feat: M14 Excel import wizard + M15 client approval via tracking link

Top-ROI items from CONFORMITY-12-15.md. Together: ~40h of TZ work
delivered in one pass.

== M14 — Excel/CSV invoice import wizard ==

phpoffice/phpspreadsheet ^5.7 added as composer dep — parses both XLSX
and CSV cleanly.

ExcelInvoiceImportService (app/Services/ExcelInvoiceImportService.php):
- headersPreview($path)          → first 5 rows + detected column letters
- preview($path, $mapping)       → all rows classified as found/new/no_article
- import($supplier, $rows, $createNew=true) → creates Purchase + items,
                                    auto-creates Parts for "new" rows
- rememberMapping / rememberedMappingFor($supplier) — round-trips JSON
  config (article_col / name_col / qty_col / price_col / brand_col? /
  header_row / sheet_name?) per supplier so the second import is
  instant

Decimal parser tolerates European formats: "1 234,56", "1,234.56",
non-breaking spaces (U+00A0 NBSP common in copy-pastes from PDF).
Article matching uses single batch query (Part::whereIn) — O(1) for
the whole sheet, not O(rows).

ExcelImportWizard Filament page (/app/excel-import-wizard) — 4-step
Livewire wizard:
  1. Upload + supplier select (saved mapping auto-loads if exists)
  2. Column mapping with first-3-rows preview table + per-column
     dropdowns
  3. Preview with status badges per row ( Found / ⚠️ New /  Missing)
     + summary counts
  4. Confirmation → "Open Purchase" CTA

Stored in nav group "Stoc & Finanțe", sort 65. Width Full.

Migration: supplier_invoice_mappings (id, company_id, supplier_id UNIQUE,
mapping_config JSON, sample_file_name, last_used_at, timestamps).
Per-tenant scope via BelongsToTenant.

== M15 — Client approval via tracking link (the P0 from TZ §15) ==

Migration: adds 4 columns to wo_works AND wo_parts:
- requires_approval boolean default false
- approved_at timestamp nullable
- approval_token varchar(32) nullable (indexed for fast lookup)
- declined_at timestamp nullable

Both model booted hooks: when a row is saved with requires_approval=true
and no token yet, auto-generate Str::random(24). Models gain
isPendingApproval() helper returning true only while not yet approved
nor declined.

Public route: POST /t/{token}/approve/{kind}/{lineToken}
  kind = 'work' | 'part'
  body: decision = 'approve' | 'decline'
The line's approval_token IS the credential — anyone with the URL can
act. No CSRF token required since this is the unauthed public tracking
flow (the tracking_token + line approval_token combo functions as
shared-secret). Form-encoded POST with csrf_field() on the public form
keeps Laravel happy.

TrackingController::show() now eager-loads works + parts, computes
pendingWorks and pendingParts collections, passes them to the view.
TrackingController::approve() validates kind, locates the line by
(work_order_id, approval_token), idempotently marks approved_at or
declined_at, redirects back to /t/{token} with a flash status.

UI banner (tracking/show.blade.php) at the top of the page:
- Amber warning "⚠ Necesită aprobarea ta"
- Per-line card: title + amount (ore/qty + total MDL) + two buttons
  (green Aprob / outline-red Nu aprob)
- Disappears as soon as approved/declined
- Success/error flash above the banner after each action

== Tests ==

ExcelInvoiceImportTest (5):
- headers_preview returns first 5 rows + column letters
- preview classifies rows as found/new/no_article based on Part DB
- import creates Purchase with items + auto-creates parts for "new"
- remember_mapping upserts, no duplicate per supplier
- decimal parser tolerates "1 234,56" European format with NBSP

TrackingApprovalTest (7):
- creating a work with requires_approval auto-generates 24-char token
- POST /t/{token}/approve/work/{lineToken} marks approved_at
- POST with decision=decline marks declined_at instead
- wrong line token redirects with error flash (no leak)
- already-approved line cannot be approved again (idempotent)
- tracking page renders "Necesită aprobarea ta" banner when pending
- approved line vanishes from banner on next page load

