mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-11 02:50:29 +00:00
✨ Enhance meetup association and permissions management
- 🔍 Added `resolveInScope` method to `ResolvesEntities` for scoped entity resolution with stricter control. - 👥 Introduced `AddMeetupToMineTool` MCP tool for adding external meetups to "My Meetups." - 🛠️ Updated `ListMyMeetupsTool` and `ShowMyMeetupTool` to include both created and joined meetups. - 📚 Updated `Meetup` model with `associatedWith` scope for querying user-related meetups. - ✅ Expanded feature tests for meetup membership, creator permissions, and scoped tool usage. - 🛡️ Unified access checks across Livewire and APIs to restrict editing meetup details to creators or super-admins. - 🔗 Registered `AddMeetupToMineTool` in `EinundzwanzigServer`.
This commit is contained in:
HolgerHatGarKeineNode
@@ -30,15 +30,28 @@ it('mounts meetups.create when authenticated', function () {
|
||||
Livewire::test('meetups.create')->assertStatus(200);
|
||||
});
|
||||
|
||||
it('mounts meetups.edit when the authenticated user has added the meetup to My-Meetups', function () {
|
||||
$owner = actingAsUser();
|
||||
$meetup = Meetup::factory()->create(['city_id' => $this->city->id]);
|
||||
$meetup->users()->attach($owner);
|
||||
it('mounts meetups.edit for the creator of the meetup', function () {
|
||||
$creator = actingAsUser();
|
||||
$meetup = Meetup::factory()->create([
|
||||
'city_id' => $this->city->id,
|
||||
'created_by' => $creator->id,
|
||||
]);
|
||||
$meetup->users()->attach($creator);
|
||||
|
||||
Livewire::test('meetups.edit', ['meetup' => $meetup])->assertStatus(200);
|
||||
});
|
||||
|
||||
it('mounts meetups.edit for a My-Meetups member even if another user created the meetup', function () {
|
||||
it('mounts meetups.edit for the creator even without a My-Meetups pivot entry', function () {
|
||||
$creator = actingAsUser();
|
||||
$meetup = Meetup::factory()->create([
|
||||
'city_id' => $this->city->id,
|
||||
'created_by' => $creator->id,
|
||||
]);
|
||||
|
||||
Livewire::test('meetups.edit', ['meetup' => $meetup])->assertStatus(200);
|
||||
});
|
||||
|
||||
it('aborts meetups.edit with 403 for a member who did not create the meetup', function () {
|
||||
$creator = User::factory()->create();
|
||||
$member = actingAsUser();
|
||||
$meetup = Meetup::factory()->create([
|
||||
@@ -47,25 +60,15 @@ it('mounts meetups.edit for a My-Meetups member even if another user created the
|
||||
]);
|
||||
$meetup->users()->attach($member);
|
||||
|
||||
Livewire::test('meetups.edit', ['meetup' => $meetup])->assertStatus(200);
|
||||
Livewire::test('meetups.edit', ['meetup' => $meetup])->assertStatus(403);
|
||||
});
|
||||
|
||||
it('aborts meetups.edit with 403 when the authenticated user has not added the meetup to My-Meetups', function () {
|
||||
it('aborts meetups.edit with 403 when the user is neither creator nor super-admin', function () {
|
||||
actingAsUser();
|
||||
|
||||
Livewire::test('meetups.edit', ['meetup' => $this->meetup])->assertStatus(403);
|
||||
});
|
||||
|
||||
it('aborts meetups.edit with 403 when the authenticated user is only the creator but not in My-Meetups', function () {
|
||||
$creator = actingAsUser();
|
||||
$meetup = Meetup::factory()->create([
|
||||
