From aba71341b997fe65da41949a69b930f7e7a9d87f Mon Sep 17 00:00:00 2001
From: M_Kececi <you@example.com>
Date: Tue, 10 Mar 2026 17:51:31 +0300
Subject: [PATCH] Merge remote-tracking branch 'origin/master'

---
 svc/internal/authz/mssql.go                  |  35 +----
 svc/main.go                                  |  10 ++
 svc/middlewares/authz_v2.go                  |  56 +++++++
 svc/queries/account.go                       |   6 +-
 svc/queries/statement_aging.go               |   9 +-
 svc/routes/customer_balance_pdf.go           | 155 ++++++++++++++-----
 svc/routes/login.go                          |  15 +-
 svc/routes/statement_aging_pdf.go            |   1 +
 ui/src/pages/AccountAgingStatement.vue       |   6 +-
 ui/src/pages/AgingCustomerBalancelist.go.vue |   8 +-
 ui/src/pages/CustomerBalanceList.vue         |   8 +-
 ui/src/pages/OrderEntry.vue                  |  13 +-
 ui/src/pages/OrderProductionUpdate.vue       |   9 +-
 ui/src/pages/ProductStockByAttributes.vue    |  30 ++--
 ui/src/pages/ProductStockQuery.vue           |   7 +-
 ui/src/pages/ProductionWorkerGateway.vue     |   6 +-
 ui/src/pages/StatementReport.vue             |   5 +-
 ui/src/pages/UserDetail.vue                  |   5 -
 ui/src/pages/statementofaccount.vue          |   3 -
 ui/src/router/index.js                       |   7 -
 ui/src/stores/UserDetailStore.js             |  21 ---
 ui/src/stores/authStore.js                   |  12 --
 ui/src/stores/statementAgingStore.js         |  25 ++-
 ui/src/utils/searchText.js                   |   7 +
 24 files changed, 299 insertions(+), 160 deletions(-)
 create mode 100644 ui/src/utils/searchText.js

diff --git a/svc/internal/authz/mssql.go b/svc/internal/authz/mssql.go
index 498bbb0..77fb71a 100644
--- a/svc/internal/authz/mssql.go
+++ b/svc/internal/authz/mssql.go
@@ -4,7 +4,6 @@ import (
 	"bssapp-backend/auth"
 	"context"
 	"fmt"
-	"strings"
 )
 
 func BuildMSSQLPiyasaFilter(
@@ -27,37 +26,5 @@ func BuildMSSQLPiyasaFilter(
 
 func BuildMSSQLPiyasaFilterWithCodes(column string, codes []string) string {
 	normalizedCol := fmt.Sprintf("UPPER(LTRIM(RTRIM(%s)))", column)
-
-	exact := BuildINClause(normalizedCol, codes)
-	prefixCodes := first3Codes(codes)
-	if len(prefixCodes) == 0 {
-		return exact
-	}
-
-	prefix := BuildINClause(
-		fmt.Sprintf("LEFT(%s, 3)", normalizedCol),
-		prefixCodes,
-	)
-
-	return fmt.Sprintf("(%s OR %s)", exact, prefix)
-}
-
-func first3Codes(codes []string) []string {
-	seen := make(map[string]struct{}, len(codes))
-	out := make([]string, 0, len(codes))
-
-	for _, c := range codes {
-		n := strings.ToUpper(strings.TrimSpace(c))
-		if len(n) < 3 {
-			continue
-		}
-		n = n[:3]
-		if _, ok := seen[n]; ok {
-			continue
-		}
-		seen[n] = struct{}{}
-		out = append(out, n)
-	}
-
-	return out
+	return BuildINClause(normalizedCol, codes)
 }
diff --git a/svc/main.go b/svc/main.go
index dc8ba50..7e818a4 100644
--- a/svc/main.go
+++ b/svc/main.go
@@ -571,6 +571,16 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
 		"order", "view",
 		wrapV3(http.HandlerFunc(routes.GetProductStockQueryByAttributesHandler)),
 	)
+	bindV3(r, pgDB,
+		"/api/product-images", "GET",
+		"order", "view",
+		wrapV3(http.HandlerFunc(routes.GetProductImagesHandler(pgDB))),
+	)
+	bindV3(r, pgDB,
+		"/api/product-images/{id}/content", "GET",
+		"order", "view",
+		wrapV3(http.HandlerFunc(routes.GetProductImageContentHandler(pgDB))),
+	)
 
