josh/BarangaySystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
BarangaySystem/.claude/plans/2e79878fa79727eedfab4ed9ab823fff-complete.md
Jonathan Sykes eb4a5731fb initial: bootstrap from BukidBountyApp base
2026-06-06 18:43:00 +08:00

138 lines
7.4 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
task: Enable accounting and sales reports access for STORE_OWNER and STORE_MANAGER — add permissions, open routes, and add Reports/Accounting shortcuts to HomeStoreOwner dashboard
cycles: 5
context: true
private: false
started: 2026-05-16T00:00:00Z
finished: 2026-05-16T00:05:00Z
---
## files
- `app/Http/Controllers/Helpers/Permissions/UserPermissions.php` [lines 838-851] — STORE_OWNER block; missing `ViewAccountingReports` and `ViewGlobalReports`
- `app/Http/Controllers/Support/VueRouteMap.php` [lines 249-254, 333-338] — `/list-reports` and `/accounting-dashboard` both exclude `store owner` and `store manager`
- `app/Http/Controllers/Accounting/AccountingController.php` — gated by `ViewAccountingReports`; data is global, no store scope needed for demo
- `resources/js/Pages/Fragments/Home/HomeStoreOwner.vue` — needs Reports and Accounting shortcut buttons added
- `resources/js/Pages/AccountingDashboard.vue` — check if it has any UI that breaks for non-Big3 users (e.g. "Manage Accounts" button that should be hidden)
- `resources/js/Pages/ListReports.vue` — check if it has any Big3-only controls that need conditional hiding
## steps
1. **`app/Http/Controllers/Helpers/Permissions/UserPermissions.php`** — Add to `UserTypes::STORE_OWNER->value` permissions array (after `JoinCooperative`):
```php
UserActions::ViewAccountingReports,
UserActions::ViewGlobalReports,
UserActions::ViewGlobalTransactions,
```
Add to `UserTypes::STORE_MANAGER->value` permissions array (after `JoinCooperative`):
```php
UserActions::ViewAccountingReports,
UserActions::ViewGlobalReports,
UserActions::ViewGlobalTransactions,
```
2. **`app/Http/Controllers/Support/VueRouteMap.php`** — Update `allowedUserTypes` for:
- `/list-reports` (line ~251): change from `['ult', 'super operator', 'operator']` to `['ult', 'super operator', 'operator', 'store owner', 'store manager']`
- `/accounting-dashboard` (line ~336): change from `['ult', 'super operator', 'operator']` to `['ult', 'super operator', 'operator', 'store owner', 'store manager']`
3. **`resources/js/Pages/AccountingDashboard.vue`** — Audit for Big3-only controls:
- Find any "Manage Accounts", "Create Account", "Delete Account" buttons
- Wrap them in `v-if="isUltimate || isSuperOperator || isOperator"` using `useAuth()` composable
- Store owners should see the read-only Tree/Leaf views and reports but not be able to create/delete accounting nodes
- If the component already uses permission-based hiding, verify it works for `STORE_OWNER`
4. **`resources/js/Pages/ListReports.vue`** — Audit for Big3-only controls:
- Find any "Export All", "Delete Transaction", or administrative bulk-action buttons
- Wrap in `v-if="isUltimate || isSuperOperator || isOperator"`
- Confirm the report data loads correctly (POST `/admin/accounting/reports` — AccountingController checks `ViewAccountingReports` permission which STORE_OWNER will now have)
5. **`resources/js/Pages/Fragments/Home/HomeStoreOwner.vue`** — Add Reports and Accounting shortcut buttons to the `services` computed array:
Add after the existing `POS Keys` entry:
```js
{
icon: 'https://cdn.jsdelivr.net/gh/telemagnadon/obj-vault-3a@v2026.05.14-vendor-2/a/f87407046b18.bin',
title: 'Reports',
pagename: 'ListReports',
},
{
icon: 'https://cdn.jsdelivr.net/gh/telemagnadon/obj-vault-3a@v2026.05.14-vendor-2/a/fa711c34b4ef.svg',
title: 'Accounting',
pagename: 'AccountingDashboard',
},
```
The `services` array currently has 6 tiles; this brings it to 8, which is the standard 2×4 grid layout.
