mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-11 02:50:29 +00:00
✨ Enhance meetup association and permissions management
- 🔍 Added `resolveInScope` method to `ResolvesEntities` for scoped entity resolution with stricter control. - 👥 Introduced `AddMeetupToMineTool` MCP tool for adding external meetups to "My Meetups." - 🛠️ Updated `ListMyMeetupsTool` and `ShowMyMeetupTool` to include both created and joined meetups. - 📚 Updated `Meetup` model with `associatedWith` scope for querying user-related meetups. - ✅ Expanded feature tests for meetup membership, creator permissions, and scoped tool usage. - 🛡️ Unified access checks across Livewire and APIs to restrict editing meetup details to creators or super-admins. - 🔗 Registered `AddMeetupToMineTool` in `EinundzwanzigServer`.
This commit is contained in:
HolgerHatGarKeineNode
@@ -15,6 +15,7 @@ use App\Mcp\Tools\Lecturer\CreateLecturerTool;
|
||||
use App\Mcp\Tools\Lecturer\ListMyLecturersTool;
|
||||
use App\Mcp\Tools\Lecturer\ShowMyLecturerTool;
|
||||
use App\Mcp\Tools\Lecturer\UpdateLecturerTool;
|
||||
use App\Mcp\Tools\Meetup\AddMeetupToMineTool;
|
||||
use App\Mcp\Tools\Meetup\CreateMeetupTool;
|
||||
use App\Mcp\Tools\Meetup\ListMyMeetupsTool;
|
||||
use App\Mcp\Tools\Meetup\ShowMyMeetupTool;
|
||||
@@ -93,6 +94,7 @@ class EinundzwanzigServer extends Server
|
||||
// Meetups
|
||||
CreateMeetupTool::class,
|
||||
UpdateMeetupTool::class,
|
||||
AddMeetupToMineTool::class,
|
||||
ListMyMeetupsTool::class,
|
||||
ShowMyMeetupTool::class,
|
||||
|
||||
|
||||
@@ -54,6 +54,40 @@ trait ResolvesEntities
|
||||
return $this->optionsError($owned, $label, $column);
|
||||
}
|
||||
|
||||
/**
|
||||
* Löst einen Datensatz per ID oder Name STRIKT innerhalb des übergebenen Scopes auf
|
||||
* (der Scope ist zugleich die Autorisierung). Bei Mehrdeutigkeit oder fehlendem Treffer
|
||||
* wird eine Auswahlliste der Einträge des Scopes zurückgegeben.
|
||||
*/
|
||||
protected function resolveInScope(Builder $scope, Request $request, string $label, string $nameParam, string $column = 'name'): Model|Response
|
||||
{
|
||||
$id = $request->get('id');
|
||||
|
||||
if ($this->present($id)) {
|
||||
$byId = (clone $scope)->whereKey($id)->first();
|
||||
|
||||
if ($byId !== null) {
|
||||
return $byId;
|
||||
}
|
||||
}
|
||||
|
||||
$name = $request->get($nameParam);
|
||||
|
||||
if ($this->present($name)) {
|
||||
$matches = $this->matchByName(clone $scope, (string) $name, $column);
|
||||
|
||||
if ($matches->count() === 1) {
|
||||
return $matches->first();
|
||||
}
|
||||
|
||||
if ($matches->count() > 1) {
|
||||
return Response::error("Mehrere {$label} passen zu \"{$name}\": ".$matches->pluck($column)->join('; ').'. Bitte den genauen Namen angeben.');
|
||||
}
|
||||
}
|
||||
|
||||
return $this->optionsError(clone $scope, $label, $column);
|
||||
}
|
||||
|
||||
/**
|
||||
* Löst einen Fremdschlüssel über den Namen auf und schreibt die ID in den Request,
|
||||
* damit die nachgelagerte Validierung sie sieht. Gibt null zurück, wenn nichts zu tun
|
||||
|
||||
@@ -0,0 +1,66 @@
|
||||
<?php
|
||||
|
||||
namespace App\Mcp\Tools\Meetup;
|
||||
|
||||
use App\Http\Resources\MeetupResource;
|
||||
use App\Mcp\Tools\Concerns\ResolvesEntities;
|
||||
use App\Models\Meetup;
|
||||
use Illuminate\Contracts\JsonSchema\JsonSchema;
|
||||
use Illuminate\JsonSchema\Types\Type;
|
||||
use Laravel\Mcp\Request;
|
||||
use Laravel\Mcp\Response;
|
||||
use Laravel\Mcp\Server\Attributes\Description;
|
||||
use Laravel\Mcp\Server\Tool;
|
||||
|
||||
#[Description('Fügt ein bereits bestehendes Meetup (per Name angegeben) zu „Meine Meetups" hinzu, sodass es in der eigenen Liste erscheint und Termine dazu angelegt werden können. Macht den Nutzer zum Mitglied – die Stammdaten (Name, Stadt, Links) bleiben dem ursprünglichen Ersteller vorbehalten. Vorher mit search-meetups den genauen Namen ermitteln.')]
