feat: add "Lid toevoegen als deelnemer" shortcut for org members
Adds two new API endpoints to quickly add organisation members as event
persons with user_id pre-linked and status approved:
- GET /organisations/{org}/members/available-for-event/{event}
- POST /organisations/{org}/events/{event}/persons/from-member
Includes frontend dialog with member search, crowd type selection, and
click-to-add behavior in the Personen tab.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -8,7 +8,9 @@ use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\V1\UpdateMemberRequest;
|
||||
use App\Http\Resources\Api\V1\MemberCollection;
|
||||
use App\Http\Resources\Api\V1\MemberResource;
|
||||
use App\Models\Event;
|
||||
use App\Models\Organisation;
|
||||
use App\Models\Person;
|
||||
use App\Models\User;
|
||||
use App\Services\EmailChangeService;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
@@ -84,6 +86,35 @@ final class MemberController extends Controller
|
||||
return response()->json(null, 204);
|
||||
}
|
||||
|
||||
public function availableForEvent(Organisation $organisation, Event $event): JsonResponse
|
||||
{
|
||||
if ($event->organisation_id !== $organisation->id) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
Gate::authorize('viewAny', [Person::class, $event]);
|
||||
|
||||
$existingUserIds = Person::withoutGlobalScopes()
|
||||
->where('event_id', $event->id)
|
||||
->whereNotNull('user_id')
|
||||
->pluck('user_id');
|
||||
|
||||
$members = $organisation->users()
|
||||
->whereNotIn('users.id', $existingUserIds)
|
||||
->select('users.id', 'users.first_name', 'users.last_name', 'users.email')
|
||||
->orderBy('users.first_name')
|
||||
->get()
|
||||
->map(fn (User $user) => [
|
||||
'id' => $user->id,
|
||||
'first_name' => $user->first_name,
|
||||
'last_name' => $user->last_name,
|
||||
'full_name' => $user->full_name,
|
||||
'email' => $user->email,
|
||||
]);
|
||||
|
||||
return response()->json(['data' => $members]);
|
||||
}
|
||||
|
||||
/**
|
||||
* POST /api/v1/organisations/{organisation}/members/{user}/change-email
|
||||
* Admin changes a member's email (sends verification to new address).
|
||||
|
||||
@@ -4,8 +4,10 @@ declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Controllers\Api\V1;
|
||||
|
||||
use App\Enums\PersonStatus;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Controllers\Api\V1\Traits\VerifiesOrganisationEvent;
|
||||
use App\Http\Requests\Api\V1\StorePersonFromMemberRequest;
|
||||
use App\Http\Requests\Api\V1\StorePersonRequest;
|
||||
use App\Http\Requests\Api\V1\UpdatePersonRequest;
|
||||
use App\Http\Resources\Api\V1\PersonCollection;
|
||||
@@ -15,12 +17,14 @@ use App\Mail\RegistrationRejectedMail;
|
||||
use App\Models\Event;
|
||||
use App\Models\Organisation;
|
||||
use App\Models\Person;
|
||||
use App\Models\User;
|
||||
use App\Services\PersonIdentityService;
|
||||
use App\Services\TagSyncService;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
|
||||
final class PersonController extends Controller
|
||||
{
|
||||
@@ -115,6 +119,46 @@ final class PersonController extends Controller
|
||||
return response()->json(null, 204);
|
||||
}
|
||||
|
||||
public function createFromMember(StorePersonFromMemberRequest $request, Organisation $organisation, Event $event): JsonResponse
|
||||
{
|
||||
$this->verifyEventBelongsToOrganisation($organisation, $event);
|
||||
Gate::authorize('create', [Person::class, $event]);
|
||||
|
||||
$user = User::findOrFail($request->validated('user_id'));
|
||||
|
||||
if (Person::withoutGlobalScopes()->where('event_id', $event->id)->where('user_id', $user->id)->exists()) {
|
||||
