Add ability to impersonate users

Modify judging to use only defined scores if an audition has split scoring.
Now able to manage split score definitions
2025-11-01 11:58:33 -05:00 · 2025-10-31 16:37:19 -05:00 · 2025-10-31 14:35:37 -05:00 · 2025-10-31 08:42:59 -05:00 · 2025-10-31 08:38:41 -05:00
18 changed files with 448 additions and 4 deletions
--- a/app/Actions/Tabulation/EnterScore.php
+++ b/app/Actions/Tabulation/EnterScore.php
@ -12,6 +12,7 @@ use App\Models\AuditLogEntry;
 use App\Models\Entry;
 use App\Models\EntryTotalScore;
 use App\Models\ScoreSheet;
+use App\Models\SubscoreDefinition;
 use App\Models\User;
 use Illuminate\Support\Facades\DB;

@ -70,7 +71,12 @@ class EnterScore
        }

        // Check the validity of submitted subscores, format array for storage, and sum score
+        if ($entry->audition->splitScoreDefinition) {
+            $subscoreIDs = $entry->audition->splitScoreDefinition->subscoresForJudge($user);
+            $subscoresRequired = SubscoreDefinition::findMany($subscoreIDs);
+        } else {
            $subscoresRequired = $entry->audition->scoringGuide->subscores;
+        }
        $subscoresStorageArray = [];
        $seatingTotal = 0;
        $seatingMaxPossible = 0;
--- a/app/Enums/UserFlags.php
+++ b/app/Enums/UserFlags.php
@ -6,4 +6,5 @@ enum UserFlags: string
 {
    case HEAD_DIRECTOR = 'head_director';
    case MONITOR = 'monitor';
+    case CAN_IMPERSONATE = 'can_impersonate';
 }
--- a/app/Http/Controllers/Admin/ImpersonationController.php
+++ b/app/Http/Controllers/Admin/ImpersonationController.php
@ -0,0 +1,78 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use App\Http\Controllers\Controller;
+use App\Models\User;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+use function auditionLog;
+
+class ImpersonationController extends Controller
+{
+    public function start(Request $request)
+    {
+        $user = User::findOrFail($request->user_id);
+        $admin = $request->user();
+
+        if (! $admin->can('impersonate', $user)) {
+            abort(403);
+        }
+
+        // Prevent impersonating yourself or impersonating if already impersonating
+        if ($admin->id === $user->id || session()->has('impersonator_id')) {
+            return back()->with('error', 'Cannot impersonate.');
+        }
+
+        // Save the original admin id and optionally guard
+        session()->put('impersonator_id', $admin->id);
+        session()->put('impersonator_started_at', now()->toDateTimeString());
+
+        auditionLog('Started impersonating '.$user->full_name().' - '.$user->email, ['users' => [$user->id]]);
+
+        // Switch user
+        Auth::loginUsingId($user->getAuthIdentifier());
+
+        // Regenerate session to mitigate fixation
+        $request->session()->regenerate();
+
+        return redirect(route('dashboard'))->with('success', 'Now impersonating '.$user->email);
+    }
+
+    public function stop(Request $request)
+    {
+        $impersonatedUser = Auth::user();
+        $impersonatorId = session('impersonator_id');
+        if (! $impersonatorId) {
+            return back()->with('error', 'Not impersonating.');
+        }
+
+        // Restore original admin
+        $admin = User::find($impersonatorId);
+        if ($admin) {
+            Auth::loginUsingId($admin->getAuthIdentifier());
+        } else {
+            // If admin was deleted, just log out
+            Auth::logout();
+        }
+
+        auditionLog('Stopped impersonating '.$impersonatedUser->full_name().' - '.$impersonatedUser->email, ['users' => [$impersonatedUser->id]]);
+
+        // Clear impersonation data
+        session()->forget(['impersonator_id', 'impersonator_started_at']);
+
+        // Regenerate session
+        $request->session()->regenerate();
+
+        return redirect(route('dashboard'))->with('success', 'Stopped impersonation.');
+    }
+
+    public function index()
+    {
+
+        $users = User::where('id', '!=', auth()->id())->get();