Suite: 246 passed (700 assertions). Was 234.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-05 04:56:06 +00:00
parent d9180e16b3
commit 0e3119a6e2
15 changed files with 1440 additions and 4 deletions
@@ -0,0 +1,143 @@
<?php
namespace App\Filament\Tenant\Pages;
use App\Models\Tenant\Supplier;
use App\Services\ExcelInvoiceImportService;
use Filament\Notifications\Notification;
use Filament\Pages\Page;
use Illuminate\Support\Facades\Storage;
use Livewire\WithFileUploads;
class ExcelImportWizard extends Page
{
use WithFileUploads;
protected static string|\BackedEnum|null $navigationIcon = 'heroicon-o-arrow-up-tray';
protected static ?string $navigationLabel = 'Import factură Excel';
protected static string|\UnitEnum|null $navigationGroup = 'Stoc & Finanțe';
protected static ?int $navigationSort = 65;
protected static ?string $title = 'Import factură Excel/CSV';
protected string $view = 'filament.tenant.pages.excel-import-wizard';
public int $step = 1;
public ?int $supplierId = null;
public $upload = null;
public ?string $storedPath = null;
public array $headersPreview = ['columns' => [], 'rows' => []];
public array $mapping = [
'article_col' => 'B',
'name_col' => 'C',
'qty_col' => 'E',
'price_col' => 'F',
'brand_col' => null,
'header_row' => 1,
];
public bool $rememberMapping = true;
public array $previewRows = [];
public array $previewSummary = ['total' => 0, 'found' => 0, 'new' => 0, 'no_article' => 0];
public bool $createNew = true;
public function getMaxContentWidth(): \Filament\Support\Enums\Width
{
return \Filament\Support\Enums\Width::Full;
}
public function getSupplierOptions(): array
{
return Supplier::orderBy('name')->pluck('name', 'id')->toArray();
}
public function goToStep2(): void
{
if (! $this->supplierId) {
Notification::make()->title('Selectează furnizorul')->danger()->send();
return;
}
if (! $this->upload) {
Notification::make()->title('Încarcă fișierul Excel sau CSV')->danger()->send();
return;
}
// Persist the uploaded file so Livewire reuses can resolve it
$this->storedPath = $this->upload->store('imports', 'local');
// Try to load remembered mapping for this supplier
$svc = app(ExcelInvoiceImportService::class);
$supplier = Supplier::find($this->supplierId);
$remembered = $svc->rememberedMappingFor($supplier);
if ($remembered) {
$this->mapping = array_merge($this->mapping, $remembered);
}
$absPath = Storage::disk('local')->path($this->storedPath);
$this->headersPreview = $svc->headersPreview($absPath);
$this->step = 2;
}
public function goToStep3(): void
{
$absPath = Storage::disk('local')->path($this->storedPath);
$svc = app(ExcelInvoiceImportService::class);
$result = $svc->preview($absPath, $this->mapping);
$this->previewRows = $result['rows'];
$this->previewSummary = $result['summary'];
if (empty($this->previewRows)) {
Notification::make()->title('Nu am găsit linii valide — verifică maparea coloanelor')->warning()->send();
return;
}
$this->step = 3;
}
public function confirmImport(): void
{
$svc = app(ExcelInvoiceImportService::class);
$supplier = Supplier::find($this->supplierId);
if ($this->rememberMapping) {
$svc->rememberMapping($supplier, $this->mapping, basename($this->storedPath ?? ''));
}
$purchase = $svc->import($supplier, $this->previewRows, $this->createNew);
Notification::make()
->title("Import reușit — Purchase {$purchase->number}")
->body("{$this->previewSummary['total']} linii importate")
->success()
->send();
// Cleanup uploaded file
if ($this->storedPath) {
Storage::disk('local')->delete($this->storedPath);
}
$this->step = 4;
$this->dispatch('purchase-created', purchaseId: $purchase->id);
// Set the redirect URL on the page so the blade can show a CTA
session()->flash('purchase_id', $purchase->id);
}
public function reset_(): void
{
$this->step = 1;
$this->supplierId = null;
$this->upload = null;
$this->storedPath = null;
$this->headersPreview = ['columns' => [], 'rows' => []];
$this->mapping = [
'article_col' => 'B', 'name_col' => 'C', 'qty_col' => 'E',
'price_col' => 'F', 'brand_col' => null, 'header_row' => 1,
];
$this->previewRows = [];
$this->previewSummary = ['total' => 0, 'found' => 0, 'new' => 0, 'no_article' => 0];
}
}
+46 -3
View File
@@ -3,6 +3,8 @@
namespace App\Http\Controllers;
