mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-11 02:50:29 +00:00
✨ **Add authenticated API endpoints for managing Meetups, Cities, Venues, and Lecturers**
- ➕ Introduced `store`, `update`, `mine`, and `mineShow` endpoints for `Meetups`, `Cities`, `Venues`, and `Lecturers` with validation and authorization. - 🔒 Added `Policies` for `Meetups`, `Cities`, `Venues`, and `Lecturers` leveraging `ChecksCreatorOwnership` for ownership checks. - 🌐 Created `Resources` for structured API responses: `MeetupResource`, `CityResource`, `VenueResource`, and `LecturerResource`. - ✅ Added dedicated `Request` classes for input validation: `Store` and `Update` variants for all models. - 🛠️ Updated controllers to support new functionalities with localized error messages and proper HTTP responses.
This commit is contained in:
HolgerHatGarKeineNode
@@ -3,13 +3,19 @@
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\StoreCityRequest;
|
||||
use App\Http\Requests\Api\UpdateCityRequest;
|
||||
use App\Http\Resources\CityResource;
|
||||
use App\Models\City;
|
||||
use App\Models\Lecturer;
|
||||
use Dedoc\Scramble\Attributes\ExcludeRouteFromDocs;
|
||||
use Dedoc\Scramble\Attributes\Group;
|
||||
use Dedoc\Scramble\Attributes\QueryParameter;
|
||||
use Dedoc\Scramble\Attributes\Response as ResponseAttribute;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
#[Group(name: 'Stammdaten', weight: 5)]
|
||||
class CityController extends Controller
|
||||
@@ -41,27 +47,64 @@ class CityController extends Controller
|
||||
->get();
|
||||
}
|
||||
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function store(Request $request)
|
||||
/**
|
||||
* Stadt anlegen
|
||||
*
|
||||
* Erlaubt einem authentifizierten Nutzer, eine Stadt programmatisch anzulegen.
|
||||
* Der Ersteller (created_by) wird automatisch gesetzt.
|
||||
*/
|
||||
#[ResponseAttribute(status: 401, description: 'Nicht authentifiziert.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler.')]
|
||||
public function store(StoreCityRequest $request): JsonResponse
|
||||
{
|
||||
//
|
||||
$city = City::create($request->validated());
|
||||
|
||||
return CityResource::make($city->fresh())
|
||||
->response()
|
||||
->setStatusCode(Response::HTTP_CREATED);
|
||||
}
|
||||
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function show(Lecturer $lecturer)
|
||||
/**
|
||||
* Stadt aktualisieren
|
||||
*
|
||||
* Aktualisiert eine Stadt; nur fuer den Ersteller oder einen Super-Admin.
|
||||
*/
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf die Stadt aendern.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler.')]
|
||||
public function update(UpdateCityRequest $request, City $city): CityResource
|
||||
{
|
||||
//
|
||||
$city->update($request->validated());
|
||||
|
||||
return CityResource::make($city->fresh());
|
||||
}
|
||||
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function update(Request $request, Lecturer $lecturer)
|
||||
/**
|
||||
* Eigene Staedte auflisten
|
||||
*
|
||||
* Liefert alle vom authentifizierten Nutzer erstellten Staedte, alphabetisch sortiert.
|
||||
*/
|
||||
public function mine(Request $request): AnonymousResourceCollection
|
||||
{
|
||||
//
|
||||
Gate::authorize('viewAny', City::class);
|
||||
|
||||
$cities = City::query()
|
||||
->where('created_by', $request->user()->id)
|
||||
->orderBy('name')
|
||||
->get();
|
||||
|
||||
return CityResource::collection($cities);
|
||||
}
|
||||
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function destroy(Lecturer $lecturer)
|
||||
/**
|
||||
* Eigene Stadt anzeigen
|
||||
*
|
||||
* Zeigt eine einzelne, vom authentifizierten Nutzer erstellte Stadt.
|
||||
*/
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf die Stadt sehen.')]
|
||||
public function mineShow(City $city): CityResource
|
||||
{
|
||||
//
|
||||
Gate::authorize('view', $city);
|
||||
|
||||
return CityResource::make($city);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,12 +3,19 @@
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\StoreLecturerRequest;
|
||||
use App\Http\Requests\Api\UpdateLecturerRequest;
|
||||
use App\Http\Resources\LecturerResource;
|
||||
use App\Models\Lecturer;
|
||||
use Dedoc\Scramble\Attributes\ExcludeRouteFromDocs;
|
||||
use Dedoc\Scramble\Attributes\Group;
|
||||
use Dedoc\Scramble\Attributes\QueryParameter;
|
||||
use Dedoc\Scramble\Attributes\Response as ResponseAttribute;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
#[Group(name: 'Referenten', weight: 4)]
|
||||
class LecturerController extends Controller
|
||||
@@ -48,38 +55,63 @@ class LecturerController extends Controller
|
||||
}
|
||||
|
||||
/**
|
||||
* Store a newly created resource in storage.
