feat: per-sponsor member permission tracking with JSON column on Sponsor_User

Signed-off-by: romanetar <roman_ag@hotmail.com>

Author: romanetar

app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitBadgeScanApiController.php

@@ -95,6 +95,8 @@ function getAddValidationRules(array $payload): array
         return [
             'qr_code'   => 'required_without:attendee_email|string',
             'attendee_email'   => 'required_without:qr_code|email',
+            'qr_code'   => 'required|string',
+            'sponsor_id' => 'sometimes|integer',
             'scan_date' => 'required|date_format:U|epoch_seconds',
             'notes' => 'sometimes|string|max:1024',
             'extra_questions' => 'sometimes|extra_question_dto_array',
@@ -115,6 +117,9 @@ function getCheckInValidationRules(): array
      * @param Summit $summit
      * @param array $payload
      * @return IEntity
+     * @throws EntityNotFoundException
+     * @throws HTTP403ForbiddenException
+     * @throws ValidationException
      */
     protected function addChild(Summit $summit, array $payload): IEntity
     {
@@ -381,7 +386,7 @@ function($filter) use($summit, $current_member){
                     if (!is_null($current_member)){
                         if ($current_member->isAuthzFor($summit)) return $filter;
                         // add filter for sponsor user
-                        if ($current_member->isSponsorUser()) {
+                        if ($current_member->isSponsorUser() || $current_member->isExternalSponsorUser()) {
                             $sponsor_ids = $current_member->getSponsorMembershipIds($summit);
                             // is allowed sponsors are empty, add dummy value
                             if (!count($sponsor_ids)) $sponsor_ids[] = 0;

app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitSponsorApiController.php

@@ -187,7 +187,7 @@ protected function applyExtraFilters(Filter $filter):Filter {
                 // check AUTHZ for sponsors
                 if($current_member->isAuthzFor($summit)) return $filter;
                 // add filter for sponsor user
-                if ($current_member->isSponsorUser()) {
+                if ($current_member->isSponsorUser() || $current_member->isExternalSponsorUser()) {
                     $sponsor_ids = $current_member->getSponsorMembershipIds($summit);
                     // is allowed sponsors are empty, add dummy value
                     if (!count($sponsor_ids)) $sponsor_ids[] = 0;

app/Jobs/SponsorServices/UpdateSponsorMemberGroupsMQJob.php

@@ -62,11 +62,13 @@ public function handle(SponsorServicesMQJob $job): void
             $data = $payload['data'];
             $user_external_id = intval($data['user_external_id']);
             $group_slug = $data['group_slug'];
+            $sponsor_id = intval($data['sponsor_id']);
+            $summit_id = intval($data['summit_id']);
 
             if ($event_type === EventTypes::AUTH_USER_ADDED_TO_GROUP) {
-                $this->service->addSponsorUserToGroup($user_external_id, $group_slug);
+                $this->service->addSponsorUserToGroup($user_external_id, $group_slug, $sponsor_id, $summit_id);
             } else if ($event_type === EventTypes::AUTH_USER_REMOVED_FROM_GROUP) {
-                $this->service->removeSponsorUserFromGroup($user_external_id, $group_slug);
+                $this->service->removeSponsorUserFromGroup($user_external_id, $group_slug, $sponsor_id, $summit_id);
             }
             $job->delete();
         } catch (\Exception $ex) {