throw ValidationException::withMessages([
|
||||
'user_id' => ['Dit lid is al toegevoegd aan dit evenement.'],
|
||||
]);
|
||||
}
|
||||
|
||||
if (!$user->organisations()->where('organisations.id', $event->organisation_id)->exists()) {
|
||||
throw ValidationException::withMessages([
|
||||
'user_id' => ['Dit lid behoort niet tot deze organisatie.'],
|
||||
]);
|
||||
}
|
||||
|
||||
$person = Person::create([
|
||||
'event_id' => $event->id,
|
||||
'crowd_type_id' => $request->validated('crowd_type_id'),
|
||||
'first_name' => $user->first_name,
|
||||
'last_name' => $user->last_name,
|
||||
'email' => $user->email,
|
||||
'status' => PersonStatus::APPROVED->value,
|
||||
]);
|
||||
|
||||
$person->user_id = $user->id;
|
||||
$person->save();
|
||||
|
||||
activity()
|
||||
->causedBy(auth()->user())
|
||||
->performedOn($person)
|
||||
->withProperties(['source' => 'from_member', 'user_name' => $user->full_name])
|
||||
->log('person.created_from_member');
|
||||
|
||||
return $this->created(new PersonResource($person->load('crowdType')));
|
||||
}
|
||||
|
||||
public function approve(Organisation $organisation, Event $event, Person $person): JsonResponse
|
||||
{
|
||||
$this->verifyEventBelongsToOrganisation($organisation, $event);
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class StorePersonFromMemberRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
$orgId = $this->route('event')->organisation_id;
|
||||
|
||||
return [
|
||||
'user_id' => ['required', 'ulid', 'exists:users,id'],
|
||||
'crowd_type_id' => ['required', 'ulid', Rule::exists('crowd_types', 'id')->where('organisation_id', $orgId)],
|
||||
];
|
||||
}
|
||||
}
|
||||
@@ -160,6 +160,7 @@ Route::middleware('auth:sanctum')->group(function () {
|
||||
Route::put('members/{user}', [MemberController::class, 'update']);
|
||||
Route::delete('members/{user}', [MemberController::class, 'destroy']);
|
||||
Route::post('members/{user}/change-email', [MemberController::class, 'changeEmail']);
|
||||
Route::get('members/available-for-event/{event}', [MemberController::class, 'availableForEvent']);
|
||||
|
||||
// Event sub-resources (all nested under organisation prefix — A01-13)
|
||||
Route::prefix('events/{event}')->group(function () {
|
||||
@@ -199,6 +200,7 @@ Route::middleware('auth:sanctum')->group(function () {
|
||||
|
||||
// Persons
|
||||
Route::apiResource('persons', PersonController::class);
|
||||
Route::post('persons/from-member', [PersonController::class, 'createFromMember']);
|
||||
Route::post('persons/{person}/approve', [PersonController::class, 'approve']);
|
||||
Route::post('persons/{person}/reject', [PersonController::class, 'reject']);
|
||||
Route::post('persons/{person}/manual-link', [PersonIdentityMatchController::class, 'manualLink']);
|
||||
|
||||
253
api/tests/Feature/Person/CreatePersonFromMemberTest.php
Normal file
253
api/tests/Feature/Person/CreatePersonFromMemberTest.php
Normal file
@@ -0,0 +1,253 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Feature\Person;
|
||||
|
||||
use App\Models\CrowdType;
|
||||
use App\Models\Event;
|
||||
use App\Models\Organisation;
|
||||
use App\Models\Person;
|
||||
use App\Models\User;
|
||||
use Database\Seeders\RoleSeeder;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Laravel\Sanctum\Sanctum;
|
||||
use Tests\TestCase;
|
||||
|
||||
class CreatePersonFromMemberTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
private User $orgAdmin;
|
||||
private User $member;
|
||||
private User $outsider;
|
||||
private Organisation $organisation;
|
||||
private Organisation $otherOrganisation;
|
||||
private Event $event;
|
||||
