feat: fase 2 backend — crowd types, persons, sections, shifts, invite flow

- Crowd Types + Persons CRUD (73 tests)
- Festival Sections + Time Slots + Shifts CRUD met assign/claim flow (84 tests)
- Invite Flow + Member Management met InvitationService (109 tests)
- Schema v1.6 migraties volledig uitgevoerd
- DevSeeder bijgewerkt met crowd types voor testorganisatie

api/app/Http/Controllers/Api/V1/InvitationController.php

@@ -0,0 +1,86 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Api\V1\AcceptInvitationRequest;
+use App\Http\Requests\Api\V1\StoreInvitationRequest;
+use App\Http\Resources\Api\V1\InvitationResource;
+use App\Models\Organisation;
+use App\Models\UserInvitation;
+use App\Services\InvitationService;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Gate;
+
+final class InvitationController extends Controller
+{
+    public function __construct(
+        private readonly InvitationService $invitationService,
+    ) {}
+
+    public function invite(StoreInvitationRequest $request, Organisation $organisation): JsonResponse
+    {
+        Gate::authorize('invite', $organisation);
+
+        $invitation = $this->invitationService->invite(
+            $organisation,
+            $request->validated('email'),
+            $request->validated('role'),
+            $request->user(),
+        );
+
+        return $this->created(
+            new InvitationResource($invitation->load(['organisation', 'invitedBy'])),
+            'Uitnodiging verstuurd',
+        );
+    }
+
+    public function show(string $token): JsonResponse
+    {
+        $invitation = UserInvitation::where('token', $token)
+            ->with(['organisation', 'invitedBy'])
+            ->first();
+
+        if (! $invitation) {
+            return $this->notFound('Uitnodiging niet gevonden');
+        }
+
+        return $this->success(new InvitationResource($invitation));
+    }
+
+    public function accept(AcceptInvitationRequest $request, string $token): JsonResponse
+    {
+        $invitation = UserInvitation::where('token', $token)->firstOrFail();
+
+        $user = $this->invitationService->accept(
+            $invitation,
+            $request->validated('password'),
+        );
+
+        $sanctumToken = $user->createToken('auth-token')->plainTextToken;
+
+        return $this->success([
+            'user' => [
+                'id' => $user->id,
+                'name' => $user->name,
+                'email' => $user->email,
+            ],
+            'token' => $sanctumToken,
+        ], 'Uitnodiging geaccepteerd');
+    }
+
+    public function revoke(Organisation $organisation, UserInvitation $invitation): JsonResponse
+    {
+        Gate::authorize('invite', $organisation);
+
+        if (! $invitation->isPending()) {
+            return $this->error('Alleen openstaande uitnodigingen kunnen worden ingetrokken.', 422);
+        }
+
+        $invitation->markAsExpired();
+
+        return response()->json(null, 204);
+    }
+}