|
||||
* Referent anlegen
|
||||
*
|
||||
* Erlaubt einem authentifizierten Nutzer, einen Referenten programmatisch anzulegen.
|
||||
* Der Ersteller (created_by) wird automatisch gesetzt.
|
||||
*/
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function store(Request $request)
|
||||
#[ResponseAttribute(status: 401, description: 'Nicht authentifiziert.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler.')]
|
||||
public function store(StoreLecturerRequest $request): JsonResponse
|
||||
{
|
||||
//
|
||||
$lecturer = Lecturer::create($request->validated());
|
||||
|
||||
return LecturerResource::make($lecturer->fresh())
|
||||
->response()
|
||||
->setStatusCode(Response::HTTP_CREATED);
|
||||
}
|
||||
|
||||
/**
|
||||
* Display the specified resource.
|
||||
* Referent aktualisieren
|
||||
*
|
||||
* Aktualisiert einen Referenten; nur fuer den Ersteller oder einen Super-Admin.
|
||||
*/
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function show(Lecturer $lecturer)
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf den Referenten aendern.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler.')]
|
||||
public function update(UpdateLecturerRequest $request, Lecturer $lecturer): LecturerResource
|
||||
{
|
||||
//
|
||||
$lecturer->update($request->validated());
|
||||
|
||||
return LecturerResource::make($lecturer->fresh());
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the specified resource in storage.
|
||||
* Eigene Referenten auflisten
|
||||
*
|
||||
* Liefert alle vom authentifizierten Nutzer erstellten Referenten, alphabetisch sortiert.
|
||||
*/
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function update(Request $request, Lecturer $lecturer)
|
||||
public function mine(Request $request): AnonymousResourceCollection
|
||||
{
|
||||
//
|
||||
Gate::authorize('viewAny', Lecturer::class);
|
||||
|
||||
$lecturers = Lecturer::query()
|
||||
->where('created_by', $request->user()->id)
|
||||
->orderBy('name')
|
||||
->get();
|
||||
|
||||
return LecturerResource::collection($lecturers);
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove the specified resource from storage.
|
||||
* Eigenen Referenten anzeigen
|
||||
*
|
||||
* Zeigt einen einzelnen, vom authentifizierten Nutzer erstellten Referenten.
|
||||
*/
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function destroy(Lecturer $lecturer)
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf den Referenten sehen.')]
|
||||
public function mineShow(Lecturer $lecturer): LecturerResource
|
||||
{
|
||||
//
|
||||
Gate::authorize('view', $lecturer);
|
||||
|
||||
return LecturerResource::make($lecturer);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,13 +3,19 @@
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\StoreMeetupRequest;
|
||||
use App\Http\Requests\Api\UpdateMeetupRequest;
|
||||
use App\Http\Resources\MeetupResource;
|
||||
use App\Models\Meetup;
|
||||
use Dedoc\Scramble\Attributes\ExcludeRouteFromDocs;
|
||||
use Dedoc\Scramble\Attributes\Group;
|
||||
use Dedoc\Scramble\Attributes\QueryParameter;
|
||||
use Dedoc\Scramble\Attributes\Response;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
|
||||
#[Group(name: 'Meetups', weight: 3)]
|
||||
class MeetupController extends Controller
|
||||
@@ -63,27 +69,64 @@ class MeetupController extends Controller
|
||||
});
|
||||
}
|
||||
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function store(Request $request)
|
||||
/**
|
||||
* Meetup anlegen
|
||||
*
|
||||
* Erlaubt einem authentifizierten Nutzer, ein Meetup programmatisch anzulegen.
|
||||
* Der Ersteller (created_by) wird automatisch gesetzt.
|
||||
*/
|
||||
#[Response(status: 401, description: 'Nicht authentifiziert.')]
|
||||
#[Response(status: 422, description: 'Validierungsfehler.')]