private CrowdType $crowdType;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
$this->seed(RoleSeeder::class);
|
||||
|
||||
$this->organisation = Organisation::factory()->create();
|
||||
$this->otherOrganisation = Organisation::factory()->create();
|
||||
|
||||
$this->orgAdmin = User::factory()->create();
|
||||
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
|
||||
|
||||
$this->member = User::factory()->create([
|
||||
'first_name' => 'Jan',
|
||||
'last_name' => 'de Vries',
|
||||
'email' => 'jan@test.nl',
|
||||
]);
|
||||
$this->organisation->users()->attach($this->member, ['role' => 'org_member']);
|
||||
|
||||
$this->outsider = User::factory()->create();
|
||||
$this->otherOrganisation->users()->attach($this->outsider, ['role' => 'org_admin']);
|
||||
|
||||
$this->event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
|
||||
|
||||
$this->crowdType = CrowdType::factory()->systemType('CREW')->create([
|
||||
'organisation_id' => $this->organisation->id,
|
||||
]);
|
||||
}
|
||||
|
||||
// --- Available for event ---
|
||||
|
||||
public function test_available_for_event_returns_members_not_yet_person(): void
|
||||
{
|
||||
Sanctum::actingAs($this->orgAdmin);
|
||||
|
||||
$response = $this->getJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/members/available-for-event/{$this->event->id}"
|
||||
);
|
||||
|
||||
$response->assertOk();
|
||||
|
||||
$data = $response->json('data');
|
||||
|
||||
// Both orgAdmin and member should be available (neither is a person yet)
|
||||
$this->assertCount(2, $data);
|
||||
|
||||
$ids = collect($data)->pluck('id')->all();
|
||||
$this->assertContains($this->orgAdmin->id, $ids);
|
||||
$this->assertContains($this->member->id, $ids);
|
||||
}
|
||||
|
||||
public function test_available_for_event_excludes_already_added_members(): void
|
||||
{
|
||||
// Add member as a person
|
||||
$person = Person::factory()->create([
|
||||
'event_id' => $this->event->id,
|
||||
'crowd_type_id' => $this->crowdType->id,
|
||||
]);
|
||||
$person->user_id = $this->member->id;
|
||||
$person->save();
|
||||
|
||||
Sanctum::actingAs($this->orgAdmin);
|
||||
|
||||
$response = $this->getJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/members/available-for-event/{$this->event->id}"
|
||||
);
|
||||
|
||||
$response->assertOk();
|
||||
|
||||
$ids = collect($response->json('data'))->pluck('id')->all();
|
||||
$this->assertNotContains($this->member->id, $ids);
|
||||
$this->assertContains($this->orgAdmin->id, $ids);
|
||||
}
|
||||
|
||||
public function test_available_for_event_returns_correct_fields(): void
|
||||
{
|
||||
Sanctum::actingAs($this->orgAdmin);
|
||||
|
||||
$response = $this->getJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/members/available-for-event/{$this->event->id}"
|
||||
);
|
||||
|
||||
$response->assertOk()
|
||||
->assertJsonStructure([
|
||||
'data' => [
|
||||
'*' => ['id', 'first_name', 'last_name', 'full_name', 'email'],
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_available_for_event_unauthenticated_returns_401(): void
|
||||
{
|
||||
$response = $this->getJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/members/available-for-event/{$this->event->id}"
|
||||
);
|
||||
|
||||
$response->assertUnauthorized();
|
||||
}
|
||||
|
||||
public function test_available_for_event_wrong_org_returns_403(): void
|
||||
{
|
||||
Sanctum::actingAs($this->outsider);
|
||||
|
||||
$response = $this->getJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/members/available-for-event/{$this->event->id}"
|
||||
);
|
||||
|
||||
$response->assertForbidden();
|
||||
}
|
||||
|
||||
// --- Create person from member ---
|
||||
|
