bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: fase 2 backend — crowd types, persons, sections, shifts, invite flow

Browse Source 
- Crowd Types + Persons CRUD (73 tests)
- Festival Sections + Time Slots + Shifts CRUD met assign/claim flow (84 tests)
- Invite Flow + Member Management met InvitationService (109 tests)
- Schema v1.6 migraties volledig uitgevoerd
- DevSeeder bijgewerkt met crowd types voor testorganisatie
This commit is contained in:
bert.hausmans
2026-04-08 01:34:46 +02:00
parent c417a6647a
commit 9acb27af3a
114 changed files with 6916 additions and 984 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
api/app/Http/Controllers/Api/V1/CompanyController.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreCompanyRequest;
use App\Http\Requests\Api\V1\UpdateCompanyRequest;
use App\Http\Resources\Api\V1\CompanyResource;
use App\Models\Company;
use App\Models\Organisation;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class CompanyController extends Controller
{
public function index(Organisation $organisation): AnonymousResourceCollection
{
Gate::authorize('viewAny', [Company::class, $organisation]);
$companies = $organisation->companies()->get();
return CompanyResource::collection($companies);
}
public function store(StoreCompanyRequest $request, Organisation $organisation): JsonResponse
{
Gate::authorize('create', [Company::class, $organisation]);
$company = $organisation->companies()->create($request->validated());
return $this->created(new CompanyResource($company));
}
public function update(UpdateCompanyRequest $request, Organisation $organisation, Company $company): JsonResponse
{
Gate::authorize('update', [$company, $organisation]);
$company->update($request->validated());
return $this->success(new CompanyResource($company->fresh()));
}
public function destroy(Organisation $organisation, Company $company): JsonResponse
{
Gate::authorize('delete', [$company, $organisation]);
$company->delete();
return response()->json(null, 204);
}
}

83
api/app/Http/Controllers/Api/V1/CrowdListController.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreCrowdListRequest;
use App\Http\Requests\Api\V1\UpdateCrowdListRequest;
use App\Http\Resources\Api\V1\CrowdListResource;
use App\Models\CrowdList;
use App\Models\Event;
use App\Models\Person;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class CrowdListController extends Controller
{
public function index(Event $event): AnonymousResourceCollection
{
Gate::authorize('viewAny', [CrowdList::class, $event]);
$crowdLists = $event->crowdLists()->withCount('persons')->get();
return CrowdListResource::collection($crowdLists);
}
public function store(StoreCrowdListRequest $request, Event $event): JsonResponse
{
Gate::authorize('create', [CrowdList::class, $event]);
$crowdList = $event->crowdLists()->create($request->validated());
return $this->created(new CrowdListResource($crowdList));
}
public function update(UpdateCrowdListRequest $request, Event $event, CrowdList $crowdList): JsonResponse
{
Gate::authorize('update', [$crowdList, $event]);
$crowdList->update($request->validated());
return $this->success(new CrowdListResource($crowdList->fresh()));
}
public function destroy(Event $event, CrowdList $crowdList): JsonResponse
{
Gate::authorize('delete', [$crowdList, $event]);
$crowdList->delete();
return response()->json(null, 204);
}
public function addPerson(Request $request, Event $event, CrowdList $crowdList): JsonResponse
{
Gate::authorize('managePerson', [$crowdList, $event]);
$validated = $request->validate([
'person_id' => ['required', 'ulid', 'exists:persons,id'],
]);
$crowdList->persons()->syncWithoutDetaching([
$validated['person_id'] => [
'added_at' => now(),
'added_by_user_id' => $request->user()->id,
],
]);
return $this->success(new CrowdListResource($crowdList->fresh()->loadCount('persons')));
}
public function removePerson(Event $event, CrowdList $crowdList, Person $person): JsonResponse
{
Gate::authorize('managePerson', [$crowdList, $event]);
$crowdList->persons()->detach($person->id);
return response()->json(null, 204);
}
}

