feat: M14 Excel import wizard + M15 client approval via tracking link

Top-ROI items from CONFORMITY-12-15.md. Together: ~40h of TZ work
delivered in one pass.

== M14 — Excel/CSV invoice import wizard ==

phpoffice/phpspreadsheet ^5.7 added as composer dep — parses both XLSX
and CSV cleanly.

ExcelInvoiceImportService (app/Services/ExcelInvoiceImportService.php):
- headersPreview($path)          → first 5 rows + detected column letters
- preview($path, $mapping)       → all rows classified as found/new/no_article
- import($supplier, $rows, $createNew=true) → creates Purchase + items,
                                    auto-creates Parts for "new" rows
- rememberMapping / rememberedMappingFor($supplier) — round-trips JSON
  config (article_col / name_col / qty_col / price_col / brand_col? /
  header_row / sheet_name?) per supplier so the second import is
  instant

Decimal parser tolerates European formats: "1 234,56", "1,234.56",
non-breaking spaces (U+00A0 NBSP common in copy-pastes from PDF).
Article matching uses single batch query (Part::whereIn) — O(1) for
the whole sheet, not O(rows).

ExcelImportWizard Filament page (/app/excel-import-wizard) — 4-step
Livewire wizard:
  1. Upload + supplier select (saved mapping auto-loads if exists)
  2. Column mapping with first-3-rows preview table + per-column
     dropdowns
  3. Preview with status badges per row ( Found / ⚠️ New /  Missing)
     + summary counts
  4. Confirmation → "Open Purchase" CTA

Stored in nav group "Stoc & Finanțe", sort 65. Width Full.

Migration: supplier_invoice_mappings (id, company_id, supplier_id UNIQUE,
mapping_config JSON, sample_file_name, last_used_at, timestamps).
Per-tenant scope via BelongsToTenant.

== M15 — Client approval via tracking link (the P0 from TZ §15) ==

Migration: adds 4 columns to wo_works AND wo_parts:
- requires_approval boolean default false
- approved_at timestamp nullable
- approval_token varchar(32) nullable (indexed for fast lookup)
- declined_at timestamp nullable

Both model booted hooks: when a row is saved with requires_approval=true
and no token yet, auto-generate Str::random(24). Models gain
isPendingApproval() helper returning true only while not yet approved
nor declined.

Public route: POST /t/{token}/approve/{kind}/{lineToken}
  kind = 'work' | 'part'
  body: decision = 'approve' | 'decline'
The line's approval_token IS the credential — anyone with the URL can
act. No CSRF token required since this is the unauthed public tracking
flow (the tracking_token + line approval_token combo functions as
shared-secret). Form-encoded POST with csrf_field() on the public form
keeps Laravel happy.

TrackingController::show() now eager-loads works + parts, computes
pendingWorks and pendingParts collections, passes them to the view.
TrackingController::approve() validates kind, locates the line by
(work_order_id, approval_token), idempotently marks approved_at or
declined_at, redirects back to /t/{token} with a flash status.

UI banner (tracking/show.blade.php) at the top of the page:
- Amber warning "⚠ Necesită aprobarea ta"
- Per-line card: title + amount (ore/qty + total MDL) + two buttons
  (green Aprob / outline-red Nu aprob)
- Disappears as soon as approved/declined
- Success/error flash above the banner after each action

== Tests ==

ExcelInvoiceImportTest (5):
- headers_preview returns first 5 rows + column letters
- preview classifies rows as found/new/no_article based on Part DB
- import creates Purchase with items + auto-creates parts for "new"
- remember_mapping upserts, no duplicate per supplier
- decimal parser tolerates "1 234,56" European format with NBSP

TrackingApprovalTest (7):
- creating a work with requires_approval auto-generates 24-char token
- POST /t/{token}/approve/work/{lineToken} marks approved_at
- POST with decision=decline marks declined_at instead
- wrong line token redirects with error flash (no leak)
- already-approved line cannot be approved again (idempotent)
- tracking page renders "Necesită aprobarea ta" banner when pending
- approved line vanishes from banner on next page load

