From 8c85d4442e9a038f338b23cee871152c677db449 Mon Sep 17 00:00:00 2001
From: Juan24 <juanjaramillo@ubp.edu.ar>
Date: Tue, 14 Apr 2026 15:28:19 -0300
Subject: [PATCH] Update user rules after creating application

After creating an application, load the user's roles and organisations and send updated access rules to the API. Add feature flags for legacy WhatNow and Preparedness V2, and restrict allowed_country_code to the user's organisations when the current role lacks api_full_access. Wrap the rules update in a try/catch and log failures. Also import Illuminate\Support\Facades\Log.
---
 .../WhatNow/ApplicationController.php         | 20 ++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/WhatNow/ApplicationController.php b/app/Http/Controllers/WhatNow/ApplicationController.php
index 8c4a45c..d9997a1 100644
--- a/app/Http/Controllers/WhatNow/ApplicationController.php
+++ b/app/Http/Controllers/WhatNow/ApplicationController.php
@@ -11,6 +11,7 @@
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
+use Illuminate\Support\Facades\Log;
 
 
 /**
@@ -142,11 +143,28 @@ public function create(Request $request)
         $description = $request->get('description');
         $estimatedUsers = $request->get('estimatedUsers', 0);
 
-        $userId = $request->user()->id;
+        $user = $request->user()->loadMissing('roles', 'organisations');
+        $userId = $user->id;
 
         try {
             $application = $this->client->createApplication($name, $description, $estimatedUsers, $userId);
 
+            $userRules = [
+                'can_access_legacy_whatnow' => (bool) $user->can_access_legacy_whatnow,
+                'can_access_preparedness_v2' => (bool) $user->can_access_preparedness_v2,
+            ];
+
+            $currentRole = $user->roles->first();
+            if ($currentRole && ! $currentRole->api_full_access) {
+                $userRules['allowed_country_code'] = $user->organisations->pluck('organisation_code')->values()->all();
+            }
+
+            try {
+                $this->client->updateRules($userId, $userRules);
+            } catch (\Exception $e) {
+                Log::error('Failed to update rules for user ' . $userId . ': ' . $e->getMessage());
+            }
+
             return ApplicationResource::make($application);
         } catch (RcnApiResourceNotFoundException $e) {
             return $this->respondWithNotFound($e);