|
||||
class AddMeetupToMineTool extends Tool
|
||||
{
|
||||
use ResolvesEntities;
|
||||
|
||||
public function handle(Request $request): Response
|
||||
{
|
||||
$user = $request->user();
|
||||
|
||||
if ($user === null) {
|
||||
return Response::error('Nicht authentifiziert.');
|
||||
}
|
||||
|
||||
if ($this->present($request->get('meetup_id'))) {
|
||||
$meetup = Meetup::find($request->get('meetup_id'));
|
||||
|
||||
if ($meetup === null) {
|
||||
return Response::error('Meetup nicht gefunden.');
|
||||
}
|
||||
} else {
|
||||
$meetup = $this->resolveGlobalByName(Meetup::query(), $request->get('meetup'), 'Meetups');
|
||||
|
||||
if ($meetup instanceof Response) {
|
||||
return $meetup;
|
||||
}
|
||||
}
|
||||
|
||||
$alreadyMember = $meetup->users()->whereKey($user->getAuthIdentifier())->exists();
|
||||
|
||||
$meetup->users()->syncWithoutDetaching([
|
||||
$user->getAuthIdentifier() => ['is_leader' => false],
|
||||
]);
|
||||
|
||||
return Response::json([
|
||||
'meetup' => MeetupResource::make($meetup)->resolve(),
|
||||
'message' => $alreadyMember
|
||||
? '„'.$meetup->name.'" war bereits Teil deiner Meetups.'
|
||||
: '„'.$meetup->name.'" wurde zu deinen Meetups hinzugefügt.',
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, Type>
|
||||
*/
|
||||
public function schema(JsonSchema $schema): array
|
||||
{
|
||||
return [
|
||||
'meetup' => $schema->string()->description('Name des bestehenden Meetups, das hinzugefügt werden soll (vorher per search-meetups ermitteln).'),
|
||||
'meetup_id' => $schema->integer()->description('Optional: ID des Meetups, falls bereits bekannt (Alternative zu "meetup").'),
|
||||
];
|
||||
}
|
||||
}
|
||||
@@ -12,7 +12,7 @@ use Laravel\Mcp\Server\Tool;
|
||||
use Laravel\Mcp\Server\Tools\Annotations\IsReadOnly;
|
||||
|
||||
#[IsReadOnly]
|
||||
#[Description('Listet alle vom authentifizierten Nutzer erstellten Meetups, alphabetisch sortiert.')]
|
||||
#[Description('Listet die Meetups des authentifizierten Nutzers (selbst erstellte UND beigetretene), alphabetisch sortiert.')]
|
||||
class ListMyMeetupsTool extends Tool
|
||||
{
|
||||
public function handle(Request $request): Response
|
||||
@@ -24,7 +24,7 @@ class ListMyMeetupsTool extends Tool
|
||||
}
|
||||
|
||||
$meetups = Meetup::query()
|
||||
->where('created_by', $user->getAuthIdentifier())
|
||||
->associatedWith($user->getAuthIdentifier())
|
||||
->orderBy('name')
|
||||
->get();
|
||||
|
||||
|
||||
@@ -7,7 +7,6 @@ use App\Mcp\Tools\Concerns\ResolvesEntities;
|
||||
use App\Models\Meetup;
|
||||
use Illuminate\Contracts\JsonSchema\JsonSchema;
|
||||
use Illuminate\JsonSchema\Types\Type;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Laravel\Mcp\Request;
|
||||
use Laravel\Mcp\Response;
|
||||
use Laravel\Mcp\Server\Attributes\Description;
|
||||
@@ -15,25 +14,30 @@ use Laravel\Mcp\Server\Tool;
|
||||
use Laravel\Mcp\Server\Tools\Annotations\IsReadOnly;
|
||||
|
||||
#[IsReadOnly]
|
||||
#[Description('Zeigt eines deiner Meetups (per Name angegeben).')]
