javier/construprogress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55 Commits 1 Branch 1 Tag
941dbd5997768dde2974552a84ee76754c6e0196
Commit Graph

55 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
javier 941dbd5997 restore: bring back f8a1310 (security review) state 
Restores all files to the f8a1310 security-review snapshot as requested,
plus the 2 boot-critical fixes from a24c8a2 (config/session.php env()
instead of app()->environment(), and removal of the duplicate $activeTab
in ProjectMap.php) so the application actually boots.

Forward commit, no history rewrite. The 7d854ff state remains in history.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-17 10:36:44 +02:00
javier c44958ac16 revert: roll back to 7d854ff (pre-security-review state) 
Restores all 27 files changed by the security commit (f8a1310) and later
work back to their 7d854ff state (2026-06-16 18:05), as requested. The
security rewrite regressed map functionality (tabs, inspection editor,
collapsing layers panel) without adding protections the 7d854ff version
did not already have (XSS escaping + IDOR checks were already present).

Done as a forward commit (no history rewrite / force-push) so f8a1310,
a24c8a2 and the merge remain in history and are fully recoverable.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-17 10:23:29 +02:00
javier ee3086c34b Merge branch 'main' of https://homehud.duckdns.org/javier/construprogress 2026-06-17 09:39:27 +02:00
javier a24c8a2c2e fix: restore Rappasoft tables + fix boot errors from security commit 
- Restore UserTable/CompanyTable/ProjectTable usage in users, companies and projects-list pages (security commit had replaced them with plain HTML/DaisyUI tables, losing sorting/search/pagination/format)
- Add missing User->company() belongsTo relationship (UserTable eager loads it; column + migration existed but relation was undefined)
- Add #[Layout] attribute to CompanyManagement/ProjectList/PhaseProgress full-page Livewire components
- Fix config/session.php: use env() instead of app()->environment() which fails during LoadConfiguration (env binding not yet registered)
- Remove duplicate activeTab property in ProjectMap (fatal PHP error)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-17 09:32:36 +02:00
javier f8a1310c0f security: fix 27 vulnerabilities + UI integration (Issues tab, project nav, validation) 
Security fixes (27 vulnerabilities across 20 files):
CRITICAL:
- MediaManager: whitelist mediable types prevents RCE via class instantiation
- MediaManager/OfflineSyncController: IDOR fixes, remove Auth::id()??1 fallback
- ClientProjects: verify project ownership on all mutations (IDOR)
- CompanyManagement: Admin role check on mount() and mutations (auth bypass)
- ProjectMap: scope feature/template lookups to current project (IDOR x5)
- PhaseList/TemplateManager/LayerManager: scope mutations to owned resources (IDOR)
- ProjectEditTabs: Gate::authorize on mount() and updateProject()
- routes/web.php: reports routes moved inside can:manage all middleware (auth bypass)

MEDIUM:
- layer-manager: escapeHtml() on Leaflet popup interpolations (XSS)
- MediaManager: server-side MIME validation + 50MB limit
- ProjectList/ProjectUsers/ProjectCompanies/PhaseProgress: auth checks added
- AdminUsers/ReportsDashboard/ExportController: role/permission checks added

LOW:
- config/session.php: secure cookie tied to production env
- OfflineSyncController: sanitize storage path (path traversal)

UI integration:
- project-map: Issues tab (4th) with open-count badge
- project-map: project navigation bar (Dashboard/Map/Gantt/Report/Issues)
- project-dashboard: action buttons for Map/Gantt/Report/Issues
- project-form: validation error summary + per-field @error spans
- template-manager: validation error display