6. **`resources/js/Pages/Fragments/Home/HomeStoreOwner.vue`** — Add `balanceFooterItems` shortcut for Reports:
Current footer has `Open POS` and `My Stores`. Add:
```js
{ title: 'Reports', icon: 'https://cdn.jsdelivr.net/gh/telemagnadon/obj-vault-3a@v2026.05.14-vendor-2/a/f87407046b18.bin', pagename: 'ListReports' }
```
(BalanceBox footer typically shows 2-3 items; verify `WalletFooter` renders a third item correctly — check `BalanceBox.vue` / `WalletFooter.vue` props for max items)
7. **Verify `AddTransaction` route** — Confirm `store owner` is in `allowedUserTypes` for `/add-transaction` in VueRouteMap. If not, add it (store owners need to be able to record manual transactions for their stores).
8. **Manual integration test checklist** (run after server is up):
- Login as store owner (`099` / `polomiko32!`)
- Navigate to `/list-reports` — should load without 403
- Navigate to `/accounting-dashboard` — should load Tree/Leaf view
- Confirm no "Manage Accounts" or destructive buttons appear for the store owner
- Confirm `Reports` and `Accounting` tiles appear on the home dashboard
- Navigate to Home — verify the 8-tile services grid renders correctly
## context
```
// Current STORE_OWNER permissions block (app/Http/Controllers/Helpers/Permissions/UserPermissions.php lines 838-851):
UserTypes::STORE_OWNER->value => [
UserActions::CreateUserStoreManager,
UserActions::CreateUserRider,
UserActions::CreateUserPOSTerminal,
UserActions::ViewUserInfo,
UserActions::ManageUserInfo,
UserActions::ViewShipments,
UserActions::ViewPosReports,
UserActions::ViewPosAccessKeys,
UserActions::CreatePosAccessKey,
UserActions::DeletePosAccessKey,
UserActions::TogglePosAccessKey,
UserActions::JoinCooperative,
// ADD: ViewAccountingReports, ViewGlobalReports, ViewGlobalTransactions
],
// VueRouteMap /list-reports (line ~249-254):
'/list-reports' => [
'component' => 'ListReports',
'loginRequired' => true,
'allowedUserTypes' => ['ult', 'super operator', 'operator'], // ADD: 'store owner', 'store manager'
'module' => 'accounting',
],
// VueRouteMap /accounting-dashboard (line ~333-338):
'/accounting-dashboard' => [
'component' => 'AccountingDashboard',
'loginRequired' => true,
'allowedUserTypes' => ['ult', 'super operator', 'operator'], // ADD: 'store owner', 'store manager'
'module' => 'accounting',
],
// AccountingController permission gates:
// ViewAccountingReports → listTransactions(), getTree(), getLeaf(), reports()
// ManageAccounting → createAccount(), updateAccount(), deleteAccount(), createTransaction()
// STORE_OWNER should get ViewAccountingReports only (read-only view)
// HomeStoreOwner.vue services currently (6 items):
// Create Store, Import Products, New Product, My Products, POS Keys, Manage Stores
// After task: 8 items (+ Reports, Accounting)
// CDN icon URLs in use:
// Reports: .../a/f87407046b18.bin
// Accounting: .../a/fa711c34b4ef.svg (used in HomeOperator.vue)
```
## notes
- dictionary: `ai-docs/dictionary.md`
- linters: none detected
- constraints:
- STORE_OWNER gets **read-only** accounting access (`ViewAccountingReports`) — do NOT add `ManageAccounting`
- The accounting data shown to store owners will be global (all accounts/transactions) since the accounting module is not yet scoped per-store. This is acceptable for a demo. A follow-up task could scope by owned stores.
- `ViewGlobalReports` and `ViewGlobalTransactions` are needed because `ListReports` backend checks these in some endpoints — add them to avoid unexpected 403s when navigating report sub-pages
- If `WalletFooter` has a hard-coded max of 2 items, skip adding the third footer item and only add the tile grid shortcut
- Dark mode compliance: no bg-white, no text-dark in any added code
Reference in New Issue View Git Blame Copy Permalink