einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-06-17 16:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

- 🏗️ Introduced CoursePolicy and CourseEventPolicy for authorization.

Browse Source 
-  Added `StoreCourseRequest` and `UpdateCourseRequest` for structured validation.
-  Introduced `StoreCourseEventRequest` and `UpdateCourseEventRequest` for consistent request validation.
- 🖼️ Created `CourseResource` and `CourseEventResource` for API responses.
- 🔄 Refactored `CourseController` and `CourseEventController` to use Policies and FormRequests.
-  Added dedicated `uploadLogo` and `uploadAvatar` API endpoints with shared media validation.
- 🚀 Improved API by aligning Course and CourseEvent behavior with other entities.
This commit is contained in:
HolgerHatGarKeineNode
2026-06-15 15:06:07 +02:00
parent 119deb4f5c
commit 1518611bdb
25 changed files with 1186 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/Api/CourseController.php
+29 -23
View File
@@ -4,6 +4,10 @@ namespace App\Http\Controllers\Api;
use App\Http\Controllers\Api\Concerns\FiltersNumericIds;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\StoreCourseRequest;
use App\Http\Requests\Api\UpdateCourseRequest;
use App\Http\Requests\Api\UploadMediaRequest;
use App\Http\Resources\CourseResource;
use App\Models\Course;
use App\Models\CourseEvent;
use App\Models\Lecturer;
@@ -100,21 +104,16 @@ class CourseController extends Controller
* Kurs anlegen
*
* Erlaubt einem authentifizierten Referenten, einen Kurs programmatisch anzulegen.
* Der Ersteller (created_by) wird automatisch auf den angemeldeten Nutzer gesetzt.
*/
#[ResponseAttribute(status: 403, description: 'Nur Referenten (is_lecturer) dürfen Kurse anlegen.')]
public function store(Request $request): JsonResponse
public function store(StoreCourseRequest $request): JsonResponse
{
abort_unless((bool) $request->user()->is_lecturer, Response::HTTP_FORBIDDEN);
$course = Course::create($request->validated());
$validated = $request->validate([
'name' => ['required', 'string', 'max:255'],
'lecturer_id' => ['required', 'exists:lecturers,id'],
'description' => ['nullable', 'string'],
]);
$course = Course::create($validated);
return response()->json($course->fresh(), Response::HTTP_CREATED);
return CourseResource::make($course->fresh())
->response()
->setStatusCode(Response::HTTP_CREATED);
}
/**
@@ -178,22 +177,29 @@ class CourseController extends Controller
* Aktualisiert einen Kurs; nur für den Ersteller oder einen Super-Admin.
*/
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller des Kurses oder ein Super-Admin darf ihn ändern.')]
public function update(Request $request, Course $course): JsonResponse
public function update(UpdateCourseRequest $request, Course $course): CourseResource
{
abort_unless(
(int) $course->created_by === $request->user()->id || $request->user()->hasRole('super-admin'),
Response::HTTP_FORBIDDEN
);
$course->update($request->validated());
$validated = $request->validate([
'name' => ['sometimes', 'required', 'string', 'max:255'],
'lecturer_id' => ['sometimes', 'required', 'exists:lecturers,id'],
'description' => ['sometimes', 'nullable', 'string'],
]);
return CourseResource::make($course->fresh());
}
$course->update($validated);
/**
* Kurs-Logo hochladen
*
* Lädt ein Logo (multipart, Feld „file") in die singleFile-Collection „logo" und ersetzt
* dabei ein vorhandenes Logo. Nur für den Ersteller oder einen Super-Admin. Die Antwort
* enthält die frische Logo-URL.
*/
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf das Logo ersetzen.')]
#[ResponseAttribute(status: 422, description: 'Validierungsfehler (kein Bild, falscher MIME-Typ, zu groß oder zu große Abmessungen).')]
public function uploadLogo(UploadMediaRequest $request, Course $course): CourseResource
{
$course->addMedia($request->file('file')->getRealPath())
->usingName($course->name)
->toMediaCollection('logo');
return response()->json($course->fresh());
return CourseResource::make($course->fresh());
}
#[ExcludeRouteFromDocs]
app/Http/Controllers/Api/CourseEventController.php
+16 -34
View File
@@ -3,14 +3,17 @@
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\StoreCourseEventRequest;
use App\Http\Requests\Api\UpdateCourseEventRequest;
use App\Http\Resources\CourseEventResource;
use App\Models\CourseEvent;
use Dedoc\Scramble\Attributes\Group;
use Dedoc\Scramble\Attributes\QueryParameter;
use Dedoc\Scramble\Attributes\Response as ResponseAttribute;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Symfony\Component\HttpFoundation\Response;
#[Group(name: 'Kurs-Events', weight: 2)]
@@ -22,13 +25,11 @@ class CourseEventController extends Controller
* Liefert alle vom authentifizierten Nutzer erstellten Kurs-Events (inkl. zugehörigem
* Kurs und Veranstaltungsort), absteigend nach Startdatum. Ideal für idempotente
* Synchronisierung durch externe Clients.
