Stage 3 — WO photos + ETA + QR + public tracking page

- HasMedia (Spatie) on WorkOrder with `photos` collection
- eta_at + tracking_token columns; token auto-generated on create
- Public /t/{token} page — tenant-scoped via subdomain, white-label themed
- QR code SVG via chillerlan/php-qrcode (inline modal + download)
- Filament: SpatieMediaLibraryFileUpload + ETA picker + tracking section
- EditWorkOrder header action "Link client (QR)" modal
- Fix: Auditable::dontSubmitEmptyLogs() → dontLogEmptyChanges() (removed in activitylog)
- Tests: TrackingPageTest (4 pass) covering token gen + cross-tenant isolation

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-27 19:21:23 +00:00
parent 59409e1b11
commit edcdba9d53
11 changed files with 487 additions and 3 deletions
@@ -101,6 +101,35 @@ class WorkOrderResource extends Resource
Forms\Components\Textarea::make('diagnosis')->label('Diagnostic')->rows(3)->columnSpanFull(),
Forms\Components\Textarea::make('recommendations')->label('Recomandări')->rows(2)->columnSpanFull(),
]),
Schemas\Components\Section::make('Foto')
->collapsible()
->schema([
\Filament\Forms\Components\SpatieMediaLibraryFileUpload::make('photos')
->label('Fotografii')
->collection('photos')
->multiple()
->reorderable()
->image()
->imageEditor()
->maxFiles(20)
->columnSpanFull(),
]),
Schemas\Components\Section::make('Tracking & ETA')
->columns(3)
->collapsible()
->schema([
Forms\Components\DateTimePicker::make('eta_at')
->label('Gata estimat (ETA)')
->seconds(false),
Forms\Components\TextInput::make('tracking_token')
->label('Token public')
->disabled()
->dehydrated(false)
->columnSpan(2)
->helperText(fn (?WorkOrder $record) => $record?->tracking_token
? 'Link client: ' . $record->trackingUrl()
: 'Se generează la salvare'),
]),
Schemas\Components\Section::make('Plată & total')
->columns(3)
->schema([
@@ -15,6 +15,16 @@ class EditWorkOrder extends EditRecord
protected function getHeaderActions(): array
{
return [
Actions\Action::make('tracking')
->label('Link client (QR)')
->icon('heroicon-m-qr-code')
->color('primary')
->modalHeading(fn () => 'Tracking client — WO #' . $this->record->number)
->modalSubmitAction(false)
->modalCancelActionLabel('Închide')
->modalContent(fn () => view('filament.tenant.tracking-qr', [
'wo' => $this->record,
])),
Actions\Action::make('pdf')
->label('Descarcă PDF')
->icon('heroicon-m-document-arrow-down')
@@ -0,0 +1,66 @@
<?php
namespace App\Http\Controllers;
use App\Models\Tenant\WorkOrder;
use App\Tenancy\TenantManager;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class TrackingController extends Controller
{
/**
* Public WO tracking page accessed via QR code or SMS link.
* Tenant is resolved by ResolveTenant from the host, so the global
* BelongsToTenant scope already filters to the correct tenant.