use App\Models\Tenant\WorkOrder;
use App\Models\Tenant\WorkOrderPart;
use App\Models\Tenant\WorkOrderWork;
use App\Tenancy\TenantManager;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -11,8 +13,6 @@ class TrackingController extends Controller
{
/**
* Public WO tracking page accessed via QR code or SMS link.
* Tenant is resolved by ResolveTenant from the host, so the global
* BelongsToTenant scope already filters to the correct tenant.
*/
public function show(Request $request, string $token)
{
@@ -21,7 +21,7 @@ class TrackingController extends Controller
throw new NotFoundHttpException('Tracking only available on tenant subdomain.');
}
$wo = WorkOrder::with(['client', 'vehicle', 'master', 'media'])
$wo = WorkOrder::with(['client', 'vehicle', 'master', 'media', 'works', 'parts'])
->where('tracking_token', $token)
->first();
@@ -29,13 +29,56 @@ class TrackingController extends Controller
throw new NotFoundHttpException('Fișa nu a fost găsită.');
}
$pendingWorks = $wo->works->filter(fn ($w) => $w->isPendingApproval());
$pendingParts = $wo->parts->filter(fn ($p) => $p->isPendingApproval());
return view('tracking.show', [
'wo' => $wo,
'tenant' => $tenant,
'photos' => $wo->getMedia('photos'),
'pendingWorks' => $pendingWorks,
'pendingParts' => $pendingParts,
'approvalStatus' => $request->session()->pull('approval_status'),
]);
}
/**
* Client approves or declines a pending work/part line via the unique
* approval_token. The line's approval_token IS the credential anyone
* with the URL can act (clients won't share it).
*/
public function approve(Request $request, string $token, string $kind, string $lineToken)
{
$tenant = app(TenantManager::class)->current();
if (! $tenant) throw new NotFoundHttpException();
$wo = WorkOrder::where('tracking_token', $token)->first();
if (! $wo) throw new NotFoundHttpException();
$decision = $request->input('decision', 'approve');
$line = match ($kind) {
'work' => WorkOrderWork::where('work_order_id', $wo->id)->where('approval_token', $lineToken)->first(),
'part' => WorkOrderPart::where('work_order_id', $wo->id)->where('approval_token', $lineToken)->first(),
default => null,
};
if (! $line || ! $line->isPendingApproval()) {
$request->session()->flash('approval_status', ['kind' => 'error', 'message' => 'Linia nu mai necesită aprobare.']);
return redirect()->route('tracking.show', ['token' => $token]);
}
if ($decision === 'approve') {
$line->forceFill(['approved_at' => now()])->save();
$msg = '✅ Lucrarea „' . $line->name . '" a fost aprobată. Mulțumim!';
} else {
$line->forceFill(['declined_at' => now()])->save();
$msg = '❌ Lucrarea „' . $line->name . '" a fost respinsă. Vă vom contacta.';
}
$request->session()->flash('approval_status', ['kind' => 'success', 'message' => $msg]);
return redirect()->route('tracking.show', ['token' => $token]);
}
public function qr(Request $request, string $token)
{
$tenant = app(TenantManager::class)->current();
@@ -0,0 +1,27 @@
<?php
namespace App\Models\Tenant;
use App\Models\Concerns\BelongsToTenant;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
class SupplierInvoiceMapping extends Model
{
use BelongsToTenant;
protected $fillable = [
'company_id', 'supplier_id', 'mapping_config',
'sample_file_name', 'last_used_at',
];
protected $casts = [
'mapping_config' => 'array',
'last_used_at' => 'datetime',
];
public function supplier(): BelongsTo
{
return $this->belongsTo(Supplier::class);
}
}
+12
View File
@@ -24,6 +24,7 @@ class WorkOrderPart extends Model
'name', 'article', 'brand',
'qty', 'unit', 'buy_price', 'sell_price',
'discount_pct', 'total', 'status', 'notes',
'requires_approval', 'approved_at', 'approval_token', 'declined_at',
];
protected $casts = [
@@ -32,8 +33,16 @@ class WorkOrderPart extends Model
'sell_price' => 'decimal:2',
'discount_pct' => 'decimal:2',
'total' => 'decimal:2',
'requires_approval' => 'boolean',
'approved_at' => 'datetime',
'declined_at' => 'datetime',
];
public function isPendingApproval(): bool
{
return $this->requires_approval && $this->approved_at === null && $this->declined_at === null;
}
public function workOrder(): BelongsTo
{
return $this->belongsTo(WorkOrder::class);
@@ -50,6 +59,9 @@ class WorkOrderPart extends Model
