feat: ship creator journey v2 and profile updates

app/Policies/ArtworkAwardPolicy.php

@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace App\Policies;
 
+use Illuminate\Auth\Access\Response;
 use App\Models\ArtworkAward;
 use App\Models\Artwork;
 use App\Models\User;
@@ -27,14 +28,26 @@ class ArtworkAwardPolicy
      * that isn't their own.
      * Returns false (→ 403 or 404 based on caller) when the check fails.
      */
-    public function award(User $user, Artwork $artwork): bool
+    public function award(User $user, Artwork $artwork): Response
     {
+        if (! config('artwork_medals.enabled', true)) {
+            return Response::deny('Artwork medals are currently disabled.');
+        }
+
         if (! $artwork->is_public || ! $artwork->is_approved) {
-            return false;
+            return Response::deny('This artwork is not eligible for medals.');
+        }
+
+        if ($artwork->deleted_at !== null) {
+            return Response::deny('This artwork is no longer available for medals.');
+        }
+
+        if ($artwork->published_at === null || $artwork->published_at->isFuture()) {
+            return Response::deny('This artwork is not published yet.');
         }
 
         if ($artwork->user_id === $user->id) {
-            return false;
+            return Response::deny('You cannot medal your own artwork.');
         }
 
         return $this->accountIsMature($user);
@@ -58,12 +71,28 @@ class ArtworkAwardPolicy
 
     // -------------------------------------------------------------------------
 
-    private function accountIsMature(User $user): bool
+    private function accountIsMature(User $user): Response
     {
-        if (! $user->created_at) {
-            return true; // cannot verify — allow
+        if ((bool) config('artwork_medals.require_verified_email', true)) {
+            $isVerified = method_exists($user, 'hasVerifiedEmail')
+                ? $user->hasVerifiedEmail()
+                : ! empty($user->email_verified_at);
+
+            if (! $isVerified) {
+                return Response::deny('Verify your email address before giving medals.');
+            }
         }
 
-        return $user->created_at->diffInDays(now()) >= 7;
+        if (! $user->created_at) {
+            return Response::allow(); // cannot verify — allow
+        }
+
+        $minimumAgeHours = (int) config('artwork_medals.minimum_account_age_hours', 24);
+
+        if ($user->created_at->diffInHours(now()) < $minimumAgeHours) {
+            return Response::deny("Your account must be at least {$minimumAgeHours} hours old before giving medals.");
+        }
+
+        return Response::allow();
     }
 }