdered(Builder $query): Builder
{
return $query->orderBy('sort_order');
}
}

31
api/app/Models/Location.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
final class Location extends Model
{
use HasFactory;
use HasUlids;
protected $fillable = [
'event_id',
'name',
'address',
'lat',
'lng',
'description',
'access_instructions',
];
public function event(): BelongsTo
{
return $this->belongsTo(Event::class);
}
}

10
api/app/Models/Organisation.php
View File

@@ -47,4 +47,14 @@ final class Organisation extends Model
{
return $this->hasMany(UserInvitation::class);
}
public function crowdTypes(): HasMany
{
return $this->hasMany(CrowdType::class);
}
public function companies(): HasMany
{
return $this->hasMany(Company::class);
}
}

91
api/app/Models/Person.php Normal file
View File

@@ -0,0 +1,91 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
final class Person extends Model
{
use HasFactory;
use HasUlids;
use SoftDeletes;
protected $table = 'persons';
protected $fillable = [
'user_id',
'event_id',
'crowd_type_id',
'company_id',
'name',
'email',
'phone',
'status',
'is_blacklisted',
'admin_notes',
'custom_fields',
];
protected function casts(): array
{
return [
'is_blacklisted' => 'boolean',
'custom_fields' => 'array',
];
}
public function event(): BelongsTo
{
return $this->belongsTo(Event::class);
}
public function crowdType(): BelongsTo
{
return $this->belongsTo(CrowdType::class);
}
public function company(): BelongsTo
{
return $this->belongsTo(Company::class);
}
public function user(): BelongsTo
{
return $this->belongsTo(User::class);
}
public function crowdLists(): BelongsToMany
{
return $this->belongsToMany(CrowdList::class, 'crowd_list_persons')
->withPivot('added_at', 'added_by_user_id');
}
public function shiftAssignments(): HasMany
{
return $this->hasMany(ShiftAssignment::class);
}
public function scopeApproved(Builder $query): Builder
{
return $query->where('status', 'approved');
}
public function scopePending(Builder $query): Builder
{
return $query->where('status', 'pending');
}
public function scopeForCrowdType(Builder $query, string $type): Builder
{
return $query->whereHas('crowdType', fn (Builder $q) => $q->where('system_type', $type));
}
}

124
api/app/Models/Shift.php Normal file
View File

@@ -0,0 +1,124 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
final class Shift extends Model
{
use HasFactory;
use HasUlids;
use SoftDeletes;
protected $fillable = [
'festival_section_id',
'time_slot_id',
'location_id',
'title',
'description',
'instructions',
'coordinator_notes',
'slots_total',
'slots_open_for_claiming',
'is_lead_role',
'report_time',
'actual_start_time',
'actual_end_time',
'end_date',
'allow_overlap',
'assigned_crew_id',
'events_during_shift',
'status',
];
protected function casts(): array
{
return [
'is_lead_role' => 'boolean',
'allow_overlap' => 'boolean',
'events_during_shift' => 'array',
'slots_total' => 'integer',
'slots_open_for_claiming' => 'integer',
];
}
public function festivalSection(): BelongsTo
{
return $this->belongsTo(FestivalSection::class);
}
public function timeSlot(): BelongsTo
{
return $this->belongsTo(TimeSlot::class);
}
public function location(): BelongsTo
{
return $this->belongsTo(Location::class);
}
public function assignedCrew(): BelongsTo
{
return $this->belongsTo(User::class, 'assigned_crew_id');
}
public function shiftAssignments(): HasMany
{
return $this->hasMany(ShiftAssignment::class);
}
public function waitlist(): HasMany
{
return $this->hasMany(ShiftWaitlist::class);
}
protected function effectiveStartTime(): Attribute
{
return Attribute::get(fn () => $this->actual_start_time ?? $this->timeSlot?->start_time);
}
protected function effectiveEndTime(): Attribute
{
return Attribute::get(fn () => $this->actual_end_time ?? $this->timeSlot?->end_time);
}
protected function filledSlots(): Attribute
{
return Attribute::get(fn () => $this->shiftAssignments()->where('status', 'approved')->count());
}
protected function fillRate(): Attribute
{
return Attribute::get(function () {
if ($this->slots_total === 0) {
return 0;
}
return round($this->filled_slots / $this->slots_total, 2);
});
}
public function scopeOpen(Builder $query): Builder
{
return $query->where('status', 'open');
}
public function scopeDraft(Builder $query): Builder
{
return $query->where('status', 'draft');
}
public function scopeFull(Builder $query): Builder
{
return $query->where('status', 'full');
}
}

