chore: Add the correct security and x attributes and fix path with the correct routes

matiasperrone · matiasperrone · commit e23bdff651cd · 2025-11-27T15:37:03.000Z
diff --git a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitSelectedPresentationListApiController.php b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitSelectedPresentationListApiController.php
@@ -13,7 +13,9 @@
  **/
 
 use App\Models\Exceptions\AuthzException;
+use App\Models\Foundation\Main\IGroup;
 use App\ModelSerializers\SerializerUtils;
+use App\Security\SummitScopes;
 use App\Services\Model\ISummitSelectedPresentationListService;
 use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Request;
@@ -76,10 +78,12 @@ public function __construct
      * @return \Illuminate\Http\JsonResponse|mixed
      */
     #[OA\Get(
-        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/track-chairs/tracks/{track_id}/selection-lists/team",
+        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/tracks/{track_id}/selection-lists/team",
+        operationId: 'getTeamSelectionList',
         summary: "Get team selection list for a track",
-        security: [["Bearer" => []]],
-        tags: ["summit-selected-presentation-lists"],
+        security: [["selected_presentation_list_oauth2" => [SummitScopes::ReadSummitData]]],
+        x: ["authz_groups" => [IGroup::SuperAdmins, IGroup::Administrators, IGroup::TrackChairs, IGroup::TrackChairsAdmins]],
+        tags: ["Summit Selected Presentation Lists"],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -144,10 +148,12 @@ public function getTeamSelectionList($summit_id, $selection_plan_id, $track_id){
      * @return \Illuminate\Http\JsonResponse|mixed
      */
     #[OA\Post(
-        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/track-chairs/tracks/{track_id}/selection-lists/team",
+        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/tracks/{track_id}/selection-lists/team",
+        operationId: 'createTeamSelectionList',
         summary: "Create team selection list for a track",
-        security: [["Bearer" => []]],
-        tags: ["summit-selected-presentation-lists"],
+        security: [["selected_presentation_list_oauth2" => [SummitScopes::WriteSummitData]]],
+        x: ["authz_groups" => [IGroup::SuperAdmins, IGroup::Administrators, IGroup::TrackChairs, IGroup::TrackChairsAdmins]],
+        tags: ["Summit Selected Presentation Lists"],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -209,10 +215,12 @@ public function createTeamSelectionList($summit_id, $selection_plan_id, $track_i
      * @return \Illuminate\Http\JsonResponse|mixed
      */
     #[OA\Get(
-        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/track-chairs/tracks/{track_id}/selection-lists/individual/owner/{owner_id}",
+        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/tracks/{track_id}/selection-lists/individual/owner/{owner_id}",
+        operationId: 'getIndividualSelectionList',
         summary: "Get individual selection list for a specific owner",
-        security: [["Bearer" => []]],
-        tags: ["summit-selected-presentation-lists"],
+        security: [["selected_presentation_list_oauth2" => [SummitScopes::ReadSummitData]]],
+        x: ["authz_groups" => [IGroup::SuperAdmins, IGroup::Administrators, IGroup::TrackChairs, IGroup::TrackChairsAdmins]],
+        tags: ["Summit Selected Presentation Lists"],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -280,10 +288,12 @@ public function getIndividualSelectionList($summit_id, $selection_plan_id, $trac
      * @return \Illuminate\Http\JsonResponse|mixed
      */
     #[OA\Post(
-        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/track-chairs/tracks/{track_id}/selection-lists/individual/owner/me",
+        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/tracks/{track_id}/selection-lists/individual/owner/me",
+        operationId: 'createIndividualSelectionList',
         summary: "Create individual selection list for current user",
-        security: [["Bearer" => []]],
-        tags: ["summit-selected-presentation-lists"],
+        security: [["selected_presentation_list_oauth2" => [SummitScopes::WriteSummitData]]],
+        x: ["authz_groups" => [IGroup::SuperAdmins, IGroup::Administrators, IGroup::TrackChairs, IGroup::TrackChairsAdmins]],
+        tags: ["Summit Selected Presentation Lists"],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -344,10 +354,12 @@ public function createIndividualSelectionList($summit_id, $selection_plan_id, $t
      * @return \Illuminate\Http\JsonResponse|mixed
      */
     #[OA\Put(
-        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/track-chairs/tracks/{track_id}/selection-lists/{list_id}/reorder",
+        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/tracks/{track_id}/selection-lists/{list_id}/reorder",
+        operationId: 'reorderSelectionList',
         summary: "Reorder presentations in a selection list",
-        security: [["Bearer" => []]],
-        tags: ["summit-selected-presentation-lists"],
+        security: [["selected_presentation_list_oauth2" => [SummitScopes::WriteSummitData]]],
+        x: ["authz_groups" => [IGroup::SuperAdmins, IGroup::Administrators, IGroup::TrackChairs, IGroup::TrackChairsAdmins]],
+        tags: ["Summit Selected Presentation Lists"],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -447,10 +459,12 @@ public function reorderSelectionList($summit_id, $selection_plan_id, $track_id,
      * @return \Illuminate\Http\JsonResponse|mixed
      */
     #[OA\Post(
-        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/track-chairs/tracks/{track_id}/selection-lists/individual/presentation-selections/{collection}/presentations/{presentation_id}",
+        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/tracks/{track_id}/selection-lists/individual/presentation-selections/{collection}/presentations/{presentation_id}",
+        operationId: 'assignPresentationToMyIndividualList',
         summary: "Assign a presentation to current user's individual selection list",
-        security: [["Bearer" => []]],
-        tags: ["summit-selected-presentation-lists"],
+        security: [["selected_presentation_list_oauth2" => [SummitScopes::WriteSummitData]]],
+        x: ["authz_groups" => [IGroup::SuperAdmins, IGroup::Administrators, IGroup::TrackChairs, IGroup::TrackChairsAdmins]],
+        tags: ["Summit Selected Presentation Lists"],
         parameters: [
             new OA\Parameter(
                 name: "id",
@@ -527,10 +541,12 @@ public function assignPresentationToMyIndividualList($summit_id, $selection_plan
      * @return \Illuminate\Http\JsonResponse|mixed
      */
     #[OA\Delete(
-        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/track-chairs/tracks/{track_id}/selection-lists/individual/presentation-selections/{collection}/presentations/{presentation_id}",
+        path: "/api/v1/summits/{id}/selection-plans/{selection_plan_id}/tracks/{track_id}/selection-lists/individual/presentation-selections/{collection}/presentations/{presentation_id}",
+        operationId: 'removePresentationFromMyIndividualList',
         summary: "Remove a presentation from current user's individual selection list",
-        security: [["Bearer" => []]],
-        tags: ["summit-selected-presentation-lists"],
+        security: [["selected_presentation_list_oauth2" => [SummitScopes::WriteSummitData]]],
+        x: ["authz_groups" => [IGroup::SuperAdmins, IGroup::Administrators, IGroup::TrackChairs, IGroup::TrackChairsAdmins]],
+        tags: ["Summit Selected Presentation Lists"],
         parameters: [
             new OA\Parameter(
                 name: "id",
diff --git a/app/Swagger/Security/SelectedPresentationListAuthSchema.php b/app/Swagger/Security/SelectedPresentationListAuthSchema.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Swagger\Security;
+
+use App\Security\SummitScopes;
+use OpenApi\Attributes as OA;
+
+#[
+    OA\SecurityScheme(
+        type: 'oauth2',
+        securityScheme: 'selected_presentation_list_oauth2',
+        flows: [
+            new OA\Flow(
+                authorizationUrl: L5_SWAGGER_CONST_AUTH_URL,
+                tokenUrl: L5_SWAGGER_CONST_TOKEN_URL,
+                flow: 'authorizationCode',
+                scopes: [
+                    SummitScopes::ReadSummitData => 'Read Summit Data',
+                    SummitScopes::WriteSummitData => 'Write Summit Data',
+                ],
+            ),
+        ],
+    )
+]
+class SelectedPresentationListAuthSchema {}
diff --git a/app/Swagger/SummitPresentationSchemas.php b/app/Swagger/SummitPresentationSchemas.php
@@ -6,22 +6,19 @@
 
