--- task: Fix POS Main not showing products assigned to store; update dictionary cycles: 5 context: true private: false started: 2026-05-16T00:00:00Z finished: 2026-05-16T00:01:00Z --- ## files - app/Http/Controllers/Market/ProductController.php [lines 561-633] — listProductsData: contains the if/elseif/elseif bug - resources/js/stores/pos.js [lines 40-85] — fetchProducts: sends access_key + store_hash + session_hash - resources/js/composables/Market/usePosSession.js [lines 25-78] — initialize: orchestrates session/product load order - ai-docs/dictionary.md — project dictionary to be updated with root cause pattern ## steps 1. In `app/Http/Controllers/Market/ProductController.php` at `listProductsData` (line 580-592), replace the `if/elseif/elseif` chain with sequential `if (!$targetStore && ...)` checks so that all three lookup paths (access_key → session_hash → store_hash) are tried in order regardless of which params are present. 2. Update `ai-docs/dictionary.md` under the "POS (Point of Sale)" section to document this pattern: `listProductsData` MUST use sequential `if (!$targetStore)` guards, NOT `if/elseif`, so a stale/invalid access_key does not silently block the store_hash and session_hash fallbacks. ## context ### Root cause `listProductsData` (ProductController.php line 580-592): ```php if ($accessKey) { $keyObj = PosAccessKey::where('access_key', $accessKey)->first(); if ($keyObj) { $targetStore = $keyObj->store; } } elseif ($sessionHash) { // ← NEVER REACHED when access_key is present ... } elseif ($storeHash) { // ← NEVER REACHED when access_key is present ... } ``` If `access_key` is in the request (from localStorage) but doesn't match any `pos_access_keys` row (stale, revoked, or a session-specific token), `$targetStore` stays null and the store_hash/session_hash fallbacks are silently skipped. The result is all global active products are shown instead of the store's assigned products. ### Fix (ProductController.php lines 580-592) Replace with: ```php if ($accessKey) { $keyObj = PosAccessKey::where('access_key', $accessKey)->first(); if ($keyObj) { $targetStore = $keyObj->store; } } if (!$targetStore && $sessionHash) { $sessionObj = PosSession::where('hashkey', $sessionHash)->first(); if ($sessionObj) { $targetStore = $sessionObj->store; } } if (!$targetStore && $storeHash) { $targetStore = Store::where('hashkey', $storeHash)->first(); } ``` ### Frontend sends all three params (pos.js lines 53-56) ```js if (accessKey) params.access_key = accessKey if (storeHash) params.store_hash = storeHash if (this.activeSession) params.session_hash = this.activeSession.hashkey ``` So the fix only needs to be backend-side. ### Dictionary addition Add under "POS (Point of Sale)" in dictionary.md: - **listProductsData store resolution**: Must use sequential `if (!$targetStore)` guards, NOT `if/elseif`. A stale `access_key` in localStorage should not block `store_hash`/`session_hash` fallbacks. Priority order: access_key → session_hash → store_hash. ## notes - dictionary: ai-docs/dictionary.md - linters: phpcs, eslint, tsc - constraints: Hypervel/Hyperf project — use Hypervel imports, not Illuminate