bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
513ca519b27df58b66fc818ae07a46c4e3391306
crewli/api/app/Http/Controllers/Api/V1/MemberController.php
bert.hausmans 836cffa232 feat: password reset, email change with verification, and password change 
Password reset: multi-app support with custom notification linking to correct
frontend (app/portal/admin). Email change: self-service with password
confirmation and admin-initiated, both sending verification to new address
with 24h expiry. Confirmation sent to old email on completion. Password
change: authenticated endpoint revoking other sessions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 15:38:54 +02:00

113 lines
3.4 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\UpdateMemberRequest;
use App\Http\Resources\Api\V1\MemberCollection;
use App\Http\Resources\Api\V1\MemberResource;
use App\Models\Organisation;
use App\Models\User;
use App\Services\EmailChangeService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
final class MemberController extends Controller
{
public function index(Organisation $organisation): MemberCollection
{
Gate::authorize('view', $organisation);
$members = $organisation->users()->get();
return new MemberCollection($members);
}
public function update(UpdateMemberRequest $request, Organisation $organisation, User $user): JsonResponse
{
Gate::authorize('invite', $organisation);
if ($request->user()->id === $user->id) {
return $this->error('Je kunt je eigen rol niet wijzigen.', 422);
}
$currentRole = $organisation->users()
->where('user_id', $user->id)
->first()?->pivot?->role;
if ($currentRole === 'org_admin' && $request->validated('role') !== 'org_admin') {
$adminCount = $organisation->users()
->wherePivot('role', 'org_admin')
->count();
if ($adminCount <= 1) {
return $this->error('De laatste org_admin kan niet worden gedegradeerd.', 422);
}
}
$organisation->users()->updateExistingPivot($user->id, [
'role' => $request->validated('role'),
]);
return $this->success(
new MemberResource($organisation->users()->where('user_id', $user->id)->first()),
);
}
public function destroy(Organisation $organisation, User $user): JsonResponse
{
Gate::authorize('invite', $organisation);
if (request()->user()->id === $user->id) {
return $this->error('Je kunt je eigen account niet verwijderen uit de organisatie.', 422);
}
$currentRole = $organisation->users()
->where('user_id', $user->id)
->first()?->pivot?->role;
if ($currentRole === 'org_admin') {
$adminCount = $organisation->users()
->wherePivot('role', 'org_admin')
->count();
if ($adminCount <= 1) {
return $this->error('De laatste org_admin kan niet worden verwijderd.', 422);
}
}
$organisation->users()->detach($user->id);
return response()->json(null, 204);
}
/**
* POST /api/v1/organisations/{organisation}/members/{user}/change-email
* Admin changes a member's email (sends verification to new address).
*/
public function changeEmail(Request $request, Organisation $organisation, User $user): JsonResponse
{
Gate::authorize('invite', $organisation);
$validated = $request->validate([
'new_email' => ['required', 'email', 'max:255'],
]);
$frontendUrl = config('app.frontend_app_url');
app(EmailChangeService::class)->requestChange(
$user,
$validated['new_email'],
$request->user(),
$frontendUrl,
);
return $this->success(
message: 'Er is een verificatiemail verstuurd naar ' . $validated['new_email'] . '.',
);
}
}
Reference in New Issue View Git Blame Copy Permalink