+
+        return view('admin.impersonation.index', compact('users'));
+    }
+}
--- a/app/Http/Controllers/Admin/SplitScoreDefinitionController.php
+++ b/app/Http/Controllers/Admin/SplitScoreDefinitionController.php
@ -0,0 +1,78 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\EditSplitScoreDefinitionRequest;
+use App\Models\Audition;
+use App\Models\SplitScoreDefinition;
+use Illuminate\Http\Request;
+
+class SplitScoreDefinitionController extends Controller
+{
+    public function index()
+    {
+        $splitScores = SplitScoreDefinition::all();
+
+        return view('admin.split_score_definitions.index', compact('splitScores'));
+    }
+
+    public function create()
+    {
+        $availableAuditions = Audition::doesntHave('splitScoreDefinition')->get();
+
+        return view('admin.split_score_definitions.create', compact('availableAuditions'));
+    }
+
+    public function store(Request $request)
+    {
+        $validated = $request->validate([
+            'audition_id' => 'required|exists:auditions,id|unique:split_score_definitions,audition_id',
+        ]);
+        $newSplit = SplitScoreDefinition::create([
+            'audition_id' => $validated['audition_id'],
+            'splits' => [],
+        ]);
+
+        return redirect()->route('admin.split_score_definitions.edit', $newSplit)->with('success',
+            'Split score definition created');
+    }
+
+    public function edit(SplitScoreDefinition $splitScoreDefinition)
+    {
+        $subscores = $splitScoreDefinition->audition->scoringGuide->subscores;
+        $judges = $splitScoreDefinition->audition->room->judges;
+
+        return view('admin.split_score_definitions.edit', compact('splitScoreDefinition', 'subscores', 'judges'));
+    }
+
+    public function update(EditSplitScoreDefinitionRequest $request, SplitScoreDefinition $splitScoreDefinition)
+    {
+        $savedSplits = $splitScoreDefinition->splits;
+        if ($request->validated()['split'] ?? false) {
+            $newSplit = [];
+            $submittedSplitData = $request->validated()['split'];
+            foreach ($submittedSplitData as $splitName => $splitData) {
+                $name = $splitName;
+                $judges = array_values($splitData['judges'] ?? []);
+                $subscores = array_values($splitData['subscores'] ?? []);
+                $newSplit[$name] = ['judges' => $judges, 'subscores' => $subscores];
+            }
+            $splitScoreDefinition->splits = $newSplit;
+            $splitScoreDefinition->save();
+
+        }
+        if ($request->validated()['new_split'] ?? false) {
+            $savedSplits[$request->validated()['new_split']] = ['judges' => [], 'subscores' => []];
+            $splitScoreDefinition->splits = $savedSplits;
+            $splitScoreDefinition->save();
+        }
+
+        return redirect()->route('admin.split_score_definitions.edit', $splitScoreDefinition);
+    }
+
+    public function destroy(SplitScoreDefinition $scoreDefinition)
+    {
+
+    }
+}
--- a/app/Http/Controllers/Judging/JudgingController.php
+++ b/app/Http/Controllers/Judging/JudgingController.php
@ -8,6 +8,7 @@ use App\Models\Audition;
 use App\Models\Entry;
 use App\Models\JudgeAdvancementVote;
 use App\Models\ScoreSheet;
+use App\Models\SubscoreDefinition;
 use App\Services\AuditionService;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
@ -46,7 +47,12 @@ class JudgingController extends Controller
        if ($audition->prelimDefinition) {
            $entries = $entries->reject(fn ($entry) => ! $entry->hasFlag('passed_prelim'));
        }
+        if ($audition->splitScoreDefinition) {
+            $subscoreIds = $audition->splitScoreDefinition->subscoresForJudge($request->user());
+            $subscores = SubscoreDefinition::findMany($subscoreIds)->sortBy('display_order');
+        } else {
            $subscores = $audition->scoringGuide->subscores()->orderBy('display_order')->get();
+        }