61
api/app/Models/ShiftAssignment.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\SoftDeletes;
final class ShiftAssignment extends Model
{
use HasFactory;
use HasUlids;
use SoftDeletes;
protected $fillable = [
'shift_id',
'person_id',
'time_slot_id',
'status',
'auto_approved',
'assigned_by',
'assigned_at',
'approved_by',
'approved_at',
'rejection_reason',
'hours_expected',
'hours_completed',
'checked_in_at',
'checked_out_at',
];
protected function casts(): array
{
return [
'auto_approved' => 'boolean',
'assigned_at' => 'datetime',
'approved_at' => 'datetime',
'checked_in_at' => 'datetime',
'checked_out_at' => 'datetime',
];
}
public function shift(): BelongsTo
{
return $this->belongsTo(Shift::class);
}
public function person(): BelongsTo
{
return $this->belongsTo(Person::class);
}
public function timeSlot(): BelongsTo
{
return $this->belongsTo(TimeSlot::class);
}
}

46
api/app/Models/ShiftWaitlist.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
final class ShiftWaitlist extends Model
{
use HasFactory;
use HasUlids;
public $timestamps = false;
protected $table = 'shift_waitlist';
protected $fillable = [
'shift_id',
'person_id',
'position',
'added_at',
'notified_at',
];
protected function casts(): array
{
return [
'added_at' => 'datetime',
'notified_at' => 'datetime',
];
}
public function shift(): BelongsTo
{
return $this->belongsTo(Shift::class);
}
public function person(): BelongsTo
{
return $this->belongsTo(Person::class);
}
}

57
api/app/Models/TimeSlot.php Normal file
View File

@@ -0,0 +1,57 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Support\Carbon;
final class TimeSlot extends Model
{
use HasFactory;
use HasUlids;
protected $fillable = [
'event_id',
'name',
'person_type',
'date',
'start_time',
'end_time',
'duration_hours',
];
protected function casts(): array
{
return [
'date' => 'date',
'person_type' => 'string',
];
}
public function event(): BelongsTo
{
return $this->belongsTo(Event::class);
}
public function shifts(): HasMany
{
return $this->hasMany(Shift::class);
}
public function scopeForType(Builder $query, string $type): Builder
{
return $query->where('person_type', $type);
}
public function scopeForDate(Builder $query, Carbon $date): Builder
{
return $query->whereDate('date', $date);
}
}

20
api/app/Models/UserInvitation.php
View File

@@ -48,6 +48,26 @@ final class UserInvitation extends Model
return $this->belongsTo(Event::class);
}
public function isExpired(): bool
{
return $this->expires_at->isPast();
}
public function isPending(): bool
{
return $this->status === 'pending';
}
public function markAsAccepted(): void
{
$this->update(['status' => 'accepted']);
}
public function markAsExpired(): void
{
$this->update(['status' => 'expired']);
}
public function scopePending(Builder $query): Builder
{
return $query->where('status', 'pending');

53
api/app/Policies/CompanyPolicy.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Models\Company;
use App\Models\Organisation;
use App\Models\User;
final class CompanyPolicy
{
public function viewAny(User $user, Organisation $organisation): bool
{
return $user->hasRole('super_admin')
|| $organisation->users()->where('user_id', $user->id)->exists();
}
public function create(User $user, Organisation $organisation): bool
{
return $this->canManageOrganisation($user, $organisation);
}
public function update(User $user, Company $company, Organisation $organisation): bool
{
if ($company->organisation_id !== $organisation->id) {
return false;
}
return $this->canManageOrganisation($user, $organisation);
}
public function delete(User $user, Company $company, Organisation $organisation): bool
{
if ($company->organisation_id !== $organisation->id) {
return false;
}
return $this->canManageOrganisation($user, $organisation);
}
private function canManageOrganisation(User $user, Organisation $organisation): bool
{
if ($user->hasRole('super_admin')) {
return true;
}
return $organisation->users()
->where('user_id', $user->id)
->wherePivot('role', 'org_admin')
->exists();
}
}

