BarangaySystem/.claude/plans/e2b7c6e2fbf042840b482563f920724d-complete.md

task, cycles, context, private, started, finished

task	cycles	context	private	started	finished
Fix public marketplace /list-products-market showing 0 products for unauthenticated users — POST /Market/Products/List has auth middleware but the page is public	3	true	false	2026-05-16T16:02:42Z	2026-05-16T16:03:15Z

files

• routes/web.php [line ~412] — POST /Market/Products/List has 'middleware' => 'auth' but the page is designed to be public
• app/Http/Controllers/Market/ProductController.php [lines 561-607] — listProductsData() already has guest-safe fallback logic but it's never reached due to auth middleware
• app/Http/Controllers/Support/VueRouteMap.php [line ~58] — /list-products-market has loginRequired: false (correctly public)

steps

1. In routes/web.php, on the POST /Market/Products/List route, remove 'middleware' => 'auth' (or change it to optional auth that attaches user if present but doesn't block guests).
   • The controller already handles the guest case: else { $products = Product::where('is_active', true)->get(); } on line ~605.
   • With auth middleware removed, Auth::user() returns null for guests → $UltOpsSupOps = false → falls through to the else branch showing all active products. This is the correct behaviour.
2. No changes needed to ProductController::listProductsData() — it already handles null user correctly.
3. Verify: after removing auth middleware, visiting /list-products-market without login shows the full active product catalog.

context

Current state (confirmed by Playwright):

• /list-products-market loads (loginRequired: false ✓)
• Page calls POST /Market/Products/List → 401 Unauthenticated (auth middleware blocks guest)
• Page shows "0 Products — No products found" for guests even though products exist

Controller fallback code (line ~602-607) already written for guests:

if ($targetStore) {
    $products = $targetStore->products()->where('prd_str.is_active', true)->get();
} elseif ($UltOpsSupOps) {
    $products = Product::select([...])->get();
} else {
    // THIS runs for guests (no store, no big-3 role) — but currently unreachable due to auth middleware
    $products = Product::where('is_active', true)->get();
}

Route fix (web.php):

// BEFORE (blocks guests):
Route::post('/Market/Products/List', [
    'as'         => 'products.list.data',
    'uses'       => ProductController::class . '@listProductsData',
    'middleware' => 'auth',
]);

// AFTER (allows guests):
Route::post('/Market/Products/List', [
    'as'   => 'products.list.data',
    'uses' => ProductController::class . '@listProductsData',
]);

notes

• dictionary: ai-docs/dictionary.md (products table = prd_items, product-store pivot = prd_str)
• linters: none
• constraints: The controller's Auth::user() returns null gracefully for guests in Hypervel — no additional null checks needed.