chore: Add the correct security and x attributes and create security schema, fix path routes and change schema to be defined as requested

matiasperrone · matiasperrone · commit 7e87cef7b6d3 · 2025-11-26T21:54:46.000Z
diff --git a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitMetricsApiController.php b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitMetricsApiController.php
@@ -12,8 +12,10 @@
  * limitations under the License.
  **/
 
+use App\Models\Foundation\Main\IGroup;
 use App\ModelSerializers\SerializerUtils;
 use App\Rules\Boolean;
+use App\Security\SummitScopes;
 use App\Services\Model\ISummitMetricService;
 use Illuminate\Http\Response;
 use models\main\IMemberRepository;
@@ -72,9 +74,10 @@ public function __construct
      */
     #[OA\Put(
         path: "/api/v1/summits/{id}/metrics/enter",
+        operationId: 'enter',
         summary: "Record a metric entry (enter)",
-        security: [["Bearer" => []]],
-        tags: ["summit-metrics"],
+        security: [["summit_metrics_oauth2" => [SummitScopes::EnterEvent, SummitScopes::WriteMetrics]]],
+        tags: ["Summit Metrics"],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -140,9 +143,10 @@ public function enter($summit_id)
      */
     #[OA\Post(
         path: "/api/v1/summits/{id}/metrics/leave",
+        operationId: 'leave',
         summary: "Record a metric exit (leave)",
-        security: [["Bearer" => []]],
-        tags: ["summit-metrics"],
+        security: [["summit_metrics_oauth2" => [SummitScopes::LeaveEvent, SummitScopes::WriteMetrics]]],
+        tags: ["Summit Metrics"],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -208,9 +212,10 @@ public function leave($summit_id)
      */
     #[OA\Put(
         path: "/api/v1/summits/{id}/members/{member_id}/schedule/{event_id}/metrics/enter",
+        operationId: 'enterToEvent',
         summary: "Record a metric entry to a specific event",
-        security: [["Bearer" => []]],
-        tags: ["summit-metrics"],
+        security: [["summit_metrics_oauth2" => [SummitScopes::EnterEvent]]],
+        tags: ["Summit Metrics"],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -278,9 +283,10 @@ public function enterToEvent($summit_id, $member_id, $event_id)
      */
     #[OA\Post(
         path: "/api/v1/summits/{id}/members/{member_id}/schedule/{event_id}/metrics/leave",
+        operationId: 'leaveFromEvent',
         summary: "Record a metric exit from a specific event",
-        security: [["Bearer" => []]],
-        tags: ["summit-metrics"],
+        security: [["summit_metrics_oauth2" => [SummitScopes::LeaveEvent]]],
+        tags: ["Summit Metrics"],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -342,9 +348,13 @@ public function leaveFromEvent($summit_id, $member_id, $event_id)
 
     #[OA\Put(
         path: "/api/v1/summits/{id}/metrics/onsite/enter",
+        operationId: 'onSiteEnter',
         summary: "Record an on-site metric entry (for attendees entering venue/room)",
-        security: [["Bearer" => []]],
-        tags: ["summit-metrics"],
+        security: [["summit_metrics_oauth2" => [SummitScopes::WriteMetrics]]],
+        tags: ["Summit Metrics"],
+        x: [
+            "authz_groups" => [IGroup::SummitAccessControl]
+        ],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -406,9 +416,13 @@ public function onSiteEnter($summit_id)
 
     #[OA\Get(
         path: "/api/v1/summits/{id}/metrics/onsite/enter",
+        operationId: 'checkOnSiteEnter',
         summary: "Check if on-site entry is allowed for an attendee (validation only, does not record entry)",
-        security: [["Bearer" => []]],
-        tags: ["summit-metrics"],
+        security: [["summit_metrics_oauth2" => [SummitScopes::ReadAllSummitData, SummitScopes::ReadSummitData, SummitScopes::ReadMetrics]]],
+        tags: ["Summit Metrics"],
+        x: [
+            "authz_groups" => [IGroup::SummitAccessControl]
+        ],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -481,9 +495,13 @@ public function checkOnSiteEnter($summit_id)
 
     #[OA\Post(
         path: "/api/v1/summits/{id}/metrics/onsite/leave",
+        operationId: 'onSiteLeave',
         summary: "Record an on-site metric exit (for attendees leaving venue/room)",
-        security: [["Bearer" => []]],
-        tags: ["summit-metrics"],
+        security: [["summit_metrics_oauth2" => [SummitScopes::WriteMetrics]]],
+        tags: ["Summit Metrics"],
+        x: [
+            "authz_groups" => [IGroup::SummitAccessControl]
+        ],
         parameters: [
             new OA\Parameter(
                 name: "id",
diff --git a/app/Swagger/Security/SummitMetricsAuthSchema.php b/app/Swagger/Security/SummitMetricsAuthSchema.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace App\Swagger\Security;
+
+use App\Security\SummitScopes;
+use OpenApi\Attributes as OA;
+
+#[
+    OA\SecurityScheme(
+        type: 'oauth2',
+        securityScheme: 'summit_metrics_oauth2',
+        flows: [
+            new OA\Flow(
+                authorizationUrl: L5_SWAGGER_CONST_AUTH_URL,
+                tokenUrl: L5_SWAGGER_CONST_TOKEN_URL,
+                flow: 'authorizationCode',
+                scopes: [
+                    SummitScopes::EnterEvent => 'Enter Event',
+                    SummitScopes::LeaveEvent => 'Leave Event',
+                    SummitScopes::WriteMetrics => 'Write Metrics',
+                    SummitScopes::ReadMetrics => 'Read Metrics',
+                    SummitScopes::ReadAllSummitData => 'Read All Summit Data',
+                    SummitScopes::ReadSummitData => 'Read Summit Data',
+                ],
+            ),
+        ],
+    )
+]
+class SummitMetricsAuthSchema {}
diff --git a/app/Swagger/SummitMetricsSchemas.php b/app/Swagger/SummitMetricsSchemas.php
@@ -11,6 +11,8 @@
     type: "object",
     properties: [
         new OA\Property(property: "id", type: "integer"),
+        new OA\Property(property: "created", type: "integer"),
+        new OA\Property(property: "last_edited", type: "integer"),
         new OA\Property(property: "member_first_name", type: "string", nullable: true),
         new OA\Property(property: "member_last_name", type: "string", nullable: true),
         new OA\Property(property: "member_pic", type: "string", nullable: true),
@@ -20,8 +22,6 @@
         new OA\Property(property: "browser", type: "string", nullable: true),
         new OA\Property(property: "outgress_date", type: "integer", nullable: true),
         new OA\Property(property: "ingress_date", type: "integer"),
-        new OA\Property(property: "created", type: "integer"),
-        new OA\Property(property: "last_edited", type: "integer")
     ]
 )]
 class SummitMetric