        $votes = JudgeAdvancementVote::where('user_id', Auth::id())->get();
        $published = $audition->hasFlag('advancement_published') || $audition->hasFlag('seats_published');
@ -76,12 +82,17 @@ class JudgingController extends Controller
            return redirect()->route('judging.auditionEntryList', $entry->audition)->with('error',
                'The requested entry is marked as having failed a prelim. Scores cannot be entered.');
        }
+        if ($entry->audition->splitScoreDefinition) {
+            $limitedSubscores = $entry->audition->splitScoreDefinition->subscoresForJudge($request->user());
+        } else {
+            $limitedSubscores = false;
+        }

        $oldSheet = ScoreSheet::where('user_id', Auth::id())->where('entry_id', $entry->id)->value('subscores') ?? null;
        $oldVote = JudgeAdvancementVote::where('user_id', Auth::id())->where('entry_id', $entry->id)->first();
        $oldVote = $oldVote ? $oldVote->vote : 'noVote';

-        return view('judging.entry_score_sheet', compact('entry', 'oldSheet', 'oldVote'));
+        return view('judging.entry_score_sheet', compact('entry', 'oldSheet', 'oldVote', 'limitedSubscores'));
    }

    public function saveScoreSheet(Request $request, Entry $entry, EnterScore $enterScore)
@ -91,7 +102,13 @@ class JudgingController extends Controller
        }

        // Validate form data
+        if ($entry->audition->splitScoreDefinition) {
+            $subscoreIDs = $entry->audition->splitScoreDefinition->subscoresForJudge($request->user());
+            $subscores = SubscoreDefinition::findMany($subscoreIDs);
+
+        } else {
            $subscores = $entry->audition->subscoreDefinitions;
+        }
        $validationChecks = [];
        foreach ($subscores as $subscore) {
            $validationChecks['score'.'.'.$subscore->id] = 'required|integer|max:'.$subscore->max_score;
--- a/app/Http/Requests/EditSplitScoreDefinitionRequest.php
+++ b/app/Http/Requests/EditSplitScoreDefinitionRequest.php
@ -0,0 +1,53 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Validation\Validator;
+
+class EditSplitScoreDefinitionRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return auth()->user()->is_admin;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+
+        return [
+            'new_split' => 'sometimes|string|max:255|min:1',
+            'split' => 'sometimes|array',
+        ];
+    }
+
+    public function after(): array
+    {
+        $splitScoreDefinition = $this->route('splitScoreDefinition');
+
+        return [
+            function (Validator $validator) use ($splitScoreDefinition) {
+                if ($this->has('new_split')) {
+                    $existingSplitNames = collect($splitScoreDefinition->splits)
+                        ->pluck('name')
+                        ->toArray();
+
+                    if (in_array($this->new_split, $existingSplitNames)) {
+                        $validator->errors()->add(
+                            'new_split',
+                            'This split name already exists in this definition.'
+                        );
+                    }
+                }
+            },
+        ];
+    }
+}
--- a/app/Models/Audition.php
+++ b/app/Models/Audition.php
@ -125,6 +125,11 @@ class Audition extends Model
        return $this->attributes['judges_count'];
    }

+    public function splitScoreDefinition(): HasOne
+    {
+        return $this->hasOne(SplitScoreDefinition::class);
+    }
+
    public function flags(): HasMany
    {
        return $this->hasMany(AuditionFlag::class);
--- a/app/Models/SplitScoreDefinition.php
+++ b/app/Models/SplitScoreDefinition.php
@ -0,0 +1,36 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+
+class SplitScoreDefinition extends Model
+{
+    use HasFactory;
+
+    protected $guarded = [];
+
+    protected $casts = [
+        'splits' => 'array',
+    ];
+
+    public function audition()
+    {
+        return $this->belongsTo(Audition::class);
+    }
+
+    public function subscoresForJudge(User $judge): array
+    {
+        $validSubscores = [];
+        foreach ($this->splits as $split) {
+            if (in_array($judge->id, $split['judges'])) {
+                foreach ($split['subscores'] as $subscore) {
+                    $validSubscores[] = $subscore;
+                }
+            }
+        }
+
+        return $validSubscores;
+    }
+}
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@ -38,6 +38,7 @@ use App\Services\EntryService;
 use App\Services\ScoreService;
 use App\Services\UserService;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\ServiceProvider;

