fix: Add security schema

matiasperrone · matiasperrone · commit b84d0d8677d9 · 2025-11-10T22:41:54.000Z
diff --git a/app/Http/Controllers/Apis/Protected/Main/OAuth2CompaniesApiController.php b/app/Http/Controllers/Apis/Protected/Main/OAuth2CompaniesApiController.php
@@ -16,6 +16,8 @@
  **/
 
 use App\Rules\Boolean;
+use App\Security\CompanyScopes;
+use App\Security\SummitScopes;
 use App\Services\Model\ICompanyService;
 use Illuminate\Http\Request as LaravelRequest;
 use Illuminate\Http\Response;
@@ -26,6 +28,31 @@
 use ModelSerializers\SerializerRegistry;
 use OpenApi\Attributes as OA;
 
+
+#[OA\SecurityScheme(
+    type: 'oauth2',
+    securityScheme: 'OAuth2CompaniesApiControllerAuthSchema',
+    flows: [
+        new OA\Flow(
+            authorizationUrl: L5_SWAGGER_CONST_AUTH_URL,
+            tokenUrl: L5_SWAGGER_CONST_TOKEN_URL,
+            flow: 'authorizationCode',
+            scopes: [
+                CompanyScopes::Read => 'Read Data',
+                CompanyScopes::Write => 'Write Data',
+                SummitScopes::ReadSummitData => 'Read Summit Data',
+                SummitScopes::ReadAllSummitData => 'Read All Summit Data',
+                SummitScopes::WriteSummitData => 'Write Summit Data',
+            ],
+        ),
+    ],
+)
+]
+class OAuth2CompaniesApiControllerAuthSchema
+{
+}
+
+
 /**
  * Class OAuth2CompaniesApiController
  * @package App\Http\Controllers
@@ -34,6 +61,54 @@
     path: "/api/v1/companies/{id}",
     summary: "Get a specific company",
     description: "Returns detailed information about a specific company",
+    security: [
+        [
+            "OAuth2CompaniesApiControllerAuthSchema" => [
+                CompanyScopes::Read,
+            ]
+        ]
+    ],
+    tags: ["Companies"],
+    parameters: [
+        new OA\Parameter(
+            name: "id",
+            in: "path",
+            required: true,
+            description: "Company ID",
+            schema: new OA\Schema(type: "integer")
+        ),
+        new OA\Parameter(
+            name: "expand",
+            in: "query",
+            required: false,
+            description: "Expand related entities. Available expansions: sponsorships, project_sponsorships",
+            schema: new OA\Schema(type: "string")
+        ),
+        new OA\Parameter(
+            name: "relations",
+            in: "query",
+            required: false,
+            description: "Load relations. Available: sponsorships, project_sponsorships",
+            schema: new OA\Schema(type: "string")
+        ),
+    ],
+    responses: [
+        new OA\Response(
+            response: Response::HTTP_OK,
+            description: "Success",
+            content: new OA\JsonContent(ref: "#/components/schemas/Company")
+        ),
+        new OA\Response(response: Response::HTTP_NOT_FOUND, description: "Company not found"),
+    ]
+)]
+/**
+ * Class OAuth2CompaniesApiController
+ * @package App\Http\Controllers
+ */
+#[OA\Get(
+    path: "/api/public/v1/companies/{id}",
+    summary: "Get a specific company (Public)",
+    description: "Returns detailed information about a specific company",
     tags: ["Companies"],
     parameters: [
         new OA\Parameter(
@@ -71,7 +146,13 @@
     path: "/api/v1/companies",
     summary: "Create a new company",
     description: "Creates a new company",
-    security: [["oauth2_security_scope" => ["openid", "profile", "email"]]],
+    security: [
+        [
+            "OAuth2CompaniesApiControllerAuthSchema" => [
+                CompanyScopes::Write,
+            ]
+        ]
+    ],
     tags: ["Companies"],
     requestBody: new OA\RequestBody(
         required: true,
@@ -93,7 +174,13 @@
     path: "/api/v1/companies/{id}",
     summary: "Update a company",
     description: "Updates an existing company",
-    security: [["oauth2_security_scope" => ["openid", "profile", "email"]]],
+    security: [
+        [
+            "OAuth2CompaniesApiControllerAuthSchema" => [
+                CompanyScopes::Write,
+            ]
+        ]
+    ],
     tags: ["Companies"],
     parameters: [
         new OA\Parameter(
@@ -125,7 +212,13 @@
     path: "/api/v1/companies/{id}",
     summary: "Delete a company",
     description: "Deletes a company",
-    security: [["oauth2_security_scope" => ["openid", "profile", "email"]]],
+    security: [
+        [
+            "OAuth2CompaniesApiControllerAuthSchema" => [
+                CompanyScopes::Write,
+            ]
+        ]
+    ],
     tags: ["Companies"],
     parameters: [
         new OA\Parameter(
@@ -169,11 +262,10 @@ final class OAuth2CompaniesApiController extends OAuth2ProtectedController
      */
     public function __construct
     (
-        ICompanyRepository     $company_repository,
+        ICompanyRepository $company_repository,
         IResourceServerContext $resource_server_context,
-        ICompanyService        $service
-    )
-    {
+        ICompanyService $service
+    ) {
         parent::__construct($resource_server_context);
         $this->repository = $company_repository;
         $this->service = $service;
@@ -183,7 +275,75 @@ public function __construct
         path: "/api/v1/companies",
         summary: "Get all companies",
         description: "Returns a paginated list of companies. Allows ordering, filtering and pagination.",
-        security: [["oauth2_security_scope" => ["openid", "profile", "email"]]],
+        security: [
+            [
+                "OAuth2CompaniesApiControllerAuthSchema" => [
+                    CompanyScopes::Read,
+                    SummitScopes::ReadSummitData,
+                    SummitScopes::ReadAllSummitData,
+                ]
+            ]
+        ],
+        tags: ["Companies"],
+        parameters: [
+            new OA\Parameter(
+                name: 'page',
+                in: 'query',
+                required: false,
+                schema: new OA\Schema(type: 'integer'),
+                description: 'The page number'
+            ),
+            new OA\Parameter(
+                name: 'per_page',
+                in: 'query',
+                required: false,
+                schema: new OA\Schema(type: 'integer'),
+                description: 'The number of pages in each page',
+            ),
+            new OA\Parameter(
+                name: "filter[]",
+                in: "query",
+                required: false,
+                description: "Filter companies. Available filters: name (=@, ==, @@), member_level (=@, ==, @@), display_on_site (==)",
+                schema: new OA\Schema(type: "array", items: new OA\Items(type: "string")),
+                explode: true
+            ),
+            new OA\Parameter(
+                name: "order",
+                in: "query",
+                required: false,
+                description: "Order by field. Valid fields: id, name, member_level",
+                schema: new OA\Schema(type: "string")
+            ),
+            new OA\Parameter(
+                name: "expand",
+                in: "query",
+                required: false,
+                description: "Expand related entities. Available expansions: sponsorships, project_sponsorships",
+                schema: new OA\Schema(type: "string")
+            ),
+            new OA\Parameter(
+                name: "relations",
+                in: "query",
+                required: false,
+                description: "Load relations. Available: sponsorships, project_sponsorships",
+                schema: new OA\Schema(type: "string")
+            ),
+        ],
+        responses: [
+            new OA\Response(
+                response: Response::HTTP_OK,
+                description: "Success",
+                content: new OA\JsonContent(ref: "#/components/schemas/PaginatedCompaniesResponse")
+            ),
+            new OA\Response(response: Response::HTTP_BAD_REQUEST, description: "Bad Request"),
+        ]
+    )]
+
+    #[OA\Get(
+        path: "/api/public/v1/companies",
+        summary: "Get all companies (Public)",
+        description: "Returns a paginated list of companies. Allows ordering, filtering and pagination.",
         tags: ["Companies"],
         parameters: [
             new OA\Parameter(
@@ -247,14 +407,14 @@ function () {
                 return [
                     'name' => ['=@', '==', '@@'],
                     'member_level' => ['=@', '==', '@@'],
-                    'display_on_site' => [ '=='],
+                    'display_on_site' => ['=='],
                 ];
             },
             function () {
                 return [
                     'name' => 'sometimes|string',
                     'member_level' => 'sometimes|string',
-                    'display_on_site' =>  ['sometimes', new Boolean],
+                    'display_on_site' => ['sometimes', new Boolean],
                 ];
             },
             function () {
@@ -268,7 +428,7 @@ function ($filter) {
                 return $filter;
             },
             function () {
-              return $this->getEntitySerializerType();
+                return $this->getEntitySerializerType();
             }
         );
     }
@@ -292,7 +452,8 @@ protected function addEntity(array $payload): IEntity
         return $this->service->addCompany($payload);
     }
 
