crewli/api/app/Http/Controllers/Api/V1 at b6ef6ec3835dcb779e9513e291ac6751e207c329 - crewli - Gitea: Git with a cup of tea

bert.hausmans/crewli

Files

History

bert.hausmans b6ef6ec383 fix: login response missing app_roles — platform nav not showing

LoginController used UserResource (returns `roles`) but the frontend
authStore.setUser() expects MeResponse format with `app_roles`. After
login, appRoles was set to undefined, making isSuperAdmin always false.
Combined with isInitialized staying true after the initial failed
/auth/me call, the correct /auth/me was never re-fetched after login.

Fix: use MeResource in LoginController (same as MeController) so the
login response includes app_roles, permissions, and portal_events.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 00:18:19 +02:00

..

feat: platform admin backend — controllers, services, routes, tests

2026-04-14 23:33:16 +02:00

feat: portal cross-event my-shifts endpoint and dashboard page

2026-04-14 15:07:08 +02:00

security: migrate auth tokens to httpOnly cookies (hybrid bearer token approach)

2026-04-14 16:06:44 +02:00

AccountController.php

feat: password reset, email change with verification, and password change

2026-04-14 15:38:54 +02:00

AuthRefreshController.php

security: migrate auth tokens to httpOnly cookies (hybrid bearer token approach)

2026-04-14 16:06:44 +02:00

CheckEmailController.php

feat(api): registration auth, account creation, check-email & email notifications

2026-04-13 00:37:04 +02:00

CompanyController.php

feat: companies CRUD with person dialog integration and navigation

2026-04-10 11:16:01 +02:00

CrowdListController.php

security: A01-13 — nest all event routes under organisation prefix

2026-04-14 08:16:36 +02:00

CrowdTypeController.php

feat: crowd types management UI with create/edit/deactivate

2026-04-10 11:15:51 +02:00

EmailChangeController.php

feat: password reset, email change with verification, and password change

2026-04-14 15:38:54 +02:00

EventController.php

security: A01-13 — nest all event routes under organisation prefix

2026-04-14 08:16:36 +02:00

FestivalSectionController.php

security: A01-13 — nest all event routes under organisation prefix

2026-04-14 08:16:36 +02:00

InvitationController.php

security: migrate auth tokens to httpOnly cookies (hybrid bearer token approach)

2026-04-14 16:06:44 +02:00

LocationController.php

security: A01-13 — nest all event routes under organisation prefix

2026-04-14 08:16:36 +02:00

LoginController.php

fix: login response missing app_roles — platform nav not showing

2026-04-15 00:18:19 +02:00

LogoutController.php

security: migrate auth tokens to httpOnly cookies (hybrid bearer token approach)

2026-04-14 16:06:44 +02:00

MeController.php

feat(api): add portal_events to auth/me endpoint

2026-04-13 07:38:59 +02:00

MemberController.php

feat: add "Lid toevoegen als deelnemer" shortcut for org members

2026-04-14 18:38:53 +02:00

OrganisationController.php

feat: consolidate frontend API layer, add query-client, and harden backend Fase 1

2026-04-07 17:35:34 +02:00

PasswordResetController.php

feat: password reset, email change with verification, and password change

2026-04-14 15:38:54 +02:00

PersonController.php

feat: add "Lid toevoegen als deelnemer" shortcut for org members

2026-04-14 18:38:53 +02:00

PersonFieldValueController.php

security: A01-13 — nest all event routes under organisation prefix

2026-04-14 08:16:36 +02:00

PersonIdentityMatchController.php

feat: complete person identity matching system with fuzzy detection, revert, and manual link

2026-04-14 08:44:24 +02:00

PersonSectionPreferenceController.php

security: A01-13 — nest all event routes under organisation prefix

2026-04-14 08:16:36 +02:00

PersonTagController.php

refactor(app): unify settings tab design for tags, templates & crowd types

2026-04-12 23:18:10 +02:00

PortalMeController.php

security: round 2 — multi-tenancy isolation (OrganisationScope, scoped validation, boundary checks)

2026-04-14 06:38:19 +02:00

PortalTokenController.php

security: round 3 — token security (crypto random, hashed storage, portal middleware)

2026-04-14 06:52:54 +02:00

PublicRegistrationDataController.php

feat(api): extend registration endpoints with dynamic fields and section preferences

2026-04-12 23:44:26 +02:00

RegistrationFieldTemplateController.php

feat: registration form fields, section preferences, tag sync & schema updates

2026-04-12 22:10:16 +02:00

RegistrationFormFieldController.php

security: A01-13 — nest all event routes under organisation prefix

2026-04-14 08:16:36 +02:00

ShiftAssignmentController.php

security: A01-13 — nest all event routes under organisation prefix

2026-04-14 08:16:36 +02:00

ShiftController.php

security: A01-13 — nest all event routes under organisation prefix

2026-04-14 08:16:36 +02:00

TimeSlotController.php

feat: fix time slot hierarchy — seeder, API include_children, frontend dropdown, navigation

2026-04-14 22:07:37 +02:00

UserOrganisationTagController.php

feat: person tags system - org-level skills with self-reported and organiser-assigned sources

2026-04-10 11:15:43 +02:00

VolunteerAvailabilityController.php

security: A01-13 — nest all event routes under organisation prefix

2026-04-14 08:16:36 +02:00

VolunteerRegistrationController.php

feat: show identity match hint on registration success page

2026-04-14 08:56:25 +02:00