$sub = (float) $row->qty * (float) $row->sell_price;
$disc = (float) $row->discount_pct;
$row->total = round($sub * (1 - $disc / 100), 2);
if ($row->requires_approval && empty($row->approval_token)) {
$row->approval_token = \Illuminate\Support\Str::random(24);
}
});
// Reserve batches as soon as a catalog-linked part line is created.
+12
View File
@@ -21,14 +21,23 @@ class WorkOrderWork extends Model
protected $fillable = [
'company_id', 'work_order_id', 'labor_id', 'master_id',
'name', 'hours', 'price_per_hour', 'total', 'status', 'notes',
'requires_approval', 'approved_at', 'approval_token', 'declined_at',
];
protected $casts = [
'hours' => 'decimal:2',
'price_per_hour' => 'decimal:2',
'total' => 'decimal:2',
'requires_approval' => 'boolean',
'approved_at' => 'datetime',
'declined_at' => 'datetime',
];
public function isPendingApproval(): bool
{
return $this->requires_approval && $this->approved_at === null && $this->declined_at === null;
}
public function workOrder(): BelongsTo
{
return $this->belongsTo(WorkOrder::class);
@@ -48,6 +57,9 @@ class WorkOrderWork extends Model
{
static::saving(function (self $row) {
$row->total = round((float) $row->hours * (float) $row->price_per_hour, 2);
if ($row->requires_approval && empty($row->approval_token)) {
$row->approval_token = \Illuminate\Support\Str::random(24);
}
});
static::saved(fn (self $row) => $row->workOrder?->recalcTotal());
static::deleted(fn (self $row) => $row->workOrder?->recalcTotal());
+231
View File
@@ -0,0 +1,231 @@
<?php
namespace App\Services;
use App\Models\Tenant\Part;
use App\Models\Tenant\Purchase;
use App\Models\Tenant\PurchaseItem;
use App\Models\Tenant\Supplier;
use App\Models\Tenant\SupplierInvoiceMapping;
use Illuminate\Support\Facades\DB;
use PhpOffice\PhpSpreadsheet\IOFactory;
use PhpOffice\PhpSpreadsheet\Spreadsheet;
/**
* Parses XLSX / CSV files coming from suppliers and turns them into
* Purchase drafts. Mapping (column letters field) is stored per supplier
* so the second import becomes instant.
*
* Three steps:
* 1. headersPreview($path) first 5 rows + detected column letters
* 2. preview($path, $mapping) parse all rows + classify each as
* found (article matches part) / new
* (article exists in file but not in DB) /
* no_article (line has data but no article col)
* 3. import($supplier, $rows) create Purchase + PurchaseItems; auto-creates
* Parts for "new" rows when create_new = true
*/
class ExcelInvoiceImportService
{
/** Read first $maxRows of a spreadsheet for the wizard preview. */
public function headersPreview(string $absPath, int $maxRows = 5): array
{
$sheet = $this->loadSheet($absPath);
$highestColumn = $sheet->getHighestColumn();
$highestColIndex = \PhpOffice\PhpSpreadsheet\Cell\Coordinate::columnIndexFromString($highestColumn);
$cols = [];
for ($i = 1; $i <= min($highestColIndex, 20); $i++) {
$cols[] = \PhpOffice\PhpSpreadsheet\Cell\Coordinate::stringFromColumnIndex($i);
}
$rows = [];
for ($r = 1; $r <= $maxRows; $r++) {
$row = [];
foreach ($cols as $col) {
$row[$col] = (string) ($sheet->getCell("$col$r")->getValue() ?? '');
}
$rows[] = $row;
}
return ['columns' => $cols, 'rows' => $rows];
}
/**
* Parse the file according to $mapping and classify each line.
*
* Mapping keys:
* article_col, name_col, qty_col, price_col, brand_col (optional),
* header_row (1-based row number to skip), sheet_name (optional).
*/
public function preview(string $absPath, array $mapping): array
{
$sheet = $this->loadSheet($absPath, $mapping['sheet_name'] ?? null);
$headerRow = (int) ($mapping['header_row'] ?? 1);
$highestRow = $sheet->getHighestRow();
$rows = [];
$articlesInFile = [];
for ($r = $headerRow + 1; $r <= $highestRow; $r++) {
$article = $this->cellString($sheet, $mapping['article_col'] ?? null, $r);
$name = $this->cellString($sheet, $mapping['name_col'] ?? null, $r);
$brand = $this->cellString($sheet, $mapping['brand_col'] ?? null, $r);
$qty = $this->cellDecimal($sheet, $mapping['qty_col'] ?? null, $r);
$price = $this->cellDecimal($sheet, $mapping['price_col'] ?? null, $r);
// Skip totally empty lines
if ($article === '' && $name === '' && $qty <= 0) continue;
$status = 'no_article';
$partId = null;
if ($article !== '') {
$articlesInFile[] = $article;
}
$rows[] = [
'row' => $r,
