josh/BarangaySystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
BarangaySystem/.claude/plans/9407eb3f723064594aef12202c29e320-complete.md
Jonathan Sykes eb4a5731fb initial: bootstrap from BukidBountyApp base
2026-06-06 18:43:00 +08:00

78 lines
4.3 KiB
Markdown
Raw Permalink Blame History

---
task: ManageStoresAdmin page — show Delete and Assign Products actions for STORE_OWNER account type on stores they own
cycles: 5
context: true
private: false
started: 2026-05-17T08:00:00Z
finished: 2026-05-17T08:01:30Z
---
## files
- resources/js/Pages/ManageStoresAdmin.vue [lines 1-28, 88-125, 127-148, 242-263] — main page; action buttons gated by `canModifyStore(store)``!!store.user_can_manage`; currently only imports `isUltimate, isSuperOperator, isOperator` from useAuth; does not import `isStoreOwner`
- app/Http/Controllers/Market/StoreController.php [lines 1299-1350] — `listStores_Admin`: for non-Big3 users sets `$s->user_can_manage` as dynamic attribute via `->each()`; dynamic Eloquent attributes may not serialize reliably in Hypervel
- resources/js/composables/Core/useAuth.js [lines 106, 118-141] — exports `isStoreOwner` computed (role === STORE_OWNER); already available but not used in ManageStoresAdmin
## steps
1. In `ManageStoresAdmin.vue` line 16, add `isStoreOwner` to destructured `useAuth()` return
2. In `ManageStoresAdmin.vue`, update `canModifyStore` to also return true when `isStoreOwner.value` AND `store.user_can_manage` is truthy — or add a separate `isOwnerOf(store)` helper that checks `isStoreOwner.value && !!store.user_can_manage` as secondary gate on the action buttons
3. In `ManageStoresAdmin.vue` action buttons column (lines 247-254), change the `v-if` on Delete and Assign Products buttons to: `v-if="canModifyStore(store) || isStoreOwner"` is NOT correct (too broad); instead ensure `canModifyStore` works by fixing step 4 below
4. In `StoreController.php` `listStores_Admin` (around line 1317 and 1333), replace dynamic attribute assignment `$s->user_can_manage = ...` with `$s->setAttribute('user_can_manage', ...)` to guarantee it lands in the model's `$attributes` array and is included in the JSON response
5. Verify `listStores_Admin` correctly includes store owner stores: `$allowedUserIds = [$user->id, ...$user->getAllDescendants()]``owner_id` of the store must be in this list for store owners who created stores; no change needed if logic is already correct
## context
**ManageStoresAdmin.vue — useAuth import (line 16):**
```js
const { isUltimate, isSuperOperator, isOperator, user } = useAuth()
// missing: isStoreOwner
```
**canModifyStore function (lines 25-27):**
```js
const canModifyStore = (store) => {
return !!store.user_can_manage
}
```
**Action buttons (lines 242-254):**
```vue
<div class="d-flex justify-content-end gap-2">
<button @click="viewStore(store)" ...> <!-- no v-if, always shows -->
<button v-if="canModifyStore(store)" @click="navigate({page:'AddProductsToStore',...})"> <!-- Assign Products -->
<button v-if="canModifyStore(store)" @click="editStore(store)"> <!-- Edit -->
<button v-if="canModifyStore(store)" @click="deleteStore(store)"> <!-- Delete -->
</div>
```
**Backend listStores_Admin — non-Big3 path (StoreController.php ~1333):**
```php
->each(function ($s) use ($allowedUserIds) {
$s->user_can_manage = in_array($s->owner_id, $allowedUserIds) // dynamic property — may not serialize
|| in_array($s->manager_id, $allowedUserIds)
|| $s->managers->pluck('user_id')->intersect($allowedUserIds)->isNotEmpty();
unset($s->managers);
});
```
Fix: use `setAttribute`:
```php
$s->setAttribute('user_can_manage',
in_array($s->owner_id, $allowedUserIds)
|| in_array($s->manager_id, $allowedUserIds)
|| $s->managers->pluck('user_id')->intersect($allowedUserIds)->isNotEmpty()
);
```
Also fix the Big3 path (~line 1317):
```php
->each(fn($s) => $s->user_can_manage = true);
// change to:
->each(fn($s) => $s->setAttribute('user_can_manage', true));
```
## notes
- dictionary: none
- linters: eslint, tsc (check with `npm run type-check` or `tsc --noEmit` if available)
- constraints: Do not change route access control — store owners already have access to `/Admin/Stores/List`, `/Admin/Store/Delete`, `/Admin/Store/ToggleStatus` routes (middleware is only `module:stores`, not role-gated)
- The `deleteStore` and `assignProducts` functions in ManageStoresAdmin already handle the STORE_OWNER case correctly via `canModifyStore` guard — no logic change needed there
- `MyStores.vue` (at `/my-stores`) is a separate page not linked from HomeStoreOwner; ignore it for this task
Reference in New Issue View Git Blame Copy Permalink