58
api/app/Http/Controllers/Api/V1/CrowdTypeController.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreCrowdTypeRequest;
use App\Http\Requests\Api\V1\UpdateCrowdTypeRequest;
use App\Http\Resources\Api\V1\CrowdTypeResource;
use App\Models\CrowdType;
use App\Models\Organisation;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class CrowdTypeController extends Controller
{
public function index(Organisation $organisation): AnonymousResourceCollection
{
Gate::authorize('viewAny', [CrowdType::class, $organisation]);
$crowdTypes = $organisation->crowdTypes()->where('is_active', true)->get();
return CrowdTypeResource::collection($crowdTypes);
}
public function store(StoreCrowdTypeRequest $request, Organisation $organisation): JsonResponse
{
Gate::authorize('create', [CrowdType::class, $organisation]);
$crowdType = $organisation->crowdTypes()->create($request->validated());
return $this->created(new CrowdTypeResource($crowdType));
}
public function update(UpdateCrowdTypeRequest $request, Organisation $organisation, CrowdType $crowdType): JsonResponse
{
Gate::authorize('update', [$crowdType, $organisation]);
$crowdType->update($request->validated());
return $this->success(new CrowdTypeResource($crowdType->fresh()));
}
public function destroy(Organisation $organisation, CrowdType $crowdType): JsonResponse
{
Gate::authorize('delete', [$crowdType, $organisation]);
if ($crowdType->persons()->exists()) {
$crowdType->update(['is_active' => false]);
} else {
$crowdType->delete();
}
return response()->json(null, 204);
}
}

70
api/app/Http/Controllers/Api/V1/FestivalSectionController.php Normal file
View File

@@ -0,0 +1,70 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\ReorderFestivalSectionsRequest;
use App\Http\Requests\Api\V1\StoreFestivalSectionRequest;
use App\Http\Requests\Api\V1\UpdateFestivalSectionRequest;
use App\Http\Resources\Api\V1\FestivalSectionResource;
use App\Models\Event;
use App\Models\FestivalSection;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class FestivalSectionController extends Controller
{
public function index(Event $event): AnonymousResourceCollection
{
Gate::authorize('viewAny', [FestivalSection::class, $event]);
$sections = $event->festivalSections()->ordered()->get();
return FestivalSectionResource::collection($sections);
}
public function store(StoreFestivalSectionRequest $request, Event $event): JsonResponse
{
Gate::authorize('create', [FestivalSection::class, $event]);
$section = $event->festivalSections()->create($request->validated());
return $this->created(new FestivalSectionResource($section));
}
public function update(UpdateFestivalSectionRequest $request, Event $event, FestivalSection $section): JsonResponse
{
Gate::authorize('update', [$section, $event]);
$section->update($request->validated());
return $this->success(new FestivalSectionResource($section->fresh()));
}
public function destroy(Event $event, FestivalSection $section): JsonResponse
{
Gate::authorize('delete', [$section, $event]);
$section->delete();
return response()->json(null, 204);
}
public function reorder(ReorderFestivalSectionsRequest $request, Event $event): JsonResponse
{
Gate::authorize('reorder', [FestivalSection::class, $event]);
foreach ($request->validated('sections') as $item) {
$event->festivalSections()
->where('id', $item['id'])
->update(['sort_order' => $item['sort_order']]);
}
$sections = $event->festivalSections()->ordered()->get();
return $this->success(FestivalSectionResource::collection($sections));
}
}

86
api/app/Http/Controllers/Api/V1/InvitationController.php Normal file
View File

