mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-17 16:40:31 +00:00
- 🏗️ Introduced CoursePolicy and CourseEventPolicy for authorization.
- ✨ Added `StoreCourseRequest` and `UpdateCourseRequest` for structured validation. - ✨ Introduced `StoreCourseEventRequest` and `UpdateCourseEventRequest` for consistent request validation. - 🖼️ Created `CourseResource` and `CourseEventResource` for API responses. - 🔄 Refactored `CourseController` and `CourseEventController` to use Policies and FormRequests. - ✨ Added dedicated `uploadLogo` and `uploadAvatar` API endpoints with shared media validation. - 🚀 Improved API by aligning Course and CourseEvent behavior with other entities.
This commit is contained in:
HolgerHatGarKeineNode
@@ -4,6 +4,10 @@ namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Http\Controllers\Api\Concerns\FiltersNumericIds;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\StoreCourseRequest;
|
||||
use App\Http\Requests\Api\UpdateCourseRequest;
|
||||
use App\Http\Requests\Api\UploadMediaRequest;
|
||||
use App\Http\Resources\CourseResource;
|
||||
use App\Models\Course;
|
||||
use App\Models\CourseEvent;
|
||||
use App\Models\Lecturer;
|
||||
@@ -100,21 +104,16 @@ class CourseController extends Controller
|
||||
* Kurs anlegen
|
||||
*
|
||||
* Erlaubt einem authentifizierten Referenten, einen Kurs programmatisch anzulegen.
|
||||
* Der Ersteller (created_by) wird automatisch auf den angemeldeten Nutzer gesetzt.
|
||||
*/
|
||||
#[ResponseAttribute(status: 403, description: 'Nur Referenten (is_lecturer) dürfen Kurse anlegen.')]
|
||||
public function store(Request $request): JsonResponse
|
||||
public function store(StoreCourseRequest $request): JsonResponse
|
||||
{
|
||||
abort_unless((bool) $request->user()->is_lecturer, Response::HTTP_FORBIDDEN);
|
||||
$course = Course::create($request->validated());
|
||||
|
||||
$validated = $request->validate([
|
||||
'name' => ['required', 'string', 'max:255'],
|
||||
'lecturer_id' => ['required', 'exists:lecturers,id'],
|
||||
'description' => ['nullable', 'string'],
|
||||
]);
|
||||
|
||||
$course = Course::create($validated);
|
||||
|
||||
return response()->json($course->fresh(), Response::HTTP_CREATED);
|
||||
return CourseResource::make($course->fresh())
|
||||
->response()
|
||||
->setStatusCode(Response::HTTP_CREATED);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -178,22 +177,29 @@ class CourseController extends Controller
|
||||
* Aktualisiert einen Kurs; nur für den Ersteller oder einen Super-Admin.
|
||||
*/
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller des Kurses oder ein Super-Admin darf ihn ändern.')]
|
||||
public function update(Request $request, Course $course): JsonResponse
|
||||
public function update(UpdateCourseRequest $request, Course $course): CourseResource
|
||||
{
|
||||
abort_unless(
|
||||
(int) $course->created_by === $request->user()->id || $request->user()->hasRole('super-admin'),
|
||||
Response::HTTP_FORBIDDEN
|
||||
);
|
||||
$course->update($request->validated());
|
||||
|
||||
$validated = $request->validate([
|
||||
'name' => ['sometimes', 'required', 'string', 'max:255'],
|
||||
'lecturer_id' => ['sometimes', 'required', 'exists:lecturers,id'],
|
||||
'description' => ['sometimes', 'nullable', 'string'],
|
||||
]);
|
||||
return CourseResource::make($course->fresh());
|
||||
}
|
||||
|
||||
$course->update($validated);
|
||||
/**
|
||||
* Kurs-Logo hochladen
|
||||
*
|
||||
* Lädt ein Logo (multipart, Feld „file") in die singleFile-Collection „logo" und ersetzt
|
||||
* dabei ein vorhandenes Logo. Nur für den Ersteller oder einen Super-Admin. Die Antwort
|
||||
* enthält die frische Logo-URL.
|
||||
*/
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf das Logo ersetzen.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler (kein Bild, falscher MIME-Typ, zu groß oder zu große Abmessungen).')]
