fix: review feedback

Signed-off-by: romanetar <roman_ag@hotmail.com>

Author: romanetar

app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitBadgeScanApiController.php

@@ -126,10 +126,6 @@ protected function addChild(Summit $summit, array $payload): IEntity
         if (is_null($current_member))
             throw new HTTP403ForbiddenException();
 
-        if (!$current_member->hasSponsorMembershipsFor($summit)) {
-            throw new HTTP403ForbiddenException('Only sponsor users can add badge scans.');
-        }
-
         return $this->service->addBadgeScan($summit, $current_member, $payload);
     }
 

app/Models/Foundation/Main/Member.php

@@ -1994,14 +1994,36 @@ public function addSummitRegistrationOrder(SummitOrder $summit_order)
     /**
      * @param Summit $summit
      * @return ArrayCollection
+     * @throws Exception
      */
-    public function getSponsorsBySummit(Summit $summit): ArrayCollection
+    public function getAllowedSponsorsBySummit(Summit $summit): ArrayCollection
     {
-        return new ArrayCollection(
-            $this->sponsor_memberships->filter(function ($entity) use ($summit) {
-                return $entity->getSummitId() == $summit->getId();
-            })->toArray()
-        );
+        $sql = <<<SQL
+SELECT su.SponsorID
+FROM Sponsor_Users su
+INNER JOIN Sponsor s ON s.ID = su.SponsorID
+WHERE su.MemberID = :member_id
+    AND s.SummitID = :summit_id
+    AND (
+        JSON_CONTAINS(COALESCE(su.Permissions, '[]'), JSON_QUOTE(:slug_sponsors))
+        OR JSON_CONTAINS(COALESCE(su.Permissions, '[]'), JSON_QUOTE(:slug_external))
+    )
+SQL;
+        $ids = $this->prepareRawSQL($sql, [
+            'member_id'     => $this->getId(),
+            'summit_id'     => $summit->getId(),
+            'slug_sponsors' => IGroup::Sponsors,
+            'slug_external' => IGroup::SponsorExternalUsers,
+        ])->executeQuery()->fetchFirstColumn();
+
+        if (empty($ids)) {
+            return new ArrayCollection();
+        }
+
+        $position = array_flip($ids);
+        $sponsors = $this->getEM()->getRepository(Sponsor::class)->findBy(['id' => $ids]);
+        usort($sponsors, fn($a, $b) => $position[$a->getId()] <=> $position[$b->getId()]);
+        return new ArrayCollection($sponsors);
     }
 
     /**

app/Services/Model/Imp/SponsorUserInfoGrantService.php

@@ -178,24 +178,22 @@ public function addBadgeScan(Summit $summit, Member $current_member, array $data
             if(is_null($badge))
                 throw new EntityNotFoundException("badge not found.");
 
-            $member_sponsors = $current_member->getSponsorsBySummit($summit);
+            $member_sponsors = $current_member->getAllowedSponsorsBySummit($summit);
 
-            if($member_sponsors->isEmpty())
-                throw new ValidationException("Current member does not belong to any sponsor of this summit.");
+            if ($member_sponsors->isEmpty())
+                throw new ValidationException("Current member does not have badge scan permissions for any sponsor of this summit.");
 
-            if($member_sponsors->count() === 1) {
+            if ($member_sponsors->count() === 1) {
                 $sponsor = $member_sponsors->first();
             } else {
-                if(empty($data['sponsor_id']))
+                if (empty($data['sponsor_id']))
                     throw new ValidationException("sponsor_id is required when the member belongs to multiple sponsors.");
-                $sponsor = $current_member->getSponsorBySummitAndId($summit, intval($data['sponsor_id']));
-                if(is_null($sponsor))
+                $sponsor_id = intval($data['sponsor_id']);
+                $sponsor = $member_sponsors->filter(fn($s) => $s->getId() === $sponsor_id)->first();
+                if ($sponsor === false)
                     throw new ValidationException("Current member does not belong to the selected summit sponsor.");
             }
 
-            if(!$current_member->hasSponsorMembershipsFor($summit, $sponsor))
-                throw new ValidationException("Current member does not have badge scan permissions for the selected sponsor.");
-
             $scan = new SponsorBadgeScan();
             $scan->setScanDate($scan_date);
             $scan->setQRCode($qr_code);

tests/oauth2/OAuth2SummitBadgeScanApiControllerTest.php

@@ -91,7 +91,7 @@ public function testAddEncryptedBadgeScan(){
         self::$em->flush();
 
         $this->assertTrue($sponsor->hasUser(self::$member));
-        $this->assertGreaterThan(0, self::$member->getSponsorsBySummit(self::$summit)->count());
+        $this->assertGreaterThan(0, self::$member->getAllowedSponsorsBySummit(self::$summit)->count());
 
         $badge = $attendee->getFirstTicket()->getBadge();
         $badge_qr_code = $badge->generateQRCode();
@@ -371,7 +371,10 @@ public function testAddBadgeScanWithMultipleSponsorsWithoutSponsorId()
 
         self::$em->flush();
 
-        $this->assertGreaterThan(1, self::$member->getSponsorsBySummit(self::$summit)->count());
+        self::$member->addSponsorPermission($sponsor1->getId(), IGroup::Sponsors);
+        self::$member->addSponsorPermission($sponsor2->getId(), IGroup::Sponsors);
+
+        $this->assertGreaterThan(1, self::$member->getAllowedSponsorsBySummit(self::$summit)->count());
 
         $params = [
             'id' => self::$summit->getId(),
@@ -416,7 +419,10 @@ public function testAddBadgeScanWithMultipleSponsorsWithSponsorId()
 
         self::$em->flush();
 
-        $this->assertGreaterThan(1, self::$member->getSponsorsBySummit(self::$summit)->count());
+        self::$member->addSponsorPermission($sponsor1->getId(), IGroup::Sponsors);
+        self::$member->addSponsorPermission($sponsor2->getId(), IGroup::Sponsors);
+
+        $this->assertGreaterThan(1, self::$member->getAllowedSponsorsBySummit(self::$summit)->count());
 
         $params = [
             'id' => self::$summit->getId(),