mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-11 02:50:29 +00:00
HolgerHatGarKeineNode
f5cf85b438
- 💾 Introduced `restore_point` JSON column in `meetups` table for saving and restoring master data. - 🛠️ Added methods `captureRestorePoint` and `restoreFromRestorePoint` to `Meetup` model for managing restore points. - 🔒 Implemented authorization for updating meetups via `updateViaPortal` policy to include pivot members. - 🔗 Created Artisan commands `meetups:snapshot` and `meetups:restore` for managing restore points from CLI. - 🚦 Added rate limiter to restrict excessive update attempts in Livewire meetup editing. - ✅ Developed exhaustive feature tests for snapshot and restore actions, portal editing rules, and rate limiting.
45 lines
1.1 KiB
PHP
45 lines
1.1 KiB
PHP
<?php
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\Meetup;
|
|
use App\Models\User;
|
|
use App\Policies\Concerns\ChecksCreatorOwnership;
|
|
|
|
class MeetupPolicy
|
|
{
|
|
use ChecksCreatorOwnership;
|
|
|
|
public function viewAny(User $user): bool
|
|
{
|
|
return true;
|
|
}
|
|
|
|
public function view(User $user, Meetup $meetup): bool
|
|
{
|
|
return $this->owns($user, $meetup);
|
|
}
|
|
|
|
public function create(User $user): bool
|
|
{
|
|
return true;
|
|
}
|
|
|
|
public function update(User $user, Meetup $meetup): bool
|
|
{
|
|
return $this->owns($user, $meetup);
|
|
}
|
|
|
|
/**
|
|
* Gelockerte Update-Regel ausschließlich für das Portal-Frontend (Livewire):
|
|
* Neben dem Ersteller darf auch jedes Mitglied der meetup_user-Pivot
|
|
* („Meine Meetups" im Dashboard) die Stammdaten bearbeiten. REST-API und
|
|
* MCP nutzen weiterhin die strikte update()-Ability. Übergangslösung, bis
|
|
* ein echtes Rollen-/Freigabekonzept existiert.
|
|
*/
|
|
public function updateViaPortal(User $user, Meetup $meetup): bool
|
|
{
|
|
return $this->owns($user, $meetup) || $meetup->hasMember($user);
|
|
}
|
|
}
|