auditionadmin/app/Http/Controllers/SchoolController.php

<?php

namespace App\Http\Controllers;

use App\Actions\Fortify\CreateNewUser;
use App\Actions\Schools\AddSchoolEmailDomain;
use App\Actions\Schools\AssignUserToSchool;
use App\Actions\Schools\CreateSchool;
use App\Actions\Schools\SetHeadDirector;
use App\Exceptions\AuditionAdminException;
use App\Http\Requests\SchoolStoreRequest;
use App\Mail\NewUserPassword;
use App\Models\AuditLogEntry;
use App\Models\School;
use App\Models\SchoolEmailDomain;
use App\Models\User;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Str;

use function abort;
use function redirect;
use function request;

class SchoolController extends Controller
{
    public function store(SchoolStoreRequest $request, SetHeadDirector $headSetter): RedirectResponse
    {
        $creator = app(CreateSchool::class);

        $school = $creator(
            $request['name'],
            $request['address'],
            $request['city'],
            $request['state'],
            $request['zip'],
        );

        $assigner = app(AssignUserToSchool::class);
        $assigner(auth()->user(), $school);

        auth()->user()->refresh();

        $headSetter->setHeadDirector(auth()->user());

        return redirect(route('schools.show', $school));
    }

    public function show(Request $request, School $school)
    {
        if ($request->user()->cannot('view', $school)) {
            abort(403);
        }

        return view('schools.show', ['school' => $school]);
    }

    public function create(Request $request)
    {
        if ($request->user()->cannot('create', School::class)) {
            abort(403);
        }

        return view('schools.create');
    }

    public function edit(Request $request, School $school)
    {
        if ($request->user()->cannot('update', $school)) {
            abort(403);
        }

        return view('schools.edit', ['school' => $school]);
    }

    public function update(SchoolStoreRequest $request, School $school)
    {
        $school->update([
            'name' => $request['name'],
            'address' => $request['address'],
            'city' => $request['city'],
            'state' => $request['state'],
            'zip' => $request['zip'],
        ]);
        $message = 'Modified school #'.$school->id.' - '.$school->name.' with address <br>'.$school->address.'<br>'.$school->city.', '.$school->state.' '.$school->zip;
        AuditLogEntry::create([
            'user' => auth()->user()->email,
            'ip_address' => request()->ip(),
            'message' => $message,
            'affected' => ['schools' => [$school->id]],
        ]);

        return redirect()->route('schools.show', $school->id)->with('success', 'School details updated');
    }

    public function addDirector(School $school)
    {
        if (auth()->user()->school_id !== $school->id) {
            abort(403);
        }
        if (! auth()->user()->hasFlag('head_director')) {
            abort(403);
        }

        $userCreator = app(CreateNewUser::class);
        $randomPassword = Str::random(12);
        $data = request()->all();
        $data['password'] = $randomPassword;
        $data['password_confirmation'] = $randomPassword;
        $newDirector = $userCreator->create($data);
        $newDirector->update([
            'school_id' => $school->id,
        ]);

        Mail::to($newDirector->email)->send(new NewUserPassword($newDirector, $randomPassword));

        return redirect()->back()->with('success', 'Director added');
    }

    public function setHeadDirector(School $school, User $user, SetHeadDirector $headSetter)
    {
        if (auth()->user()->school_id !== $school->id) {
            abort(403);
        }
        if (! auth()->user()->hasFlag('head_director')) {
            abort(403);
        }
        if ($school->id !== $user->school_id) {
            abort(403);
        }
        try {
            $headSetter->setHeadDirector($user);
        } catch (AuditionAdminException $e) {
            return redirect()->back()->with('error', $e->getMessage());
        }

        return redirect()->route('schools.show', $school)->with('success', 'New head director set');
    }

    public function addDomain(School $school)
    {
        if (auth()->user()->school_id !== $school->id) {
            abort(403);
        }
        if (! auth()->user()->hasFlag('head_director')) {
            abort(403);
        }
        $verifiedData = request()->validate([
            'domain' => ['required'],
        ]);
        app(AddSchoolEmailDomain::class)->addDomain($school, $verifiedData['domain']);

        return redirect()->route('schools.show', $school)->with('success', 'Domain added');
    }

    public function deleteDomain(SchoolEmailDomain $domain)
    {
        if (auth()->user()->school_id !== $domain->school_id) {
            abort(403);
        }
        if (! auth()->user()->hasFlag('head_director')) {
            abort(403);
        }

        $domain->delete();

        return redirect()
            ->route('schools.show', auth()->user()->school)
            ->with('success', 'Domain deleted');
    }
}