feat: fase 2 backend — crowd types, persons, sections, shifts, invite flow

- Crowd Types + Persons CRUD (73 tests) - Festival Sections + Time Slots + Shifts CRUD met assign/claim flow (84 tests) - Invite Flow + Member Management met InvitationService (109 tests) - Schema v1.6 migraties volledig uitgevoerd - DevSeeder bijgewerkt met crowd types voor testorganisatie
2026-04-08 01:34:46 +02:00
parent c417a6647a
commit 9acb27af3a
114 changed files with 6916 additions and 984 deletions
--- a/api/app/Http/Controllers/Api/V1/MemberController.php
+++ b/api/app/Http/Controllers/Api/V1/MemberController.php
@@ -0,0 +1,84 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Api\V1\UpdateMemberRequest;
+use App\Http\Resources\Api\V1\MemberCollection;
+use App\Http\Resources\Api\V1\MemberResource;
+use App\Models\Organisation;
+use App\Models\User;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Gate;
+
+final class MemberController extends Controller
+{
+    public function index(Organisation $organisation): MemberCollection
+    {
+        Gate::authorize('view', $organisation);
+
+        $members = $organisation->users()->get();
+
+        return new MemberCollection($members);
+    }
+
+    public function update(UpdateMemberRequest $request, Organisation $organisation, User $user): JsonResponse
+    {
+        Gate::authorize('invite', $organisation);
+
+        if ($request->user()->id === $user->id) {
+            return $this->error('Je kunt je eigen rol niet wijzigen.', 422);
+        }
+
+        $currentRole = $organisation->users()
+            ->where('user_id', $user->id)
+            ->first()?->pivot?->role;
+
+        if ($currentRole === 'org_admin' && $request->validated('role') !== 'org_admin') {
+            $adminCount = $organisation->users()
+                ->wherePivot('role', 'org_admin')
+                ->count();
+
+            if ($adminCount <= 1) {
+                return $this->error('De laatste org_admin kan niet worden gedegradeerd.', 422);
+            }
+        }
+
+        $organisation->users()->updateExistingPivot($user->id, [
+            'role' => $request->validated('role'),
+        ]);
+
+        return $this->success(
+            new MemberResource($organisation->users()->where('user_id', $user->id)->first()),
+        );
+    }
+
+    public function destroy(Organisation $organisation, User $user): JsonResponse
+    {
+        Gate::authorize('invite', $organisation);
+
+        if (request()->user()->id === $user->id) {
+            return $this->error('Je kunt je eigen account niet verwijderen uit de organisatie.', 422);
+        }
+
+        $currentRole = $organisation->users()
+            ->where('user_id', $user->id)
+            ->first()?->pivot?->role;
+
+        if ($currentRole === 'org_admin') {
+            $adminCount = $organisation->users()
+                ->wherePivot('role', 'org_admin')
+                ->count();
+
+            if ($adminCount <= 1) {
+                return $this->error('De laatste org_admin kan niet worden verwijderd.', 422);
+            }
+        }
+
+        $organisation->users()->detach($user->id);
+
+        return response()->json(null, 204);
+    }
+}