Enhance event management with CRUD and organizer retrieval

[PasinduOG]

This pull request adds comprehensive event management features to the backend, including support for event creation, updating, cancellation, deletion, and querying by organizer. It also refactors authentication to use the currently logged-in user (via Principal) for user-specific actions, improving security and code clarity.

Event management enhancements:

• Added endpoints and service methods for updating, cancelling, soft deleting, and permanently deleting events, with corresponding repository methods and SQL implementations. [1] [2] [3] [4] [5]
• Introduced endpoint and logic to find events by organizer email, allowing admins to query events based on the organizer. [1] [2] [3] [4] [5]

Authentication and security improvements:

• Refactored controller methods to use Principal for retrieving the current user, removing reliance on passing userId as a request parameter and ensuring actions are performed on behalf of the authenticated user. [1] [2] [3]

Repository and service layer changes:

• Updated repository and service interfaces to support new event operations, including validation to ensure only events with an organizer can be created or updated, and that operations fail gracefully if the event does not exist. [1] [2] [3] [4] [5]

Bug prevention and data integrity:

• Added checks to prevent saving or updating events without an organizerId, and to exclude cancelled or unavailable events from queries. [1] [2]

Dependency and annotation fixes:

• Changed EventServiceImpl annotation from @Repository to @Service to correctly indicate its role in the application context.

[Copilot]

Pull request overview

This PR expands the backend event domain to support full CRUD-style management (update/cancel/soft-delete/hard-delete) and adds an admin query to retrieve events by organizer email, while also refactoring several endpoints to use the authenticated user (Principal) instead of accepting userId as a request parameter.

Changes:

• Added service/repository methods for updating, cancelling, soft deleting, and permanently deleting events.
• Added admin endpoint + repository query to list events by organizer email.
• Updated controller flows to derive the acting user from Principal (and set organizerId server-side for create/update).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
src/main/java/dev/pasinduog/eventsphere/service/impl/EventServiceImpl.java	Implements new event operations (update/cancel/soft/hard delete) and organizer-based retrieval.
src/main/java/dev/pasinduog/eventsphere/service/EventService.java	Extends service API with new event-management methods.
src/main/java/dev/pasinduog/eventsphere/repository/impl/EventRepositoryImpl.java	Adds SQL implementations for update/cancel/soft/hard delete and organizer-email query; adjusts findById filtering.
src/main/java/dev/pasinduog/eventsphere/repository/EventRepository.java	Extends repository API with new event-management methods.
src/main/java/dev/pasinduog/eventsphere/controller/EventController.java	Adds new endpoints and switches user-specific actions to use Principal.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In updateEvent, the controller sets event.organizerId to the current user, and the repository update writes organizer_id = ?. This means any ORGANIZER can update any event ID and effectively transfer ownership; admins editing would also unintentionally become the organizer. The update flow should preserve the existing organizer_id and/or verify the current user owns the event unless the caller is ADMIN.

[Copilot]

updateEvent only assigns eventId into event.id when the request body omits an ID. If the client supplies a different non-empty event.id, the service will still proceed and EventRepositoryImpl.update() will update by event.getId(), not the path eventId. Make the path ID authoritative (always set event.id = eventId or reject mismatches).

Suggested change

	if (event.getId() == null || event.getId().isEmpty()) {
	event.setId(eventId);
	}
	event.setId(eventId);

[Copilot]

The exception message in delete says "Update failed..." which is misleading for a hard delete operation. Consider changing it to operation-specific wording (e.g., "Delete failed. Event not found") or a generic "Event not found".

Suggested change

	throw new EventNotFoundException("Update failed. Event not found");
	throw new EventNotFoundException("Delete failed. Event not found");