|
||||
public function store(StoreMeetupRequest $request): JsonResponse
|
||||
{
|
||||
//
|
||||
$meetup = Meetup::create($request->validated());
|
||||
|
||||
return MeetupResource::make($meetup->fresh())
|
||||
->response()
|
||||
->setStatusCode(\Symfony\Component\HttpFoundation\Response::HTTP_CREATED);
|
||||
}
|
||||
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function show(Meetup $meetup)
|
||||
/**
|
||||
* Meetup aktualisieren
|
||||
*
|
||||
* Aktualisiert ein Meetup; nur fuer den Ersteller oder einen Super-Admin.
|
||||
*/
|
||||
#[Response(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf das Meetup aendern.')]
|
||||
#[Response(status: 422, description: 'Validierungsfehler.')]
|
||||
public function update(UpdateMeetupRequest $request, Meetup $meetup): MeetupResource
|
||||
{
|
||||
//
|
||||
$meetup->update($request->validated());
|
||||
|
||||
return MeetupResource::make($meetup->fresh());
|
||||
}
|
||||
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function update(Request $request, Meetup $meetup)
|
||||
/**
|
||||
* Eigene Meetups auflisten
|
||||
*
|
||||
* Liefert alle vom authentifizierten Nutzer erstellten Meetups, alphabetisch sortiert.
|
||||
*/
|
||||
public function mine(Request $request): AnonymousResourceCollection
|
||||
{
|
||||
//
|
||||
Gate::authorize('viewAny', Meetup::class);
|
||||
|
||||
$meetups = Meetup::query()
|
||||
->where('created_by', $request->user()->id)
|
||||
->orderBy('name')
|
||||
->get();
|
||||
|
||||
return MeetupResource::collection($meetups);
|
||||
}
|
||||
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function destroy(Meetup $meetup)
|
||||
/**
|
||||
* Eigenes Meetup anzeigen
|
||||
*
|
||||
* Zeigt ein einzelnes, vom authentifizierten Nutzer erstelltes Meetup.
|
||||
*/
|
||||
#[Response(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf das Meetup sehen.')]
|
||||
public function mineShow(Meetup $meetup): MeetupResource
|
||||
{
|
||||
//
|
||||
Gate::authorize('view', $meetup);
|
||||
|
||||
return MeetupResource::make($meetup);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,11 +3,20 @@
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\StoreMeetupEventRequest;
|
||||
use App\Http\Requests\Api\UpdateMeetupEventRequest;
|
||||
use App\Http\Resources\MeetupEventResource;
|
||||
use App\Models\MeetupEvent;
|
||||
use Carbon\Carbon;
|
||||
use Dedoc\Scramble\Attributes\Group;
|
||||
use Dedoc\Scramble\Attributes\PathParameter;
|
||||
use Dedoc\Scramble\Attributes\Response as ResponseAttribute;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
|
||||
use Illuminate\Support\Collection;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
#[Group(name: 'Meetups', weight: 3)]
|
||||
class MeetupEventController extends Controller
|
||||
@@ -66,4 +75,65 @@ class MeetupEventController extends Controller
|
||||
],
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Meetup-Event anlegen
|
||||
*
|
||||
* Erlaubt einem authentifizierten Nutzer, ein Meetup-Event programmatisch anzulegen.
|
||||
* Der Ersteller (created_by) wird automatisch gesetzt.
|
||||
*/
|
||||
#[ResponseAttribute(status: 401, description: 'Nicht authentifiziert.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler.')]
|
||||
public function store(StoreMeetupEventRequest $request): JsonResponse
|
||||
{
|
||||
$meetupEvent = MeetupEvent::create($request->validated());
|
||||
|
||||
return MeetupEventResource::make($meetupEvent->fresh())
|
||||
->response()
|
||||
->setStatusCode(Response::HTTP_CREATED);
|
||||
}
|
||||
|
||||
/**
|
||||
* Meetup-Event aktualisieren
|
||||
*
|
||||
* Aktualisiert ein Meetup-Event; nur fuer den Ersteller oder einen Super-Admin.
|
||||
*/
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf das Meetup-Event aendern.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler.')]
|
||||
public function update(UpdateMeetupEventRequest $request, MeetupEvent $meetupEvent): MeetupEventResource
|
||||
{
|
||||
$meetupEvent->update($request->validated());
|
||||
|
||||
return MeetupEventResource::make($meetupEvent->fresh());
|
||||
}
|
||||
|
||||
/**
|
||||
* Eigene Meetup-Events auflisten
|
||||
*
|
||||
* Liefert alle vom authentifizierten Nutzer erstellten Meetup-Events, nach Startzeit absteigend sortiert.