*
* @return Collection<int, CourseEvent>
*/
#[QueryParameter(name: 'course_id', description: 'Filtert die Kurs-Events auf einen bestimmten Kurs.', required: false, type: 'integer')]
public function index(Request $request): Collection
public function index(Request $request): AnonymousResourceCollection
{
return CourseEvent::query()
$courseEvents = CourseEvent::query()
->with(['course:id,name', 'venue:id,name'])
->where('created_by', $request->user()->id)
->when(
@@ -37,6 +38,8 @@ class CourseEventController extends Controller
)
->orderByDesc('from')
->get();
return CourseEventResource::collection($courseEvents);
}
/**
@@ -45,21 +48,13 @@ class CourseEventController extends Controller
* Erlaubt einem authentifizierten Referenten, ein datiertes Kurs-Event programmatisch anzulegen.
*/
#[ResponseAttribute(status: 403, description: 'Nur Referenten (is_lecturer) dürfen Kurs-Events anlegen.')]
public function store(Request $request): JsonResponse
public function store(StoreCourseEventRequest $request): JsonResponse
{
abort_unless((bool) $request->user()->is_lecturer, Response::HTTP_FORBIDDEN);
$courseEvent = CourseEvent::create($request->validated());
$validated = $request->validate([
'course_id' => ['required', 'integer', 'exists:courses,id'],
'venue_id' => ['required', 'integer', 'exists:venues,id'],
'from' => ['required', 'date'],
'to' => ['required', 'date', 'after_or_equal:from'],
'link' => ['required', 'url', 'max:255'],
]);
$courseEvent = CourseEvent::create($validated);
return response()->json($courseEvent->fresh(), Response::HTTP_CREATED);
return CourseEventResource::make($courseEvent->fresh())
->response()
->setStatusCode(Response::HTTP_CREATED);
}
/**
@@ -68,23 +63,10 @@ class CourseEventController extends Controller
* Aktualisiert ein Kurs-Event; nur für den Ersteller oder einen Super-Admin.
*/
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller des Kurs-Events oder ein Super-Admin darf es ändern.')]
public function update(Request $request, CourseEvent $courseEvent): JsonResponse
public function update(UpdateCourseEventRequest $request, CourseEvent $courseEvent): CourseEventResource
{
abort_unless(
(int) $courseEvent->created_by === $request->user()->id || $request->user()->hasRole('super-admin'),
Response::HTTP_FORBIDDEN
);
$courseEvent->update($request->validated());
$validated = $request->validate([
'course_id' => ['sometimes', 'required', 'integer', 'exists:courses,id'],
'venue_id' => ['sometimes', 'required', 'integer', 'exists:venues,id'],
'from' => ['sometimes', 'required', 'date'],
'to' => ['sometimes', 'required', 'date', 'after_or_equal:from'],
'link' => ['sometimes', 'required', 'url', 'max:255'],
]);
$courseEvent->update($validated);
return response()->json($courseEvent->fresh());
return CourseEventResource::make($courseEvent->fresh());
}
}
app/Http/Controllers/Api/LecturerController.php
+20
View File
@@ -6,6 +6,7 @@ use App\Http\Controllers\Api\Concerns\FiltersNumericIds;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\StoreLecturerRequest;
use App\Http\Requests\Api\UpdateLecturerRequest;
use App\Http\Requests\Api\UploadMediaRequest;
use App\Http\Resources\LecturerResource;
use App\Models\Course;
use App\Models\Lecturer;
@@ -142,6 +143,7 @@ class LecturerController extends Controller
Gate::authorize('viewAny', Lecturer::class);
$lecturers = Lecturer::query()
->with('media')
->where('created_by', $request->user()->id)
->orderBy('name')
->get();
@@ -161,4 +163,22 @@ class LecturerController extends Controller
return LecturerResource::make($lecturer);
}
/**
* Referenten-Avatar hochladen
*
* Lädt einen Avatar (multipart, Feld „file") in die singleFile-Collection „avatar" und
* ersetzt dabei ein vorhandenes Bild. Nur für den Ersteller oder einen Super-Admin. Die
* Antwort enthält die frische Avatar-URL.
*/
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf den Avatar ersetzen.')]