@@ -0,0 +1,86 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\AcceptInvitationRequest;
use App\Http\Requests\Api\V1\StoreInvitationRequest;
use App\Http\Resources\Api\V1\InvitationResource;
use App\Models\Organisation;
use App\Models\UserInvitation;
use App\Services\InvitationService;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Gate;
final class InvitationController extends Controller
{
public function __construct(
private readonly InvitationService $invitationService,
) {}
public function invite(StoreInvitationRequest $request, Organisation $organisation): JsonResponse
{
Gate::authorize('invite', $organisation);
$invitation = $this->invitationService->invite(
$organisation,
$request->validated('email'),
$request->validated('role'),
$request->user(),
);
return $this->created(
new InvitationResource($invitation->load(['organisation', 'invitedBy'])),
'Uitnodiging verstuurd',
);
}
public function show(string $token): JsonResponse
{
$invitation = UserInvitation::where('token', $token)
->with(['organisation', 'invitedBy'])
->first();
if (! $invitation) {
return $this->notFound('Uitnodiging niet gevonden');
}
return $this->success(new InvitationResource($invitation));
}
public function accept(AcceptInvitationRequest $request, string $token): JsonResponse
{
$invitation = UserInvitation::where('token', $token)->firstOrFail();
$user = $this->invitationService->accept(
$invitation,
$request->validated('password'),
);
$sanctumToken = $user->createToken('auth-token')->plainTextToken;
return $this->success([
'user' => [
'id' => $user->id,
'name' => $user->name,
'email' => $user->email,
],
'token' => $sanctumToken,
], 'Uitnodiging geaccepteerd');
}
public function revoke(Organisation $organisation, UserInvitation $invitation): JsonResponse
{
Gate::authorize('invite', $organisation);
if (! $invitation->isPending()) {
return $this->error('Alleen openstaande uitnodigingen kunnen worden ingetrokken.', 422);
}
$invitation->markAsExpired();
return response()->json(null, 204);
}
}

54
api/app/Http/Controllers/Api/V1/LocationController.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreLocationRequest;
use App\Http\Requests\Api\V1\UpdateLocationRequest;
use App\Http\Resources\Api\V1\LocationResource;
use App\Models\Event;
use App\Models\Location;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class LocationController extends Controller
{
public function index(Event $event): AnonymousResourceCollection
{
Gate::authorize('viewAny', [Location::class, $event]);
$locations = $event->locations()->orderBy('name')->get();
return LocationResource::collection($locations);
}
public function store(StoreLocationRequest $request, Event $event): JsonResponse
{
Gate::authorize('create', [Location::class, $event]);
$location = $event->locations()->create($request->validated());
return $this->created(new LocationResource($location));
}
public function update(UpdateLocationRequest $request, Event $event, Location $location): JsonResponse
{
Gate::authorize('update', [$location, $event]);
$location->update($request->validated());
return $this->success(new LocationResource($location->fresh()));
}
public function destroy(Event $event, Location $location): JsonResponse
{
Gate::authorize('delete', [$location, $event]);
$location->delete();
return response()->json(null, 204);
}
}

84
api/app/Http/Controllers/Api/V1/MemberController.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\UpdateMemberRequest;
use App\Http\Resources\Api\V1\MemberCollection;
use App\Http\Resources\Api\V1\MemberResource;
use App\Models\Organisation;
use App\Models\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Gate;
final class MemberController extends Controller
{
public function index(Organisation $organisation): MemberCollection
{
Gate::authorize('view', $organisation);
$members = $organisation->users()->get();
return new MemberCollection($members);
}
public function update(UpdateMemberRequest $request, Organisation $organisation, User $user): JsonResponse
{
Gate::authorize('invite', $organisation);
if ($request->user()->id === $user->id) {
return $this->error('Je kunt je eigen rol niet wijzigen.', 422);
}
$currentRole = $organisation->users()
->where('user_id', $user->id)
->first()?->pivot?->role;
if ($currentRole === 'org_admin' && $request->validated('role') !== 'org_admin') {
$adminCount = $organisation->users()
->wherePivot('role', 'org_admin')
->count();
if ($adminCount <= 1) {
return $this->error('De laatste org_admin kan niet worden gedegradeerd.', 422);
}
}
$organisation->users()->updateExistingPivot($user->id, [
'role' => $request->validated('role'),
]);
return $this->success(
new MemberResource($organisation->users()->where('user_id', $user->id)->first()),
);
}
public function destroy(Organisation $organisation, User $user): JsonResponse
{
Gate::authorize('invite', $organisation);
if (request()->user()->id === $user->id) {
return $this->error('Je kunt je eigen account niet verwijderen uit de organisatie.', 422);
}
$currentRole = $organisation->users()
->where('user_id', $user->id)
->first()?->pivot?->role;
if ($currentRole === 'org_admin') {
$adminCount = $organisation->users()
->wherePivot('role', 'org_admin')
->count();
if ($adminCount <= 1) {
return $this->error('De laatste org_admin kan niet worden verwijderd.', 422);
}
}
$organisation->users()->detach($user->id);
return response()->json(null, 204);
}
}