 	// ============================================================
 	// ROLE MANAGEMENT
diff --git a/svc/middlewares/authz_v2.go b/svc/middlewares/authz_v2.go
index abb9130..25f52b5 100644
--- a/svc/middlewares/authz_v2.go
+++ b/svc/middlewares/authz_v2.go
@@ -70,6 +70,13 @@ var routeMetaFallback = map[string]routeMeta{
 	"GET /api/product-stock-query-by-attributes": {module: "order", action: "view"},
 }
 
+var userLookupPaths = map[string]struct{}{
+	"/api/lookups/roles":       {},
+	"/api/lookups/departments": {},
+	"/api/lookups/piyasalar":   {},
+	"/api/lookups/nebim-users": {},
+}
+
 // =====================================================
 // 🌍 GLOBAL SCOPE CACHE (for invalidation)
 // =====================================================
@@ -859,6 +866,36 @@ func intersect(a, b []string) []string {
 
 	return out
 }
+
+func isUserLookupPath(pathTemplate string) bool {
+	_, ok := userLookupPaths[pathTemplate]
+	return ok
+}
+
+func resolveAnyUserCrudPermission(
+	repo *permissions.PermissionRepository,
+	userID int64,
+	roleID int64,
+	departmentCodes []string,
+) (bool, error) {
+	for _, action := range []string{"view", "insert", "update"} {
+		allowed, err := repo.ResolvePermissionChain(
+			userID,
+			roleID,
+			departmentCodes,
+			"user",
+			action,
+		)
+		if err != nil {
+			return false, err
+		}
+		if allowed {
+			return true, nil
+		}
+	}
+	return false, nil
+}
+
 func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
 
 	return func(next http.Handler) http.Handler {
@@ -993,6 +1030,25 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
 				return
 			}
 
+			if !allowed && isUserLookupPath(pathTemplate) {
+				allowed, err = resolveAnyUserCrudPermission(
+					repo,
+					int64(claims.ID),
+					int64(claims.RoleID),
+					claims.DepartmentCodes,
+				)
+				if err != nil {
+					log.Printf(
+						"❌ AUTHZ: user lookup fallback resolve error user=%d path=%s err=%v",
+						claims.ID,
+						pathTemplate,
+						err,
+					)
+					http.Error(w, "forbidden", http.StatusForbidden)
+					return
+				}
+			}
+
 			if !allowed {
 
 				log.Printf(
diff --git a/svc/queries/account.go b/svc/queries/account.go
index 647b314..7e91c85 100644
--- a/svc/queries/account.go
+++ b/svc/queries/account.go
@@ -26,7 +26,7 @@ func GetAccounts(ctx context.Context) ([]models.Account, error) {
     ;WITH VendorPiyasa AS
     (
         SELECT
-            Cari8 = LEFT(P.CurrAccCode, 8),
+            Cari8 = LEFT(REPLACE(P.CurrAccCode, ' ', ''), 8),
             VendorAtt01 = MAX(P.VendorAtt01)
         FROM
         (
@@ -53,7 +53,7 @@ func GetAccounts(ctx context.Context) ([]models.Account, error) {
             ) pvt
             GROUP BY CurrAccTypeCode, CurrAccCode
         ) P
-        GROUP BY LEFT(P.CurrAccCode, 8)
+        GROUP BY LEFT(REPLACE(P.CurrAccCode, ' ', ''), 8)
     )
     SELECT
         x.AccountCode,
@@ -71,7 +71,7 @@ func GetAccounts(ctx context.Context) ([]models.Account, error) {
             ON f2.CurrAccTypeCode = b.CurrAccTypeCode
            AND f2.CurrAccCode = b.CurrAccCode
         LEFT JOIN VendorPiyasa vp
-            ON vp.Cari8 = LEFT(b.CurrAccCode, 8)
+            ON vp.Cari8 = LEFT(REPLACE(b.CurrAccCode, ' ', ''), 8)
         WHERE b.CurrAccTypeCode IN (1,3)
           AND %s
     ) x
diff --git a/svc/queries/statement_aging.go b/svc/queries/statement_aging.go
index be2d716..7571643 100644
--- a/svc/queries/statement_aging.go
+++ b/svc/queries/statement_aging.go
@@ -104,10 +104,17 @@ func GetStatementAging(params models.StatementAgingParams) ([]map[string]interfa
 