 class AppServiceProvider extends ServiceProvider
@ -78,6 +79,9 @@ class AppServiceProvider extends ServiceProvider
        Student::observe(StudentObserver::class);
        User::observe(UserObserver::class);

+        Gate::define('impersonate', function ($admin, $target) {
+            return $admin->hasFlag('can_impersonate') && $admin->id !== $target->id;
+        });
        // Model::preventLazyLoading(! app()->isProduction());
    }
 }
--- a/app/Providers/FortifyServiceProvider.php
+++ b/app/Providers/FortifyServiceProvider.php
@ -65,5 +65,6 @@ class FortifyServiceProvider extends ServiceProvider
        Fortify::verifyEmailView(function () {
            return view('auth.verify-email');
        });
+
    }
 }
--- a/database/migrations/2025_10_31_125143_create_split_score_definitions_table.php
+++ b/database/migrations/2025_10_31_125143_create_split_score_definitions_table.php
@ -0,0 +1,30 @@
+<?php
+
+use App\Models\Audition;
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('split_score_definitions', function (Blueprint $table) {
+            $table->id();
+            $table->foreignIdFor(Audition::class)->unique()->constrained()->cascadeOnDelete()->cascadeOnUpdate();
+            $table->json('splits')->nullable();
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('split_score_definitions');
+    }
+};
--- a/resources/views/admin/impersonation/index.blade.php
+++ b/resources/views/admin/impersonation/index.blade.php
@ -0,0 +1,15 @@
+<x-layout.app>
+    <x-slot:page_title>Impersonation</x-slot:page_title>
+    <x-card.card class="max-w-lg mx-auto">
+        <x-card.heading>Select User to Impersonate</x-card.heading>
+        <x-form.form method="POST" action="{{ route('impersonate.start') }}">
+            <x-form.select name="user_id">
+                <x-slot:label>User to impersonate</x-slot:label>
+                @foreach ($users as $user)
+                    <option value="{{ $user->id }}">{{ $user->full_name() }}</option>
+                @endforeach
+            </x-form.select>
+            <x-form.footer submit-button-text="Impersonate" />
+        </x-form.form>
+    </x-card.card>
+</x-layout.app>
--- a/resources/views/admin/split_score_definitions/create.blade.php
+++ b/resources/views/admin/split_score_definitions/create.blade.php
@ -0,0 +1,19 @@
+<x-layout.app>
+    <x-slot:page_title>Split Score Definition</x-slot:page_title>
+    <x-card.card class="max-w-2xl mx-auto mt-5">
+        <x-card.heading>
+            Create Split Score
+        </x-card.heading>
+        <x-form.form method="POST" action="{{ route('admin.split_score_definitions.store') }}">
+            <x-form.select name="audition_id">
+                <x-slot:label>Audition</x-slot:label>
+                <option value="">Select Audition</option>
+                @foreach ($availableAuditions as $audition)
+                    <option value="{{ $audition->id }}">{{ $audition->name }}</option>
+                @endforeach
+            </x-form.select>
+            <x-form.button class="my-3">Create Split Score</x-form.button>
+        </x-form.form>
+
+    </x-card.card>
+</x-layout.app>
--- a/resources/views/admin/split_score_definitions/edit.blade.php
+++ b/resources/views/admin/split_score_definitions/edit.blade.php
@ -0,0 +1,50 @@
+<x-layout.app>
+    <x-slot:page_title>Split Score - {{ $splitScoreDefinition->audition->name }}</x-slot:page_title>
+    <x-card.card class="max-w-md mx-auto">
+        <x-card.heading>Add Split</x-card.heading>
+        <x-form.form class="my-3" action="{{ route('admin.split_score_definitions.update', $splitScoreDefinition) }}"
+                     method="PATCH">
+            <x-form.field name="new_split" label_text="New Split Name"/>
+            <x-form.button class="mt-3">Create New Split</x-form.button>