app/Models/Foundation/Main/Member.php

@@ -21,6 +21,7 @@
 use App\Models\Foundation\Summit\Events\RSVP\RSVPInvitation;
 use Doctrine\ORM\Query\ResultSetMappingBuilder;
 use Illuminate\Support\Facades\Config;
+use Doctrine\DBAL\ParameterType;
 use LaravelDoctrine\ORM\Facades\EntityManager;
 use models\summit\Presentation;
 use models\summit\SummitMetric;
@@ -1832,21 +1833,44 @@ public function getLastNSponsorMemberships($last_n = 2)
      */
     public function getActiveSummitsSponsorMemberships()
     {
-        $dql = <<<DQL
-SELECT sp
-FROM models\summit\Sponsor sp
-JOIN sp.members m
-JOIN sp.summit s
-WHERE m.id = :member_id
-AND s.end_date >= :now
-ORDER BY s.begin_date ASC
-DQL;
-
-        $query = $this->createQuery($dql);
-        return $query
-            ->setParameter('member_id', $this->getId())
-            ->setParameter('now', new \DateTime('now', new \DateTimeZone('UTC')))
-            ->getResult();
+        // Step 1 — use native SQL (needed for JSON_CONTAINS) to collect IDs only.
+        $idSql = <<<SQL
+SELECT sp.ID
+FROM Sponsor sp
+INNER JOIN Sponsor_Users su ON su.SponsorID = sp.ID
+INNER JOIN Summit s ON s.ID = sp.SummitID
+WHERE su.MemberID = :member_id
+    AND s.SummitEndDate >= :now
+    AND (
+        JSON_CONTAINS(COALESCE(su.Permissions, '[]'), JSON_QUOTE(:slug_sponsors))
+        OR JSON_CONTAINS(COALESCE(su.Permissions, '[]'), JSON_QUOTE(:slug_external))
+    )
+ORDER BY s.SummitBeginDate ASC
+SQL;
+
+        $stmt = $this->prepareRawSQL($idSql, [
+            'member_id'     => $this->getId(),
+            'now'           => (new \DateTime('now', new \DateTimeZone('UTC')))->format('Y-m-d H:i:s'),
+            'slug_sponsors' => IGroup::Sponsors,
+            'slug_external' => IGroup::SponsorExternalUsers,
+        ]);
+        $ids = $stmt->executeQuery()->fetchFirstColumn();
+
+        if (empty($ids)) {
+            return [];
+        }
+
+        // Step 2 — load each Sponsor by PK. find() uses a different code path that avoids
+        // the ORM 3 assertion failure triggered by the OneToOne inverse associations on Sponsor
+        // (lead_report_setting, sponsorservices_statistics) when using DQL/native query hydration.
+        $sponsors = [];
+        foreach ($ids as $id) {
+            $sponsor = $this->getEM()->find(\models\summit\Sponsor::class, $id);
+            if ($sponsor !== null) {
+                $sponsors[] = $sponsor;
+            }
+        }
+        return $sponsors;
     }
 
     /**
@@ -1859,11 +1883,17 @@ public function getSponsorMembershipIds(Summit $summit): array
 FROM Sponsor_Users
 INNER JOIN Sponsor ON Sponsor.ID = Sponsor_Users.SponsorID
 WHERE MemberID = :member_id AND Sponsor.SummitID = :summit_id
+    AND (
+        JSON_CONTAINS(COALESCE(Sponsor_Users.Permissions, '[]'), JSON_QUOTE(:slug_sponsors))
+        OR JSON_CONTAINS(COALESCE(Sponsor_Users.Permissions, '[]'), JSON_QUOTE(:slug_external))
+    )
 SQL;
 
-        $stmt = $this->prepareRawSQL($sql,  [
-            'member_id' => $this->getId(),
-            'summit_id' => $summit->getId(),
+        $stmt = $this->prepareRawSQL($sql, [
+            'member_id'     => $this->getId(),
+            'summit_id'     => $summit->getId(),
+            'slug_sponsors' => IGroup::Sponsors,
+            'slug_external' => IGroup::SponsorExternalUsers,
         ]);
         $res = $stmt->executeQuery();
         return $res->fetchFirstColumn();
@@ -1881,11 +1911,17 @@ public function hasSponsorMembershipsFor(Summit $summit, Sponsor $sponsor = null
 WHERE
     MemberID = :member_id
     AND Sponsor.SummitID = :summit_id
+    AND (
+        JSON_CONTAINS(COALESCE(Sponsor_Users.Permissions, '[]'), JSON_QUOTE(:slug_sponsors))
+        OR JSON_CONTAINS(COALESCE(Sponsor_Users.Permissions, '[]'), JSON_QUOTE(:slug_external))
+    )
 SQL;
 
-        $params =   [
-            'member_id' => $this->getId(),
-            'summit_id' => $summit->getId(),
+        $params = [
+            'member_id'      => $this->getId(),
+            'summit_id'      => $summit->getId(),
+            'slug_sponsors'  => IGroup::Sponsors,
+            'slug_external'  => IGroup::SponsorExternalUsers,
         ];
 
         if(!is_null($sponsor)) {
@@ -1956,12 +1992,26 @@ public function addSummitRegistrationOrder(SummitOrder $summit_order)
 
     /**
      * @param Summit $summit
+     * @return ArrayCollection
+     */
+    public function getSponsorsBySummit(Summit $summit): ArrayCollection
+    {
+        return new ArrayCollection(
+            $this->sponsor_memberships->filter(function ($entity) use ($summit) {
+                return $entity->getSummitId() == $summit->getId();
+            })->toArray()
+        );
+    }
+
+    /**
+     * @param Summit $summit
+     * @param int $sponsor_id
      * @return Sponsor|null
      */
-    public function getSponsorBySummit(Summit $summit): ?Sponsor
+    public function getSponsorBySummitAndId(Summit $summit, int $sponsor_id): ?Sponsor
     {
-        $sponsor = $this->sponsor_memberships->filter(function ($entity) use ($summit) {
-            return $entity->getSummitId() == $summit->getId();
+        $sponsor = $this->sponsor_memberships->filter(function ($entity) use ($summit, $sponsor_id) {
+            return $entity->getSummitId() == $summit->getId() && $entity->getId() == $sponsor_id;
         })->first();
 
         return $sponsor === false ? null : $sponsor;
@@ -3412,6 +3462,63 @@ public function getIndividualMemberJoinDate(): ?\DateTime
         return $this->individual_member_join_date;
     }
 