#[ResponseAttribute(status: 422, description: 'Validierungsfehler (kein Bild, falscher MIME-Typ, zu groß oder zu große Abmessungen).')]
public function uploadAvatar(UploadMediaRequest $request, Lecturer $lecturer): LecturerResource
{
$lecturer->addMedia($request->file('file')->getRealPath())
->usingName($lecturer->name)
->toMediaCollection('avatar');
return LecturerResource::make($lecturer->fresh());
}
}
app/Http/Controllers/Api/MeetupController.php
+19
View File
@@ -6,6 +6,7 @@ use App\Http\Controllers\Api\Concerns\FiltersNumericIds;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\StoreMeetupRequest;
use App\Http\Requests\Api\UpdateMeetupRequest;
use App\Http\Requests\Api\UploadMediaRequest;
use App\Http\Resources\MeetupResource;
use App\Models\Meetup;
use Dedoc\Scramble\Attributes\ExcludeRouteFromDocs;
@@ -155,4 +156,22 @@ class MeetupController extends Controller
return MeetupResource::make($meetup);
}
/**
* Meetup-Logo hochladen
*
* Lädt ein Logo (multipart, Feld „file") in die singleFile-Collection „logo" und ersetzt
* dabei ein vorhandenes Logo. Nur für den Ersteller oder einen Super-Admin. Die Antwort
* enthält die frische Logo-URL.
*/
#[Response(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf das Logo ersetzen.')]
#[Response(status: 422, description: 'Validierungsfehler (kein Bild, falscher MIME-Typ, zu groß oder zu große Abmessungen).')]
public function uploadLogo(UploadMediaRequest $request, Meetup $meetup): MeetupResource
{
$meetup->addMedia($request->file('file')->getRealPath())
->usingName($meetup->name)
->toMediaCollection('logo');
return MeetupResource::make($meetup->fresh());
}
}
app/Http/Controllers/Api/MeetupEventController.php
+18 -2
View File
@@ -2,6 +2,7 @@
namespace App\Http\Controllers\Api;
use App\Actions\MeetupEvents\CreateMeetupEventSeries;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\StoreMeetupEventRequest;
use App\Http\Requests\Api\UpdateMeetupEventRequest;
@@ -87,12 +88,27 @@ class MeetupEventController extends Controller
*
* Erlaubt einem authentifizierten Nutzer, ein Meetup-Event programmatisch anzulegen.
* Der Ersteller (created_by) wird automatisch gesetzt.
*
* Werden sowohl `recurrence_type` als auch `recurrence_end_date` übergeben, wird wie im
* Web-Editor eine Serie einzelner Termine erzeugt (gemeinsame Expansions-Action, harte
* Obergrenze von 100 Terminen) und die Antwort enthält die Liste aller erstellten Events.
* Ohne diese Felder entsteht ein einzelner Termin.
*/
#[ResponseAttribute(status: 401, description: 'Nicht authentifiziert.')]
#[ResponseAttribute(status: 422, description: 'Validierungsfehler.')]
public function store(StoreMeetupEventRequest $request): JsonResponse
public function store(StoreMeetupEventRequest $request, CreateMeetupEventSeries $createSeries): JsonResponse
{
$meetupEvent = MeetupEvent::create($request->validated());
$validated = $request->validated();
if (! empty($validated['recurrence_type']) && ! empty($validated['recurrence_end_date'])) {
$events = $createSeries->handle($validated);
return MeetupEventResource::collection($events)
->response()
->setStatusCode(Response::HTTP_CREATED);
}
$meetupEvent = MeetupEvent::create($validated);
return MeetupEventResource::make($meetupEvent->fresh())
->response()
app/Http/Requests/Api/StoreCourseEventRequest.php
+39
View File
@@ -0,0 +1,39 @@
<?php
namespace App\Http\Requests\Api;
use App\Models\CourseEvent;
use Illuminate\Foundation\Http\FormRequest;
class StoreCourseEventRequest extends FormRequest
{
public function authorize(): bool
{
return $this->user()->can('create', CourseEvent::class);
}
/**
* @return array<string, array<int, string>>
*/
public function rules(): array
{
return [
'course_id' => ['required', 'integer', 'exists:courses,id'],
'venue_id' => ['required', 'integer', 'exists:venues,id'],
'from' => ['required', 'date'],
'to' => ['required', 'date', 'after_or_equal:from'],
'link' => ['required', 'url', 'max:255'],
];
}
/**
* @return array<string, string>
*/
public function messages(): array
{
return [
'course_id.exists' => 'Der angegebene Kurs existiert nicht.',
'venue_id.exists' => 'Der angegebene Veranstaltungsort existiert nicht.',
];
}
}
app/Http/Requests/Api/StoreCourseRequest.php
+36
View File
@@ -0,0 +1,36 @@
<?php
namespace App\Http\Requests\Api;
use App\Models\Course;
use Illuminate\Foundation\Http\FormRequest;
class StoreCourseRequest extends FormRequest
{
public function authorize(): bool
{
return $this->user()->can('create', Course::class);
}
/**
* @return array<string, array<int, string>>
*/
public function rules(): array
{
return [
'name' => ['required', 'string', 'max:255'],
