javier
f8a1310c0f
Security fixes (27 vulnerabilities across 20 files): CRITICAL: - MediaManager: whitelist mediable types prevents RCE via class instantiation - MediaManager/OfflineSyncController: IDOR fixes, remove Auth::id()??1 fallback - ClientProjects: verify project ownership on all mutations (IDOR) - CompanyManagement: Admin role check on mount() and mutations (auth bypass) - ProjectMap: scope feature/template lookups to current project (IDOR x5) - PhaseList/TemplateManager/LayerManager: scope mutations to owned resources (IDOR) - ProjectEditTabs: Gate::authorize on mount() and updateProject() - routes/web.php: reports routes moved inside can:manage all middleware (auth bypass) MEDIUM: - layer-manager: escapeHtml() on Leaflet popup interpolations (XSS) - MediaManager: server-side MIME validation + 50MB limit - ProjectList/ProjectUsers/ProjectCompanies/PhaseProgress: auth checks added - AdminUsers/ReportsDashboard/ExportController: role/permission checks added LOW: - config/session.php: secure cookie tied to production env - OfflineSyncController: sanitize storage path (path traversal) UI integration: - project-map: Issues tab (4th) with open-count badge - project-map: project navigation bar (Dashboard/Map/Gantt/Report/Issues) - project-dashboard: action buttons for Map/Gantt/Report/Issues - project-form: validation error summary + per-field @error spans - template-manager: validation error display Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
348 lines
12 KiB
PHP
348 lines
12 KiB
PHP
<?php
|
|
|
|
namespace App\Livewire;
|
|
|
|
use Livewire\Component;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use App\Models\Project;
|
|
use App\Models\Phase;
|
|
use App\Models\Layer;
|
|
use App\Models\Feature;
|
|
use App\Models\Inspection;
|
|
use App\Models\InspectionTemplate;
|
|
|
|
class ProjectMap extends Component
|
|
{
|
|
public Project $project;
|
|
public $phases;
|
|
public $activeLayers = [];
|
|
public $showLayerModal = false;
|
|
|
|
// Editor properties
|
|
public $selectedFeature = null; // será instancia de Feature
|
|
public $selectedPhaseId = null;
|
|
public $editProgress = 0;
|
|
public $editComment = '';
|
|
public $editResponsible = '';
|
|
public $editPhotos = [];
|
|
public $formFullscreen = false;
|
|
// Tab management
|
|
public $activeTab = 'edit'; // edit, features, inspections
|
|
public $allFeatures = [];
|
|
public $allInspections = [];
|
|
|
|
|
|
// Templates e inspecciones
|
|
public $templates = [];
|
|
public $selectedTemplateId = null;
|
|
public $inspectionFormData = [];
|
|
public $inspectionHistory = [];
|
|
|
|
// Imágenes en mapa
|
|
public $showFeatureImages = false;
|
|
public $featureImageMarkers = [];
|
|
|
|
// Tab management
|
|
public $activeTab = 'edit'; // edit or list
|
|
|
|
public function mount(Project $project)
|
|
{
|
|
$user = Auth::user();
|
|
if (!$user->hasRole('Admin') && !$project->users()->where('user_id', $user->id)->exists()) {
|
|
abort(403);
|
|
}
|
|
|
|
$this->project = $project;
|
|
$this->phases = $project->phases()->with(['layers' => function ($q) {
|
|
$q->withCount('features');
|
|
}, 'layers.features'])->get();
|
|
$this->activeLayers = $this->phases->pluck('id')->toArray();
|
|
$this->loadTemplates();
|
|
}
|
|
|
|
public function loadTemplates()
|
|
{
|
|
$this->templates = InspectionTemplate::where('project_id', $this->project->id)->get();
|
|
}
|
|
|
|
public function toggleLayer($phaseId)
|
|
{
|
|
if (in_array($phaseId, $this->activeLayers)) {
|
|
$this->activeLayers = array_diff($this->activeLayers, [$phaseId]);
|
|
} else {
|
|
$this->activeLayers[] = $phaseId;
|
|
}
|
|
$this->dispatch('layersUpdated', $this->activeLayers);
|
|
}
|
|
|
|
public function openLayerModal()
|
|
{
|
|
$this->showLayerModal = true;
|
|
}
|
|
|
|
public function closeLayerModal()
|
|
{
|
|
$this->showLayerModal = false;
|
|
}
|
|
|
|
/**
|
|
* Actualizar el progreso de un Feature y recalcular el progreso de la fase.
