feat: platform admin member management — invite, remove, role update

Add member management to the platform admin organisation detail page: - Backend: invite (creates invitation or directly adds existing user), remove member, update member role endpoints on AdminOrganisationController - Backend: show endpoint now returns members alongside organisation data - Frontend: members table with inline role editing, invite dialog, remove confirmation dialog on /platform/organisations/[id] - Tests: 7 new tests covering happy paths and edge cases (self-removal, existing member, non-super_admin denied) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 00:37:29 +02:00
parent b6ef6ec383
commit f2614f2b48
8 changed files with 631 additions and 16 deletions
--- a/api/tests/Feature/Api/V1/Admin/AdminOrganisationControllerTest.php
+++ b/api/tests/Feature/Api/V1/Admin/AdminOrganisationControllerTest.php
@@ -8,6 +8,7 @@ use App\Models\Event;
 use App\Models\Organisation;
 use App\Models\Person;
 use App\Models\User;
+use App\Models\UserInvitation;
 use Database\Seeders\RoleSeeder;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Laravel\Sanctum\Sanctum;
@@ -100,7 +101,7 @@ class AdminOrganisationControllerTest extends TestCase

    // ─── Show ────────────────────────────────────────────────

-    public function test_show_returns_organisation_with_counts(): void
+    public function test_show_returns_organisation_with_members(): void
    {
        $event = Event::factory()->create(['organisation_id' => $this->organisation->id]);

@@ -109,12 +110,17 @@ class AdminOrganisationControllerTest extends TestCase
        $response = $this->getJson("/api/v1/admin/organisations/{$this->organisation->id}");

        $response->assertOk();
-        $response->assertJsonPath('data.id', $this->organisation->id);
-        $response->assertJsonPath('data.events_count', 1);
-        $response->assertJsonPath('data.users_count', 1);
+        $response->assertJsonPath('data.organisation.id', $this->organisation->id);
+        $response->assertJsonPath('data.organisation.events_count', 1);
+        $response->assertJsonPath('data.organisation.users_count', 1);
        $response->assertJsonStructure([
-            'data' => ['id', 'name', 'slug', 'billing_status', 'billing_status_label', 'events_count', 'users_count', 'total_persons'],
+            'data' => [
+                'organisation' => ['id', 'name', 'slug', 'billing_status', 'billing_status_label', 'events_count', 'users_count', 'total_persons'],
+                'members' => [['id', 'first_name', 'last_name', 'email', 'role']],
+            ],
        ]);
+        $this->assertCount(1, $response->json('data.members'));
+        $response->assertJsonPath('data.members.0.email', $this->orgAdmin->email);
    }

    // ─── Update ──────────────────────────────────────────────
@@ -146,4 +152,115 @@ class AdminOrganisationControllerTest extends TestCase
        $response->assertNoContent();
        $this->assertSoftDeleted('organisations', ['id' => $this->organisation->id]);
    }
+
+    // ─── Invite ──────────────────────────────────────────────
+
+    public function test_invite_creates_invitation_for_new_email(): void
+    {
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->postJson("/api/v1/admin/organisations/{$this->organisation->id}/invite", [
+            'email' => 'newuser@example.com',
+            'role' => 'org_member',
+        ]);
+
+        $response->assertCreated();
+        $this->assertDatabaseHas('user_invitations', [
+            'email' => 'newuser@example.com',
+            'organisation_id' => $this->organisation->id,
+            'role' => 'org_member',
+            'status' => 'pending',
+        ]);
+    }
+
+    public function test_invite_adds_existing_user_directly(): void
+    {
+        $existingUser = User::factory()->create(['email' => 'exists@example.com']);
+
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->postJson("/api/v1/admin/organisations/{$this->organisation->id}/invite", [
+            'email' => 'exists@example.com',
+            'role' => 'org_admin',
+        ]);
+
+        $response->assertOk();
+        $this->assertDatabaseHas('organisation_user', [
+            'user_id' => $existingUser->id,
+            'organisation_id' => $this->organisation->id,
+            'role' => 'org_admin',
+        ]);
+    }
+
+    public function test_invite_fails_for_existing_member(): void
+    {
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->postJson("/api/v1/admin/organisations/{$this->organisation->id}/invite", [
+            'email' => $this->orgAdmin->email,
+            'role' => 'org_member',
+        ]);
+
+        $response->assertUnprocessable();
+        $response->assertJsonPath('message', 'Gebruiker is al lid van deze organisatie.');
+    }
+
+    public function test_invite_denied_for_non_super_admin(): void
+    {
+        Sanctum::actingAs($this->orgAdmin);
+
+        $response = $this->postJson("/api/v1/admin/organisations/{$this->organisation->id}/invite", [
+            'email' => 'test@example.com',
+            'role' => 'org_member',
+        ]);
+
+        $response->assertForbidden();
+    }
+
+    // ─── Remove Member ───────────────────────────────────────
+
+    public function test_remove_member_detaches_from_org(): void
+    {
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->deleteJson("/api/v1/admin/organisations/{$this->organisation->id}/members/{$this->orgAdmin->id}");
+
+        $response->assertNoContent();
+        $this->assertDatabaseMissing('organisation_user', [
+            'user_id' => $this->orgAdmin->id,
+            'organisation_id' => $this->organisation->id,
+        ]);
+    }
+
+    public function test_remove_self_fails(): void
+    {
+        // Attach super admin to the org so the self-removal check kicks in
+        $this->organisation->users()->attach($this->superAdmin, ['role' => 'org_admin']);
+
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->deleteJson("/api/v1/admin/organisations/{$this->organisation->id}/members/{$this->superAdmin->id}");
+
+        $response->assertUnprocessable();
+        $response->assertJsonPath('message', 'Je kunt jezelf niet verwijderen.');
+    }
+
+    // ─── Update Member Role ──────────────────────────────────
+
+    public function test_update_member_role(): void
+    {
+        Sanctum::actingAs($this->superAdmin);
+
+        $response = $this->putJson("/api/v1/admin/organisations/{$this->organisation->id}/members/{$this->orgAdmin->id}", [
+            'role' => 'org_member',
+        ]);
+
+        $response->assertOk();
+        $response->assertJsonPath('data.role', 'org_member');
+        $this->assertDatabaseHas('organisation_user', [
+            'user_id' => $this->orgAdmin->id,
+            'organisation_id' => $this->organisation->id,
+            'role' => 'org_member',
+        ]);
+    }
 }