crewli/api/app/Policies/RegistrationFormFieldPolicy.php

<?php

declare(strict_types=1);

namespace App\Policies;

use App\Models\Event;
use App\Models\RegistrationFormField;
use App\Models\User;

final class RegistrationFormFieldPolicy
{
    public function viewAny(User $user, Event $event): bool
    {
        return $this->belongsToOrganisation($user, $event);
    }

    public function view(User $user, RegistrationFormField $field, Event $event): bool
    {
        if ($field->event_id !== $event->id) {
            return false;
        }

        return $this->belongsToOrganisation($user, $event);
    }

    public function create(User $user, Event $event): bool
    {
        return $this->canManageEvent($user, $event);
    }

    public function update(User $user, RegistrationFormField $field, Event $event): bool
    {
        if ($field->event_id !== $event->id) {
            return false;
        }

        return $this->canManageEvent($user, $event);
    }

    public function delete(User $user, RegistrationFormField $field, Event $event): bool
    {
        if ($field->event_id !== $event->id) {
            return false;
        }

        return $this->canManageEvent($user, $event);
    }

    public function reorder(User $user, Event $event): bool
    {
        return $this->canManageEvent($user, $event);
    }

    private function belongsToOrganisation(User $user, Event $event): bool
    {
        if ($user->hasRole('super_admin')) {
            return true;
        }

        return $event->organisation->users()->where('user_id', $user->id)->exists();
    }

    private function canManageEvent(User $user, Event $event): bool
    {
        if ($user->hasRole('super_admin')) {
            return true;
        }

        $isOrgAdmin = $event->organisation->users()
            ->where('user_id', $user->id)
            ->wherePivot('role', 'org_admin')
            ->exists();

        if ($isOrgAdmin) {
            return true;
        }

        return $event->users()
            ->where('user_id', $user->id)
            ->wherePivot('role', 'event_manager')
            ->exists();
    }
}