QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-15 17:24:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
92a1baced43fa464040e6d0b0943279f76381fc8
InvoiceShelf/app/Services/InvitationService.php
Darko Gjorgjijoski 92a1baced4 Add company invitation system (backend) 
New feature allowing company owners/admins to invite users by email with
a specific company-scoped role.

Database:
- New company_invitations table (company_id, email, role_id, token,
  status, invited_by, expires_at)

Backend:
- CompanyInvitation model with pending/forUser scopes
- InvitationService: invite, accept, decline, getPendingForUser
- CompanyInvitationMail with markdown email template
- InvitationController (company-scoped): list, send, cancel invitations
- InvitationResponseController (user-scoped): pending, accept, decline
- BootstrapController returns pending_invitations in response
- CompanyMiddleware handles zero-company users gracefully

Tests: 9 feature tests covering invite, accept, decline, cancel, expire,
duplicate prevention, and bootstrap integration.
2026-04-03 22:58:55 +02:00

114 lines
3.4 KiB
PHP
Raw Blame History

<?php
namespace App\Services;
use App\Mail\CompanyInvitationMail;
use App\Models\Company;
use App\Models\CompanyInvitation;
use App\Models\User;
use Carbon\Carbon;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;
use Silber\Bouncer\BouncerFacade;
use Silber\Bouncer\Database\Role;
class InvitationService
{
/**
* Invite a user to a company by email with a specific role.
*/
public function invite(Company $company, string $email, int $roleId, User $invitedBy): CompanyInvitation
{
// Check for existing pending invitation
$existing = CompanyInvitation::where('company_id', $company->id)
->where('email', $email)
->pending()
->first();
if ($existing) {
throw ValidationException::withMessages([
'email' => ['An invitation is already pending for this email.'],
]);
}
// Check if user is already a member
$existingUser = User::where('email', $email)->first();
if ($existingUser && $existingUser->hasCompany($company->id)) {
throw ValidationException::withMessages([
'email' => ['This user is already a member of this company.'],
]);
}
$invitation = CompanyInvitation::create([
'company_id' => $company->id,
'user_id' => $existingUser?->id,
'email' => $email,
'role_id' => $roleId,
'token' => Str::random(64),
'status' => CompanyInvitation::STATUS_PENDING,
'invited_by' => $invitedBy->id,
'expires_at' => Carbon::now()->addDays(7),
]);
Mail::to($email)->send(new CompanyInvitationMail($invitation));
return $invitation;
}
/**
* Accept a pending invitation and add the user to the company.
*/
public function accept(CompanyInvitation $invitation, User $user): void
{
if (! $invitation->isPending()) {
throw ValidationException::withMessages([
'invitation' => ['This invitation is no longer valid.'],
]);
}
// Add user to company
$user->companies()->attach($invitation->company_id);
// Assign role scoped to the invitation's company
$role = Role::withoutGlobalScopes()->find($invitation->role_id);
BouncerFacade::scope()->to($invitation->company_id);
$user->assign($role->name);
// Update invitation
$invitation->update([
'status' => CompanyInvitation::STATUS_ACCEPTED,
'user_id' => $user->id,
]);
}
/**
* Decline a pending invitation.
*/
public function decline(CompanyInvitation $invitation, User $user): void
{
if (! $invitation->isPending()) {
throw ValidationException::withMessages([
'invitation' => ['This invitation is no longer valid.'],
]);
}
$invitation->update([
'status' => CompanyInvitation::STATUS_DECLINED,
'user_id' => $user->id,
]);
}
/**
* Get all pending invitations for a user (by user_id or email).
*/
public function getPendingForUser(User $user): Collection
{
return CompanyInvitation::forUser($user)
->pending()
->with(['company', 'role', 'invitedBy'])
->get();
}
}
Reference in New Issue View Git Blame Copy Permalink