-    protected function addEntitySerializerType(){
+    protected function addEntitySerializerType()
+    {
         return $this->getEntitySerializerType();
     }
 
@@ -320,7 +481,8 @@ protected function getEntitySerializerType()
             SerializerRegistry::SerializerType_Public;
     }
 
-    protected function updateEntitySerializerType(){
+    protected function updateEntitySerializerType()
+    {
         return $this->getEntitySerializerType();
     }
     /**
@@ -347,7 +509,13 @@ protected function updateEntity($id, array $payload): IEntity
         path: "/api/v1/companies/{id}/logo",
         summary: "Add company logo",
         description: "Uploads a logo image for the company",
-        security: [["oauth2_security_scope" => ["openid", "profile", "email"]]],
+        security: [
+            [
+                "OAuth2CompaniesApiControllerAuthSchema" => [
+                    CompanyScopes::Write,
+                ]
+            ]
+        ],
         tags: ["Companies"],
         parameters: [
             new OA\Parameter(
@@ -407,7 +575,13 @@ public function addCompanyLogo(LaravelRequest $request, $company_id)
         path: "/api/v1/companies/{id}/logo",
         summary: "Delete company logo",
         description: "Removes the logo image from the company",
-        security: [["oauth2_security_scope" => ["openid", "profile", "email"]]],
+        security: [
+            [
+                "OAuth2CompaniesApiControllerAuthSchema" => [
+                    CompanyScopes::Write,
+                ]
+            ]
+        ],
         tags: ["Companies"],
         parameters: [
             new OA\Parameter(
@@ -440,7 +614,13 @@ public function deleteCompanyLogo($company_id)
         path: "/api/v1/companies/{id}/logo/big",
         summary: "Add company big logo",
         description: "Uploads a big logo image for the company",
-        security: [["oauth2_security_scope" => ["openid", "profile", "email"]]],
+        security: [
+            [
+                "OAuth2CompaniesApiControllerAuthSchema" => [
+                    CompanyScopes::Write,
+                ]
+            ]
+        ],
         tags: ["Companies"],
         parameters: [
             new OA\Parameter(
@@ -499,7 +679,13 @@ public function addCompanyBigLogo(LaravelRequest $request, $company_id)
         path: "/api/v1/companies/{id}/logo/big",
         summary: "Delete company big logo",
         description: "Removes the big logo image from the company",
-        security: [["oauth2_security_scope" => ["openid", "profile", "email"]]],
+        security: [
+            [
+                "OAuth2CompaniesApiControllerAuthSchema" => [
+                    CompanyScopes::Write,
+                ]
+            ]
+        ],
         tags: ["Companies"],
         parameters: [
             new OA\Parameter(