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-16 18:25:36 +02:00
javier 7d854ffb0a feat: i18n, language switcher fix, DataTable improvements, blade translations 
- Translation system: lang/es/ PHP files (auth, validation, pagination, passwords)
- Rappasoft vendor translations published (lang/vendor/livewire-tables/es/)
- JSON files synced to 391 keys (EN + ES, full parity)
- APP_LOCALE changed to 'es', users.locale column default changed to 'es'
- Language switcher fixed: JS event + window.location.reload() avoids /livewire/update redirect
- SetLocale middleware fallback uses config('app.locale') instead of hardcoded 'en'
- setSortingPillsEnabled(false) on ProjectTable, CompanyTable, UserTable
- Translated 17 blade views: project-map, template-manager, layer-manager,
  company-management, phase-list, media-manager, reports-dashboard,
  client-projects, layer-upload, project-form, project-map-editor-tab,
  admin/users, projects/media, projects/templates, layouts/client
- Navigation 'Empresas' link uses __('Companies')
- Fixed typo key 'Fases and layers' -> 'Phases and layers'

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-16 18:05:53 +02:00
javier c832d4f3da feat: optimize project-map Livewire component with eager loading, XSS prevention, URL validation, and performance improvements 2026-05-28 21:46:25 +02:00
javier 2711dcf2f2 Fix Livewire component structural error and fix JavaScript syntax error in popup content (unexpected token ')') 2026-05-28 16:34:02 +02:00
javier 052e1397df Fix: Corrected structural error in project-map Livewire component (multiple root elements). Moved closing </div> after @push('scripts') to ensure single root element. 2026-05-28 13:07:14 +02:00
javier 02e99329eb Add tabs to project map: Edit, Features, Inspections. Features and Inspections tabs show all items. 2026-05-27 22:40:45 +02:00
javier cf3d32a6fa Add interactive map to project form for setting coordinates and updating address/country 2026-05-27 20:28:44 +02:00
javier 52f586f815 Fix: selectFeature and window.openViewer JS syntax in project-map.blade.php 2026-05-27 19:48:29 +02:00
javier 0f1aa2c38e feat: Update ProjectTable with ID column, improved actions buttons, and modern column configuration 2026-05-27 13:38:23 +02:00
javier 2da0eb817e feat: Add tabs to project map right column with element selector, inspection history and media viewer 2026-05-27 11:56:44 +02:00
javier 971420ebaa feat: Add language switcher to client portal header for desktop view 2026-05-27 10:12:57 +02:00
javier 0f720567c3 feat: Register background sync for offline actions when queued or stored 2026-05-27 09:29:44 +02:00
javier 0bf2d82ee1 Implement company management with logo, nickname, status fields; add filters by type and estado; CSV export functionality 2026-05-27 01:33:27 +02:00
javier 4ab7935c17 feat: Add change orders system with client approval/rejection and integrate with client portal 2026-05-25 19:08:06 +02:00
javier 07ffce437f feat: Add offline media capture capability and enhance offline sync system with comprehensive action type support 2026-05-25 18:41:54 +02:00
javier d4d5097fe2 feat: Enhance offline sync system with support for multiple action types (progress_update, inspection, feature_create, media_upload) and improved error handling 2026-05-25 17:59:03 +02:00
javier c556a4910b feat: Add Excel export functionality for reports (projects, phases, inspections) using maatwebsite/excel 2026-05-25 17:21:25 +02:00
javier fd166edbc6 feat: Enhance PWA with advanced service worker (network-first strategy), background sync, and push notifications 2026-05-25 16:35:55 +02:00
javier 8ca8dfbccc feat: Add client portal with project selection, progress overview, gallery, and change order approval 2026-05-25 15:57:06 +02:00
javier 4f5569a156 feat: Add reports dashboard with Chart.js analytics and PWA improvements (Avante) 2026-05-25 14:38:49 +02:00
javier dbe43a04f3 feat: Add language switcher to responsive settings dropdown 2026-05-14 13:06:11 +02:00
javier 61910d366f feat: Add language switcher to guest layout 2026-05-14 12:58:27 +02:00
