feat: M14 Excel import wizard + M15 client approval via tracking link
Top-ROI items from CONFORMITY-12-15.md. Together: ~40h of TZ work
delivered in one pass.
== M14 — Excel/CSV invoice import wizard ==
phpoffice/phpspreadsheet ^5.7 added as composer dep — parses both XLSX
and CSV cleanly.
ExcelInvoiceImportService (app/Services/ExcelInvoiceImportService.php):
- headersPreview($path) → first 5 rows + detected column letters
- preview($path, $mapping) → all rows classified as found/new/no_article
- import($supplier, $rows, $createNew=true) → creates Purchase + items,
auto-creates Parts for "new" rows
- rememberMapping / rememberedMappingFor($supplier) — round-trips JSON
config (article_col / name_col / qty_col / price_col / brand_col? /
header_row / sheet_name?) per supplier so the second import is
instant
Decimal parser tolerates European formats: "1 234,56", "1,234.56",
non-breaking spaces (U+00A0 NBSP common in copy-pastes from PDF).
Article matching uses single batch query (Part::whereIn) — O(1) for
the whole sheet, not O(rows).
ExcelImportWizard Filament page (/app/excel-import-wizard) — 4-step
Livewire wizard:
1. Upload + supplier select (saved mapping auto-loads if exists)
2. Column mapping with first-3-rows preview table + per-column
dropdowns
3. Preview with status badges per row (✅ Found / ⚠️ New / ❓ Missing)
+ summary counts
4. Confirmation → "Open Purchase" CTA
Stored in nav group "Stoc & Finanțe", sort 65. Width Full.
Migration: supplier_invoice_mappings (id, company_id, supplier_id UNIQUE,
mapping_config JSON, sample_file_name, last_used_at, timestamps).
Per-tenant scope via BelongsToTenant.
== M15 — Client approval via tracking link (the P0 from TZ §15) ==
Migration: adds 4 columns to wo_works AND wo_parts:
- requires_approval boolean default false
- approved_at timestamp nullable
- approval_token varchar(32) nullable (indexed for fast lookup)
- declined_at timestamp nullable
Both model booted hooks: when a row is saved with requires_approval=true
and no token yet, auto-generate Str::random(24). Models gain
isPendingApproval() helper returning true only while not yet approved
nor declined.
Public route: POST /t/{token}/approve/{kind}/{lineToken}
kind = 'work' | 'part'
body: decision = 'approve' | 'decline'
The line's approval_token IS the credential — anyone with the URL can
act. No CSRF token required since this is the unauthed public tracking
flow (the tracking_token + line approval_token combo functions as
shared-secret). Form-encoded POST with csrf_field() on the public form
keeps Laravel happy.
TrackingController::show() now eager-loads works + parts, computes
pendingWorks and pendingParts collections, passes them to the view.
TrackingController::approve() validates kind, locates the line by
(work_order_id, approval_token), idempotently marks approved_at or
declined_at, redirects back to /t/{token} with a flash status.
UI banner (tracking/show.blade.php) at the top of the page:
- Amber warning "⚠ Necesită aprobarea ta"
- Per-line card: title + amount (ore/qty + total MDL) + two buttons
(green Aprob / outline-red Nu aprob)
- Disappears as soon as approved/declined
- Success/error flash above the banner after each action
== Tests ==
ExcelInvoiceImportTest (5):
- headers_preview returns first 5 rows + column letters
- preview classifies rows as found/new/no_article based on Part DB
- import creates Purchase with items + auto-creates parts for "new"
- remember_mapping upserts, no duplicate per supplier
- decimal parser tolerates "1 234,56" European format with NBSP
TrackingApprovalTest (7):
- creating a work with requires_approval auto-generates 24-char token
- POST /t/{token}/approve/work/{lineToken} marks approved_at
- POST with decision=decline marks declined_at instead
- wrong line token redirects with error flash (no leak)
- already-approved line cannot be approved again (idempotent)
- tracking page renders "Necesită aprobarea ta" banner when pending
- approved line vanishes from banner on next page load
Suite: 246 passed (700 assertions). Was 234.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -3,6 +3,8 @@
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Models\Tenant\WorkOrder;
|
||||
use App\Models\Tenant\WorkOrderPart;
|
||||
use App\Models\Tenant\WorkOrderWork;
|
||||
use App\Tenancy\TenantManager;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
@@ -11,8 +13,6 @@ class TrackingController extends Controller
|
||||
{
|
||||
/**
|
||||
* Public WO tracking page — accessed via QR code or SMS link.