*/
public function show(Request $request, string $token)
{
$tenant = app(TenantManager::class)->current();
if (! $tenant) {
throw new NotFoundHttpException('Tracking only available on tenant subdomain.');
}
$wo = WorkOrder::with(['client', 'vehicle', 'master', 'media'])
->where('tracking_token', $token)
->first();
if (! $wo) {
throw new NotFoundHttpException('Fișa nu a fost găsită.');
}
return view('tracking.show', [
'wo' => $wo,
'tenant' => $tenant,
'photos' => $wo->getMedia('photos'),
]);
}
public function qr(Request $request, string $token)
{
$tenant = app(TenantManager::class)->current();
if (! $tenant) {
throw new NotFoundHttpException();
}
$wo = WorkOrder::where('tracking_token', $token)->first();
if (! $wo) {
throw new NotFoundHttpException();
}
$options = new \chillerlan\QRCode\QROptions([
'outputType' => \chillerlan\QRCode\QRCode::OUTPUT_MARKUP_SVG,
'eccLevel' => \chillerlan\QRCode\QRCode::ECC_M,
'scale' => 6,
'imageBase64' => false,
'svgViewBoxSize' => 200,
'addQuietzone' => true,
]);
$svg = (new \chillerlan\QRCode\QRCode($options))->render($wo->trackingUrl());
return response($svg, 200, [
'Content-Type' => 'image/svg+xml',
'Cache-Control' => 'public, max-age=3600',
]);
}
}
+1 -1
View File
@@ -22,7 +22,7 @@ trait Auditable
return LogOptions::defaults()
->logFillable()
->logOnlyDirty()
->dontSubmitEmptyLogs()
->dontLogEmptyChanges()
->setDescriptionForEvent(fn (string $event) => match ($event) {
'created' => 'creat',
'updated' => 'modificat',
+22 -2
View File
@@ -8,10 +8,12 @@ use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
use Spatie\MediaLibrary\HasMedia;
use Spatie\MediaLibrary\InteractsWithMedia;
class WorkOrder extends Model
class WorkOrder extends Model implements HasMedia
{
use Auditable, BelongsToTenant, SoftDeletes;
use Auditable, BelongsToTenant, InteractsWithMedia, SoftDeletes;
public const STATUSES = [
'new' => 'Nou',
@@ -38,17 +40,29 @@ class WorkOrder extends Model
'complaint', 'diagnosis', 'recommendations',
'status', 'pay_status', 'approved', 'approved_at',
'discount_pct', 'total',
'eta_at', 'tracking_token',
];
protected $casts = [
'opened_at' => 'date',
'closed_at' => 'date',
'approved_at' => 'datetime',
'eta_at' => 'datetime',
'approved' => 'boolean',
'discount_pct' => 'decimal:2',
'total' => 'decimal:2',
];
public function registerMediaCollections(): void
{
$this->addMediaCollection('photos');
}
public function trackingUrl(): string
{
return url('/t/' . $this->tracking_token);
}
public function client(): BelongsTo
{
return $this->belongsTo(Client::class);
@@ -112,6 +126,12 @@ class WorkOrder extends Model
/** Auto-send 'ready' email + broadcast WS event on status change. */
protected static function booted(): void
{
static::creating(function (self $wo) {
if (empty($wo->tracking_token)) {
$wo->tracking_token = \Illuminate\Support\Str::random(24);
}
});
static::updated(function (self $wo) {
if (
$wo->wasChanged('status')
@@ -0,0 +1,35 @@
<?php
use App\Models\Tenant\WorkOrder;
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\Str;
return new class extends Migration
{
public function up(): void
{
Schema::table('work_orders', function (Blueprint $t) {
$t->dateTime('eta_at')->nullable()->after('closed_at');
$t->string('tracking_token', 32)->nullable()->after('eta_at');
$t->unique('tracking_token');
});
WorkOrder::withoutGlobalScopes()
->whereNull('tracking_token')
->cursor()
->each(function (WorkOrder $wo) {
$wo->tracking_token = Str::random(24);
$wo->saveQuietly();
});
}
public function down(): void
{
Schema::table('work_orders', function (Blueprint $t) {
$t->dropUnique(['tracking_token']);
$t->dropColumn(['eta_at', 'tracking_token']);
});
}
};
+1
View File
@@ -32,5 +32,6 @@
<env name="PULSE_ENABLED" value="false"/>
<env name="TELESCOPE_ENABLED" value="false"/>
<env name="NIGHTWATCH_ENABLED" value="false"/>
<env name="CENTRAL_DOMAIN" value="service.mir.md"/>
</php>
</phpunit>
@@ -0,0 +1,48 @@
@php
$url = $wo->trackingUrl();
$qrSvg = (new \chillerlan\QRCode\QRCode(new \chillerlan\QRCode\QROptions([
'outputType' => \chillerlan\QRCode\QRCode::OUTPUT_MARKUP_SVG,
'eccLevel' => \chillerlan\QRCode\QRCode::ECC_M,
'scale' => 8,
'imageBase64' => false,
'addQuietzone' => true,
])))->render($url);
@endphp
<div class="space-y-4">
<p class="text-sm text-gray-600 dark:text-gray-300">
Trimite acest link clientului vede statusul fișei, ETA și fotografiile fără se logheze.
