einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-06-17 16:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement leadership-based permissions for Meetup management

Browse Source 
- 🔒 Restrict event creation, editing, and deletion to Meetup leaders (`is_leader`) and creators for consistency across APIs, frontend, and MCP.
-  Add new APIs for leader delegation: assign/remove Meetup leaders via `meetup_user.is_leader`.
- 🛠️ Replace loose member checks with specific leadership checks in policies, controllers, and views.
- 🧪 Add exhaustive tests to ensure only eligible leaders execute critical actions (e.g., event creation/edit, Meetup updates).
- 🔄 Refactor pivot relationships and models (`leadByMe`, `isLeader`) for explicit leadership handling.
-  Introduce artisan command `meetups:promote-existing-leaders` to transition legacy data.
This commit is contained in:
HolgerHatGarKeineNode
2026-06-16 22:04:34 +02:00
parent 39af153f52
commit 9f8fda294a
26 changed files with 691 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Requests/Api/StoreMeetupEventRequest.php
+10 -2
View File
@@ -3,15 +3,23 @@
namespace App\Http\Requests\Api;
use App\Enums\RecurrenceType;
use App\Models\MeetupEvent;
use App\Models\Meetup;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
class StoreMeetupEventRequest extends FormRequest
{
/**
* Termine darf nur anlegen, wer das zugehörige Meetup bearbeiten darf
* (Ersteller/Leader/Super-Admin) dieselbe Berechtigung wie die
* Stammdaten. Existenz/Pflicht von meetup_id prüft rules() (422); ist ein
* gültiges Meetup angegeben, muss der Nutzer dafür berechtigt sein.
*/
public function authorize(): bool
{
return $this->user()->can('create', MeetupEvent::class);
$meetup = Meetup::find($this->input('meetup_id'));
return $meetup === null || $this->user()->can('update', $meetup);
}
/**