|
|
*/
|
|
public function updateProgress($featureId, $newProgress, $comment = null)
|
|
{
|
|
$feature = Feature::with('layer.phase')->findOrFail($featureId);
|
|
// Verify feature belongs to this project (IDOR prevention)
|
|
if ($feature->layer->phase->project_id !== $this->project->id) abort(403);
|
|
|
|
$user = Auth::user();
|
|
if (!$user->can('update progress') && !$user->hasRole('Admin')) {
|
|
$this->dispatch('notify', 'Sin permisos');
|
|
return;
|
|
}
|
|
|
|
$feature->progress = min(100, max(0, $newProgress));
|
|
$feature->save();
|
|
|
|
$phase = Phase::find($feature->layer->phase_id);
|
|
$phase->progress_percent = $phase->features()->avg('progress') ?: 0;
|
|
$phase->save();
|
|
|
|
// Registrar la actualización en progress_updates
|
|
$phase->progressUpdates()->create([
|
|
'user_id' => $user->id,
|
|
'progress_percent' => $phase->progress_percent,
|
|
'comment' => $comment,
|
|
]);
|
|
|
|
$this->dispatch('progressUpdated', $featureId, $feature->progress);
|
|
$this->dispatch('notify', 'Progreso actualizado');
|
|
|
|
// Si el feature seleccionado es el mismo, actualizar la propiedad local
|
|
if ($this->selectedFeature && $this->selectedFeature->id == $featureId) {
|
|
$this->selectedFeature->progress = $feature->progress;
|
|
$this->editProgress = $feature->progress;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Seleccionar un Feature al hacer clic en el mapa.
|
|
*/
|
|
public function selectFeature($featureId)
|
|
{
|
|
$this->selectedFeature = null;
|
|
$feature = Feature::with(['template', 'layer.phase'])->find($featureId);
|
|
if (!$feature) return;
|
|
// Verify feature belongs to this project
|
|
if ($feature->layer->phase->project_id !== $this->project->id) abort(403);
|
|
|
|
$this->selectedFeature = $feature;
|
|
$this->selectedPhaseId = $feature->layer->phase_id;
|
|
$this->editProgress = $feature->progress;
|
|
$this->editResponsible = $feature->responsible ?? '';
|
|
$this->editPhotos = $feature->properties['photos'] ?? [];
|
|
$this->selectedTemplateId = $feature->template_id;
|
|
|
|
$this->loadInspectionHistory();
|
|
$this->resetInspectionForm();
|
|
|
|
$this->dispatch('featureSelected', $featureId);
|
|
}
|
|
|
|
/**
|
|
* Cargar el historial de inspecciones del feature seleccionado.
|
|
*/
|
|
public function loadInspectionHistory()
|
|
{
|
|
if (!$this->selectedFeature) {
|
|
$this->inspectionHistory = [];
|
|
return;
|
|
}
|
|
$this->inspectionHistory = Inspection::where('feature_id', $this->selectedFeature->id)
|
|
->with('user', 'template')
|
|
->orderBy('created_at', 'desc')
|
|
->get();
|
|
}
|
|
|
|
/**
|
|
* Reiniciar el formulario de inspección según el template seleccionado.
|
|
*/
|
|
public function resetInspectionForm()
|
|
{
|
|
$this->inspectionFormData = [];
|
|
if ($this->selectedTemplateId) {
|
|
$template = InspectionTemplate::find($this->selectedTemplateId);
|
|
if ($template) {
|
|
foreach ($template->fields as $field) {
|
|
$this->inspectionFormData[$field['name']] = '';
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Guardar una nueva inspección.
|
|
*/
|
|
public function saveInspection()
|
|
{
|
|
if (!$this->selectedFeature || !$this->selectedTemplateId) {
|
|
$this->dispatch('notify', 'Selecciona un elemento y un template.');
|
|
return;
|
|
}
|
|
|
|
// Verify the template belongs to this project
|
|
$template = InspectionTemplate::where('id', $this->selectedTemplateId)
|
|
->where('project_id', $this->project->id)
|
|
->firstOrFail();
|
|
foreach ($template->fields as $field) {
|
|
if (($field['required'] ?? false) && empty($this->inspectionFormData[$field['name']])) {
|
|
$this->dispatch('notify', "El campo {$field['label']} es obligatorio.");
|
|
return;
|
|
}
|
|
}
|
|
|
|
$inspection = Inspection::create([
|
|
'project_id' => $this->project->id,
|
|
'layer_id' => $this->selectedFeature->layer_id,
|
|
'feature_id' => $this->selectedFeature->id,
|
|
'template_id' => $this->selectedTemplateId,
|
|
'user_id' => auth()->id(),
|
|
'data' => $this->inspectionFormData,
|
|
]);
|
|
|
|
// Si el template tiene un campo llamado 'progress', actualizar el progreso del feature
|
|
if (isset($this->inspectionFormData['progress'])) {
|
|
$this->updateProgress($this->selectedFeature->id, (int)$this->inspectionFormData['progress'], 'Inspección registrada');
|
|
}
|
|
|
|
$this->loadInspectionHistory();
|
|
$this->resetInspectionForm();
|
|
$this->dispatch('notify', 'Inspección guardada correctamente');
|
|
}
|
|
|
|
/**
|
|
* Asignar un template al feature seleccionado.