|
||||
*/
|
||||
public function mine(Request $request): AnonymousResourceCollection
|
||||
{
|
||||
Gate::authorize('viewAny', MeetupEvent::class);
|
||||
|
||||
$meetupEvents = MeetupEvent::query()
|
||||
->where('created_by', $request->user()->id)
|
||||
->orderByDesc('start')
|
||||
->get();
|
||||
|
||||
return MeetupEventResource::collection($meetupEvents);
|
||||
}
|
||||
|
||||
/**
|
||||
* Eigenes Meetup-Event anzeigen
|
||||
*
|
||||
* Zeigt ein einzelnes, vom authentifizierten Nutzer erstelltes Meetup-Event.
|
||||
*/
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf das Meetup-Event sehen.')]
|
||||
public function mineShow(MeetupEvent $meetupEvent): MeetupEventResource
|
||||
{
|
||||
Gate::authorize('view', $meetupEvent);
|
||||
|
||||
return MeetupEventResource::make($meetupEvent);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,13 +3,19 @@
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\Lecturer;
|
||||
use App\Http\Requests\Api\StoreVenueRequest;
|
||||
use App\Http\Requests\Api\UpdateVenueRequest;
|
||||
use App\Http\Resources\VenueResource;
|
||||
use App\Models\Venue;
|
||||
use Dedoc\Scramble\Attributes\ExcludeRouteFromDocs;
|
||||
use Dedoc\Scramble\Attributes\Group;
|
||||
use Dedoc\Scramble\Attributes\QueryParameter;
|
||||
use Dedoc\Scramble\Attributes\Response as ResponseAttribute;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
#[Group(name: 'Stammdaten', weight: 5)]
|
||||
class VenueController extends Controller
|
||||
@@ -50,38 +56,63 @@ class VenueController extends Controller
|
||||
}
|
||||
|
||||
/**
|
||||
* Store a newly created resource in storage.
|
||||
* Veranstaltungsort anlegen
|
||||
*
|
||||
* Erlaubt einem authentifizierten Nutzer, einen Veranstaltungsort programmatisch anzulegen.
|
||||
* Der Ersteller (created_by) wird automatisch gesetzt.
|
||||
*/
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function store(Request $request)
|
||||
#[ResponseAttribute(status: 401, description: 'Nicht authentifiziert.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler.')]
|
||||
public function store(StoreVenueRequest $request): JsonResponse
|
||||
{
|
||||
//
|
||||
$venue = Venue::create($request->validated());
|
||||
|
||||
return VenueResource::make($venue->fresh())
|
||||
->response()
|
||||
->setStatusCode(Response::HTTP_CREATED);
|
||||
}
|
||||
|
||||
/**
|
||||
* Display the specified resource.
|
||||
* Veranstaltungsort aktualisieren
|
||||
*
|
||||
* Aktualisiert einen Veranstaltungsort; nur fuer den Ersteller oder einen Super-Admin.
|
||||
*/
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function show(Lecturer $lecturer)
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf den Veranstaltungsort aendern.')]
|
||||
#[ResponseAttribute(status: 422, description: 'Validierungsfehler.')]
|
||||
public function update(UpdateVenueRequest $request, Venue $venue): VenueResource
|
||||
{
|
||||
//
|
||||
$venue->update($request->validated());
|
||||
|
||||
return VenueResource::make($venue->fresh());
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the specified resource in storage.
|
||||
* Eigene Veranstaltungsorte auflisten
|
||||
*
|
||||
* Liefert alle vom authentifizierten Nutzer erstellten Veranstaltungsorte, alphabetisch sortiert.
|
||||
*/
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function update(Request $request, Lecturer $lecturer)
|
||||
public function mine(Request $request): AnonymousResourceCollection
|
||||
{
|
||||
//
|
||||
Gate::authorize('viewAny', Venue::class);
|
||||
|
||||
$venues = Venue::query()
|
||||
->where('created_by', $request->user()->id)
|
||||
->orderBy('name')
|
||||
->get();
|
||||
|
||||
return VenueResource::collection($venues);
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove the specified resource from storage.
|
||||
* Eigenen Veranstaltungsort anzeigen
|
||||
*
|
||||
* Zeigt einen einzelnen, vom authentifizierten Nutzer erstellten Veranstaltungsort.
|
||||
*/
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function destroy(Lecturer $lecturer)
|
||||
#[ResponseAttribute(status: 403, description: 'Nur der Ersteller oder ein Super-Admin darf den Veranstaltungsort sehen.')]
|
||||
public function mineShow(Venue $venue): VenueResource
|
||||
{
|
||||
//
|
||||
Gate::authorize('view', $venue);
|
||||
|
||||
return VenueResource::make($venue);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user