 		tutar := asFloat64(row["EslesenTutar"])
 		usdTutar := toUSD(tutar, curr, usdTry, rateMap)
+		currTry := rateMap[curr]
+		usdToCurr := 0.0
+		if currTry > 0 && usdTry > 0 {
+			usdToCurr = usdTry / currTry
+		}
 
 		row["CariDetay"] = cariDetailMap[cari8]
 		row["UsdTutar"] = round2(usdTutar)
-		row["CurrencyTryRate"] = round6(rateMap[curr])
+		row["CurrencyTryRate"] = round6(currTry)
+		row["UsdTryRate"] = round6(usdTry)
+		row["CurrencyUsdRate"] = round6(usdToCurr)
 	}
 
 	return result, nil
diff --git a/svc/routes/customer_balance_pdf.go b/svc/routes/customer_balance_pdf.go
index 3ddb075..ffa81e0 100644
--- a/svc/routes/customer_balance_pdf.go
+++ b/svc/routes/customer_balance_pdf.go
@@ -86,6 +86,7 @@ func ExportCustomerBalancePDFHandler(_ *sql.DB) http.HandlerFunc {
 			params.CariSearch,
 			detailed,
 			"Cari Bakiye Listesi",
+			false,
 			summaries,
 			detailsByMaster,
 		)
@@ -235,34 +236,51 @@ func drawCustomerBalancePDF(
 	searchText string,
 	detailed bool,
 	reportTitle string,
+	includeVadeColumns bool,
 	summaries []balanceSummaryPDF,
 	detailsByMaster map[string][]models.CustomerBalanceListRow,
 ) {
-	pageW, _ := pdf.GetPageSize()
+	pageW, pageH := pdf.GetPageSize()
 	marginL, marginT, marginR, marginB := 8.0, 8.0, 8.0, 12.0
 	tableW := pageW - marginL - marginR
 
 	summaryCols := []string{"Ana Cari Kod", "Ana Cari Detay", "Piyasa", "Temsilci", "Risk", "1_2 Pr.Br", "1_3 Pr.Br", "1_2 USD", "1_2 TRY", "1_3 USD", "1_3 TRY"}
-	summaryW := normalizeWidths([]float64{20, 43, 18, 18, 16, 27, 27, 15, 15, 15, 15}, tableW)
+	summaryWeights := []float64{18, 42, 16, 16, 14, 24, 24, 14, 14, 14, 14}
+	if includeVadeColumns {
+		summaryCols = append(summaryCols, "Vade Gun", "Belge Tarihi Gun")
+		summaryWeights = append(summaryWeights, 12, 16)
+	}
+	summaryW := normalizeWidths(summaryWeights, tableW)
 
 	detailCols := []string{"Cari Kod", "Cari Detay", "Sirket", "Muhasebe", "Doviz", "1_2 Pr.Br", "1_3 Pr.Br", "1_2 USD", "1_2 TRY", "1_3 USD", "1_3 TRY"}
-	detailW := normalizeWidths([]float64{26, 46, 10, 20, 10, 24, 24, 15, 15, 15, 15}, tableW)
+	detailWeights := []float64{23, 40, 9, 18, 9, 20, 20, 13, 13, 13, 13}
+	if includeVadeColumns {
+		detailCols = append(detailCols, "Vade Gun", "Belge Tarihi Gun")
+		detailWeights = append(detailWeights, 11, 14)
+	}
+	detailW := normalizeWidths(detailWeights, tableW)
 
 	header := func() {
 		pdf.AddPage()
+		titleX := marginL
+		if logoPath, err := resolvePdfImagePath("Baggi-Tekstil-A.s-Logolu.jpeg"); err == nil {
+			pdf.ImageOptions(logoPath, marginL, marginT-1, 34, 0, false, gofpdf.ImageOptions{}, 0, "")
+			titleX = marginL + 38
+		}
+
 		pdf.SetFont("dejavu", "B", 15)
 		pdf.SetTextColor(149, 113, 22)
-		pdf.SetXY(marginL, marginT)
+		pdf.SetXY(titleX, marginT)
 		title := strings.TrimSpace(reportTitle)
 		if title == "" {
 			title = "Cari Bakiye Listesi"
 		}
-		pdf.CellFormat(120, 7, title, "", 0, "L", false, 0, "")
+		pdf.CellFormat(140, 7, title, "", 0, "L", false, 0, "")
 