82
api/app/Http/Controllers/Api/V1/PersonController.php Normal file
View File

@@ -0,0 +1,82 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StorePersonRequest;
use App\Http\Requests\Api\V1\UpdatePersonRequest;
use App\Http\Resources\Api\V1\PersonCollection;
use App\Http\Resources\Api\V1\PersonResource;
use App\Models\Event;
use App\Models\Person;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
final class PersonController extends Controller
{
public function index(Request $request, Event $event): PersonCollection
{
Gate::authorize('viewAny', [Person::class, $event]);
$query = $event->persons()->with('crowdType');
if ($request->filled('crowd_type_id')) {
$query->where('crowd_type_id', $request->input('crowd_type_id'));
}
if ($request->filled('status')) {
$query->where('status', $request->input('status'));
}
return new PersonCollection($query->get());
}
public function show(Event $event, Person $person): JsonResponse
{
Gate::authorize('view', [$person, $event]);
$person->load(['crowdType', 'company']);
return $this->success(new PersonResource($person));
}
public function store(StorePersonRequest $request, Event $event): JsonResponse
{
Gate::authorize('create', [Person::class, $event]);
$person = $event->persons()->create($request->validated());
return $this->created(new PersonResource($person->fresh()->load('crowdType')));
}
public function update(UpdatePersonRequest $request, Event $event, Person $person): JsonResponse
{
Gate::authorize('update', [$person, $event]);
$person->update($request->validated());
$person->load(['crowdType', 'company']);
return $this->success(new PersonResource($person->fresh()->load(['crowdType', 'company'])));
}
public function destroy(Event $event, Person $person): JsonResponse
{
Gate::authorize('delete', [$person, $event]);
$person->delete();
return response()->json(null, 204);
}
public function approve(Event $event, Person $person): JsonResponse
{
Gate::authorize('approve', [$person, $event]);
$person->update(['status' => 'approved']);
return $this->success(new PersonResource($person->fresh()->load('crowdType')));
}
}

