einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-06-17 16:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
einundzwanzig-app/app/Http/Requests/Api/UpdateMeetupEventRequest.php
T
HolgerHatGarKeineNode 9f8fda294a Implement leadership-based permissions for Meetup management 
- 🔒 Restrict event creation, editing, and deletion to Meetup leaders (`is_leader`) and creators for consistency across APIs, frontend, and MCP.
-  Add new APIs for leader delegation: assign/remove Meetup leaders via `meetup_user.is_leader`.
- 🛠️ Replace loose member checks with specific leadership checks in policies, controllers, and views.
- 🧪 Add exhaustive tests to ensure only eligible leaders execute critical actions (e.g., event creation/edit, Meetup updates).
- 🔄 Refactor pivot relationships and models (`leadByMe`, `isLeader`) for explicit leadership handling.
-  Introduce artisan command `meetups:promote-existing-leaders` to transition legacy data.
2026-06-16 22:04:34 +02:00

58 lines
1.9 KiB
PHP
Raw Permalink Blame History

<?php
namespace App\Http\Requests\Api;
use App\Enums\RecurrenceType;
use App\Models\Meetup;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
class UpdateMeetupEventRequest extends FormRequest
{
/**
* Bearbeiten darf der Ersteller des Termins oder ein Leader des Meetups
* (siehe MeetupEventPolicy::update). Ein Verschieben in ein anderes Meetup
* (geändertes meetup_id) ist nur erlaubt, wenn der Nutzer auch dieses
* Ziel-Meetup führt.
*/
public function authorize(): bool
{
if (! $this->user()->can('update', $this->route('meetupEvent'))) {
return false;
}
$target = $this->filled('meetup_id') ? Meetup::find($this->input('meetup_id')) : null;
return $target === null || $this->user()->can('update', $target);
}
/**
* @return array<string, array<int, mixed>>
*/
public function rules(): array
{
return [
'meetup_id' => ['sometimes', 'required', 'integer', 'exists:meetups,id'],
'start' => ['sometimes', 'required', 'date'],
'location' => ['sometimes', 'nullable', 'string', 'max:255'],
'description' => ['sometimes', 'nullable', 'string'],
'link' => ['sometimes', 'nullable', 'url', 'max:255'],
'recurrence_type' => ['sometimes', 'nullable', Rule::enum(RecurrenceType::class)],
'recurrence_day_of_week' => ['sometimes', 'nullable', 'string', 'max:255'],
'recurrence_day_position' => ['sometimes', 'nullable', 'string', 'max:255'],
'recurrence_interval' => ['sometimes', 'nullable', 'integer'],
'recurrence_end_date' => ['sometimes', 'nullable', 'date', 'after_or_equal:start'],
];
}
/**
* @return array<string, string>
*/
public function messages(): array
{
return [
'meetup_id.exists' => 'Das angegebene Meetup existiert nicht.',
];
}
}
Reference in New Issue View Git Blame Copy Permalink