feat: fase 2 backend — crowd types, persons, sections, shifts, invite flow

- Crowd Types + Persons CRUD (73 tests)
- Festival Sections + Time Slots + Shifts CRUD met assign/claim flow (84 tests)
- Invite Flow + Member Management met InvitationService (109 tests)
- Schema v1.6 migraties volledig uitgevoerd
- DevSeeder bijgewerkt met crowd types voor testorganisatie

api/app/Http/Controllers/Api/V1/CrowdListController.php

@@ -0,0 +1,83 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Api\V1\StoreCrowdListRequest;
+use App\Http\Requests\Api\V1\UpdateCrowdListRequest;
+use App\Http\Resources\Api\V1\CrowdListResource;
+use App\Models\CrowdList;
+use App\Models\Event;
+use App\Models\Person;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
+use Illuminate\Support\Facades\Gate;
+
+final class CrowdListController extends Controller
+{
+    public function index(Event $event): AnonymousResourceCollection
+    {
+        Gate::authorize('viewAny', [CrowdList::class, $event]);
+
+        $crowdLists = $event->crowdLists()->withCount('persons')->get();
+
+        return CrowdListResource::collection($crowdLists);
+    }
+
+    public function store(StoreCrowdListRequest $request, Event $event): JsonResponse
+    {
+        Gate::authorize('create', [CrowdList::class, $event]);
+
+        $crowdList = $event->crowdLists()->create($request->validated());
+
+        return $this->created(new CrowdListResource($crowdList));
+    }
+
+    public function update(UpdateCrowdListRequest $request, Event $event, CrowdList $crowdList): JsonResponse
+    {
+        Gate::authorize('update', [$crowdList, $event]);
+
+        $crowdList->update($request->validated());
+
+        return $this->success(new CrowdListResource($crowdList->fresh()));
+    }
+
+    public function destroy(Event $event, CrowdList $crowdList): JsonResponse
+    {
+        Gate::authorize('delete', [$crowdList, $event]);
+
+        $crowdList->delete();
+
+        return response()->json(null, 204);
+    }
+
+    public function addPerson(Request $request, Event $event, CrowdList $crowdList): JsonResponse
+    {
+        Gate::authorize('managePerson', [$crowdList, $event]);
+
+        $validated = $request->validate([
+            'person_id' => ['required', 'ulid', 'exists:persons,id'],
+        ]);
+
+        $crowdList->persons()->syncWithoutDetaching([
+            $validated['person_id'] => [
+                'added_at' => now(),
+                'added_by_user_id' => $request->user()->id,
+            ],
+        ]);
+
+        return $this->success(new CrowdListResource($crowdList->fresh()->loadCount('persons')));
+    }
+
+    public function removePerson(Event $event, CrowdList $crowdList, Person $person): JsonResponse
+    {
+        Gate::authorize('managePerson', [$crowdList, $event]);
+
+        $crowdList->persons()->detach($person->id);
+
+        return response()->json(null, 204);
+    }
+}