initial: bootstrap from BukidBountyApp base

2026-06-06 18:43:00 +08:00
commit eb4a5731fb
5674 changed files with 160857 additions and 0 deletions
--- a/.claude/plans/2e79878fa79727eedfab4ed9ab823fff-complete.md
+++ b/.claude/plans/2e79878fa79727eedfab4ed9ab823fff-complete.md
@@ -0,0 +1,137 @@
+---
+task: Enable accounting and sales reports access for STORE_OWNER and STORE_MANAGER — add permissions, open routes, and add Reports/Accounting shortcuts to HomeStoreOwner dashboard
+cycles: 5
+context: true
+private: false
+started: 2026-05-16T00:00:00Z
+finished: 2026-05-16T00:05:00Z
+---
+
+## files
+- `app/Http/Controllers/Helpers/Permissions/UserPermissions.php` [lines 838-851] — STORE_OWNER block; missing `ViewAccountingReports` and `ViewGlobalReports`
+- `app/Http/Controllers/Support/VueRouteMap.php` [lines 249-254, 333-338] — `/list-reports` and `/accounting-dashboard` both exclude `store owner` and `store manager`
+- `app/Http/Controllers/Accounting/AccountingController.php` — gated by `ViewAccountingReports`; data is global, no store scope needed for demo
+- `resources/js/Pages/Fragments/Home/HomeStoreOwner.vue` — needs Reports and Accounting shortcut buttons added
+- `resources/js/Pages/AccountingDashboard.vue` — check if it has any UI that breaks for non-Big3 users (e.g. "Manage Accounts" button that should be hidden)
+- `resources/js/Pages/ListReports.vue` — check if it has any Big3-only controls that need conditional hiding
+
+## steps
+1. **`app/Http/Controllers/Helpers/Permissions/UserPermissions.php`** — Add to `UserTypes::STORE_OWNER->value` permissions array (after `JoinCooperative`):
+   ```php
+   UserActions::ViewAccountingReports,
+   UserActions::ViewGlobalReports,
+   UserActions::ViewGlobalTransactions,
+   ```
+   Add to `UserTypes::STORE_MANAGER->value` permissions array (after `JoinCooperative`):
+   ```php
+   UserActions::ViewAccountingReports,
+   UserActions::ViewGlobalReports,
+   UserActions::ViewGlobalTransactions,
+   ```
+
+2. **`app/Http/Controllers/Support/VueRouteMap.php`** — Update `allowedUserTypes` for:
+   - `/list-reports` (line ~251): change from `['ult', 'super operator', 'operator']` to `['ult', 'super operator', 'operator', 'store owner', 'store manager']`
+   - `/accounting-dashboard` (line ~336): change from `['ult', 'super operator', 'operator']` to `['ult', 'super operator', 'operator', 'store owner', 'store manager']`
+
+3. **`resources/js/Pages/AccountingDashboard.vue`** — Audit for Big3-only controls:
+   - Find any "Manage Accounts", "Create Account", "Delete Account" buttons
+   - Wrap them in `v-if="isUltimate || isSuperOperator || isOperator"` using `useAuth()` composable
+   - Store owners should see the read-only Tree/Leaf views and reports but not be able to create/delete accounting nodes
+   - If the component already uses permission-based hiding, verify it works for `STORE_OWNER`
+
+4. **`resources/js/Pages/ListReports.vue`** — Audit for Big3-only controls:
+   - Find any "Export All", "Delete Transaction", or administrative bulk-action buttons
+   - Wrap in `v-if="isUltimate || isSuperOperator || isOperator"`
+   - Confirm the report data loads correctly (POST `/admin/accounting/reports` — AccountingController checks `ViewAccountingReports` permission which STORE_OWNER will now have)
+
+5. **`resources/js/Pages/Fragments/Home/HomeStoreOwner.vue`** — Add Reports and Accounting shortcut buttons to the `services` computed array:
+   Add after the existing `POS Keys` entry:
+   ```js
+   {
+       icon: 'https://cdn.jsdelivr.net/gh/telemagnadon/obj-vault-3a@v2026.05.14-vendor-2/a/f87407046b18.bin',
+       title: 'Reports',
+       pagename: 'ListReports',
+   },
+   {
+       icon: 'https://cdn.jsdelivr.net/gh/telemagnadon/obj-vault-3a@v2026.05.14-vendor-2/a/fa711c34b4ef.svg',
+       title: 'Accounting',
+       pagename: 'AccountingDashboard',
+   },
+   ```
+   The `services` array currently has 6 tiles; this brings it to 8, which is the standard 2×4 grid layout.
