chore: Add the security schema for the controller to its own file

matiasperrone · matiasperrone · commit 2c513e04d658 · 2025-11-13T20:29:09.000Z
diff --git a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitPresentationActionTypeApiController.php b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitPresentationActionTypeApiController.php
@@ -13,7 +13,9 @@
  **/
 
 use App\Http\Utils\EpochCellFormatter;
+use App\Models\Foundation\Main\IGroup;
 use App\Models\Foundation\Summit\Repositories\IPresentationActionTypeRepository;
+use App\Security\SummitScopes;
 use App\Services\Model\ISummitPresentationActionTypeService;
 use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Input;
@@ -138,7 +140,17 @@ protected function updateChild(Summit $summit, int $child_id, array $payload): I
     #[OA\Post(
         path: '/api/v1/summits/{id}/presentation-action-types',
         summary: 'Create a new presentation action type',
-        security: [['OAuth2' => ['openid', 'profile', 'email']]],
+        x: [
+            'required-groups' => [
+                IGroup::SuperAdmins,
+                IGroup::Administrators,
+                IGroup::SummitAdministrators,
+                IGroup::TrackChairsAdmins,
+            ]
+        ],
+        security: [['presentation_action_types_oauth2' => [
+            SummitScopes::WriteSummitData,
+        ]]],
         tags: ['Summits', 'Presentation Action Types'],
         parameters: [
             new OA\Parameter(name: 'id', in: 'path', required: true, description: 'Summit ID', schema: new OA\Schema(type: 'integer')),
@@ -173,7 +185,18 @@ public function add($summit_id){
     #[OA\Get(
         path: '/api/v1/summits/{id}/presentation-action-types/{action_id}',
         summary: 'Get a presentation action type by ID',
-        security: [['OAuth2' => ['openid', 'profile', 'email']]],
+        x: [
+            'required-groups' => [
+                IGroup::SuperAdmins,
+                IGroup::Administrators,
+                IGroup::SummitAdministrators,
+                IGroup::TrackChairsAdmins,
+            ]
+        ],
+        security: [['presentation_action_types_oauth2' => [
+            SummitScopes::ReadAllSummitData,
+            SummitScopes::ReadSummitData,
+        ]]],
         tags: ['Summits', 'Presentation Action Types'],
         parameters: [
             new OA\Parameter(name: 'id', in: 'path', required: true, description: 'Summit ID', schema: new OA\Schema(type: 'integer')),
@@ -204,7 +227,17 @@ public function get($summit_id, $action_id){
     #[OA\Put(
         path: '/api/v1/summits/{id}/presentation-action-types/{action_id}',
         summary: 'Update a presentation action type',
-        security: [['OAuth2' => ['openid', 'profile', 'email']]],
+        x: [
+            'required-groups' => [
+                IGroup::SuperAdmins,
+                IGroup::Administrators,
+                IGroup::SummitAdministrators,
+                IGroup::TrackChairsAdmins,
+            ]
+        ],
+        security: [['presentation_action_types_oauth2' => [
+            SummitScopes::WriteSummitData,
+        ]]],
         tags: ['Summits', 'Presentation Action Types'],
         parameters: [
             new OA\Parameter(name: 'id', in: 'path', required: true, description: 'Summit ID', schema: new OA\Schema(type: 'integer')),
@@ -240,7 +273,17 @@ public function update($summit_id, $action_id){
     #[OA\Delete(
         path: '/api/v1/summits/{id}/presentation-action-types/{action_id}',
         summary: 'Delete a presentation action type',
-        security: [['OAuth2' => ['openid', 'profile', 'email']]],
+        x: [
+            'required-groups' => [
+                IGroup::SuperAdmins,
+                IGroup::Administrators,
+                IGroup::SummitAdministrators,
+                IGroup::TrackChairsAdmins,
+            ]
+        ],
+        security: [['presentation_action_types_oauth2' => [
+            SummitScopes::WriteSummitData,
+        ]]],
         tags: ['Summits', 'Presentation Action Types'],
         parameters: [
             new OA\Parameter(name: 'id', in: 'path', required: true, description: 'Summit ID', schema: new OA\Schema(type: 'integer')),
@@ -266,7 +309,19 @@ public function delete($summit_id, $action_id){
     #[OA\Get(
         path: '/api/v1/summits/{id}/presentation-action-types',
         summary: 'Get all presentation action types for a summit',
-        security: [['OAuth2' => ['openid', 'profile', 'email']]],
+        x: [
+            'required-groups' => [
+                IGroup::SuperAdmins,
+                IGroup::Administrators,
+                IGroup::SummitAdministrators,
+                IGroup::TrackChairsAdmins,
+                IGroup::TrackChairs,
+            ]
+        ],
+        security: [['presentation_action_types_oauth2' => [
+            SummitScopes::ReadAllSummitData,
+            SummitScopes::ReadSummitData,
+        ]]],
         tags: ['Summits', 'Presentation Action Types'],
         parameters: [
             new OA\Parameter(ref: '#/components/parameters/page'),
@@ -337,7 +392,18 @@ function () {
     #[OA\Get(
         path: '/api/v1/summits/{id}/presentation-action-types/csv',
         summary: 'Get all presentation action types for a summit in CSV format',
-        security: [['OAuth2' => ['openid', 'profile', 'email']]],
+        x: [
+            'required-groups' => [
+                IGroup::SuperAdmins,
+                IGroup::Administrators,
+                IGroup::SummitAdministrators,
+                IGroup::TrackChairsAdmins,
+            ]
+        ],
+        security: [['presentation_action_types_oauth2' => [
+            SummitScopes::ReadAllSummitData,
+            SummitScopes::ReadSummitData,
+        ]]],
         tags: ['Summits', 'Presentation Action Types'],
         parameters: [
             new OA\Parameter(ref: '#/components/parameters/page'),
diff --git a/app/Swagger/Security/PresentationActionTypesAuthSchema.php b/app/Swagger/Security/PresentationActionTypesAuthSchema.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Swagger\Security;
+
+use App\Security\SummitScopes;
+use OpenApi\Attributes as OA;
+
+#[
+    OA\SecurityScheme(
+        type: 'oauth2',
+        securityScheme: 'presentation_action_types_oauth2',
+        flows: [
+            new OA\Flow(
+                authorizationUrl: L5_SWAGGER_CONST_AUTH_URL,
+                tokenUrl: L5_SWAGGER_CONST_TOKEN_URL,
+                flow: 'authorizationCode',
+                scopes: [
+                    SummitScopes::ReadAllSummitData => 'Read All Summit Data',
+                    SummitScopes::ReadSummitData => 'Read Summit Data',
+                    SummitScopes::WriteSummitData => 'Write Summit Data',
+                ],
+            ),
+        ],
+    )
+]
+class PresentationActionTypesAuthSchema{}