'lecturer_id' => ['required', 'integer', 'exists:lecturers,id'],
'description' => ['nullable', 'string'],
];
}
/**
* @return array<string, string>
*/
public function messages(): array
{
return [
'lecturer_id.exists' => 'Der angegebene Referent existiert nicht.',
];
}
}
app/Http/Requests/Api/UpdateCourseEventRequest.php
+38
View File
@@ -0,0 +1,38 @@
<?php
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class UpdateCourseEventRequest extends FormRequest
{
public function authorize(): bool
{
return $this->user()->can('update', $this->route('courseEvent'));
}
/**
* @return array<string, array<int, string>>
*/
public function rules(): array
{
return [
'course_id' => ['sometimes', 'required', 'integer', 'exists:courses,id'],
'venue_id' => ['sometimes', 'required', 'integer', 'exists:venues,id'],
'from' => ['sometimes', 'required', 'date'],
'to' => ['sometimes', 'required', 'date', 'after_or_equal:from'],
'link' => ['sometimes', 'required', 'url', 'max:255'],
];
}
/**
* @return array<string, string>
*/
public function messages(): array
{
return [
'course_id.exists' => 'Der angegebene Kurs existiert nicht.',
'venue_id.exists' => 'Der angegebene Veranstaltungsort existiert nicht.',
];
}
}
app/Http/Requests/Api/UpdateCourseRequest.php
+35
View File
@@ -0,0 +1,35 @@
<?php
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class UpdateCourseRequest extends FormRequest
{
public function authorize(): bool
{
return $this->user()->can('update', $this->route('course'));
}
/**
* @return array<string, array<int, string>>
*/
public function rules(): array
{
return [
'name' => ['sometimes', 'required', 'string', 'max:255'],
'lecturer_id' => ['sometimes', 'required', 'integer', 'exists:lecturers,id'],
'description' => ['sometimes', 'nullable', 'string'],
];
}
/**
* @return array<string, string>
*/
public function messages(): array
{
return [
'lecturer_id.exists' => 'Der angegebene Referent existiert nicht.',
];
}
}
app/Http/Requests/Api/UploadMediaRequest.php
+46
View File
@@ -0,0 +1,46 @@
<?php
namespace App\Http\Requests\Api;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Foundation\Http\FormRequest;
class UploadMediaRequest extends FormRequest
{
public function authorize(): bool
{
$model = $this->boundModel();
return $model !== null && $this->user()->can('update', $model);
}
/**
* @return array<string, array<int, string>>
*/
public function rules(): array
{
return [
'file' => [
'required',
'image',
'mimes:jpeg,png,webp,avif',
'max:5120',
'dimensions:max_width=4000,max_height=4000',
],
];
}
/**
* The route-bound model whose media is being replaced (meetup, lecturer, course).
*/
protected function boundModel(): ?Model
{
foreach ($this->route()->parameters() as $parameter) {
if ($parameter instanceof Model) {
return $parameter;
}
}
return null;
}
}
app/Http/Resources/CourseEventResource.php
+39
View File
@@ -0,0 +1,39 @@
<?php
namespace App\Http\Resources;
use App\Models\CourseEvent;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
/**
* @mixin CourseEvent
*/
class CourseEventResource extends JsonResource
{
/**
* @return array<string, mixed>
*/
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'course_id' => $this->course_id,
'venue_id' => $this->venue_id,
'from' => $this->from,
'to' => $this->to,
'link' => $this->link,
'course' => $this->whenLoaded('course', fn (): array => [
'id' => $this->course->id,
'name' => $this->course->name,
]),
'venue' => $this->whenLoaded('venue', fn (): array => [
'id' => $this->venue->id,
'name' => $this->venue->name,
]),
'created_by' => $this->created_by,
'created_at' => $this->created_at,
'updated_at' => $this->updated_at,
];
}
}
app/Http/Resources/CourseResource.php
+30
View File
@@ -0,0 +1,30 @@
<?php
namespace App\Http\Resources;
use App\Models\Course;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
/**
* @mixin Course
*/
class CourseResource extends JsonResource
{
/**
* @return array<string, mixed>
*/
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'name' => $this->name,
'lecturer_id' => $this->lecturer_id,
'description' => $this->description,
'logo' => $this->getFirstMediaUrl('logo', 'thumb'),
'created_by' => $this->created_by,
'created_at' => $this->created_at,
'updated_at' => $this->updated_at,
];
}
}
app/Http/Resources/LecturerResource.php
+1
View File
@@ -32,6 +32,7 @@ class LecturerResource extends JsonResource
'node_id' => $this->node_id,
'paynym' => $this->paynym,
'team_id' => $this->team_id,
'avatar' => $this->getFirstMediaUrl('avatar', 'thumb'),
'created_by' => $this->created_by,
'created_at' => $this->created_at,
'updated_at' => $this->updated_at,