Rhino/WebAPP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
WebAPP/app/Http/Controllers/ParticipantController.php
Rhino 2e24a40d68 Stand: SMTP-Test, Admin-Mail-Tab, Notifiable-Fix, Lazy-Quill 
- Fix: Notifiable-Trait zum User-Model hinzugefuegt (behebt notify()-500er)
- Installer: SMTP-Verbindungstest mit EsmtpTransport + Ueberspringen-Link
- Admin: Neuer E-Mail-Tab mit SMTP-Konfiguration + Verbindungstest
- Admin: Lazy Quill-Initialisierung (nur sichtbare Locale wird geladen)
- Uebersetzungen: 17 neue Mail-Keys in allen 6 Sprachen

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 07:30:37 +01:00

110 lines
3.7 KiB
PHP
Executable File
Raw Permalink Blame History

<?php
namespace App\Http\Controllers;
use App\Enums\EventStatus;
use App\Enums\EventType;
use App\Enums\ParticipantStatus;
use App\Models\ActivityLog;
use App\Models\Event;
use App\Models\EventParticipant;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
class ParticipantController extends Controller
{
public function update(Request $request, Event $event): RedirectResponse
{
$user = auth()->user();
if ($event->status === EventStatus::Cancelled) {
abort(403);
}
if (!$user->canAccessAdminPanel() && $event->status === EventStatus::Draft) {
abort(403);
}
// Team-Zugriffspruefung: User muss Zugang zum Event-Team haben
if (!$user->canAccessAdminPanel()) {
if (!$user->accessibleTeamIds()->contains($event->team_id)) {
abort(403);
}
}
if ($event->type === EventType::Meeting) {
return $this->updateMeetingParticipant($request, $event);
}
return $this->updatePlayerParticipant($request, $event);
}
private function updatePlayerParticipant(Request $request, Event $event): RedirectResponse
{
$user = auth()->user();
$request->validate([
'player_id' => 'required|integer',
'status' => 'required|in:yes,no,unknown',
]);
$participant = EventParticipant::where('event_id', $event->id)
->where('player_id', $request->player_id)
->firstOrFail();
// Policy-Check: nur eigene Kinder oder Admin
if (!$user->canAccessAdminPanel()) {
$isParent = DB::table('parent_player')
->where('parent_id', $user->id)
->where('player_id', $request->player_id)
->exists();
if (!$isParent) {
abort(403);
}
}
$oldStatus = $participant->status->value;
$participant->status = ParticipantStatus::from($request->status);
$participant->set_by_user_id = $user->id;
$participant->responded_at = now();
$participant->save();
ActivityLog::logWithChanges('participant_status_changed', __('admin.log_participant_changed', ['event' => $event->title, 'status' => $request->status]), 'Event', $event->id, ['status' => $oldStatus, 'player' => $participant->player?->full_name ?? ''], ['status' => $request->status]);
return redirect(route('events.show', $event) . '#participants');
}
private function updateMeetingParticipant(Request $request, Event $event): RedirectResponse
{
$user = auth()->user();
$request->validate([
'user_id' => 'required|integer',
'status' => 'required|in:yes,no,unknown',
]);
$participant = EventParticipant::where('event_id', $event->id)
->where('user_id', $request->user_id)
->firstOrFail();
// Policy-Check: nur eigener Eintrag oder Admin
if (!$user->canAccessAdminPanel() && (int) $participant->user_id !== $user->id) {
abort(403);
}
$oldStatus = $participant->status->value;
$participant->status = ParticipantStatus::from($request->status);
$participant->set_by_user_id = $user->id;
$participant->responded_at = now();
$participant->save();
ActivityLog::logWithChanges('participant_status_changed', __('admin.log_participant_changed', ['event' => $event->title, 'status' => $request->status]), 'Event', $event->id, ['status' => $oldStatus, 'player' => $participant->user?->name ?? ''], ['status' => $request->status]);
return redirect(route('events.show', $event) . '#participants');
}
}
Reference in New Issue View Git Blame Copy Permalink