mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-17 04:30:31 +00:00
HolgerHatGarKeineNode
9f8fda294a
- 🔒 Restrict event creation, editing, and deletion to Meetup leaders (`is_leader`) and creators for consistency across APIs, frontend, and MCP. - ➕ Add new APIs for leader delegation: assign/remove Meetup leaders via `meetup_user.is_leader`. - 🛠️ Replace loose member checks with specific leadership checks in policies, controllers, and views. - 🧪 Add exhaustive tests to ensure only eligible leaders execute critical actions (e.g., event creation/edit, Meetup updates). - 🔄 Refactor pivot relationships and models (`leadByMe`, `isLeader`) for explicit leadership handling. - ✨ Introduce artisan command `meetups:promote-existing-leaders` to transition legacy data.
48 lines
1.2 KiB
PHP
48 lines
1.2 KiB
PHP
<?php
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\MeetupEvent;
|
|
use App\Models\User;
|
|
use App\Policies\Concerns\ChecksCreatorOwnership;
|
|
|
|
class MeetupEventPolicy
|
|
{
|
|
use ChecksCreatorOwnership;
|
|
|
|
public function viewAny(User $user): bool
|
|
{
|
|
return true;
|
|
}
|
|
|
|
public function view(User $user, MeetupEvent $meetupEvent): bool
|
|
{
|
|
return $this->owns($user, $meetupEvent);
|
|
}
|
|
|
|
public function create(User $user): bool
|
|
{
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Termin bearbeiten: der Ersteller des Termins ODER ein Leader des
|
|
* zugehörigen Meetups (bzw. Super-Admin). Damit dürfen Meetup-Leader die
|
|
* Termine ihres Meetups pflegen, auch wenn sie sie nicht selbst angelegt
|
|
* haben — analog zur Stammdaten-Bearbeitung (MeetupPolicy::update).
|
|
*/
|
|
public function update(User $user, MeetupEvent $meetupEvent): bool
|
|
{
|
|
return $this->owns($user, $meetupEvent)
|
|
|| ($meetupEvent->meetup !== null && $meetupEvent->meetup->isLeader($user));
|
|
}
|
|
|
|
/**
|
|
* Termin löschen: gleiche Regel wie das Bearbeiten.
|
|
*/
|
|
public function delete(User $user, MeetupEvent $meetupEvent): bool
|
|
{
|
|
return $this->update($user, $meetupEvent);
|
|
}
|
|
}
|