</p>
<div class="flex justify-center bg-white rounded-lg p-4 border border-gray-200 dark:border-gray-700">
<div style="max-width: 240px;">{!! $qrSvg !!}</div>
</div>
<div class="space-y-2">
<label class="block text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wide">Link</label>
<div class="flex gap-2">
<input
type="text"
value="{{ $url }}"
readonly
onclick="this.select()"
class="flex-1 text-sm rounded-md border-gray-300 dark:border-gray-600 dark:bg-gray-800 dark:text-gray-100 font-mono px-3 py-2"
>
<a
href="{{ $url }}"
target="_blank"
rel="noopener"
class="inline-flex items-center px-3 py-2 text-sm rounded-md bg-primary-600 text-white hover:bg-primary-700"
>
Deschide
</a>
</div>
</div>
<div class="flex gap-2">
<a
href="{{ route('tracking.qr', $wo->tracking_token) }}"
download="WO-{{ $wo->number }}-qr.svg"
class="text-xs text-primary-600 hover:underline"
>Descarcă QR (SVG)</a>
</div>
</div>
+176
View File
@@ -0,0 +1,176 @@
<!DOCTYPE html>
<html lang="{{ app()->getLocale() }}">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>#{{ $wo->number }} — {{ $tenant->display_name ?? $tenant->name }}</title>
@php
$themeColor = $tenant->settings['theme_color'] ?? '#3B82F6';
$logoUrl = method_exists($tenant, 'getLogoUrl') ? $tenant->getLogoUrl() : null;
$faviconUrl = method_exists($tenant, 'getFaviconUrl') ? $tenant->getFaviconUrl() : null;
$statuses = App\Models\Tenant\WorkOrder::STATUSES;
$flow = ['new', 'diagnosis', 'agreement', 'approved', 'in_work', 'awaiting_parts', 'ready', 'done'];
$currentIdx = array_search($wo->status, $flow, true);
@endphp
@if ($faviconUrl)
<link rel="icon" href="{{ $faviconUrl }}">
@endif
<style>
* { box-sizing: border-box; margin: 0; padding: 0; }
body { font-family: system-ui, -apple-system, 'Segoe UI', Roboto, sans-serif; color: #1f2937; background: #f3f4f6; line-height: 1.5; }
.wrap { max-width: 720px; margin: 0 auto; padding: 24px 16px 64px; }
header { background: {{ $themeColor }}; color: #fff; padding: 28px 16px; text-align: center; }
header img { max-height: 56px; margin-bottom: 12px; }
header h1 { font-size: 22px; font-weight: 700; }
header .num { font-size: 14px; opacity: .85; margin-top: 4px; }
.card { background: #fff; border-radius: 12px; padding: 20px; margin-top: 16px; box-shadow: 0 1px 3px rgba(0,0,0,.05); }
.card h2 { font-size: 16px; font-weight: 600; margin-bottom: 14px; color: {{ $themeColor }}; }
.row { display: flex; justify-content: space-between; padding: 6px 0; border-bottom: 1px solid #f3f4f6; font-size: 14px; }
.row:last-child { border-bottom: 0; }
.row .k { color: #6b7280; }
.row .v { font-weight: 500; color: #111827; text-align: right; }
.status-badge {
display: inline-block; padding: 6px 14px; border-radius: 999px;
background: {{ $themeColor }}; color: #fff; font-size: 13px; font-weight: 600;
}
.timeline { list-style: none; padding: 0; }
.timeline li {
position: relative; padding: 10px 0 10px 36px; font-size: 14px;
color: #9ca3af;
}
.timeline li::before {
content: ''; position: absolute; left: 10px; top: 16px;
width: 12px; height: 12px; border-radius: 50%;
background: #e5e7eb; border: 2px solid #fff; box-shadow: 0 0 0 2px #e5e7eb;
}
.timeline li.done { color: #111827; }
.timeline li.done::before { background: {{ $themeColor }}; box-shadow: 0 0 0 2px {{ $themeColor }}; }
.timeline li.current { color: #111827; font-weight: 600; }
.timeline li.current::before { background: {{ $themeColor }}; box-shadow: 0 0 0 2px {{ $themeColor }}33; }
.timeline li:not(:last-child)::after {