148
api/app/Http/Controllers/Api/V1/ShiftController.php Normal file
View File

@@ -0,0 +1,148 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\AssignShiftRequest;
use App\Http\Requests\Api\V1\StoreShiftRequest;
use App\Http\Requests\Api\V1\UpdateShiftRequest;
use App\Http\Resources\Api\V1\ShiftAssignmentResource;
use App\Http\Resources\Api\V1\ShiftResource;
use App\Models\Event;
use App\Models\FestivalSection;
use App\Models\Shift;
use App\Models\ShiftAssignment;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class ShiftController extends Controller
{
public function index(Event $event, FestivalSection $section): AnonymousResourceCollection
{
Gate::authorize('viewAny', [Shift::class, $event]);
$shifts = $section->shifts()
->with(['timeSlot', 'location'])
->get();
return ShiftResource::collection($shifts);
}
public function store(StoreShiftRequest $request, Event $event, FestivalSection $section): JsonResponse
{
Gate::authorize('create', [Shift::class, $event]);
$shift = $section->shifts()->create($request->validated());
$shift->load(['timeSlot', 'location']);
return $this->created(new ShiftResource($shift));
}
public function update(UpdateShiftRequest $request, Event $event, FestivalSection $section, Shift $shift): JsonResponse
{
Gate::authorize('update', [$shift, $event, $section]);
$shift->update($request->validated());
$shift->load(['timeSlot', 'location']);
return $this->success(new ShiftResource($shift->fresh()->load(['timeSlot', 'location'])));
}
public function destroy(Event $event, FestivalSection $section, Shift $shift): JsonResponse
{
Gate::authorize('delete', [$shift, $event, $section]);
$shift->delete();
return response()->json(null, 204);
}
public function assign(AssignShiftRequest $request, Event $event, FestivalSection $section, Shift $shift): JsonResponse
{
Gate::authorize('assign', [$shift, $event, $section]);
$personId = $request->validated('person_id');
// Check if shift is full
$approvedCount = $shift->shiftAssignments()->where('status', 'approved')->count();
if ($approvedCount >= $shift->slots_total) {
return $this->error('Shift is vol — alle slots zijn bezet.', 422);
}
// Check overlap conflict if allow_overlap is false
if (! $shift->allow_overlap) {
$conflict = ShiftAssignment::where('person_id', $personId)
->where('time_slot_id', $shift->time_slot_id)
->whereNotIn('status', ['rejected', 'cancelled'])
->exists();
if ($conflict) {
return $this->error('Deze persoon is al ingepland voor dit tijdslot.', 422);
}
}
$autoApprove = $section->crew_auto_accepts;
$assignment = $shift->shiftAssignments()->create([
'person_id' => $personId,
'time_slot_id' => $shift->time_slot_id,
'status' => $autoApprove ? 'approved' : 'approved',
'auto_approved' => $autoApprove,
'assigned_by' => $request->user()->id,
'assigned_at' => now(),
'approved_at' => now(),
]);
// Update shift status if full
$newApprovedCount = $shift->shiftAssignments()->where('status', 'approved')->count();
if ($newApprovedCount >= $shift->slots_total) {
$shift->update(['status' => 'full']);
}
return $this->created(new ShiftAssignmentResource($assignment));
}
public function claim(AssignShiftRequest $request, Event $event, FestivalSection $section, Shift $shift): JsonResponse
{
Gate::authorize('claim', [$shift, $event, $section]);
$personId = $request->validated('person_id');
// Check claiming slots available
$claimedCount = $shift->shiftAssignments()
->whereNotIn('status', ['rejected', 'cancelled'])
->count();
if ($shift->slots_open_for_claiming <= 0 || $claimedCount >= $shift->slots_open_for_claiming) {
return $this->error('Geen claimbare slots beschikbaar voor deze shift.', 422);
}
// Check overlap conflict if allow_overlap is false
if (! $shift->allow_overlap) {
$conflict = ShiftAssignment::where('person_id', $personId)
->where('time_slot_id', $shift->time_slot_id)
->whereNotIn('status', ['rejected', 'cancelled'])
->exists();
if ($conflict) {
return $this->error('Deze persoon is al ingepland voor dit tijdslot.', 422);
}
}
$autoApprove = $section->crew_auto_accepts;
$assignment = $shift->shiftAssignments()->create([
'person_id' => $personId,
'time_slot_id' => $shift->time_slot_id,
'status' => $autoApprove ? 'approved' : 'pending_approval',
'auto_approved' => $autoApprove,
'assigned_at' => now(),
'approved_at' => $autoApprove ? now() : null,
]);
return $this->created(new ShiftAssignmentResource($assignment));
}
}

54
api/app/Http/Controllers/Api/V1/TimeSlotController.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\StoreTimeSlotRequest;
use App\Http\Requests\Api\V1\UpdateTimeSlotRequest;
use App\Http\Resources\Api\V1\TimeSlotResource;
use App\Models\Event;
use App\Models\TimeSlot;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate;
final class TimeSlotController extends Controller
{
public function index(Event $event): AnonymousResourceCollection
{
Gate::authorize('viewAny', [TimeSlot::class, $event]);
$timeSlots = $event->timeSlots()->orderBy('date')->orderBy('start_time')->get();
return TimeSlotResource::collection($timeSlots);
}
public function store(StoreTimeSlotRequest $request, Event $event): JsonResponse
{
Gate::authorize('create', [TimeSlot::class, $event]);
$timeSlot = $event->timeSlots()->create($request->validated());
return $this->created(new TimeSlotResource($timeSlot));
}
public function update(UpdateTimeSlotRequest $request, Event $event, TimeSlot $timeSlot): JsonResponse
{
Gate::authorize('update', [$timeSlot, $event]);
$timeSlot->update($request->validated());
return $this->success(new TimeSlotResource($timeSlot->fresh()));
}
public function destroy(Event $event, TimeSlot $timeSlot): JsonResponse
{
Gate::authorize('delete', [$timeSlot, $event]);
$timeSlot->delete();
return response()->json(null, 204);
}
}