+
+6. **`resources/js/Pages/Fragments/Home/HomeStoreOwner.vue`** — Add `balanceFooterItems` shortcut for Reports:
+   Current footer has `Open POS` and `My Stores`. Add:
+   ```js
+   { title: 'Reports', icon: 'https://cdn.jsdelivr.net/gh/telemagnadon/obj-vault-3a@v2026.05.14-vendor-2/a/f87407046b18.bin', pagename: 'ListReports' }
+   ```
+   (BalanceBox footer typically shows 2-3 items; verify `WalletFooter` renders a third item correctly — check `BalanceBox.vue` / `WalletFooter.vue` props for max items)
+
+7. **Verify `AddTransaction` route** — Confirm `store owner` is in `allowedUserTypes` for `/add-transaction` in VueRouteMap. If not, add it (store owners need to be able to record manual transactions for their stores).
+
+8. **Manual integration test checklist** (run after server is up):
+   - Login as store owner (`099` / `polomiko32!`)
+   - Navigate to `/list-reports` — should load without 403
+   - Navigate to `/accounting-dashboard` — should load Tree/Leaf view
+   - Confirm no "Manage Accounts" or destructive buttons appear for the store owner
+   - Confirm `Reports` and `Accounting` tiles appear on the home dashboard
+   - Navigate to Home — verify the 8-tile services grid renders correctly
+
+## context
+```
+// Current STORE_OWNER permissions block (app/Http/Controllers/Helpers/Permissions/UserPermissions.php lines 838-851):
+UserTypes::STORE_OWNER->value => [
+    UserActions::CreateUserStoreManager,
+    UserActions::CreateUserRider,
+    UserActions::CreateUserPOSTerminal,
+    UserActions::ViewUserInfo,
+    UserActions::ManageUserInfo,
+    UserActions::ViewShipments,
+    UserActions::ViewPosReports,
+    UserActions::ViewPosAccessKeys,
+    UserActions::CreatePosAccessKey,
+    UserActions::DeletePosAccessKey,
+    UserActions::TogglePosAccessKey,
+    UserActions::JoinCooperative,
+    // ADD: ViewAccountingReports, ViewGlobalReports, ViewGlobalTransactions
+],
+
+// VueRouteMap /list-reports (line ~249-254):
+'/list-reports' => [
+    'component'       => 'ListReports',
+    'loginRequired'   => true,
+    'allowedUserTypes' => ['ult', 'super operator', 'operator'],  // ADD: 'store owner', 'store manager'
+    'module'          => 'accounting',
+],
+
+// VueRouteMap /accounting-dashboard (line ~333-338):
+'/accounting-dashboard' => [
+    'component'       => 'AccountingDashboard',
+    'loginRequired'   => true,
+    'allowedUserTypes' => ['ult', 'super operator', 'operator'],  // ADD: 'store owner', 'store manager'
+    'module'          => 'accounting',
+],
+
+// AccountingController permission gates:
+// ViewAccountingReports → listTransactions(), getTree(), getLeaf(), reports()
+// ManageAccounting → createAccount(), updateAccount(), deleteAccount(), createTransaction()
+// STORE_OWNER should get ViewAccountingReports only (read-only view)
+
+// HomeStoreOwner.vue services currently (6 items):
+// Create Store, Import Products, New Product, My Products, POS Keys, Manage Stores
+// After task: 8 items (+ Reports, Accounting)
+
+// CDN icon URLs in use:
+// Reports: .../a/f87407046b18.bin
+// Accounting: .../a/fa711c34b4ef.svg  (used in HomeOperator.vue)
+```
+
+## notes
+- dictionary: `ai-docs/dictionary.md`
+- linters: none detected
+- constraints:
+  - STORE_OWNER gets **read-only** accounting access (`ViewAccountingReports`) — do NOT add `ManageAccounting`
+  - The accounting data shown to store owners will be global (all accounts/transactions) since the accounting module is not yet scoped per-store. This is acceptable for a demo. A follow-up task could scope by owned stores.
+  - `ViewGlobalReports` and `ViewGlobalTransactions` are needed because `ListReports` backend checks these in some endpoints — add them to avoid unexpected 403s when navigating report sub-pages
+  - If `WalletFooter` has a hard-coded max of 2 items, skip adding the third footer item and only add the tile grid shortcut
+  - Dark mode compliance: no bg-white, no text-dark in any added code