bert.hausmans
7932e53daf
Move all authenticated organiser-facing event sub-resource routes from
/events/{event}/... to /organisations/{organisation}/events/{event}/...
to enforce multi-tenancy at the routing layer.
Changes:
- Routes: restructured api.php to nest all event sub-resources under
the existing organisation prefix group
- Controllers: added Organisation parameter and VerifiesOrganisationEvent
trait to all 12 affected controllers (sections, time-slots, shifts,
persons, crowd-lists, locations, shift-assignments, registration-fields,
availabilities, field-values, section-preferences, stats)
- Tests: updated all 20 feature test files with new route paths
- Frontend: updated 8 API composables and 20 Vue components/pages
- API.md: updated documentation to reflect new route structure
Portal routes, public routes (volunteer-register), and invitation routes
remain unchanged as they operate without organisation context.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
109 lines
4.1 KiB
PHP
109 lines
4.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Controllers\Api\V1;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Http\Controllers\Api\V1\Traits\VerifiesOrganisationEvent;
|
|
use App\Http\Requests\Api\V1\AddPersonToCrowdListRequest;
|
|
use App\Http\Requests\Api\V1\StoreCrowdListRequest;
|
|
use App\Http\Requests\Api\V1\UpdateCrowdListRequest;
|
|
use App\Http\Resources\Api\V1\CrowdListResource;
|
|
use App\Models\CrowdList;
|
|
use App\Models\Event;
|
|
use App\Models\Organisation;
|
|
use App\Models\Person;
|
|
use App\Services\CrowdListService;
|
|
use App\Http\Resources\Api\V1\PersonResource;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
|
|
use Illuminate\Support\Facades\Gate;
|
|
|
|
final class CrowdListController extends Controller
|
|
{
|
|
use VerifiesOrganisationEvent;
|
|
|
|
public function __construct(
|
|
private readonly CrowdListService $crowdListService,
|
|
) {}
|
|
|
|
public function index(Organisation $organisation, Event $event): AnonymousResourceCollection
|
|
{
|
|
$this->verifyEventBelongsToOrganisation($organisation, $event);
|
|
Gate::authorize('viewAny', [CrowdList::class, $event]);
|
|
|
|
$crowdLists = $event->crowdLists()
|
|
->with(['crowdType', 'recipientCompany'])
|
|
->withCount('persons')
|
|
->get();
|
|
|
|
return CrowdListResource::collection($crowdLists);
|
|
}
|
|
|
|
public function store(StoreCrowdListRequest $request, Organisation $organisation, Event $event): JsonResponse
|
|
{
|
|
$this->verifyEventBelongsToOrganisation($organisation, $event);
|
|
Gate::authorize('create', [CrowdList::class, $event]);
|
|
|
|
$crowdList = $this->crowdListService->create($event, $request->validated(), $request->user());
|
|
|
|
return $this->created(new CrowdListResource($crowdList->loadCount('persons')));
|
|
}
|
|
|
|
public function update(UpdateCrowdListRequest $request, Organisation $organisation, Event $event, CrowdList $crowdList): JsonResponse
|
|
{
|
|
$this->verifyEventBelongsToOrganisation($organisation, $event);
|
|
Gate::authorize('update', [$crowdList, $event]);
|
|
|
|
$crowdList = $this->crowdListService->update($crowdList, $request->validated(), $request->user());
|
|
|
|
return $this->success(new CrowdListResource($crowdList->loadCount('persons')));
|
|
}
|
|
|
|
public function destroy(Organisation $organisation, Event $event, CrowdList $crowdList): JsonResponse
|
|
{
|
|
$this->verifyEventBelongsToOrganisation($organisation, $event);
|
|
Gate::authorize('delete', [$crowdList, $event]);
|
|
|
|
$this->crowdListService->delete($crowdList, request()->user());
|
|
|
|
return response()->json(null, 204);
|
|
}
|
|
|
|
public function persons(Organisation $organisation, Event $event, CrowdList $crowdList): AnonymousResourceCollection
|
|
{
|
|
$this->verifyEventBelongsToOrganisation($organisation, $event);
|
|
Gate::authorize('viewPersons', [$crowdList, $event]);
|
|
|
|
$persons = $crowdList->persons()
|
|
->with(['crowdType', 'company', 'pendingIdentityMatch.matchedUser'])
|
|
->paginate(50);
|
|
|
|
return PersonResource::collection($persons);
|
|
}
|
|
|
|
public function addPerson(AddPersonToCrowdListRequest $request, Organisation $organisation, Event $event, CrowdList $crowdList): JsonResponse
|
|
{
|
|
$this->verifyEventBelongsToOrganisation($organisation, $event);
|
|
Gate::authorize('managePerson', [$crowdList, $event]);
|
|
|
|
$festivalEventId = $event->parent_event_id ?? $event->id;
|
|
$person = Person::where('event_id', $festivalEventId)->findOrFail($request->validated('person_id'));
|
|
|
|
$this->crowdListService->addPerson($crowdList, $person, $request->user());
|
|
|
|
return $this->success(new CrowdListResource($crowdList->fresh()->loadCount('persons')));
|
|
}
|
|
|
|
public function removePerson(Organisation $organisation, Event $event, CrowdList $crowdList, Person $person): JsonResponse
|
|
{
|
|
$this->verifyEventBelongsToOrganisation($organisation, $event);
|
|
Gate::authorize('managePerson', [$crowdList, $event]);
|
|
|
|
$this->crowdListService->removePerson($crowdList, $person, request()->user());
|
|
|
|
return response()->json(null, 204);
|
|
}
|
|
}
|