'article' => $article,
'name' => $name,
'brand' => $brand,
'qty' => $qty,
'price' => $price,
'status' => $status,
'part_id' => $partId,
];
}
// Single batch query for all articles → status
if (! empty($articlesInFile)) {
$existing = Part::whereIn('article', array_unique($articlesInFile))->get()->keyBy('article');
foreach ($rows as &$row) {
if ($row['article'] === '') continue;
if ($existing->has($row['article'])) {
$row['status'] = 'found';
$row['part_id'] = $existing[$row['article']]->id;
} else {
$row['status'] = 'new';
}
}
unset($row);
}
return [
'rows' => $rows,
'summary' => [
'total' => count($rows),
'found' => count(array_filter($rows, fn ($r) => $r['status'] === 'found')),
'new' => count(array_filter($rows, fn ($r) => $r['status'] === 'new')),
'no_article' => count(array_filter($rows, fn ($r) => $r['status'] === 'no_article')),
],
];
}
/**
* Create a draft Purchase + items from the rows. Rows with status='new'
* automatically get a Part created if $createNew is true.
*/
public function import(Supplier $supplier, array $rows, bool $createNew = true): Purchase
{
return DB::transaction(function () use ($supplier, $rows, $createNew) {
$purchase = Purchase::create([
'supplier_id' => $supplier->id,
'number' => $this->generatePurchaseNumber($supplier->company_id),
'order_date' => today(),
'status' => 'ordered',
'total' => 0,
'notes' => 'Auto-import Excel/CSV',
]);
$total = 0;
foreach ($rows as $row) {
$partId = $row['part_id'] ?? null;
if (! $partId && $row['status'] === 'new' && $createNew && $row['article'] !== '') {
$part = Part::create([
'name' => $row['name'] ?: $row['article'],
'article' => $row['article'],
'brand' => $row['brand'] ?? null,
'buy_price' => $row['price'],
'preferred_supplier_id' => $supplier->id,
]);
$partId = $part->id;
}
PurchaseItem::create([
'purchase_id' => $purchase->id,
'part_id' => $partId,
'name' => $row['name'] ?: $row['article'],
'article' => $row['article'],
'qty' => $row['qty'] ?: 1,
'qty_received' => 0,
'buy_price' => $row['price'],
'total' => round(($row['qty'] ?: 1) * $row['price'], 2),
]);
$total += ($row['qty'] ?: 1) * $row['price'];
}
$purchase->update(['total' => round($total, 2)]);
return $purchase;
});
}
/**
* Save mapping config for a supplier so subsequent imports skip the wizard.
*/
public function rememberMapping(Supplier $supplier, array $mapping, ?string $sampleFileName = null): SupplierInvoiceMapping
{
return SupplierInvoiceMapping::updateOrCreate(
['supplier_id' => $supplier->id],
[
'mapping_config' => $mapping,
'sample_file_name' => $sampleFileName,
'last_used_at' => now(),
]
);
}
public function rememberedMappingFor(Supplier $supplier): ?array
{
$m = SupplierInvoiceMapping::where('supplier_id', $supplier->id)->first();
return $m?->mapping_config;
}
private function loadSheet(string $absPath, ?string $sheetName = null)
{
$reader = IOFactory::createReaderForFile($absPath);
$reader->setReadDataOnly(true);
$spreadsheet = $reader->load($absPath);
return $sheetName ? $spreadsheet->getSheetByName($sheetName) ?? $spreadsheet->getActiveSheet() : $spreadsheet->getActiveSheet();
}
private function cellString($sheet, ?string $col, int $row): string
{
if (! $col) return '';
$value = $sheet->getCell("$col$row")->getValue();
return trim((string) ($value ?? ''));
}
private function cellDecimal($sheet, ?string $col, int $row): float
{
if (! $col) return 0.0;
$value = $sheet->getCell("$col$row")->getValue();
if ($value === null || $value === '') return 0.0;
// Normalize "1 234,56" / "1,234.56" → 1234.56
// PCRE doesn't support \u{XXXX} — use \x{00A0} (non-breaking space) instead
$clean = preg_replace('/[\s\x{00A0}]/u', '', (string) $value);
$clean = str_replace(',', '.', $clean);
// remove duplicate dots if any
$parts = explode('.', $clean);
if (count($parts) > 2) {
$clean = implode('', array_slice($parts, 0, -1)) . '.' . end($parts);
}
return (float) $clean;
}
private function generatePurchaseNumber(int $companyId): string
{
$year = date('Y');
$last = Purchase::where('company_id', $companyId)
->where('number', 'like', "P-$year-%")
->orderByDesc('id')->first();
$next = 1;
if ($last && preg_match('/P-\d{4}-(\d+)$/', $last->number, $m)) {
$next = (int) $m[1] + 1;
}
return sprintf('P-%s-%04d', $year, $next);
}
}