|
||||
public function uploadLogo(UploadMediaRequest $request, Course $course): CourseResource
|
||||
{
|
||||
$course->addMedia($request->file('file')->getRealPath())
|
||||
->usingName($course->name)
|
||||
->toMediaCollection('logo');
|
||||
|
||||
return response()->json($course->fresh());
|
||||
return CourseResource::make($course->fresh());
|
||||
}
|
||||
|
||||
#[ExcludeRouteFromDocs]
|
||||
|
||||
@@ -3,14 +3,17 @@
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\StoreCourseEventRequest;
|
||||
use App\Http\Requests\Api\UpdateCourseEventRequest;
|
||||
use App\Http\Resources\CourseEventResource;
|
||||
use App\Models\CourseEvent;
|
||||
use Dedoc\Scramble\Attributes\Group;
|
||||
use Dedoc\Scramble\Attributes\QueryParameter;
|
||||
use Dedoc\Scramble\Attributes\Response as ResponseAttribute;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Database\Eloquent\Collection;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
#[Group(name: 'Kurs-Events', weight: 2)]
|
||||
@@ -22,13 +25,11 @@ class CourseEventController extends Controller
|
||||
* Liefert alle vom authentifizierten Nutzer erstellten Kurs-Events (inkl. zugehörigem
|
||||
* Kurs und Veranstaltungsort), absteigend nach Startdatum. Ideal für idempotente
|
||||
* Synchronisierung durch externe Clients.
|
||||
*
|
||||
* @return Collection<int, CourseEvent>
|
||||
*/
|
||||
#[QueryParameter(name: 'course_id', description: 'Filtert die Kurs-Events auf einen bestimmten Kurs.', required: false, type: 'integer')]
|
||||
public function index(Request $request): Collection
|
||||
public function index(Request $request): AnonymousResourceCollection
|
||||
{
|
||||
return CourseEvent::query()
|
||||
$courseEvents = CourseEvent::query()
|
||||
->with(['course:id,name', 'venue:id,name'])
|
||||
->where('created_by', $request->user()->id)
|
||||
->when(
|
||||
@@ -37,6 +38,8 @@ class CourseEventController extends Controller
|
||||
)
|
||||
->orderByDesc('from')
|
||||
->get();
|
||||
|
||||
return CourseEventResource::collection($courseEvents);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -45,21 +48,13 @@ class CourseEventController extends Controller
|
||||
* Erlaubt einem authentifizierten Referenten, ein datiertes Kurs-Event programmatisch anzulegen.
|
||||
*/
|
||||
#[ResponseAttribute(status: 403, description: 'Nur Referenten (is_lecturer) dürfen Kurs-Events anlegen.')]
|
||||
public function store(Request $request): JsonResponse
|
||||
public function store(StoreCourseEventRequest $request): JsonResponse
|
||||
{
|
||||
abort_unless((bool) $request->user()->is_lecturer, Response::HTTP_FORBIDDEN);
|
||||
$courseEvent = CourseEvent::create($request->validated());
|
||||
|
||||
$validated = $request->validate([
|
||||
'course_id' => ['required', 'integer', 'exists:courses,id'],
|
||||
'venue_id' => ['required', 'integer', 'exists:venues,id'],
|
||||
'from' => ['required', 'date'],
|
||||
'to' => ['required', 'date', 'after_or_equal:from'],
|
||||
'link' => ['required', 'url', 'max:255'],
|
||||
]);
|
||||
|
||||
$courseEvent = CourseEvent::create($validated);
|
||||
|
||||
return response()->json($courseEvent->fresh(), Response::HTTP_CREATED);
|
||||
return CourseEventResource::make($courseEvent->fresh())
|
||||
->response()
|
||||
->setStatusCode(Response::HTTP_CREATED);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -68,23 +63,10 @@ class CourseEventController extends Controller
|
||||
* Aktualisiert ein Kurs-Event; nur für den Ersteller oder einen Super-Admin.
|
||||
*/
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller des Kurs-Events oder ein Super-Admin darf es ändern.')]
|
||||
public function update(Request $request, CourseEvent $courseEvent): JsonResponse
|
||||
public function update(UpdateCourseEventRequest $request, CourseEvent $courseEvent): CourseEventResource
|
||||
{
|
||||
abort_unless(
|
||||
(int) $courseEvent->created_by === $request->user()->id || $request->user()->hasRole('super-admin'),
|
||||
Response::HTTP_FORBIDDEN
|
||||
);
|
||||
$courseEvent->update($request->validated());
|
||||
|
||||
$validated = $request->validate([
|
||||
'course_id' => ['sometimes', 'required', 'integer', 'exists:courses,id'],
|
||||
'venue_id' => ['sometimes', 'required', 'integer', 'exists:venues,id'],
|
||||
'from' => ['sometimes', 'required', 'date'],
|
||||
'to' => ['sometimes', 'required', 'date', 'after_or_equal:from'],
|
||||
'link' => ['sometimes', 'required', 'url', 'max:255'],
|
||||
]);
|
||||
|
||||
$courseEvent->update($validated);
|
||||
|
||||
return response()->json($courseEvent->fresh());
|
||||
return CourseEventResource::make($courseEvent->fresh());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ use App\Http\Controllers\Api\Concerns\FiltersNumericIds;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\StoreLecturerRequest;
|
||||
use App\Http\Requests\Api\UpdateLecturerRequest;
|
||||
use App\Http\Requests\Api\UploadMediaRequest;
|
||||
use App\Http\Resources\LecturerResource;
|
||||
use App\Models\Course;
|
||||
use App\Models\Lecturer;
|
||||
@@ -142,6 +143,7 @@ class LecturerController extends Controller
|
||||
Gate::authorize('viewAny', Lecturer::class);
|
||||
|
||||
$lecturers = Lecturer::query()
|
||||
->with('media')
|
||||
->where('created_by', $request->user()->id)
|
||||
->orderBy('name')
|
||||
->get();
|
||||
@@ -161,4 +163,22 @@ class LecturerController extends Controller
|
||||
|
||||
return LecturerResource::make($lecturer);
|
||||
}
|
||||
|
||||
/**
|
||||
* Referenten-Avatar hochladen
|
||||
*
|
||||
* Lädt einen Avatar (multipart, Feld „file") in die singleFile-Collection „avatar" und
|
||||
* ersetzt dabei ein vorhandenes Bild. Nur für den Ersteller oder einen Super-Admin. Die
|
||||
* Antwort enthält die frische Avatar-URL.