content: ''; position: absolute; left: 15px; top: 28px; bottom: -4px;
width: 2px; background: #e5e7eb;
}
.timeline li.done:not(:last-child)::after { background: {{ $themeColor }}; }
.photos { display: grid; grid-template-columns: repeat(auto-fill, minmax(120px, 1fr)); gap: 8px; }
.photos a { display: block; aspect-ratio: 1; overflow: hidden; border-radius: 8px; background: #f3f4f6; }
.photos img { width: 100%; height: 100%; object-fit: cover; }
.note { background: #fefce8; border-left: 3px solid #facc15; padding: 12px; border-radius: 4px; font-size: 14px; color: #713f12; }
.totals { display: flex; justify-content: space-between; align-items: center; padding-top: 12px; border-top: 2px solid #e5e7eb; margin-top: 12px; }
.totals .lbl { font-size: 14px; color: #6b7280; }
.totals .amt { font-size: 22px; font-weight: 700; color: {{ $themeColor }}; }
footer { text-align: center; padding: 24px 16px; color: #9ca3af; font-size: 12px; }
@media (prefers-color-scheme: dark) {
body { background: #0f172a; color: #e5e7eb; }
.card { background: #1e293b; box-shadow: none; }
.row { border-color: #334155; }
.row .k { color: #94a3b8; }
.row .v { color: #f1f5f9; }
.timeline li::before { border-color: #1e293b; box-shadow: 0 0 0 2px #475569; }
.timeline li.done { color: #e5e7eb; }
.timeline li:not(:last-child)::after { background: #475569; }
.note { background: #422006; border-left-color: #ca8a04; color: #fef9c3; }
footer { color: #64748b; }
}
</style>
</head>
<body>
<header>
@if ($logoUrl)<img src="{{ $logoUrl }}" alt="">@endif
<h1>{{ $tenant->display_name ?? $tenant->name }}</h1>
<div class="num">Fișa #{{ $wo->number }}</div>
</header>
<div class="wrap">
<div class="card" style="text-align:center;">
<span class="status-badge">{{ $statuses[$wo->status] ?? $wo->status }}</span>
@if ($wo->eta_at && in_array($wo->status, ['in_work', 'awaiting_parts', 'approved', 'diagnosis'], true))
<p style="margin-top:10px;color:#6b7280;font-size:14px;">
Gata estimat: <strong style="color:#111827">{{ $wo->eta_at->isoFormat('D MMM YYYY, HH:mm') }}</strong>
</p>
@endif
</div>
<div class="card">
<h2>Detalii</h2>
@if ($wo->vehicle)
<div class="row">
<span class="k">Auto</span>
<span class="v">{{ trim($wo->vehicle->make . ' ' . $wo->vehicle->model) }}
@if ($wo->vehicle->plate) · {{ $wo->vehicle->plate }} @endif
</span>
</div>
@endif
@if ($wo->mileage_in)
<div class="row"><span class="k">Kilometraj</span><span class="v">{{ number_format($wo->mileage_in, 0, '.', ' ') }} km</span></div>
@endif
<div class="row"><span class="k">Deschis</span><span class="v">{{ $wo->opened_at?->isoFormat('D MMM YYYY') }}</span></div>
@if ($wo->master)
<div class="row"><span class="k">Maistru</span><span class="v">{{ $wo->master->name }}</span></div>
@endif
</div>
<div class="card">
<h2>Etape</h2>
<ul class="timeline">
@foreach ($flow as $i => $st)
@php
$cls = '';
if ($currentIdx !== false && $i < $currentIdx) $cls = 'done';
elseif ($currentIdx !== false && $i === $currentIdx) $cls = 'current';
@endphp
<li class="{{ $cls }}">{{ $statuses[$st] }}</li>
@endforeach
</ul>
</div>
@if ($wo->complaint)
<div class="card">
<h2>Ce ne-ai cerut</h2>
<p style="font-size:14px;white-space:pre-wrap;">{{ $wo->complaint }}</p>
</div>
@endif
@if ($wo->recommendations)
<div class="card">
<h2>Recomandări</h2>
<div class="note" style="white-space:pre-wrap;">{{ $wo->recommendations }}</div>
</div>
@endif
@if ($photos->count())
<div class="card">
<h2>Fotografii</h2>
<div class="photos">
@foreach ($photos as $p)