'city_id' => $this->city->id,
|
||||
'created_by' => $creator->id,
|
||||
]);
|
||||
|
||||
Livewire::test('meetups.edit', ['meetup' => $meetup])->assertStatus(403);
|
||||
});
|
||||
|
||||
it('mounts meetups.create-edit-events for new event', function () {
|
||||
actingAsUser();
|
||||
Livewire::test('meetups.create-edit-events', ['meetup' => $this->meetup])->assertStatus(200);
|
||||
|
||||
@@ -17,7 +17,7 @@ it('registers every domain tool on the server', function () {
|
||||
$property = (new ReflectionClass(EinundzwanzigServer::class))->getProperty('tools');
|
||||
$tools = $property->getDefaultValue();
|
||||
|
||||
expect($tools)->toHaveCount(31)
|
||||
expect($tools)->toHaveCount(32)
|
||||
->and($tools)->toContain(CreateMeetupTool::class)
|
||||
->and($tools)->toContain(UpdateCourseEventTool::class)
|
||||
->and($tools)->toContain(SearchCitiesTool::class);
|
||||
|
||||
@@ -0,0 +1,72 @@
|
||||
<?php
|
||||
|
||||
use App\Mcp\Servers\EinundzwanzigServer;
|
||||
use App\Mcp\Tools\Meetup\AddMeetupToMineTool;
|
||||
use App\Mcp\Tools\Meetup\CreateMeetupTool;
|
||||
use App\Mcp\Tools\Meetup\ListMyMeetupsTool;
|
||||
use App\Mcp\Tools\MeetupEvent\CreateMeetupEventTool;
|
||||
use App\Models\City;
|
||||
use App\Models\Meetup;
|
||||
use App\Models\User;
|
||||
|
||||
it('adds an existing foreign meetup to my meetups as a member', function () {
|
||||
$owner = User::factory()->create();
|
||||
$meetup = Meetup::factory()->create(['name' => 'Einundzwanzig Dortmund', 'created_by' => $owner->id]);
|
||||
$user = User::factory()->create();
|
||||
|
||||
EinundzwanzigServer::actingAs($user)
|
||||
->tool(AddMeetupToMineTool::class, ['meetup' => 'Einundzwanzig Dortmund'])
|
||||
->assertOk()
|
||||
->assertSee('hinzugefügt');
|
||||
|
||||
$this->assertDatabaseHas('meetup_user', [
|
||||
'meetup_id' => $meetup->id,
|
||||
'user_id' => $user->id,
|
||||
'is_leader' => false,
|
||||
]);
|
||||
});
|
||||
|
||||
it('lists joined meetups (not only created ones) in my meetups', function () {
|
||||
$user = User::factory()->create();
|
||||
$joined = Meetup::factory()->create(['name' => 'Einundzwanzig Dortmund']);
|
||||
$joined->users()->attach($user->id, ['is_leader' => false]);
|
||||
|
||||
$response = EinundzwanzigServer::actingAs($user)->tool(ListMyMeetupsTool::class);
|
||||
|
||||
$response->assertOk()->assertSee('Einundzwanzig Dortmund');
|
||||
});
|
||||
|
||||
it('makes the creator a leader so the meetup shows in my meetups', function () {
|
||||
$user = User::factory()->create();
|
||||
City::factory()->create(['name' => 'Ansbach']);
|
||||
|
||||
EinundzwanzigServer::actingAs($user)
|
||||
->tool(CreateMeetupTool::class, ['name' => 'Einundzwanzig Ansbach', 'city' => 'Ansbach'])
|
||||
->assertOk();
|
||||
|
||||
$meetup = Meetup::query()->where('name', 'Einundzwanzig Ansbach')->sole();
|
||||
|
||||
$this->assertDatabaseHas('meetup_user', [
|
||||
'meetup_id' => $meetup->id,
|
||||
'user_id' => $user->id,
|
||||
'is_leader' => true,
|
||||
]);
|
||||
});
|
||||
|
||||
it('lets a member add an event to a joined meetup', function () {
|
||||
$user = User::factory()->create();
|
||||
$meetup = Meetup::factory()->create(['name' => 'Einundzwanzig Dortmund']);
|
||||
$meetup->users()->attach($user->id, ['is_leader' => false]);
|
||||
|
