feat: platform admin backend — controllers, services, routes, tests

Add cross-organisation admin API endpoints behind role:super_admin middleware: - AdminOrganisationController: CRUD with search, filter, billing_status management - AdminUserController: user management with role assignment across orgs - AdminStatsController: platform-wide aggregate statistics - AdminActivityLogController: filterable activity log viewer - AdminImpersonationController + ImpersonationService: user impersonation with token-based session management and activity logging - BillingStatus enum, form requests, API resources, 23 feature tests Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 23:33:16 +02:00
parent ec31646a93
commit ddf26dad33
18 changed files with 1299 additions and 0 deletions
--- a/api/tests/Feature/Api/V1/Admin/AdminOrganisationControllerTest.php
+++ b/api/tests/Feature/Api/V1/Admin/AdminOrganisationControllerTest.php
@@ -0,0 +1,149 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Feature\Api\V1\Admin;
+
+use App\Models\Event;
+use App\Models\Organisation;
+use App\Models\Person;
+use App\Models\User;
+use Database\Seeders\RoleSeeder;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Laravel\Sanctum\Sanctum;
+use Tests\TestCase;
+
+class AdminOrganisationControllerTest extends TestCase
+{
+    use RefreshDatabase;
+
+    private User $superAdmin;
+    private User $orgAdmin;
+    private Organisation $organisation;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->seed(RoleSeeder::class);
+
+        $this->superAdmin = User::factory()->create();
+        $this->superAdmin->assignRole('super_admin');
+
+        $this->orgAdmin = User::factory()->create();
+
+        $this->organisation = Organisation::factory()->create(['billing_status' => 'active']);
+        $this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
+    }
+
+    // ─── Index ───────────────────────────────────────────────
+
+    public function test_index_returns_all_organisations_for_super_admin(): void
+    {
+        Organisation::factory()->count(3)->create();
+
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->getJson('/api/v1/admin/organisations');
+
+        $response->assertOk();
+        $response->assertJsonStructure([
+            'data' => [['id', 'name', 'slug', 'billing_status', 'events_count', 'users_count']],
+        ]);
+        // 1 from setUp + 3 created = 4
+        $this->assertCount(4, $response->json('data'));
+    }
+
+    public function test_index_denied_for_org_admin(): void
+    {
+        Sanctum::actingAs($this->orgAdmin);
+
+        $response = $this->getJson('/api/v1/admin/organisations');
+
+        $response->assertForbidden();
+    }
+
+    public function test_index_denied_for_unauthenticated(): void
+    {
+        $response = $this->getJson('/api/v1/admin/organisations');
+
+        $response->assertUnauthorized();
+    }
+
+    public function test_search_by_name(): void
+    {
+        Organisation::factory()->create(['name' => 'Festival Corp']);
+        Organisation::factory()->create(['name' => 'Music Events BV']);
+
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->getJson('/api/v1/admin/organisations?search=Festival');
+
+        $response->assertOk();
+        $this->assertCount(1, $response->json('data'));
+        $response->assertJsonPath('data.0.name', 'Festival Corp');
+    }
+
+    public function test_filter_by_billing_status(): void
+    {
+        Organisation::factory()->create(['billing_status' => 'trial']);
+        Organisation::factory()->create(['billing_status' => 'suspended']);
+
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->getJson('/api/v1/admin/organisations?billing_status=trial');
+
+        $response->assertOk();
+        foreach ($response->json('data') as $org) {
+            $this->assertEquals('trial', $org['billing_status']);
+        }
+    }
+
+    // ─── Show ────────────────────────────────────────────────
+
+    public function test_show_returns_organisation_with_counts(): void
+    {
+        $event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
+
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->getJson("/api/v1/admin/organisations/{$this->organisation->id}");
+
+        $response->assertOk();
+        $response->assertJsonPath('data.id', $this->organisation->id);
+        $response->assertJsonPath('data.events_count', 1);
+        $response->assertJsonPath('data.users_count', 1);
+        $response->assertJsonStructure([
+            'data' => ['id', 'name', 'slug', 'billing_status', 'billing_status_label', 'events_count', 'users_count', 'total_persons'],
+        ]);
+    }
+
+    // ─── Update ──────────────────────────────────────────────
+
+    public function test_update_changes_billing_status(): void
+    {
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->putJson("/api/v1/admin/organisations/{$this->organisation->id}", [
+            'billing_status' => 'suspended',
+        ]);
+
+        $response->assertOk();
+        $response->assertJsonPath('data.billing_status', 'suspended');
+        $this->assertDatabaseHas('organisations', [
+            'id' => $this->organisation->id,
+            'billing_status' => 'suspended',
+        ]);
+    }
+
+    // ─── Destroy ─────────────────────────────────────────────
+
+    public function test_destroy_soft_deletes(): void
+    {
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->deleteJson("/api/v1/admin/organisations/{$this->organisation->id}");
+
+        $response->assertNoContent();
+        $this->assertSoftDeleted('organisations', ['id' => $this->organisation->id]);
+    }
+}