60 lines
2.8 KiB
Markdown
60 lines
2.8 KiB
Markdown
---
|
|
task: Fix public marketplace /list-products-market showing 0 products for unauthenticated users — POST /Market/Products/List has auth middleware but the page is public
|
|
cycles: 3
|
|
context: true
|
|
private: false
|
|
started: 2026-05-16T16:02:42Z
|
|
finished: 2026-05-16T16:03:15Z
|
|
---
|
|
|
|
## files
|
|
- routes/web.php [line ~412] — `POST /Market/Products/List` has `'middleware' => 'auth'` but the page is designed to be public
|
|
- app/Http/Controllers/Market/ProductController.php [lines 561-607] — `listProductsData()` already has guest-safe fallback logic but it's never reached due to auth middleware
|
|
- app/Http/Controllers/Support/VueRouteMap.php [line ~58] — `/list-products-market` has `loginRequired: false` (correctly public)
|
|
|
|
## steps
|
|
1. In `routes/web.php`, on the `POST /Market/Products/List` route, remove `'middleware' => 'auth'` (or change it to optional auth that attaches user if present but doesn't block guests).
|
|
- The controller already handles the guest case: `else { $products = Product::where('is_active', true)->get(); }` on line ~605.
|
|
- With auth middleware removed, `Auth::user()` returns null for guests → `$UltOpsSupOps = false` → falls through to the `else` branch showing all active products. This is the correct behaviour.
|
|
2. No changes needed to `ProductController::listProductsData()` — it already handles null user correctly.
|
|
3. Verify: after removing auth middleware, visiting `/list-products-market` without login shows the full active product catalog.
|
|
|
|
## context
|
|
Current state (confirmed by Playwright):
|
|
- `/list-products-market` loads (loginRequired: false ✓)
|
|
- Page calls `POST /Market/Products/List` → 401 Unauthenticated (auth middleware blocks guest)
|
|
- Page shows "0 Products — No products found" for guests even though products exist
|
|
|
|
Controller fallback code (line ~602-607) already written for guests:
|
|
```php
|
|
if ($targetStore) {
|
|
$products = $targetStore->products()->where('prd_str.is_active', true)->get();
|
|
} elseif ($UltOpsSupOps) {
|
|
$products = Product::select([...])->get();
|
|
} else {
|
|
// THIS runs for guests (no store, no big-3 role) — but currently unreachable due to auth middleware
|
|
$products = Product::where('is_active', true)->get();
|
|
}
|
|
```
|
|
|
|
Route fix (web.php):
|
|
```php
|
|
// BEFORE (blocks guests):
|
|
Route::post('/Market/Products/List', [
|
|
'as' => 'products.list.data',
|
|
'uses' => ProductController::class . '@listProductsData',
|
|
'middleware' => 'auth',
|
|
]);
|
|
|
|
// AFTER (allows guests):
|
|
Route::post('/Market/Products/List', [
|
|
'as' => 'products.list.data',
|
|
'uses' => ProductController::class . '@listProductsData',
|
|
]);
|
|
```
|
|
|
|
## notes
|
|
- dictionary: ai-docs/dictionary.md (products table = `prd_items`, product-store pivot = `prd_str`)
|
|
- linters: none
|
|
- constraints: The controller's `Auth::user()` returns null gracefully for guests in Hypervel — no additional null checks needed.
|