with(['roles', 'rank']) ->orderBy('id') ->get() ->map(fn (User $user) => [ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'avatar_url' => $this->resolveAvatarUrl($user), 'location' => $user->location, 'rank' => $user->rank ? [ 'id' => $user->rank->id, 'name' => $user->rank->name, 'color' => $user->rank->color, ] : null, 'group_color' => $this->resolveGroupColor($user), 'roles' => $user->roles->pluck('name')->values(), ]); return response()->json($users); } public function me(Request $request): JsonResponse { $user = $request->user(); if (!$user) { return response()->json(['message' => 'Unauthenticated.'], 401); } return response()->json([ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'avatar_url' => $this->resolveAvatarUrl($user), 'location' => $user->location, 'rank' => $user->rank ? [ 'id' => $user->rank->id, 'name' => $user->rank->name, 'color' => $user->rank->color, ] : null, 'group_color' => $this->resolveGroupColor($user), 'roles' => $user->roles()->pluck('name')->values(), ]); } public function profile(User $user): JsonResponse { return response()->json([ 'id' => $user->id, 'name' => $user->name, 'avatar_url' => $this->resolveAvatarUrl($user), 'location' => $user->location, 'rank' => $user->rank ? [ 'id' => $user->rank->id, 'name' => $user->rank->name, 'color' => $user->rank->color, ] : null, 'group_color' => $this->resolveGroupColor($user), 'created_at' => $user->created_at?->toIso8601String(), ]); } public function updateMe(Request $request): JsonResponse { $user = $request->user(); if (!$user) { return response()->json(['message' => 'Unauthenticated.'], 401); } $data = $request->validate([ 'location' => ['nullable', 'string', 'max:255'], ]); $location = isset($data['location']) ? trim($data['location']) : null; if ($location === '') { $location = null; } $user->forceFill([ 'location' => $location, ])->save(); $user->loadMissing('rank'); return response()->json([ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'avatar_url' => $this->resolveAvatarUrl($user), 'location' => $user->location, 'rank' => $user->rank ? [ 'id' => $user->rank->id, 'name' => $user->rank->name, 'color' => $user->rank->color, ] : null, 'group_color' => $this->resolveGroupColor($user), 'roles' => $user->roles()->pluck('name')->values(), ]); } public function updateRank(Request $request, User $user): JsonResponse { $actor = $request->user(); if (!$actor || !$actor->roles()->where('name', 'ROLE_ADMIN')->exists()) { return response()->json(['message' => 'Forbidden'], 403); } if ($this->isFounder($user) && !$this->isFounder($actor)) { return response()->json(['message' => 'Forbidden'], 403); } $data = $request->validate([ 'rank_id' => ['nullable', 'exists:ranks,id'], ]); $user->rank_id = $data['rank_id'] ?? null; $user->save(); $user->loadMissing('rank'); return response()->json([ 'id' => $user->id, 'rank' => $user->rank ? [ 'id' => $user->rank->id, 'name' => $user->rank->name, 'color' => $user->rank->color, ] : null, 'group_color' => $this->resolveGroupColor($user), ]); } public function update(Request $request, User $user): JsonResponse { $actor = $request->user(); if (!$actor || !$actor->roles()->where('name', 'ROLE_ADMIN')->exists()) { return response()->json(['message' => 'Forbidden'], 403); } if ($this->isFounder($user) && !$this->isFounder($actor)) { return response()->json(['message' => 'Forbidden'], 403); } $data = $request->validate([ 'name' => ['required', 'string', 'max:255'], 'email' => [ 'required', 'string', 'email', 'max:255', Rule::unique('users', 'email')->ignore($user->id), ], 'rank_id' => ['nullable', 'exists:ranks,id'], 'roles' => ['nullable', 'array'], 'roles.*' => ['string', 'exists:roles,name'], ]); if (array_key_exists('roles', $data) && !$this->isFounder($actor)) { $requested = collect($data['roles'] ?? []) ->map(fn ($name) => $this->normalizeRoleName($name)); if ($requested->contains('ROLE_FOUNDER')) { return response()->json(['message' => 'Forbidden'], 403); } } $nameCanonical = Str::lower(trim($data['name'])); $nameConflict = User::query() ->where('id', '!=', $user->id) ->where('name_canonical', $nameCanonical) ->exists(); if ($nameConflict) { return response()->json(['message' => 'Name already exists.'], 422); } if ($data['email'] !== $user->email) { $user->email_verified_at = null; } $user->forceFill([ 'name' => $data['name'], 'name_canonical' => $nameCanonical, 'email' => $data['email'], 'rank_id' => $data['rank_id'] ?? null, ])->save(); if (array_key_exists('roles', $data)) { $roleNames = collect($data['roles'] ?? []) ->map(fn ($name) => $this->normalizeRoleName($name)) ->unique() ->values() ->all(); $roleIds = Role::query() ->whereIn('name', $roleNames) ->pluck('id') ->all(); $user->roles()->sync($roleIds); } $user->loadMissing('rank'); return response()->json([ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'avatar_url' => $this->resolveAvatarUrl($user), 'rank' => $user->rank ? [ 'id' => $user->rank->id, 'name' => $user->rank->name, 'color' => $user->rank->color, ] : null, 'group_color' => $this->resolveGroupColor($user), 'roles' => $user->roles()->pluck('name')->values(), ]); } private function resolveAvatarUrl(User $user): ?string { if (!$user->avatar_path) { return null; } return Storage::url($user->avatar_path); } private function resolveGroupColor(User $user): ?string { $user->loadMissing('roles'); $roles = $user->roles; if (!$roles) { return null; } foreach ($roles->sortBy('name') as $role) { if (!empty($role->color)) { return $role->color; } } return null; } private function normalizeRoleName(string $value): string { $raw = strtoupper(trim($value)); $raw = preg_replace('/\s+/', '_', $raw); $raw = preg_replace('/[^A-Z0-9_]/', '_', $raw); $raw = preg_replace('/_+/', '_', $raw); $raw = trim($raw, '_'); if ($raw === '') { return 'ROLE_'; } if (str_starts_with($raw, 'ROLE_')) { return $raw; } return "ROLE_{$raw}"; } private function isFounder(User $user): bool { return $user->roles()->where('name', 'ROLE_FOUNDER')->exists(); } }