+    /**
+     * Appends $group_slug to the Permissions JSON array on the Sponsor_Users row
+     * for this member and the given sponsor. Idempotent: the slug is only added
+     * when it is not already present.
+     */
+    public function addSponsorPermission(int $sponsor_id, string $group_slug): void
+    {
+        $sql = <<<SQL
+UPDATE Sponsor_Users
+SET Permissions = IF(
+    JSON_CONTAINS(COALESCE(Permissions, '[]'), JSON_QUOTE(:group_slug)),
+    Permissions,
+    JSON_ARRAY_APPEND(COALESCE(Permissions, '[]'), '$', :group_slug)
+)
+WHERE SponsorID = :sponsor_id AND MemberID = :member_id
+SQL;
+        $stmt = $this->prepareRawSQL($sql, [
+            'group_slug' => $group_slug,
+            'sponsor_id' => $sponsor_id,
+            'member_id'  => $this->getId(),
+        ]);
+        $stmt->executeStatement();
+    }
+
+    /**
+     * Removes $group_slug from the Permissions JSON array on the Sponsor_Users row
+     * for this member and the given sponsor, then returns how many other Sponsor_Users
+     * rows for this member still carry that slug. The caller uses the count to decide
+     * whether to also revoke the global group membership.
+     */
+    public function removeSponsorPermission(int $sponsor_id, string $group_slug): int
+    {
+        $removeSQL = <<<SQL
+UPDATE Sponsor_Users
+SET Permissions = JSON_REMOVE(Permissions, JSON_UNQUOTE(JSON_SEARCH(Permissions, 'one', :group_slug)))
+WHERE SponsorID = :sponsor_id AND MemberID = :member_id
+AND JSON_CONTAINS(COALESCE(Permissions, '[]'), JSON_QUOTE(:group_slug))
+SQL;
+        $stmt = $this->prepareRawSQL($removeSQL, [
+            'group_slug' => $group_slug,
+            'sponsor_id' => $sponsor_id,
+            'member_id'  => $this->getId(),
+        ]);
+        $stmt->executeStatement();
+
+        $countSQL = <<<SQL
+SELECT COUNT(*) FROM Sponsor_Users
+WHERE MemberID = :member_id
+AND JSON_CONTAINS(COALESCE(Permissions, '[]'), JSON_QUOTE(:group_slug))
+SQL;
+        $stmt = $this->prepareRawSQL($countSQL, [
+            'member_id'  => $this->getId(),
+            'group_slug' => $group_slug,
+        ]);
+        return intval($stmt->executeQuery()->fetchOne());
+    }
+
     public function addSponsorMembership(Sponsor $sponsor):void
     {
         if($this->sponsor_memberships->contains($sponsor)) return;

app/Models/Foundation/Main/Strategies/SponsorMemberSummitStrategy.php

@@ -11,6 +11,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
+use App\Models\Foundation\Main\IGroup;
 use LaravelDoctrine\ORM\Facades\Registry;
 use Libs\Utils\Doctrine\DoctrineStatementValueBinder;
 use models\summit\Summit;
@@ -41,13 +42,19 @@ public function getAllAllowedSummitIds(): array
         $sql = <<<SQL
 SELECT DISTINCT(Sponsor.SummitID)
 FROM Sponsor_Users INNER JOIN Sponsor ON Sponsor_Users.SponsorID = Sponsor.ID
-WHERE Sponsor_Users.MemberID = :member_id;
+WHERE Sponsor_Users.MemberID = :member_id
+    AND (
+        JSON_CONTAINS(COALESCE(Sponsor_Users.Permissions, '[]'), JSON_QUOTE(:slug_sponsors))
+        OR JSON_CONTAINS(COALESCE(Sponsor_Users.Permissions, '[]'), JSON_QUOTE(:slug_external))
+    );
 SQL;
 