+        </x-form.form>
+    </x-card.card>
+
+    @if(is_array($splitScoreDefinition->splits))
+        <x-form.form method="patch" action="{{ route('admin.split_score_definitions.update', $splitScoreDefinition) }}">
+            @foreach($splitScoreDefinition->splits as $splitName => $splitData)
+                <x-card.card class="mt-3 max-w-2xl mx-auto">
+                    <x-card.heading>{{ $splitName }}</x-card.heading>
+                    <div class="grid grid-cols-2 gap-4 py-2 px-6">
+                        <div>
+                            <div class="font-semibold">Subscores</div>
+                            <x-card.list.body>
+                                @foreach($subscores as $subscore)
+                                    <x-card.list.row>
+                                        @php($checked = in_array($subscore->id, $splitScoreDefinition->splits[$splitName]['subscores']) ?? false)
+                                        <x-form.checkbox name="split[{{$splitName}}][subscores][{{$subscore->id}}]"
+                                                         value="{{$subscore->id}}" :checked="$checked"></x-form.checkbox>
+                                        {{ $subscore->name }}
+                                    </x-card.list.row>
+                                @endforeach
+                            </x-card.list.body>
+                        </div>
+                        <div>
+                            <div class="font-semibold">Judges</div>
+                            <x-card.list.body>
+                                @foreach($judges as $judge)
+                                    @php($checked = in_array($judge->id, $splitScoreDefinition->splits[$splitName]['judges']) ?? false)
+                                    <x-card.list.row>
+                                        <x-form.checkbox name="split[{{$splitName}}][judges][{{$judge->id}}]"
+                                                         value="{{$judge->id}}" :checked="$checked"></x-form.checkbox>
+                                        {{ $judge->full_name() }}
+                                    </x-card.list.row>
+                                @endforeach
+                            </x-card.list.body>
+                        </div>
+                    </div>
+                </x-card.card>
+            @endforeach
+            <x-form.button class="max-w-2xl mx-auto mt-4">Submit Changes</x-form.button>
+        </x-form.form>
+    @endif
+</x-layout.app>
--- a/resources/views/admin/split_score_definitions/index.blade.php
+++ b/resources/views/admin/split_score_definitions/index.blade.php
@ -0,0 +1,17 @@
+<x-layout.app>
+    <x-slot:page_title>Split Scores</x-slot:page_title>
+    <x-slot:title_bar_right>
+        <x-form.button href="{{ route('admin.split_score_definitions.create') }}">Create Split-Score</x-form.button>
+    </x-slot:title_bar_right>
+    <x-card.card class="max-w-md mx-auto">
+        <x-card.list.body>
+            @foreach($splitScores as $splitScore)
+                <x-card.list.row>
+                    <a href="{{ route('admin.split_score_definitions.edit', $splitScore) }}">
+                        {{ $splitScore->audition->name }}
+                    </a>
+                </x-card.list.row>
+            @endforeach
+        </x-card.list.body>
+    </x-card.card>
+</x-layout.app>
--- a/resources/views/components/layout/app.blade.php
+++ b/resources/views/components/layout/app.blade.php
@ -19,6 +19,14 @@
 </head>
 <body {{ $attributes->merge(['class' => 'h-full']) }}>
 <div class="min-h-full">
+    @if(session()->has('impersonator_id'))
+        <div class="bg-red-500 text-white ml pl-10 py-2">
+            Currently impersonating {{ auth()->user()->full_name() }}