javier 2c2e8fde7d feat: Add PWA support (manifest, service worker) and Companies tab to project edit 2026-05-14 12:53:24 +02:00
javier 4f4e83bc66 Actualizar resources/views/projects/edit.blade.php 
funciona
 2026-05-14 10:19:32 +02:00
javier 06ac844402 fix: Resolve missing parameter error in ProjectTable.php by restoring proper column configuration 
The UrlGenerationException was occurring because the configure() method was overwritten
without properly defining the columns, causing route() calls to receive null parameters.
Restored the original column definitions while keeping the clean configure() structure.
 2026-05-13 12:35:42 +02:00
javier a9000d453e feat: Add company association to projects with role management 
- Created Company model and migration with fields: name, tax_id, address, phone, email, website, type, notes
- Created company_project pivot table with role_in_project field
- Added relationships: Project.companies() and Company.projects()
- Created Livewire component ProjectCompanies for managing company assignments
- Added 'Companies' tab to project edit interface alongside Phases and Users tabs
- Implemented assign/remove company functionality with role selection
- Applied same permissions logic as user assignment (assign users permission or Admin role)
 2026-05-13 11:20:33 +02:00
javier 69e6c7889a Fix confirm() syntax error in ProjectTable.php: replace malformed string concatenation with proper translation function call 2026-05-12 14:45:51 +02:00
javier a3918a54a5 Fix syntax error in ProjectTable.php: remove erroneous backslashes before array declarations 2026-05-12 14:12:56 +02:00
javier 4af4387b1e Implement Rappasoft Livewire Tables for project list and replace old component 2026-05-12 14:04:07 +02:00
javier 0bc3ca3d3e Create reusable Livewire component for project edit tabs and replace manual tabs implementation 2026-05-12 12:06:17 +02:00
javier 65254a0dfa Fix project edit view: implement DaisyUI tabs for project data, phases, and users 2026-05-12 09:51:56 +02:00
javier 86dcf960a7 Refactor project edit view: split into tabs for project data, phases, and users 2026-05-12 09:17:28 +02:00
javier 53df28068c Fix: Corrected JavaScript syntax in project-map Blade template (selectFeature and window.openViewer calls). Feat: Enhanced templates page with clearer button text and explanatory text for generic template creation. 2026-05-11 23:27:14 +02:00
javier 7959d44211 fix: Corrected syntax error in project-map Blade template that was preventing map loading; fixed @json() syntax to !!json_encode()!! 2026-05-11 18:13:05 +02:00
javier a4547d4bda feat: Add new template button to templates page and improve template creation form 2026-05-11 16:36:16 +02:00
javier c574e67d71 Add 'Nuevo template' button to template manager 2026-05-11 15:32:00 +02:00
javier 436e3ba5cf Add phase selection to template manager and create new template button 2026-05-11 15:28:16 +02:00
javier 43e8a70f9c Add phase_id to InspectionTemplate model 2026-05-11 14:35:24 +02:00
javier ca74a0c2e2 Add phase_id to inspection_templates to allow templates per phase (optional) 2026-05-11 14:00:21 +02:00
javier 8662e092df Add quick links to projects list and user management in admin view 2026-05-11 13:14:26 +02:00
javier 472a1fdee0 Fix: Capas desaparecen al deseleccionar en mapa principal - corregir manejo de parámetros Livewire en event listener layersUpdated; actualizar configuración Tailwind para DaisyUI 2026-05-11 11:54:19 +02:00
javier b708e41d6f Fix: Añadir relación feature() al modelo Inspection para resolver RelationNotFoundException en dashboard 2026-05-11 10:58:25 +02:00
javier 2cb10b0854 Gestión de usuarios por proyecto: ProjectUsers Livewire, AdminUsers, panel admin con roles, protección de rutas 2026-05-09 23:32:22 +02:00
javier 3e8b6f1eb3 Sistema multilingüe EN/ES: middleware SetLocale, LanguageSwitcher, campo locale en users, traducciones en dashboard/mapa/proyectos/gestores 2026-05-09 23:14:48 +02:00
javier 7bf5a90a24 Fix: import duplicado en ProjectController 2026-05-09 22:35:03 +02:00
javier 8f7b9aa09b Sistema de archivos multimedia: MediaManager, checkbox imágenes en mapa, modal visor, subida por feature/proyecto 2026-05-09 22:28:20 +02:00