<a href="{{ $p->getUrl() }}" target="_blank" rel="noopener">
<img src="{{ $p->getUrl() }}" alt="" loading="lazy">
</a>
@endforeach
</div>
</div>
@endif
@if ((float) $wo->total > 0)
<div class="card">
<div class="totals">
<span class="lbl">Total</span>
<span class="amt">{{ number_format((float) $wo->total, 2, '.', ' ') }} {{ $tenant->settings['currency'] ?? 'MDL' }}</span>
</div>
</div>
@endif
<footer>
Powered by AutoCRM
</footer>
</div>
</body>
</html>
+8
View File
@@ -57,6 +57,14 @@ Route::get('/login', function (Request $request) {
return redirect($tenant ? '/app/login' : '/admin/login');
})->name('login');
// ─── Public WO tracking (no auth, tenant-scoped via subdomain) ──────
Route::get('/t/{token}', [\App\Http\Controllers\TrackingController::class, 'show'])
->where('token', '[A-Za-z0-9]{16,32}')
->name('tracking.show');
Route::get('/t/{token}/qr.svg', [\App\Http\Controllers\TrackingController::class, 'qr'])
->where('token', '[A-Za-z0-9]{16,32}')
->name('tracking.qr');
// Locale switch — POST /locale/{lang} sets session and persists to user.
Route::post('/locale/{lang}', function (Request $request, string $lang) {
if (! in_array($lang, ['ro', 'ru', 'en'], true)) {
+91
View File
@@ -0,0 +1,91 @@
<?php
namespace Tests\Feature;
use App\Models\Central\Company;
use App\Models\Central\Plan;
use App\Models\Tenant\Client;
use App\Models\Tenant\Vehicle;
use App\Models\Tenant\WorkOrder;
use App\Tenancy\TenantManager;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class TrackingPageTest extends TestCase
{
use RefreshDatabase;
public function test_tracking_page_returns_200_on_valid_token(): void
{
$wo = $this->makeWorkOrder('alpha');
$response = $this->get('http://alpha.service.mir.md/t/' . $wo->tracking_token);
$response->assertStatus(200);
$response->assertSee('#' . $wo->number);
}
public function test_tracking_page_404_on_unknown_token(): void
{
$this->makeWorkOrder('beta');
$response = $this->get('http://beta.service.mir.md/t/NotARealTokenZZZZZ');
$response->assertStatus(404);
}
public function test_tracking_token_cannot_be_read_from_other_tenant(): void
{
$woA = $this->makeWorkOrder('gamma');
// Try to access tenant A's WO token from tenant B's subdomain.
$this->makeCompany('delta');
$response = $this->get('http://delta.service.mir.md/t/' . $woA->tracking_token);
$response->assertStatus(404);
}
public function test_token_is_generated_on_create(): void
{
$wo = $this->makeWorkOrder('epsilon');
$this->assertNotEmpty($wo->tracking_token);
$this->assertGreaterThanOrEqual(16, strlen($wo->tracking_token));
}
private function makeWorkOrder(string $slug): WorkOrder
{
$company = $this->makeCompany($slug);
app(TenantManager::class)->setCurrent($company);
$client = Client::create([
'name' => 'Test Client', 'phone' => '+37399' . random_int(100000, 999999),
'type' => 'individual', 'status' => 'active',
]);
$vehicle = Vehicle::create([
'client_id' => $client->id,
'make' => 'VW', 'model' => 'Golf', 'plate' => 'XYZ' . random_int(100, 999),
]);
return WorkOrder::create([
'number' => WorkOrder::generateNumber($company->id),
'client_id' => $client->id,
'vehicle_id' => $vehicle->id,
'opened_at' => now(),
'complaint' => 'Test',
'status' => 'in_work',
]);
}
private function makeCompany(string $slug): Company
{
$plan = Plan::firstOrCreate(['slug' => 'test'], [
'name' => 'Test', 'price' => 0, 'features' => [],
]);
return Company::create([
'plan_id' => $plan->id,
'slug' => $slug,
'name' => ucfirst($slug) . ' Service',
'status' => 'active',
]);
}
}