From b6ef6ec3835dcb779e9513e291ac6751e207c329 Mon Sep 17 00:00:00 2001
From: "bert.hausmans" <bert@hausmans.nl>
Date: Wed, 15 Apr 2026 00:18:19 +0200
Subject: [PATCH] =?UTF-8?q?fix:=20login=20response=20missing=20app=5Froles?=
 =?UTF-8?q?=20=E2=80=94=20platform=20nav=20not=20showing?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

LoginController used UserResource (returns `roles`) but the frontend
authStore.setUser() expects MeResponse format with `app_roles`. After
login, appRoles was set to undefined, making isSuperAdmin always false.
Combined with isInitialized staying true after the initial failed
/auth/me call, the correct /auth/me was never re-fetched after login.

Fix: use MeResource in LoginController (same as MeController) so the
login response includes app_roles, permissions, and portal_events.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 api/app/Http/Controllers/Api/V1/LoginController.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/api/app/Http/Controllers/Api/V1/LoginController.php b/api/app/Http/Controllers/Api/V1/LoginController.php
index 2f493edc..0b50a7c5 100644
--- a/api/app/Http/Controllers/Api/V1/LoginController.php
+++ b/api/app/Http/Controllers/Api/V1/LoginController.php
@@ -7,7 +7,7 @@ namespace App\Http\Controllers\Api\V1;
 use App\Http\Controllers\Api\V1\Traits\SetAuthCookie;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\Api\V1\LoginRequest;
-use App\Http\Resources\Api\V1\UserResource;
+use App\Http\Resources\Api\V1\MeResource;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
@@ -28,12 +28,18 @@ final class LoginController extends Controller
             return $this->unauthorized('Invalid credentials');
         }
 
-        $user = Auth::user()->load(['organisations', 'roles']);
+        $user = Auth::user()->load([
+            'organisations',
+            'roles',
+            'permissions',
+            'persons' => fn ($q) => $q->with(['event:id,name,slug,start_date,end_date,organisation_id', 'event.organisation:id,name']),
+        ]);
+
         $token = $user->createToken('auth-token')->plainTextToken;
         $cookieName = $this->resolveCookieName($request);
 
         return $this->success([
-            'user' => new UserResource($user),
+            'user' => new MeResource($user),
         ], 'Login successful')
             ->withCookie($this->makeAuthCookie($cookieName, $token));
     }