|
||||
#[Description('Zeigt eines deiner Meetups (selbst erstellt oder beigetreten, per Name angegeben).')]
|
||||
class ShowMyMeetupTool extends Tool
|
||||
{
|
||||
use ResolvesEntities;
|
||||
|
||||
public function handle(Request $request): Response
|
||||
{
|
||||
$meetup = $this->resolveOwnedByName($request, Meetup::class, 'Meetups', 'meetup');
|
||||
$user = $request->user();
|
||||
|
||||
if ($user === null) {
|
||||
return Response::error('Nicht authentifiziert.');
|
||||
}
|
||||
|
||||
$meetup = $this->resolveInScope(
|
||||
Meetup::query()->associatedWith($user->getAuthIdentifier()),
|
||||
$request,
|
||||
'Meetups',
|
||||
'meetup',
|
||||
);
|
||||
|
||||
if ($meetup instanceof Response) {
|
||||
return $meetup;
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
if ($user === null || Gate::forUser($user)->denies('view', $meetup)) {
|
||||
return Response::error('Nur der Ersteller oder ein Super-Admin darf dieses Meetup sehen.');
|
||||
}
|
||||
|
||||
return Response::json(MeetupResource::make($meetup)->resolve());
|
||||
}
|
||||
|
||||
|
||||
@@ -29,7 +29,12 @@ class CreateMeetupEventTool extends Tool
|
||||
}
|
||||
|
||||
if (! $this->present($request->get('meetup_id'))) {
|
||||
$meetup = $this->resolveOwnedByName($request, Meetup::class, 'Meetups', 'meetup');
|
||||
$meetup = $this->resolveInScope(
|
||||
Meetup::query()->associatedWith($user->getAuthIdentifier()),
|
||||
$request,
|
||||
'Meetups',
|
||||
'meetup',
|
||||
);
|
||||
|
||||
if ($meetup instanceof Response) {
|
||||
return $meetup;
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Models;
|
||||
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Database\Eloquent\Casts\Attribute;
|
||||
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
@@ -67,6 +68,17 @@ class Meetup extends Model implements HasMedia
|
||||
$model->created_by = auth()->id();
|
||||
}
|
||||
});
|
||||
|
||||
// Der Ersteller wird automatisch als Leiter in die meetup_user-Pivot eingetragen,
|
||||
// damit das Meetup einheitlich (MCP, REST-API, Livewire) in „Meine Meetups"
|
||||
// erscheint – egal über welchen Pfad es angelegt wurde.
|
||||
static::created(function (Meetup $model): void {
|
||||
if ($model->created_by !== null) {
|
||||
$model->users()->syncWithoutDetaching([
|
||||
$model->created_by => ['is_leader' => true],
|
||||
]);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public function getSlugOptions(): SlugOptions
|
||||
@@ -109,6 +121,18 @@ class Meetup extends Model implements HasMedia
|
||||
return $this->belongsToMany(User::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* Meetups, die dem Nutzer zugeordnet sind: selbst erstellt (created_by) ODER
|
||||
* Mitglied über die meetup_user-Pivot. Entspricht „Meine Meetups" im Portal.
|
||||
*/
|
||||
public function scopeAssociatedWith(Builder $query, int $userId): void
|
||||
{
|
||||
$query->where(function (Builder $inner) use ($userId): void {
|
||||
$inner->where('created_by', $userId)
|
||||
->orWhereHas('users', fn (Builder $user) => $user->whereKey($userId));
|
||||
});
|
||||
}
|
||||
|
||||
public function city(): BelongsTo
|
||||
{
|
||||
return $this->belongsTo(City::class);
|
||||
|
||||
Reference in New Issue
Block a user