crewli/api/app/Providers/AppServiceProvider.php

<?php

declare(strict_types=1);

namespace App\Providers;

use App\Models\Company;
use App\Models\CrowdList;
use App\Models\CrowdType;
use App\Models\EmailChangeRequest;
use App\Models\EmailLog;
use App\Models\Event;
use App\Models\FestivalSection;
use App\Models\ImpersonationSession;
use App\Models\Location;
use App\Models\MfaBackupCode;
use App\Models\MfaEmailCode;
use App\Models\Organisation;
use App\Models\OrganisationEmailSettings;
use App\Models\OrganisationEmailTemplate;
use App\Models\Person;
use App\Models\PersonFieldValue;
use App\Models\PersonIdentityMatch;
use App\Models\PersonSectionPreference;
use App\Models\PersonTag;
use App\Models\RegistrationFieldTemplate;
use App\Models\RegistrationFormField;
use App\Models\Shift;
use App\Models\ShiftAssignment;
use App\Models\ShiftWaitlist;
use App\Models\TimeSlot;
use App\Models\TrustedDevice;
use App\Models\User;
use App\Models\UserInvitation;
use App\Models\UserOrganisationTag;
use App\Models\UserProfile;
use App\Models\FormBuilder\FormValue;
use App\Models\VolunteerAvailability;
use App\Observers\FormBuilder\FormValueObserver;
use App\Observers\PersonObserver;
use App\Observers\UserObserver;
use Illuminate\Auth\Notifications\ResetPassword;
use Illuminate\Database\Eloquent\Relations\Relation;
use Illuminate\Support\ServiceProvider;
use Spatie\Activitylog\Models\Activity;

class AppServiceProvider extends ServiceProvider
{
    public function register(): void
    {
        //
    }

    public function boot(): void
    {
        // Morph map: explicit keys for every class that can end up in a
        // polymorphic column. Before S1 there were no morphTo/morphMany
        // relations, but spatie/activitylog stores subject/causer as morph
        // columns — so every model passed to performedOn()/causedBy() MUST
        // be registered. Keep form-builder subject_types in sync with
        // config/form_subjects.php.
        Relation::enforceMorphMap([
            // Form-builder subject types
            'event' => Event::class,
            'user' => User::class,
            'user_profile' => UserProfile::class,
            'person' => Person::class,
            'company' => Company::class,
            'organisation' => Organisation::class,
            // 'artist' added when artist module lands

            // Additional models used as activity-log subjects/causers
            'crowd_list' => CrowdList::class,
            'crowd_type' => CrowdType::class,
            'email_change_request' => EmailChangeRequest::class,
            'email_log' => EmailLog::class,
            'festival_section' => FestivalSection::class,
            'impersonation_session' => ImpersonationSession::class,
            'location' => Location::class,
            'mfa_backup_code' => MfaBackupCode::class,
            'mfa_email_code' => MfaEmailCode::class,
            'organisation_email_settings' => OrganisationEmailSettings::class,
            'organisation_email_template' => OrganisationEmailTemplate::class,
            'person_field_value' => PersonFieldValue::class,
            'person_identity_match' => PersonIdentityMatch::class,
            'person_section_preference' => PersonSectionPreference::class,
            'person_tag' => PersonTag::class,
            'registration_field_template' => RegistrationFieldTemplate::class,
            'registration_form_field' => RegistrationFormField::class,
            'shift' => Shift::class,
            'shift_assignment' => ShiftAssignment::class,
            'shift_waitlist' => ShiftWaitlist::class,
            'time_slot' => TimeSlot::class,
            'trusted_device' => TrustedDevice::class,
            'user_invitation' => UserInvitation::class,
            'user_organisation_tag' => UserOrganisationTag::class,
            'volunteer_availability' => VolunteerAvailability::class,
        ]);

        Person::observe(PersonObserver::class);
        User::observe(UserObserver::class);
        FormValue::observe(FormValueObserver::class);

        ResetPassword::createUrlUsing(function ($user, string $token) {
            return config('crewli.portal_url') . '/wachtwoord-resetten?token=' . $token . '&email=' . urlencode($user->email);
        });

        // Tag activity log entries with impersonation context
        Activity::saving(function (Activity $activity) {
            $request = request();

            $impersonator = $request->attributes->get('impersonator');
            $session = $request->attributes->get('impersonation_session');

            if ($impersonator && $session) {
                $properties = $activity->properties?->toArray() ?? [];
                $properties['impersonated_by'] = [
                    'user_id' => $impersonator->id,
                    'name' => $impersonator->full_name,
                    'email' => $impersonator->email,
                ];
                $properties['impersonation_session_id'] = $session->id;
                $activity->properties = collect($properties);
            }
        });
    }
}