4.6 KiB
4.6 KiB
ParentController plan
Scope
- Controller:
app/Http/Controllers/Api/Parents/ParentController.php - Purpose: parent portal endpoints for attendance, invoices, enrollments, registration, emergency contacts, profile, and event participation.
- Primary dependencies:
App\Services\Parents\ParentAttendanceServiceApp\Services\Parents\ParentInvoiceServiceApp\Services\Parents\ParentEnrollmentServiceApp\Services\Parents\ParentRegistrationServiceApp\Services\Parents\ParentEmergencyContactServiceApp\Services\Parents\ParentProfileServiceApp\Services\Parents\ParentEventParticipationService
Routes
All routes are under v1 + parents group:
- Base prefix:
GET/POST/PATCH/DELETE /api/v1/parents/... - Group middleware:
parent.access
Endpoints:
GET /api/v1/parents/attendance→attendanceGET /api/v1/parents/invoices→invoicesGET /api/v1/parents/enrollments→enrollmentsPOST /api/v1/parents/enrollments→updateEnrollmentsGET /api/v1/parents/registration→registrationPOST /api/v1/parents/registration→storeRegistrationPATCH /api/v1/parents/students/{studentId}→updateStudentDELETE /api/v1/parents/students/{studentId}→deleteStudentGET /api/v1/parents/emergency-contacts→emergencyContactsPOST /api/v1/parents/emergency-contacts→storeEmergencyContactPATCH /api/v1/parents/emergency-contacts/{contactId}→updateEmergencyContactGET /api/v1/parents/profile→profilePATCH /api/v1/parents/profile→updateProfileGET /api/v1/parents/events→eventsPOST /api/v1/parents/events/participation→updateParticipation
Authentication & authorization
- Uses
parent.accessmiddleware which resolves “secondary”/“authorized” users to a primary parent id and stores it in the request attributeprimary_parent_id. - Controller helper
parentIdOrUnauthorized():- Prefer
request()->attributes->get('primary_parent_id') - Fallback to
auth()->id() - On failure returns JSON
{ ok:false, message:"Unauthorized." }with401
- Prefer
Requests/validation
Validated via FormRequest classes per endpoint:
attendance:ParentAttendanceRequest(optionalschool_year)invoices:ParentInvoiceRequest(optionalschool_year)enrollments:ParentEnrollmentRequest(optionalschool_year)updateEnrollments:ParentEnrollmentActionRequest(enroll[],withdraw[])storeRegistration:ParentRegistrationRequest(students[],emergency_contacts[])updateStudent:ParentStudentUpdateRequeststore/update emergency contact:ParentEmergencyContactRequestupdateProfile:ParentProfileUpdateRequestupdateParticipation:ParentEventParticipationRequest(participation[])
Response shapes (legacy { ok: ... })
This controller largely returns a legacy parent-portal shape rather than the Base API envelope.
attendance:{ ok:true, attendance:[...], schoolYears:[...], selectedYear }attendanceusesParentAttendanceResource::collection(...)
invoices:{ ok:true, invoices:[...] }(InvoiceResource::collection(...))
enrollments:{ ok:true, students:[...], schoolYears:[...], selectedYear, withdrawalDeadline, lastDayOfRegistration, schoolStartDate }
updateEnrollments:{ ok:true, enrolled:[...], withdrawn:[...] }
registration:{ ok:true, parent, existingKids:[...], emergencies:[...], maxChilds, maxEmergency, lastDayOfRegistration, registrationAgeDeadline }
storeRegistration:{ ok:true, created_student_ids:[...], skipped:[...] }with status201if created_count>0 else200
updateStudent/deleteStudent/updateParticipation:{ ok:true }
emergencyContacts:{ ok:true, contacts:[...] }
store/update emergency contact:{ ok:true, contact:{...} }(store returns201)
profile/updateProfile:{ ok:true, profile:{...} }
events:{ ok:true, activeEvents, charges, yourStudents }
Error handling expectations
- Unauthorized:
{ ok:false, message:"Unauthorized." }with401(fromparentIdOrUnauthorized()). - Service-layer exceptions are generally allowed to bubble unless handled in the service; controller does minimal try/catch.
Test plan (feature)
- Auth/parent.access:
- Without auth → 401
{ ok:false }. - With secondary/authorized user → resolved to primary parent id and returns correct data.
- Without auth → 401
- Each endpoint:
- Valid request returns
ok:trueand expected keys. - Validation errors are returned by FormRequest (422).
- Valid request returns
- Registration:
- Returns 201 when at least one student is created, 200 when all entries skipped.