+            <x-form.form method="post" action="{{ route('impersonate.stop') }}">
+                <button>End Impersonation</button>
+            </x-form.form>
+        </div>
+    @endif
 {{--    @if(request()->is('*admin*'))--}}
 {{--        <x-layout.navbar.navbar-admin />--}}
 {{--    @else--}}
--- a/resources/views/judging/entry_score_sheet.blade.php
+++ b/resources/views/judging/entry_score_sheet.blade.php
@ -21,6 +21,7 @@
            @endif
            <x-card.list.body class="mt-1">
                @foreach($entry->audition->scoringGuide->subscores()->orderBy('display_order')->get() as $subscore)
+                    @continue($limitedSubscores && ! in_array($subscore->id, $limitedSubscores))
                    @php
                        if($oldScores) {
                            $value = $oldScores['score'][$subscore->id];
--- a/routes/admin.php
+++ b/routes/admin.php
@ -11,6 +11,7 @@ use App\Http\Controllers\Admin\EntryController;
 use App\Http\Controllers\Admin\EventController;
 use App\Http\Controllers\Admin\ExportEntriesController;
 use App\Http\Controllers\Admin\ExportResultsController;
+use App\Http\Controllers\Admin\ImpersonationController;
 use App\Http\Controllers\Admin\PrelimDefinitionController;
 use App\Http\Controllers\Admin\PrintCards;
 use App\Http\Controllers\Admin\PrintRoomAssignmentsController;
@ -20,6 +21,7 @@ use App\Http\Controllers\Admin\RecapController;
 use App\Http\Controllers\Admin\RoomController;
 use App\Http\Controllers\Admin\SchoolController;
 use App\Http\Controllers\Admin\ScoringGuideController;
+use App\Http\Controllers\Admin\SplitScoreDefinitionController;
 use App\Http\Controllers\Admin\StudentController;
 use App\Http\Controllers\Admin\UserController;
 use App\Http\Controllers\Admin\YearEndResetController;
@ -219,4 +221,27 @@ Route::middleware(['auth', 'verified', CheckIfAdmin::class])->prefix('admin/')->
        Route::patch('/{prelimDefinition}', 'update')->name('admin.prelim_definitions.update');
        Route::delete('/{prelimDefinition}', 'destroy')->name('admin.prelim_definitions.destroy');
    });
+
+    // SplitScoreDefinition Routes
+    Route::prefix('split_score_definitions')->controller(SplitScoreDefinitionController::class)->group(function () {
+        Route::get('/', 'index')->name('admin.split_score_definitions.index');
+        Route::get('/new', 'create')->name('admin.split_score_definitions.create');
+        Route::post('/', 'store')->name('admin.split_score_definitions.store');
+        Route::get('/{splitScoreDefinition}', 'edit')->name('admin.split_score_definitions.edit');
+        Route::patch('/{splitScoreDefinition}', 'update')->name('admin.split_score_definitions.update');
+        Route::delete('/{splitScoreDefinition}', 'destroy')->name('admin.split_score_definitions.destroy');
    });
+
+});
+
+// Impersonation Routes
+Route::middleware(['auth', 'verified', CheckIfAdmin::class])->get('su/',
+    [ImpersonationController::class, 'index'])
+    ->name('impersonate.index');
+
+Route::middleware(['auth', 'verified', CheckIfAdmin::class])->post('su/start',
+    [ImpersonationController::class, 'start'])
+    ->name('impersonate.start');
+
+Route::post('su/stop', [ImpersonationController::class, 'stop'])
+    ->name('impersonate.stop');
Author	SHA1	Message	Date
Matt Young	ea98177770	Add ability to impersonate users	2025-11-01 11:58:33 -05:00
Matt Young	b6206976a1	Modify judging to use only defined scores if an audition has split scoring.	2025-10-31 16:37:19 -05:00
Matt Young	c60f1714c1	Now able to manage split score definitions	2025-10-31 14:35:37 -05:00
Matt Young	797d4910c5	Establish split score definition	2025-10-31 08:42:59 -05:00
Matt Young	71fa8c4b06	Establish split score definition	2025-10-31 08:38:41 -05:00