 #[OA\Schema(
     schema: "SummitSelectedPresentationList",
-    required: ["id", "created", "last_edited", "name", "type", "hash", "selected_presentations", "interested_presentations"],
     properties: [
         new OA\Property(property: "id", type: "integer", example: 1),
         new OA\Property(property: "created", type: "integer", description: "Unix timestamp", example: 1640995200),
         new OA\Property(property: "last_edited", type: "integer", description: "Unix timestamp", example: 1640995200),
         new OA\Property(property: "name", type: "string", example: "My Selection List"),
         new OA\Property(property: "type", type: "string", enum: ["Individual", "Group"], example: "Individual"),
         new OA\Property(property: "hash", type: "string", example: "abc123def456"),
-        new OA\Property(property: "selected_presentations", type: "array", items: new OA\Items(type: "integer"), description: "Array of selected presentation IDs"),
-        new OA\Property(property: "interested_presentations", type: "array", items: new OA\Items(type: "integer"), description: "Array of interested presentation IDs (only for Individual lists)", nullable: true),
-        new OA\Property(property: "category_id", type: "integer", example: 5),
-        new OA\Property(property: "category", ref: "#/components/schemas/PresentationCategory"),
-        new OA\Property(property: "owner_id", type: "integer", example: 10),
-        new OA\Property(property: "owner", ref: "#/components/schemas/Member"),
-        new OA\Property(property: "selection_plan_id", type: "integer", example: 3),
-        new OA\Property(property: "selection_plan", ref: "#/components/schemas/SelectionPlan"),
+        new OA\Property(property: "selected_presentations", type: "array", items: new OA\Items(type: "integer"), description: "Array of SummitSelectedPresentation IDs of collection \"selected\", full objects when ?expand=selected_presentations" ),
+        new OA\Property(property: "interested_presentations", type: "array", items: new OA\Items(type: "integer"), description: "Array of SummitSelectedPresentation IDs of collection \"maybe\", full objects when ?expand=interested_presentations", nullable: true),
+        new OA\Property(property: "category_id", type: "integer", example: 5, description: "PresentationCategory ID, full object when ?expand=category", nullable: true),
+        new OA\Property(property: "owner_id", type: "integer", example: 10, nullable: true, description: "Member ID not present when ?expand=owner"),
+        new OA\Property(property: "owner", ref: "#/components/schemas/Member", description: "Member full object when ?expand=owner)", nullable: true),
+        new OA\Property(property: "selection_plan_id", type: "integer", example: 3, description: "SelectionPlan ID, full object when ?expand=selection_plan)", nullable: true),
     ]
 )]
 class SummitSelectedPresentationList {}