Suite: 246 passed (700 assertions). Was 234.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-05 04:56:06 +00:00
parent d9180e16b3
commit 0e3119a6e2
15 changed files with 1440 additions and 4 deletions
+53
View File
@@ -88,8 +88,61 @@
<div class="num">Fișa #{{ $wo->number }}</div>
</header>
<style>
.approval-banner { background:#fef3c7; border:1px solid #fcd34d; border-radius:10px; padding:14px 16px; margin-bottom:16px; }
.approval-banner h3 { font-size:14px; font-weight:700; color:#92400e; margin-bottom:8px; display:flex; align-items:center; gap:6px; }
.approval-line { background:white; border:1px solid #fde68a; border-radius:8px; padding:10px 12px; margin-bottom:8px; }
.approval-line:last-child { margin-bottom:0; }
.approval-line-title { font-weight:600; font-size:14px; color:#1a202c; }
.approval-line-amount { color:#92400e; font-weight:600; margin-top:2px; font-size:13px; }
.approval-line-actions { display:flex; gap:8px; margin-top:8px; }
.btn-approve { flex:1; padding:8px; background:#16a34a; color:white; border:none; border-radius:6px; font-weight:600; cursor:pointer; font-size:13px; }
.btn-approve:hover { background:#15803d; }
.btn-decline { flex:1; padding:8px; background:white; color:#dc2626; border:1px solid #dc2626; border-radius:6px; font-weight:600; cursor:pointer; font-size:13px; }
.btn-decline:hover { background:#fee2e2; }
.flash-success { background:#dcfce7; border:1px solid #86efac; color:#166534; padding:12px 14px; border-radius:8px; margin-bottom:16px; font-size:13px; }
.flash-error { background:#fee2e2; border:1px solid #fca5a5; color:#991b1b; padding:12px 14px; border-radius:8px; margin-bottom:16px; font-size:13px; }
</style>
<div class="wrap">
@if (isset($approvalStatus) && $approvalStatus)
<div class="flash-{{ $approvalStatus['kind'] === 'error' ? 'error' : 'success' }}">{{ $approvalStatus['message'] }}</div>
@endif
@if ($pendingWorks->isNotEmpty() || $pendingParts->isNotEmpty())
<div class="approval-banner">
<h3> Necesită aprobarea ta</h3>
<p style="font-size:13px;color:#92400e;margin-bottom:10px;">Am descoperit lucrări suplimentare. Te rugăm decizi mai jos.</p>
@foreach ($pendingWorks as $w)
<div class="approval-line">
<div class="approval-line-title">{{ $w->name }}</div>
<div class="approval-line-amount">{{ rtrim(rtrim(number_format($w->hours, 2), '0'), '.') }} ore · {{ number_format($w->total, 0, '.', ' ') }} MDL</div>
<div class="approval-line-actions">
<form method="POST" action="{{ route('tracking.approve', ['token' => $wo->tracking_token, 'kind' => 'work', 'lineToken' => $w->approval_token]) }}" style="flex:1;display:flex;gap:8px;">
@csrf
<button type="submit" name="decision" value="approve" class="btn-approve"> Aprob</button>
<button type="submit" name="decision" value="decline" class="btn-decline"> Nu aprob</button>
</form>
</div>
</div>
@endforeach
@foreach ($pendingParts as $p)
<div class="approval-line">
<div class="approval-line-title">{{ $p->name }} @if ($p->article) <span style="font-family:monospace;color:#6b7280;font-weight:400;">· {{ $p->article }}</span>@endif</div>
<div class="approval-line-amount">{{ rtrim(rtrim(number_format($p->qty, 2), '0'), '.') }} {{ $p->unit ?? 'buc' }} · {{ number_format($p->total, 0, '.', ' ') }} MDL</div>
<div class="approval-line-actions">
<form method="POST" action="{{ route('tracking.approve', ['token' => $wo->tracking_token, 'kind' => 'part', 'lineToken' => $p->approval_token]) }}" style="flex:1;display:flex;gap:8px;">
@csrf
<button type="submit" name="decision" value="approve" class="btn-approve"> Aprob</button>
<button type="submit" name="decision" value="decline" class="btn-decline"> Nu aprob</button>
</form>
</div>
</div>
@endforeach
</div>
@endif
<div class="card" style="text-align:center;">
<span class="status-badge">{{ $statuses[$wo->status] ?? $wo->status }}</span>
@if ($wo->eta_at && in_array($wo->status, ['in_work', 'awaiting_parts', 'approved', 'diagnosis'], true))