mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-17 16:40:31 +00:00
HolgerHatGarKeineNode
9f8fda294a
- 🔒 Restrict event creation, editing, and deletion to Meetup leaders (`is_leader`) and creators for consistency across APIs, frontend, and MCP. - ➕ Add new APIs for leader delegation: assign/remove Meetup leaders via `meetup_user.is_leader`. - 🛠️ Replace loose member checks with specific leadership checks in policies, controllers, and views. - 🧪 Add exhaustive tests to ensure only eligible leaders execute critical actions (e.g., event creation/edit, Meetup updates). - 🔄 Refactor pivot relationships and models (`leadByMe`, `isLeader`) for explicit leadership handling. - ✨ Introduce artisan command `meetups:promote-existing-leaders` to transition legacy data.
30 lines
936 B
PHP
30 lines
936 B
PHP
<?php
|
|
|
|
use App\Models\Meetup;
|
|
use App\Models\User;
|
|
use Livewire\Livewire;
|
|
|
|
it('lets a leader open the event editor', function () {
|
|
$meetup = Meetup::factory()->create(['created_by' => actingAsUser()->id]);
|
|
|
|
Livewire::test('meetups.create-edit-events', ['meetup' => $meetup])
|
|
->assertOk();
|
|
});
|
|
|
|
it('blocks a non-leader member from the event editor', function () {
|
|
$member = actingAsUser();
|
|
$meetup = Meetup::factory()->create(['created_by' => User::factory()->create()->id]);
|
|
$meetup->addMember($member); // is_leader = false
|
|
|
|
Livewire::test('meetups.create-edit-events', ['meetup' => $meetup])
|
|
->assertStatus(403);
|
|
});
|
|
|
|
it('blocks a stranger from the event editor', function () {
|
|
actingAsUser();
|
|
$meetup = Meetup::factory()->create(['created_by' => User::factory()->create()->id]);
|
|
|
|
Livewire::test('meetups.create-edit-events', ['meetup' => $meetup])
|
|
->assertStatus(403);
|
|
});
|