         $stmt = DoctrineStatementValueBinder::bind(
             $em->getConnection()->prepare($sql),
             [
-                'member_id' => $this->member_id,
+                'member_id'     => $this->member_id,
+                'slug_sponsors' => IGroup::Sponsors,
+                'slug_external' => IGroup::SponsorExternalUsers,
             ]
         );
         $res = $stmt->executeQuery();
@@ -67,14 +74,20 @@ public function isSummitAllowed(Summit $summit): bool
 SELECT COUNT(Sponsor.SummitID)
 FROM Sponsor_Users INNER JOIN Sponsor ON Sponsor_Users.SponsorID = Sponsor.ID
 WHERE Sponsor_Users.MemberID = :member_id
-        AND Sponsor.SummitID = :summit_id
+    AND Sponsor.SummitID = :summit_id
+    AND (
+        JSON_CONTAINS(COALESCE(Sponsor_Users.Permissions, '[]'), JSON_QUOTE(:slug_sponsors))
+        OR JSON_CONTAINS(COALESCE(Sponsor_Users.Permissions, '[]'), JSON_QUOTE(:slug_external))
+    )
 SQL;
 
             $stmt = DoctrineStatementValueBinder::bind(
                 $em->getConnection()->prepare($sql),
                 [
-                    'member_id' => $this->member_id,
-                    'summit_id' => $summit->getId(),
+                    'member_id'     => $this->member_id,
+                    'summit_id'     => $summit->getId(),
+                    'slug_sponsors' => IGroup::Sponsors,
+                    'slug_external' => IGroup::SponsorExternalUsers,
                 ]
             );
             $res = $stmt->executeQuery();

app/Models/Foundation/Summit/Sponsor.php

@@ -392,16 +392,6 @@ public function addUser(Member $user)
             );
         }
 
-        if($user->hasSponsorMembershipsFor($this->getSummit()))
-            throw new ValidationException
-            (
-                sprintf
-                (
-                    "Member %s already belongs to an sponsor for summit %s",
-                    $user->getId(),
-                    $this->getSummit()->getId()
-                )
-            );
         // see https://www.doctrine-project.org/projects/doctrine-orm/en/3.5/reference/working-with-associations.html#synchronizing-bidirectional-collections
         $this->members->add($user);
         $user->addSponsorMembership($this);

app/Services/Model/ISponsorUserSyncService.php

@@ -47,20 +47,24 @@ public function removeSponsorUser(int $summit_id, int $user_id, ?int $sponsor_id
     /**
      * @param int $user_id
      * @param string $group_slug
+     * @param int $sponsor_id
+     * @param int $summit_id
      * @return void
      * @throws EntityNotFoundException
      * @throws ValidationException
      * @throws Exception
      */
-    public function addSponsorUserToGroup(int $user_id, string $group_slug): void;
+    public function addSponsorUserToGroup(int $user_id, string $group_slug, int $sponsor_id, int $summit_id): void;
 
     /**
      * @param int $user_id
      * @param string $group_slug
+     * @param int $sponsor_id
+     * @param int $summit_id
      * @return void
      * @throws EntityNotFoundException
      * @throws ValidationException
      * @throws Exception
      */
-    public function removeSponsorUserFromGroup(int $user_id, string $group_slug): void;
+    public function removeSponsorUserFromGroup(int $user_id, string $group_slug, int $sponsor_id, int $summit_id): void;
 }

app/Services/Model/Imp/SponsorUserInfoGrantService.php

@@ -167,7 +167,7 @@ public function addBadgeScan(Summit $summit, Member $current_member, array $data
 
             /*
             if(!($scan_date >= $begin_date && $scan_date <= $end_date))
-                throw new ValidationException("scan_date is does not belong to summit period.");
+                throw new ValidationException("scan_date does not belong to summit period.");
             */
             if(empty($ticket_number)){
                 throw new ValidationException("Ticket not found.");
@@ -178,10 +178,20 @@ public function addBadgeScan(Summit $summit, Member $current_member, array $data
             if(is_null($badge))
                 throw new EntityNotFoundException("badge not found.");
 
-            $sponsor = $current_member->getSponsorBySummit($summit);
+            $member_sponsors = $current_member->getSponsorsBySummit($summit);
 
-            if(is_null($sponsor))
-                throw new ValidationException("Current member does not belongs to any summit sponsor.");
+            if($member_sponsors->isEmpty())
+                throw new ValidationException("Current member does not belong to any sponsor of this summit.");
+
+            if($member_sponsors->count() === 1) {
+                $sponsor = $member_sponsors->first();
+            } else {
+                if(empty($data['sponsor_id']))
+                    throw new ValidationException("sponsor_id is required when the member belongs to multiple sponsors.");
+                $sponsor = $current_member->getSponsorBySummitAndId($summit, intval($data['sponsor_id']));
+                if(is_null($sponsor))
+                    throw new ValidationException("Current member does not belong to the selected summit sponsor.");
+            }
 
             $scan = new SponsorBadgeScan();
             $scan->setScanDate($scan_date);