|
|
*/
|
|
public function assignTemplateToFeature($templateId)
|
|
{
|
|
if (!$this->selectedFeature) return;
|
|
// Verify template belongs to this project (IDOR prevention)
|
|
$template = InspectionTemplate::where('id', $templateId)
|
|
->where('project_id', $this->project->id)
|
|
->firstOrFail();
|
|
|
|
$feature = Feature::with('layer.phase')->findOrFail($this->selectedFeature->id);
|
|
if ($feature->layer->phase->project_id !== $this->project->id) abort(403);
|
|
|
|
$feature->template_id = $templateId;
|
|
$feature->save();
|
|
$this->selectedFeature = $feature;
|
|
$this->selectedTemplateId = $templateId;
|
|
$this->resetInspectionForm();
|
|
$this->dispatch('notify', 'Template asignado al elemento');
|
|
}
|
|
|
|
/**
|
|
* Guardar progreso y responsable del feature seleccionado.
|
|
*/
|
|
public function saveFeatureProgress()
|
|
{
|
|
if (!$this->selectedFeature) return;
|
|
|
|
$feature = Feature::with('layer.phase')->findOrFail($this->selectedFeature->id);
|
|
if ($feature->layer->phase->project_id !== $this->project->id) abort(403);
|
|
|
|
$feature->progress = min(100, max(0, (int) $this->editProgress));
|
|
$feature->responsible = $this->editResponsible;
|
|
$feature->save();
|
|
$this->selectedFeature = $feature;
|
|
|
|
$phase = Phase::find($feature->layer->phase_id);
|
|
$phase->progress_percent = $phase->features()->avg('progress') ?: 0;
|
|
$phase->save();
|
|
|
|
$this->dispatch('progressUpdated', $phase->id, $phase->progress_percent);
|
|
$this->dispatch('notify', 'Progreso guardado');
|
|
}
|
|
|
|
/**
|
|
* Cuando cambia el template seleccionado, reiniciar el formulario.
|
|
*/
|
|
public function onTemplateChange()
|
|
{
|
|
$this->resetInspectionForm();
|
|
}
|
|
|
|
/**
|
|
* Toggle mostrar imágenes en el mapa.
|
|
*/
|
|
public function toggleFeatureImages()
|
|
{
|
|
$this->showFeatureImages = !$this->showFeatureImages;
|
|
$this->loadFeatureImageMarkers();
|
|
$this->dispatch('featureImagesToggled', $this->showFeatureImages, $this->featureImageMarkers);
|
|
}
|
|
|
|
/**
|
|
* Cargar marcadores de imágenes para el mapa.
|
|
*/
|
|
public function loadFeatureImageMarkers()
|
|
{
|
|
if (!$this->showFeatureImages) {
|
|
$this->featureImageMarkers = [];
|
|
return;
|
|
}
|
|
|
|
$markers = [];
|
|
foreach ($this->phases as $phase) {
|
|
foreach ($phase->layers as $layer) {
|
|
foreach ($layer->features as $feature) {
|
|
$image = $feature->images()->first();
|
|
if ($image) {
|
|
$geo = $feature->geometry;
|
|
$coords = null;
|
|
if ($geo && isset($geo['coordinates'])) {
|
|
if ($geo['type'] === 'Point') {
|
|
$coords = [
|
|
'lat' => $geo['coordinates'][1],
|
|
'lng' => $geo['coordinates'][0],
|
|
];
|
|
} elseif (in_array($geo['type'], ['Polygon', 'LineString'])) {
|
|
$coords = [
|
|
'lat' => $geo['coordinates'][0][1] ?? null,
|
|
'lng' => $geo['coordinates'][0][0] ?? null,
|
|
];
|
|
}
|
|
}
|
|
if ($coords && $coords['lat'] && $coords['lng']) {
|
|
$markers[] = [
|
|
'feature_id' => $feature->id,
|
|
'name' => $feature->name,
|
|
'lat' => $coords['lat'],
|
|
'lng' => $coords['lng'],
|
|
'image_url' => $image->url,
|
|
'image_name' => $image->name,
|
|
];
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
$this->featureImageMarkers = $markers;
|
|
}
|
|
|
|
public function toggleFullscreen()
|
|
{
|
|
$this->formFullscreen = !$this->formFullscreen;
|
|
if (!$this->formFullscreen) {
|
|
$this->dispatch('mapResize');
|
|
}
|
|
}
|
|
|
|
public function render()
|
|
{
|
|
return view('livewire.projects.project-map', [
|
|
'project' => $this->project,
|
|
'phases' => $this->phases,
|
|
]);
|
|
}
|
|
} |