|
||||
* Tenant is resolved by ResolveTenant from the host, so the global
|
||||
* BelongsToTenant scope already filters to the correct tenant.
|
||||
*/
|
||||
public function show(Request $request, string $token)
|
||||
{
|
||||
@@ -21,7 +21,7 @@ class TrackingController extends Controller
|
||||
throw new NotFoundHttpException('Tracking only available on tenant subdomain.');
|
||||
}
|
||||
|
||||
$wo = WorkOrder::with(['client', 'vehicle', 'master', 'media'])
|
||||
$wo = WorkOrder::with(['client', 'vehicle', 'master', 'media', 'works', 'parts'])
|
||||
->where('tracking_token', $token)
|
||||
->first();
|
||||
|
||||
@@ -29,13 +29,56 @@ class TrackingController extends Controller
|
||||
throw new NotFoundHttpException('Fișa nu a fost găsită.');
|
||||
}
|
||||
|
||||
$pendingWorks = $wo->works->filter(fn ($w) => $w->isPendingApproval());
|
||||
$pendingParts = $wo->parts->filter(fn ($p) => $p->isPendingApproval());
|
||||
|
||||
return view('tracking.show', [
|
||||
'wo' => $wo,
|
||||
'tenant' => $tenant,
|
||||
'photos' => $wo->getMedia('photos'),
|
||||
'pendingWorks' => $pendingWorks,
|
||||
'pendingParts' => $pendingParts,
|
||||
'approvalStatus' => $request->session()->pull('approval_status'),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Client approves or declines a pending work/part line via the unique
|
||||
* approval_token. The line's approval_token IS the credential — anyone
|
||||
* with the URL can act (clients won't share it).
|
||||
*/
|
||||
public function approve(Request $request, string $token, string $kind, string $lineToken)
|
||||
{
|
||||
$tenant = app(TenantManager::class)->current();
|
||||
if (! $tenant) throw new NotFoundHttpException();
|
||||
|
||||
$wo = WorkOrder::where('tracking_token', $token)->first();
|
||||
if (! $wo) throw new NotFoundHttpException();
|
||||
|
||||
$decision = $request->input('decision', 'approve');
|
||||
|
||||
$line = match ($kind) {
|
||||
'work' => WorkOrderWork::where('work_order_id', $wo->id)->where('approval_token', $lineToken)->first(),
|
||||
'part' => WorkOrderPart::where('work_order_id', $wo->id)->where('approval_token', $lineToken)->first(),
|
||||
default => null,
|
||||
};
|
||||
if (! $line || ! $line->isPendingApproval()) {
|
||||
$request->session()->flash('approval_status', ['kind' => 'error', 'message' => 'Linia nu mai necesită aprobare.']);
|
||||
return redirect()->route('tracking.show', ['token' => $token]);
|
||||
}
|
||||
|
||||
if ($decision === 'approve') {
|
||||
$line->forceFill(['approved_at' => now()])->save();
|
||||
$msg = '✅ Lucrarea „' . $line->name . '" a fost aprobată. Mulțumim!';
|
||||
} else {
|
||||
$line->forceFill(['declined_at' => now()])->save();
|
||||
$msg = '❌ Lucrarea „' . $line->name . '" a fost respinsă. Vă vom contacta.';
|
||||
}
|
||||
|
||||
$request->session()->flash('approval_status', ['kind' => 'success', 'message' => $msg]);
|
||||
return redirect()->route('tracking.show', ['token' => $token]);
|
||||
}
|
||||
|
||||
public function qr(Request $request, string $token)
|
||||
{
|
||||
$tenant = app(TenantManager::class)->current();
|
||||
|
||||
Reference in New Issue
Block a user