feat: fase 2 backend — crowd types, persons, sections, shifts, invite flow

- Crowd Types + Persons CRUD (73 tests) - Festival Sections + Time Slots + Shifts CRUD met assign/claim flow (84 tests) - Invite Flow + Member Management met InvitationService (109 tests) - Schema v1.6 migraties volledig uitgevoerd - DevSeeder bijgewerkt met crowd types voor testorganisatie
2026-04-08 01:34:46 +02:00
parent c417a6647a
commit 9acb27af3a
114 changed files with 6916 additions and 984 deletions
--- a/api/app/Policies/PersonPolicy.php
+++ b/api/app/Policies/PersonPolicy.php
@@ -0,0 +1,81 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Policies;
+
+use App\Models\Event;
+use App\Models\Person;
+use App\Models\User;
+
+final class PersonPolicy
+{
+    public function viewAny(User $user, Event $event): bool
+    {
+        return $user->hasRole('super_admin')
+            || $event->organisation->users()->where('user_id', $user->id)->exists();
+    }
+
+    public function view(User $user, Person $person, Event $event): bool
+    {
+        if ($person->event_id !== $event->id) {
+            return false;
+        }
+
+        return $user->hasRole('super_admin')
+            || $event->organisation->users()->where('user_id', $user->id)->exists();
+    }
+
+    public function create(User $user, Event $event): bool
+    {
+        return $this->canManageEvent($user, $event);
+    }
+
+    public function update(User $user, Person $person, Event $event): bool
+    {
+        if ($person->event_id !== $event->id) {
+            return false;
+        }
+
+        return $this->canManageEvent($user, $event);
+    }
+
+    public function delete(User $user, Person $person, Event $event): bool
+    {
+        if ($person->event_id !== $event->id) {
+            return false;
+        }
+
+        return $this->canManageEvent($user, $event);
+    }
+
+    public function approve(User $user, Person $person, Event $event): bool
+    {
+        if ($person->event_id !== $event->id) {
+            return false;
+        }
+
+        return $this->canManageEvent($user, $event);
+    }
+
+    private function canManageEvent(User $user, Event $event): bool
+    {
+        if ($user->hasRole('super_admin')) {
+            return true;
+        }
+
+        $isOrgAdmin = $event->organisation->users()
+            ->where('user_id', $user->id)
+            ->wherePivot('role', 'org_admin')
+            ->exists();
+
+        if ($isOrgAdmin) {
+            return true;
+        }
+
+        return $event->users()
+            ->where('user_id', $user->id)
+            ->wherePivot('role', 'event_manager')
+            ->exists();
+    }
+}