71
api/app/Policies/CrowdListPolicy.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Models\CrowdList;
use App\Models\Event;
use App\Models\User;
final class CrowdListPolicy
{
public function viewAny(User $user, Event $event): bool
{
return $user->hasRole('super_admin')
|| $event->organisation->users()->where('user_id', $user->id)->exists();
}
public function create(User $user, Event $event): bool
{
return $this->canManageEvent($user, $event);
}
public function update(User $user, CrowdList $crowdList, Event $event): bool
{
if ($crowdList->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function delete(User $user, CrowdList $crowdList, Event $event): bool
{
if ($crowdList->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function managePerson(User $user, CrowdList $crowdList, Event $event): bool
{
if ($crowdList->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
private function canManageEvent(User $user, Event $event): bool
{
if ($user->hasRole('super_admin')) {
return true;
}
$isOrgAdmin = $event->organisation->users()
->where('user_id', $user->id)
->wherePivot('role', 'org_admin')
->exists();
if ($isOrgAdmin) {
return true;
}
return $event->users()
->where('user_id', $user->id)
->wherePivot('role', 'event_manager')
->exists();
}
}

53
api/app/Policies/CrowdTypePolicy.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Models\CrowdType;
use App\Models\Organisation;
use App\Models\User;
final class CrowdTypePolicy
{
public function viewAny(User $user, Organisation $organisation): bool
{
return $user->hasRole('super_admin')
|| $organisation->users()->where('user_id', $user->id)->exists();
}
public function create(User $user, Organisation $organisation): bool
{
return $this->canManageOrganisation($user, $organisation);
}
public function update(User $user, CrowdType $crowdType, Organisation $organisation): bool
{
if ($crowdType->organisation_id !== $organisation->id) {
return false;
}
return $this->canManageOrganisation($user, $organisation);
}
public function delete(User $user, CrowdType $crowdType, Organisation $organisation): bool
{
if ($crowdType->organisation_id !== $organisation->id) {
return false;
}
return $this->canManageOrganisation($user, $organisation);
}
private function canManageOrganisation(User $user, Organisation $organisation): bool
{
if ($user->hasRole('super_admin')) {
return true;
}
return $organisation->users()
->where('user_id', $user->id)
->wherePivot('role', 'org_admin')
->exists();
}
}

67
api/app/Policies/FestivalSectionPolicy.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Models\Event;
use App\Models\FestivalSection;
use App\Models\User;
final class FestivalSectionPolicy
{
public function viewAny(User $user, Event $event): bool
{
return $user->hasRole('super_admin')
|| $event->organisation->users()->where('user_id', $user->id)->exists();
}
public function create(User $user, Event $event): bool
{
return $this->canManageEvent($user, $event);
}
public function update(User $user, FestivalSection $section, Event $event): bool
{
if ($section->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function delete(User $user, FestivalSection $section, Event $event): bool
{
if ($section->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function reorder(User $user, Event $event): bool
{
return $this->canManageEvent($user, $event);
}
private function canManageEvent(User $user, Event $event): bool
{
if ($user->hasRole('super_admin')) {
return true;
}
$isOrgAdmin = $event->organisation->users()
->where('user_id', $user->id)
->wherePivot('role', 'org_admin')
->exists();
if ($isOrgAdmin) {
return true;
}
return $event->users()
->where('user_id', $user->id)
->wherePivot('role', 'event_manager')
->exists();
}
}