|
||||
*/
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf den Avatar ersetzen.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler (kein Bild, falscher MIME-Typ, zu groß oder zu große Abmessungen).')]
|
||||
public function uploadAvatar(UploadMediaRequest $request, Lecturer $lecturer): LecturerResource
|
||||
{
|
||||
$lecturer->addMedia($request->file('file')->getRealPath())
|
||||
->usingName($lecturer->name)
|
||||
->toMediaCollection('avatar');
|
||||
|
||||
return LecturerResource::make($lecturer->fresh());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ use App\Http\Controllers\Api\Concerns\FiltersNumericIds;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\StoreMeetupRequest;
|
||||
use App\Http\Requests\Api\UpdateMeetupRequest;
|
||||
use App\Http\Requests\Api\UploadMediaRequest;
|
||||
use App\Http\Resources\MeetupResource;
|
||||
use App\Models\Meetup;
|
||||
use Dedoc\Scramble\Attributes\ExcludeRouteFromDocs;
|
||||
@@ -155,4 +156,22 @@ class MeetupController extends Controller
|
||||
|
||||
return MeetupResource::make($meetup);
|
||||
}
|
||||
|
||||
/**
|
||||
* Meetup-Logo hochladen
|
||||
*
|
||||
* Lädt ein Logo (multipart, Feld „file") in die singleFile-Collection „logo" und ersetzt
|
||||
* dabei ein vorhandenes Logo. Nur für den Ersteller oder einen Super-Admin. Die Antwort
|
||||
* enthält die frische Logo-URL.
|
||||
*/
|
||||
#[Response(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf das Logo ersetzen.')]
|
||||
#[Response(status: 422, description: 'Validierungsfehler (kein Bild, falscher MIME-Typ, zu groß oder zu große Abmessungen).')]
|
||||
public function uploadLogo(UploadMediaRequest $request, Meetup $meetup): MeetupResource
|
||||
{
|
||||
$meetup->addMedia($request->file('file')->getRealPath())
|
||||
->usingName($meetup->name)
|
||||
->toMediaCollection('logo');
|
||||
|
||||
return MeetupResource::make($meetup->fresh());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Actions\MeetupEvents\CreateMeetupEventSeries;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\StoreMeetupEventRequest;
|
||||
use App\Http\Requests\Api\UpdateMeetupEventRequest;
|
||||
@@ -87,12 +88,27 @@ class MeetupEventController extends Controller
|
||||
*
|
||||
* Erlaubt einem authentifizierten Nutzer, ein Meetup-Event programmatisch anzulegen.
|
||||
* Der Ersteller (created_by) wird automatisch gesetzt.
|
||||
*
|
||||
* Werden sowohl `recurrence_type` als auch `recurrence_end_date` übergeben, wird – wie im
|
||||
* Web-Editor – eine Serie einzelner Termine erzeugt (gemeinsame Expansions-Action, harte
|
||||
* Obergrenze von 100 Terminen) und die Antwort enthält die Liste aller erstellten Events.
|
||||
* Ohne diese Felder entsteht ein einzelner Termin.
|
||||
*/
|
||||
#[ResponseAttribute(status: 401, description: 'Nicht authentifiziert.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler.')]
|
||||
public function store(StoreMeetupEventRequest $request): JsonResponse
|
||||
public function store(StoreMeetupEventRequest $request, CreateMeetupEventSeries $createSeries): JsonResponse
|
||||
{
|
||||
$meetupEvent = MeetupEvent::create($request->validated());
|
||||
$validated = $request->validated();
|
||||
|
||||
if (! empty($validated['recurrence_type']) && ! empty($validated['recurrence_end_date'])) {
|
||||
$events = $createSeries->handle($validated);
|
||||
|
||||
return MeetupEventResource::collection($events)
|
||||
->response()
|
||||
->setStatusCode(Response::HTTP_CREATED);
|
||||
}
|
||||
|
||||
$meetupEvent = MeetupEvent::create($validated);
|
||||
|
||||
return MeetupEventResource::make($meetupEvent->fresh())
|
||||
->response()
|
||||
|
||||
Reference in New Issue
Block a user