crewli/api/app/Http/Controllers/Api/V1/PersonController.php

<?php

declare(strict_types=1);

namespace App\Http\Controllers\Api\V1;

use App\Http\Controllers\Controller;
use App\Http\Controllers\Api\V1\Traits\VerifiesOrganisationEvent;
use App\Http\Requests\Api\V1\StorePersonRequest;
use App\Http\Requests\Api\V1\UpdatePersonRequest;
use App\Http\Resources\Api\V1\PersonCollection;
use App\Http\Resources\Api\V1\PersonResource;
use App\Mail\RegistrationApprovedMail;
use App\Mail\RegistrationRejectedMail;
use App\Models\Event;
use App\Models\Organisation;
use App\Models\Person;
use App\Services\PersonIdentityService;
use App\Services\TagSyncService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Mail;

final class PersonController extends Controller
{
    use VerifiesOrganisationEvent;

    public function __construct(
        private readonly PersonIdentityService $identityService,
        private readonly TagSyncService $tagSyncService,
    ) {}

    public function index(Request $request, Organisation $organisation, Event $event): PersonCollection
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('viewAny', [Person::class, $event]);

        $query = $event->persons()->with(['crowdType', 'pendingIdentityMatch.matchedUser', 'user']);

        if ($request->filled('crowd_type_id')) {
            $query->where('crowd_type_id', $request->input('crowd_type_id'));
        }

        if ($request->filled('status')) {
            $query->where('status', $request->input('status'));
        }

        if ($request->filled('tag')) {
            $organisation = $event->organisation;
            $query->whereHas('user', function ($q) use ($request, $organisation) {
                $q->whereHas('organisationTags', function ($q2) use ($request, $organisation) {
                    $q2->where('organisation_id', $organisation->id)
                        ->where('person_tag_id', $request->input('tag'));
                });
            });
        }

        if ($request->filled('tags')) {
            $organisation = $event->organisation;
            $tagIds = explode(',', $request->input('tags'));
            foreach ($tagIds as $tagId) {
                $query->whereHas('user', function ($q) use ($tagId, $organisation) {
                    $q->whereHas('organisationTags', function ($q2) use ($tagId, $organisation) {
                        $q2->where('organisation_id', $organisation->id)
                            ->where('person_tag_id', $tagId);
                    });
                });
            }
        }

        return new PersonCollection($query->get());
    }

    public function show(Organisation $organisation, Event $event, Person $person): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('view', [$person, $event]);

        $person->load(['crowdType', 'company', 'user', 'pendingIdentityMatch.matchedUser']);

        return $this->success(new PersonResource($person));
    }

    public function store(StorePersonRequest $request, Organisation $organisation, Event $event): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('create', [Person::class, $event]);

        $person = $event->persons()->create($request->validated());

        // Identity match detection is handled automatically by PersonObserver

        return $this->created(new PersonResource($person->fresh()->load('crowdType')));
    }

    public function update(UpdatePersonRequest $request, Organisation $organisation, Event $event, Person $person): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('update', [$person, $event]);

        $person->update($request->validated());
        $person->load(['crowdType', 'company']);

        return $this->success(new PersonResource($person->fresh()->load(['crowdType', 'company'])));
    }

    public function destroy(Organisation $organisation, Event $event, Person $person): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('delete', [$person, $event]);

        $person->delete();

        return response()->json(null, 204);
    }

    public function approve(Organisation $organisation, Event $event, Person $person): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('approve', [$person, $event]);

        $person->update(['status' => 'approved']);

        $this->tagSyncService->syncFromRegistration($person);

        if ($person->email) {
            Mail::to($person->email)->queue(new RegistrationApprovedMail($person, $event));
        }

        return $this->success(new PersonResource($person->fresh()->load('crowdType')));
    }

    public function reject(Request $request, Organisation $organisation, Event $event, Person $person): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('approve', [$person, $event]);

        $person->update(['status' => 'rejected']);

        $reason = $request->input('reason');

        if ($person->email) {
            Mail::to($person->email)->queue(new RegistrationRejectedMail($person, $event, $reason));
        }

        return $this->success(new PersonResource($person->fresh()->load('crowdType')));
    }
}