||||
public function test_create_from_member_creates_person_with_user_id(): void
|
||||
{
|
||||
Sanctum::actingAs($this->orgAdmin);
|
||||
|
||||
$response = $this->postJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/events/{$this->event->id}/persons/from-member",
|
||||
[
|
||||
'user_id' => $this->member->id,
|
||||
'crowd_type_id' => $this->crowdType->id,
|
||||
],
|
||||
);
|
||||
|
||||
$response->assertCreated()
|
||||
->assertJsonPath('data.first_name', 'Jan')
|
||||
->assertJsonPath('data.last_name', 'de Vries')
|
||||
->assertJsonPath('data.email', 'jan@test.nl')
|
||||
->assertJsonPath('data.status', 'approved')
|
||||
->assertJsonPath('data.has_user_account', true);
|
||||
|
||||
$this->assertDatabaseHas('persons', [
|
||||
'event_id' => $this->event->id,
|
||||
'user_id' => $this->member->id,
|
||||
'first_name' => 'Jan',
|
||||
'last_name' => 'de Vries',
|
||||
'status' => 'approved',
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_create_from_member_duplicate_returns_422(): void
|
||||
{
|
||||
// Add member as a person first
|
||||
$person = Person::factory()->create([
|
||||
'event_id' => $this->event->id,
|
||||
'crowd_type_id' => $this->crowdType->id,
|
||||
]);
|
||||
$person->user_id = $this->member->id;
|
||||
$person->save();
|
||||
|
||||
Sanctum::actingAs($this->orgAdmin);
|
||||
|
||||
$response = $this->postJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/events/{$this->event->id}/persons/from-member",
|
||||
[
|
||||
'user_id' => $this->member->id,
|
||||
'crowd_type_id' => $this->crowdType->id,
|
||||
],
|
||||
);
|
||||
|
||||
$response->assertUnprocessable()
|
||||
->assertJsonValidationErrors('user_id');
|
||||
}
|
||||
|
||||
public function test_create_from_member_user_not_in_org_returns_422(): void
|
||||
{
|
||||
Sanctum::actingAs($this->orgAdmin);
|
||||
|
||||
$response = $this->postJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/events/{$this->event->id}/persons/from-member",
|
||||
[
|
||||
'user_id' => $this->outsider->id,
|
||||
'crowd_type_id' => $this->crowdType->id,
|
||||
],
|
||||
);
|
||||
|
||||
$response->assertUnprocessable()
|
||||
->assertJsonValidationErrors('user_id');
|
||||
}
|
||||
|
||||
public function test_create_from_member_unauthenticated_returns_401(): void
|
||||
{
|
||||
$response = $this->postJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/events/{$this->event->id}/persons/from-member",
|
||||
[
|
||||
'user_id' => $this->member->id,
|
||||
'crowd_type_id' => $this->crowdType->id,
|
||||
],
|
||||
);
|
||||
|
||||
$response->assertUnauthorized();
|
||||
}
|
||||
|
||||
public function test_create_from_member_wrong_org_returns_403(): void
|
||||
{
|
||||
Sanctum::actingAs($this->outsider);
|
||||
|
||||
$response = $this->postJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/events/{$this->event->id}/persons/from-member",
|
||||
[
|
||||
'user_id' => $this->member->id,
|
||||
'crowd_type_id' => $this->crowdType->id,
|
||||
],
|
||||
);
|
||||
|
||||
$response->assertForbidden();
|
||||
}
|
||||
|
||||
public function test_create_from_member_logs_activity(): void
|
||||
{
|
||||
Sanctum::actingAs($this->orgAdmin);
|
||||
|
||||
$this->postJson(
|
||||
"/api/v1/organisations/{$this->organisation->id}/events/{$this->event->id}/persons/from-member",
|
||||
[
|
||||
'user_id' => $this->member->id,
|
||||
'crowd_type_id' => $this->crowdType->id,
|
||||
],
|
||||
)->assertCreated();
|
||||
|
||||
$this->assertDatabaseHas('activity_log', [
|
||||
'description' => 'person.created_from_member',
|
||||
'causer_id' => $this->orgAdmin->id,
|
||||
]);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user