✨ Implement leadership-based permissions for Meetup management

- 🔒 Restrict event creation, editing, and deletion to Meetup leaders (`is_leader`) and creators for consistency across APIs, frontend, and MCP. - ➕ Add new APIs for leader delegation: assign/remove Meetup leaders via `meetup_user.is_leader`. - 🛠️ Replace loose member checks with specific leadership checks in policies, controllers, and views. - 🧪 Add exhaustive tests to ensure only eligible leaders execute critical actions (e.g., event creation/edit, Meetup updates). - 🔄 Refactor pivot relationships and models (`leadByMe`, `isLeader`) for explicit leadership handling. - ✨ Introduce artisan command `meetups:promote-existing-leaders` to transition legacy data.
2026-06-17 16:40:31 +00:00 · 2026-06-16 22:04:34 +02:00
parent 39af153f52
commit 9f8fda294a
26 changed files with 691 additions and 70 deletions
@@ -32,6 +32,10 @@ class MeetupResource extends JsonResource
            'community' => $this->community,
            'visible_on_map' => $this->visible_on_map,
            'is_active' => $this->is_active,
+            // Nur gesetzt, wenn die meetup_user-Pivot geladen ist (z. B. via
+            // /api/my-meetups). Sagt der App, ob der Token-Inhaber Leader dieses
+            // Meetups ist (darf bearbeiten + Leader verwalten).
+            'is_leader' => $this->whenPivotLoaded('meetup_user', fn (): bool => (bool) $this->pivot->is_leader),
            'logo' => $this->getFirstMediaUrl('logo', 'thumb'),
            'last_event_at' => $this->last_event_at,
            'created_by' => $this->created_by,