moved roles to a separate database and added code to make updates

app/Http/Controllers/AuthController.php

@@ -6,6 +6,7 @@ use App\Http\Requests\LoginRequest;
 use App\Http\Requests\PasswordResetRequest;
 use App\Http\Requests\RegisterRequest;
 use App\Models\Invitation;
+use App\Models\Role;
 use App\Models\User;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
@@ -31,8 +32,13 @@ class AuthController extends Controller
             ->where('email', $user->email)
             ->get();
 
+        $viewerRole = Role::query()->where('name', 'VIEWER')->value('id');
+
         foreach ($invitations as $invitation) {
-            $user->sharedLists()->attach($invitation->movie_list_id);
+            $user->sharedLists()->attach(
+                $invitation->movie_list_id,
+                ['role_id' => $viewerRole]
+            );
             $invitation->update(['status' => 'accepted']);
             $invitation->delete();
         }

app/Http/Controllers/MovieController.php

@@ -10,7 +10,7 @@ use Illuminate\Http\Request;
 
 class MovieController extends Controller
 {
-    public function __construct(private MovieDbInterface $movieDb) {}
+    public function __construct() {}
 
     /**
      * Display a listing of the resource.
@@ -60,6 +60,6 @@ class MovieController extends Controller
     {
         $movies = $movieDb->search($query, $request->input('options', []));
 
-        return response()->json(['results' => $movies]);
+        return response()->json(['data' => $movies]);
     }
 }

app/Http/Controllers/MovieListController.php

@@ -8,6 +8,8 @@ use App\Http\Resources\MovieListResource;
 use App\Interfaces\MovieDbInterface;
 use App\Models\Movie;
 use App\Models\MovieList;
+use App\Models\Role;
+use App\Models\User;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
@@ -64,7 +66,7 @@ class MovieListController extends Controller
         $validated = $request->validated();
         $movieList->update($validated);
 
-        return MovieListResource::make($movieList);
+        return MovieListResource::make($movieList->load('movies', 'collaborators'));
     }
 
     /**
@@ -87,16 +89,34 @@ class MovieListController extends Controller
         $movieList->movies()->attach($movie);
         $movieList->load('movies');
 
-        return MovieListResource::make($movieList);
+        return MovieListResource::make($movieList->load('movies', 'collaborators'));
     }
 
-    public function removeMovie(Request $request, MovieList $movieList, Movie $movie): MovieListResource
+    public function removeMovie(MovieList $movieList, Movie $movie): MovieListResource
     {
         $this->authorize('update', $movieList);
 
         $movieList->movies()->detach($movie);
         $movieList->load('movies');
 
-        return MovieListResource::make($movieList);
+        return MovieListResource::make($movieList->load('movies', 'collaborators'));
+    }
+
+    public function updateCollaboratorRole(Request $request, MovieList $movieList, User $collaborator): MovieListResource|JsonResponse
+    {
+        $request->validate([
+            'role_id' => 'required|exists:roles,id',
+        ]);
+
+        $adminRole = Role::query()->where('name', 'ADMIN')->first()?->id;
+        if (Auth::id() !== $movieList->owner && ! Auth::user()->hasRole($movieList, $adminRole)) {
+            return response()->json(['message' => 'Unauthorized'], 403);
+        }
+
+        $movieList->collaborators()->updateExistingPivot($collaborator->getKey(), [
+            'role_id' => $request->input('role_id'),
+        ]);
+
+        return MovieListResource::make($movieList->load('movies', 'collaborators'));
     }
 }

app/Http/Controllers/RoleController.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Models\Role;
+
+class RoleController extends Controller
+{
+    public function index()
+    {
+        $roles = Role::all();
+
+        return response()->json(['data' => $roles]);
+    }
+}

app/Http/Resources/MovieListResource.php

@@ -2,10 +2,23 @@
 
 namespace App\Http\Resources;
 
+use App\Models\User;
 use Auth;
+use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\JsonResource;
 
+/**
+ * @property int $id
+ * @property string $name
+ * @property bool $is_public
+ * @property int $owner
+ * @property User $listOwner
+ * @property Collection $collaborators
+ * @property Collection $movies
+ *
+ * @method string|null getUserRole(int $user_id)
+ */
 class MovieListResource extends JsonResource
 {
     /**
@@ -23,9 +36,10 @@ class MovieListResource extends JsonResource
             'is_public' => $this->is_public,
             'owner' => $this->listOwner->username,
             'role' => $this->getRole($this->owner, $user_id),
-            'collaborators' => $this->whenLoaded('collaborators', fn () => $this->collaborators->map(fn ($user) => [
+            'collaborators' => $this->whenLoaded('collaborators', fn () => $this->collaborators->map(fn (User $user) => [
+                'id' => $user->getKey(),
                 'username' => $user->username,
-                'role' => $user->pivot->role,
+                'role' => $user->pivot->getAttribute('role_id'),
             ])),
             'movies' => $this->whenLoaded('movies'),
         ];
@@ -34,7 +48,7 @@ class MovieListResource extends JsonResource
     private function getRole(int $owner_id, int $user_id): ?string
     {
         if ($owner_id === $user_id) {
-            return 'owner';
+            return 'OWNER';
         }
 
         return $this->getUserRole($user_id);