mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-17 16:40:31 +00:00
HolgerHatGarKeineNode
9f8fda294a
- 🔒 Restrict event creation, editing, and deletion to Meetup leaders (`is_leader`) and creators for consistency across APIs, frontend, and MCP. - ➕ Add new APIs for leader delegation: assign/remove Meetup leaders via `meetup_user.is_leader`. - 🛠️ Replace loose member checks with specific leadership checks in policies, controllers, and views. - 🧪 Add exhaustive tests to ensure only eligible leaders execute critical actions (e.g., event creation/edit, Meetup updates). - 🔄 Refactor pivot relationships and models (`leadByMe`, `isLeader`) for explicit leadership handling. - ✨ Introduce artisan command `meetups:promote-existing-leaders` to transition legacy data.
61 lines
1.7 KiB
PHP
61 lines
1.7 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Models\User;
|
|
use Dedoc\Scramble\Attributes\Group;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Request;
|
|
|
|
#[Group(name: 'Profil', weight: 8)]
|
|
class UserController extends Controller
|
|
{
|
|
/**
|
|
* Eigenes Profil
|
|
*
|
|
* Liefert das Profil des authentifizierten Nutzers (Token-Inhaber).
|
|
* Wird von der Mobile App direkt nach dem Login aufgerufen.
|
|
*/
|
|
public function __invoke(Request $request): JsonResponse
|
|
{
|
|
return response()->json($this->profilePayload($request->user()));
|
|
}
|
|
|
|
/**
|
|
* Profil aktualisieren
|
|
*
|
|
* Erlaubt dem Token-Inhaber, den eigenen Anzeigenamen zu ändern.
|
|
* Rollen (is_lecturer/is_leader) sind bewusst NICHT änderbar.
|
|
*/
|
|
public function update(Request $request): JsonResponse
|
|
{
|
|
$validated = $request->validate([
|
|
'name' => ['required', 'string', 'max:255'],
|
|
]);
|
|
|
|
$user = $request->user();
|
|
$user->update(['name' => $validated['name']]);
|
|
|
|
return response()->json($this->profilePayload($user->fresh()));
|
|
}
|
|
|
|
/**
|
|
* @return array<string, mixed>
|
|
*/
|
|
private function profilePayload(User $user): array
|
|
{
|
|
return [
|
|
'id' => $user->id,
|
|
'name' => $user->name,
|
|
'email' => $user->email,
|
|
'nostr' => $user->nostr,
|
|
'is_lecturer' => (bool) $user->is_lecturer,
|
|
// Leader-Rolle ist pro Meetup (meetup_user.is_leader); global = ist
|
|
// der Nutzer Leader IRGENDEINES Meetups. Treibt das Rollen-Badge.
|
|
'is_leader' => $user->meetups()->wherePivot('is_leader', true)->exists(),
|
|
'avatar' => $user->profile_photo_url,
|
|
];
|
|
}
|
|
}
|