62
api/app/Policies/LocationPolicy.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Models\Event;
use App\Models\Location;
use App\Models\User;
final class LocationPolicy
{
public function viewAny(User $user, Event $event): bool
{
return $user->hasRole('super_admin')
|| $event->organisation->users()->where('user_id', $user->id)->exists();
}
public function create(User $user, Event $event): bool
{
return $this->canManageEvent($user, $event);
}
public function update(User $user, Location $location, Event $event): bool
{
if ($location->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function delete(User $user, Location $location, Event $event): bool
{
if ($location->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
private function canManageEvent(User $user, Event $event): bool
{
if ($user->hasRole('super_admin')) {
return true;
}
$isOrgAdmin = $event->organisation->users()
->where('user_id', $user->id)
->wherePivot('role', 'org_admin')
->exists();
if ($isOrgAdmin) {
return true;
}
return $event->users()
->where('user_id', $user->id)
->wherePivot('role', 'event_manager')
->exists();
}
}

12
api/app/Policies/OrganisationPolicy.php
View File

@@ -37,4 +37,16 @@ final class OrganisationPolicy
->wherePivot('role', 'org_admin')
->exists();
}
public function invite(User $user, Organisation $organisation): bool
{
if ($user->hasRole('super_admin')) {
return true;
}
return $organisation->users()
->where('user_id', $user->id)
->wherePivot('role', 'org_admin')
->exists();
}
}

81
api/app/Policies/PersonPolicy.php Normal file
View File

@@ -0,0 +1,81 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Models\Event;
use App\Models\Person;
use App\Models\User;
final class PersonPolicy
{
public function viewAny(User $user, Event $event): bool
{
return $user->hasRole('super_admin')
|| $event->organisation->users()->where('user_id', $user->id)->exists();
}
public function view(User $user, Person $person, Event $event): bool
{
if ($person->event_id !== $event->id) {
return false;
}
return $user->hasRole('super_admin')
|| $event->organisation->users()->where('user_id', $user->id)->exists();
}
public function create(User $user, Event $event): bool
{
return $this->canManageEvent($user, $event);
}
public function update(User $user, Person $person, Event $event): bool
{
if ($person->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function delete(User $user, Person $person, Event $event): bool
{
if ($person->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function approve(User $user, Person $person, Event $event): bool
{
if ($person->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
private function canManageEvent(User $user, Event $event): bool
{
if ($user->hasRole('super_admin')) {
return true;
}
$isOrgAdmin = $event->organisation->users()
->where('user_id', $user->id)
->wherePivot('role', 'org_admin')
->exists();
if ($isOrgAdmin) {
return true;
}
return $event->users()
->where('user_id', $user->id)
->wherePivot('role', 'event_manager')
->exists();
}
}

82
api/app/Policies/ShiftPolicy.php Normal file
View File

@@ -0,0 +1,82 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Models\Event;
use App\Models\FestivalSection;
use App\Models\Shift;
use App\Models\User;
final class ShiftPolicy
{
public function viewAny(User $user, Event $event): bool
{
return $user->hasRole('super_admin')
|| $event->organisation->users()->where('user_id', $user->id)->exists();
}
public function create(User $user, Event $event): bool
{
return $this->canManageEvent($user, $event);
}
public function update(User $user, Shift $shift, Event $event, FestivalSection $section): bool
{
if ($shift->festival_section_id !== $section->id || $section->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function delete(User $user, Shift $shift, Event $event, FestivalSection $section): bool
{
if ($shift->festival_section_id !== $section->id || $section->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function assign(User $user, Shift $shift, Event $event, FestivalSection $section): bool
{
if ($shift->festival_section_id !== $section->id || $section->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function claim(User $user, Shift $shift, Event $event, FestivalSection $section): bool
{
if ($shift->festival_section_id !== $section->id || $section->event_id !== $event->id) {
return false;
}
return $user->hasRole('super_admin')
|| $event->organisation->users()->where('user_id', $user->id)->exists();
}
private function canManageEvent(User $user, Event $event): bool
{
if ($user->hasRole('super_admin')) {
return true;
}
$isOrgAdmin = $event->organisation->users()
->where('user_id', $user->id)
->wherePivot('role', 'org_admin')
->exists();
if ($isOrgAdmin) {
return true;
}
return $event->users()
->where('user_id', $user->id)
->wherePivot('role', 'event_manager')
->exists();
}
}

