javier/construprogress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50 Commits 1 Branch 1 Tag
a24c8a2c2ec77450be3ca4cd4da2f93db09e322c
Commit Graph

12 Commits

Author SHA1 Message Date
javier a24c8a2c2e fix: restore Rappasoft tables + fix boot errors from security commit 
- Restore UserTable/CompanyTable/ProjectTable usage in users, companies and projects-list pages (security commit had replaced them with plain HTML/DaisyUI tables, losing sorting/search/pagination/format)
- Add missing User->company() belongsTo relationship (UserTable eager loads it; column + migration existed but relation was undefined)
- Add #[Layout] attribute to CompanyManagement/ProjectList/PhaseProgress full-page Livewire components
- Fix config/session.php: use env() instead of app()->environment() which fails during LoadConfiguration (env binding not yet registered)
- Remove duplicate activeTab property in ProjectMap (fatal PHP error)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-17 09:32:36 +02:00
javier f8a1310c0f security: fix 27 vulnerabilities + UI integration (Issues tab, project nav, validation) 
Security fixes (27 vulnerabilities across 20 files):
CRITICAL:
- MediaManager: whitelist mediable types prevents RCE via class instantiation
- MediaManager/OfflineSyncController: IDOR fixes, remove Auth::id()??1 fallback
- ClientProjects: verify project ownership on all mutations (IDOR)
- CompanyManagement: Admin role check on mount() and mutations (auth bypass)
- ProjectMap: scope feature/template lookups to current project (IDOR x5)
- PhaseList/TemplateManager/LayerManager: scope mutations to owned resources (IDOR)
- ProjectEditTabs: Gate::authorize on mount() and updateProject()
- routes/web.php: reports routes moved inside can:manage all middleware (auth bypass)

MEDIUM:
- layer-manager: escapeHtml() on Leaflet popup interpolations (XSS)
- MediaManager: server-side MIME validation + 50MB limit
- ProjectList/ProjectUsers/ProjectCompanies/PhaseProgress: auth checks added
- AdminUsers/ReportsDashboard/ExportController: role/permission checks added

LOW:
- config/session.php: secure cookie tied to production env
- OfflineSyncController: sanitize storage path (path traversal)

UI integration:
- project-map: Issues tab (4th) with open-count badge
- project-map: project navigation bar (Dashboard/Map/Gantt/Report/Issues)
- project-dashboard: action buttons for Map/Gantt/Report/Issues
- project-form: validation error summary + per-field @error spans
- template-manager: validation error display

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-16 18:25:36 +02:00
javier 7d854ffb0a feat: i18n, language switcher fix, DataTable improvements, blade translations 
- Translation system: lang/es/ PHP files (auth, validation, pagination, passwords)
- Rappasoft vendor translations published (lang/vendor/livewire-tables/es/)
- JSON files synced to 391 keys (EN + ES, full parity)
- APP_LOCALE changed to 'es', users.locale column default changed to 'es'
- Language switcher fixed: JS event + window.location.reload() avoids /livewire/update redirect
- SetLocale middleware fallback uses config('app.locale') instead of hardcoded 'en'
- setSortingPillsEnabled(false) on ProjectTable, CompanyTable, UserTable
- Translated 17 blade views: project-map, template-manager, layer-manager,
  company-management, phase-list, media-manager, reports-dashboard,
  client-projects, layer-upload, project-form, project-map-editor-tab,
  admin/users, projects/media, projects/templates, layouts/client
- Navigation 'Empresas' link uses __('Companies')
- Fixed typo key 'Fases and layers' -> 'Phases and layers'

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-16 18:05:53 +02:00
javier 0bf2d82ee1 Implement company management with logo, nickname, status fields; add filters by type and estado; CSV export functionality 2026-05-27 01:33:27 +02:00
javier 4ab7935c17 feat: Add change orders system with client approval/rejection and integrate with client portal 2026-05-25 19:08:06 +02:00
javier a9000d453e feat: Add company association to projects with role management 
- Created Company model and migration with fields: name, tax_id, address, phone, email, website, type, notes
- Created company_project pivot table with role_in_project field
- Added relationships: Project.companies() and Company.projects()
- Created Livewire component ProjectCompanies for managing company assignments
- Added 'Companies' tab to project edit interface alongside Phases and Users tabs
- Implemented assign/remove company functionality with role selection
- Applied same permissions logic as user assignment (assign users permission or Admin role)
 2026-05-13 11:20:33 +02:00
javier 43e8a70f9c Add phase_id to InspectionTemplate model 2026-05-11 14:35:24 +02:00
javier b708e41d6f Fix: Añadir relación feature() al modelo Inspection para resolver RelationNotFoundException en dashboard 2026-05-11 10:58:25 +02:00
javier 8f7b9aa09b Sistema de archivos multimedia: MediaManager, checkbox imágenes en mapa, modal visor, subida por feature/proyecto 2026-05-09 22:28:20 +02:00
javier 7461bd9124 feat: implementar modal gestión capas y limpieza de stubs duplicados 2026-05-08 09:01:00 +02:00
javier 199fb487c2 fix: correcciones parciales - ProjectController, ProfileController, Phase features, project-map JS 2026-05-08 01:16:20 +02:00
javier 156aa14bbb Initial commit - construprogress app 2026-05-07 23:31:33 +02:00