||||
EinundzwanzigServer::actingAs($user)
|
||||
->tool(CreateMeetupEventTool::class, [
|
||||
'meetup' => 'Einundzwanzig Dortmund',
|
||||
'start' => '2026-08-01 18:00:00',
|
||||
])
|
||||
->assertOk();
|
||||
|
||||
$this->assertDatabaseHas('meetup_events', [
|
||||
'meetup_id' => $meetup->id,
|
||||
'created_by' => $user->id,
|
||||
]);
|
||||
});
|
||||
@@ -3,6 +3,7 @@
|
||||
use App\Models\City;
|
||||
use App\Models\Country;
|
||||
use App\Models\Meetup;
|
||||
use App\Models\User;
|
||||
use Livewire\Livewire;
|
||||
|
||||
beforeEach(function () {
|
||||
@@ -10,13 +11,14 @@ beforeEach(function () {
|
||||
$this->city = City::factory()->create(['country_id' => $country->id]);
|
||||
});
|
||||
|
||||
it('updates an existing Meetup name when the user has it in My-Meetups', function () {
|
||||
$member = actingAsUser();
|
||||
it('updates an existing Meetup name as the creator', function () {
|
||||
$creator = actingAsUser();
|
||||
$meetup = Meetup::factory()->create([
|
||||
'city_id' => $this->city->id,
|
||||
'name' => 'Original Name',
|
||||
'created_by' => $creator->id,
|
||||
]);
|
||||
$meetup->users()->attach($member);
|
||||
$meetup->users()->attach($creator);
|
||||
|
||||
Livewire::test('meetups.edit', ['meetup' => $meetup])
|
||||
->set('name', 'Updated Name')
|
||||
@@ -29,12 +31,13 @@ it('updates an existing Meetup name when the user has it in My-Meetups', functio
|
||||
});
|
||||
|
||||
it('rejects update when name collides with another existing Meetup', function () {
|
||||
$member = actingAsUser();
|
||||
$creator = actingAsUser();
|
||||
$meetup = Meetup::factory()->create([
|
||||
'city_id' => $this->city->id,
|
||||
'name' => 'Original Name',
|
||||
'created_by' => $creator->id,
|
||||
]);
|
||||
$meetup->users()->attach($member);
|
||||
$meetup->users()->attach($creator);
|
||||
Meetup::factory()->create(['name' => 'Other Name', 'city_id' => $this->city->id]);
|
||||
|
||||
Livewire::test('meetups.edit', ['meetup' => $meetup])
|
||||
@@ -44,12 +47,13 @@ it('rejects update when name collides with another existing Meetup', function ()
|
||||
});
|
||||
|
||||
it('allows update when name is unchanged (Rule::unique ignores own id)', function () {
|
||||
$member = actingAsUser();
|
||||
$creator = actingAsUser();
|
||||
$meetup = Meetup::factory()->create([
|
||||
'city_id' => $this->city->id,
|
||||
'name' => 'Original Name',
|
||||
'created_by' => $creator->id,
|
||||
]);
|
||||
$meetup->users()->attach($member);
|
||||
$meetup->users()->attach($creator);
|
||||
|
||||
Livewire::test('meetups.edit', ['meetup' => $meetup])
|
||||
->set('name', 'Original Name')
|
||||
@@ -58,11 +62,12 @@ it('allows update when name is unchanged (Rule::unique ignores own id)', functio
|
||||
->assertHasNoErrors();
|
||||
});
|
||||
|
||||
it('blocks updateMeetup when the user has not added the meetup to My-Meetups', function () {
|
||||
it('blocks updateMeetup when the user is not the creator', function () {
|
||||
actingAsUser();
|
||||
$meetup = Meetup::factory()->create([
|
||||
'city_id' => $this->city->id,
|
||||
'name' => 'Original Name',
|
||||
'created_by' => User::factory()->create()->id,
|
||||
]);
|
||||
|
||||
Livewire::test('meetups.edit', ['meetup' => $meetup])
|
||||
|
||||
Reference in New Issue
Block a user