62
api/app/Policies/TimeSlotPolicy.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Models\Event;
use App\Models\TimeSlot;
use App\Models\User;
final class TimeSlotPolicy
{
public function viewAny(User $user, Event $event): bool
{
return $user->hasRole('super_admin')
|| $event->organisation->users()->where('user_id', $user->id)->exists();
}
public function create(User $user, Event $event): bool
{
return $this->canManageEvent($user, $event);
}
public function update(User $user, TimeSlot $timeSlot, Event $event): bool
{
if ($timeSlot->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function delete(User $user, TimeSlot $timeSlot, Event $event): bool
{
if ($timeSlot->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
private function canManageEvent(User $user, Event $event): bool
{
if ($user->hasRole('super_admin')) {
return true;
}
$isOrgAdmin = $event->organisation->users()
->where('user_id', $user->id)
->wherePivot('role', 'org_admin')
->exists();
if ($isOrgAdmin) {
return true;
}
return $event->users()
->where('user_id', $user->id)
->wherePivot('role', 'event_manager')
->exists();
}
}

109
api/app/Services/InvitationService.php Normal file
View File

@@ -0,0 +1,109 @@
<?php
declare(strict_types=1);
namespace App\Services;
use App\Mail\InvitationMail;
use App\Models\Organisation;
use App\Models\User;
use App\Models\UserInvitation;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;
use Spatie\Activitylog\Facades\LogActivity;
final class InvitationService
{
public function invite(Organisation $org, string $email, string $role, User $invitedBy): UserInvitation
{
$existingInvitation = UserInvitation::where('email', $email)
->where('organisation_id', $org->id)
->pending()
->where('expires_at', '>', now())
->first();
if ($existingInvitation) {
throw ValidationException::withMessages([
'email' => ['Er is al een openstaande uitnodiging voor dit e-mailadres.'],
]);
}
$existingMember = $org->users()->where('email', $email)->first();
if ($existingMember) {
throw ValidationException::withMessages([
'email' => ['Gebruiker is al lid van deze organisatie.'],
]);
}
$invitation = UserInvitation::create([
'email' => $email,
'invited_by_user_id' => $invitedBy->id,
'organisation_id' => $org->id,
'role' => $role,
'token' => strtolower((string) Str::ulid()),
'status' => 'pending',
'expires_at' => now()->addDays(7),
]);
Mail::to($email)->queue(new InvitationMail($invitation));
activity('invitation')
->performedOn($invitation)
->causedBy($invitedBy)
->withProperties(['email' => $email, 'role' => $role])
->log("Invited {$email} as {$role}");
return $invitation;
}
public function accept(UserInvitation $invitation, ?string $password = null): User
{
if (! $invitation->isPending() || $invitation->isExpired()) {
throw ValidationException::withMessages([
'token' => ['Deze uitnodiging is niet meer geldig.'],
]);
}
$user = User::where('email', $invitation->email)->first();
if (! $user) {
if (! $password) {
throw ValidationException::withMessages([
'password' => ['Een wachtwoord is vereist om een nieuw account aan te maken.'],
]);
}
$user = User::create([
'name' => Str::before($invitation->email, '@'),
'email' => $invitation->email,
'password' => $password,
'email_verified_at' => now(),
]);
}
$organisation = $invitation->organisation;
if (! $organisation->users()->where('user_id', $user->id)->exists()) {
$organisation->users()->attach($user, ['role' => $invitation->role]);
}
$invitation->markAsAccepted();
activity('invitation')
->performedOn($invitation)
->causedBy($user)
->withProperties(['email' => $invitation->email])
->log("Accepted invitation for {$organisation->name}");
return $user;
}
public function expireOldInvitations(): int
{
return UserInvitation::where('status', 'pending')
->where('expires_at', '<', now())
->update(['status' => 'expired']);
}
}