 		pdf.SetFont("dejavu", "", 9)
 		pdf.SetTextColor(20, 20, 20)
 		pdf.SetXY(pageW-marginR-80, marginT+1)
-		pdf.CellFormat(80, 5, "Tarih: "+selectedDate, "", 0, "R", false, 0, "")
+		pdf.CellFormat(80, 5, "Tarih: "+formatDateTR(selectedDate), "", 0, "R", false, 0, "")
 
 		mode := "Detaysiz"
 		if detailed {
@@ -272,8 +290,8 @@ func drawCustomerBalancePDF(
 		pdf.CellFormat(80, 5, "Mod: "+mode, "", 0, "R", false, 0, "")
 
 		if strings.TrimSpace(searchText) != "" {
-			pdf.SetXY(marginL, marginT+8)
-			pdf.CellFormat(tableW, 5, "Arama: "+searchText, "", 0, "L", false, 0, "")
+			pdf.SetXY(titleX, marginT+8)
+			pdf.CellFormat(tableW-(titleX-marginL), 5, "Arama: "+searchText, "", 0, "L", false, 0, "")
 		}
 
 		pdf.SetDrawColor(149, 113, 22)
@@ -283,7 +301,7 @@ func drawCustomerBalancePDF(
 	}
 
 	needPage := func(needH float64) bool {
-		return pdf.GetY()+needH+marginB > 210.0
+		return pdf.GetY()+needH+marginB > pageH
 	}
 
 	drawSummaryHeader := func() {
@@ -323,11 +341,6 @@ func drawCustomerBalancePDF(
 	pdf.SetTextColor(20, 20, 20)
 
 	for _, s := range summaries {
-		if needPage(6.2) {
-			header()
-			drawSummaryHeader()
-		}
-
 		row := []string{
 			s.AnaCariKodu,
 			s.AnaCariAdi,
@@ -341,20 +354,31 @@ func drawCustomerBalancePDF(
 			formatMoneyPDF(s.USDBakiye13),
 			formatMoneyPDF(s.TLBakiye13),
 		}
+		if includeVadeColumns {
+			row = append(row, formatMoneyPDF(s.VadeGun), formatMoneyPDF(s.VadeBelge))
+		}
+
+		rowH := calcPDFRowHeight(pdf, row, summaryW, map[int]bool{1: true, 2: true, 3: true}, 6.2, 3.6)
+		if needPage(rowH) {
+			header()
+			drawSummaryHeader()
+		}
 
 		y := pdf.GetY()
 		x := marginL
 		for i, v := range row {
-			pdf.Rect(x, y, summaryW[i], 6.2, "")
+			pdf.Rect(x, y, summaryW[i], rowH, "")
 			align := "L"
 			if i >= 7 {
 				align = "R"
 			}
-			pdf.SetXY(x+1, y+1)
-			pdf.CellFormat(summaryW[i]-2, 4.2, v, "", 0, align, false, 0, "")
+			if includeVadeColumns && (i == len(row)-1 || i == len(row)-2) {
+				align = "C"
+			}
+			drawPDFCellWrapped(pdf, v, x, y, summaryW[i], rowH, align, 3.6)
 			x += summaryW[i]
 		}
-		pdf.SetY(y + 6.2)
+		pdf.SetY(y + rowH)
 	}
 
 	if !detailed {
@@ -386,7 +410,25 @@ func drawCustomerBalancePDF(
 		pdf.SetTextColor(40, 40, 40)
 
 		for _, r := range rows {
-			if needPage(5.8) {
+			line := []string{
+				r.CariKodu,
+				r.CariDetay,
+				r.Sirket,
+				r.MuhasebeKodu,
+				r.CariDoviz,
+				formatMoneyPDF(r.Bakiye12),
+				formatMoneyPDF(r.Bakiye13),
+				formatMoneyPDF(r.USDBakiye12),
+				formatMoneyPDF(r.TLBakiye12),
+				formatMoneyPDF(r.USDBakiye13),
+				formatMoneyPDF(r.TLBakiye13),
+			}
+			if includeVadeColumns {
+				line = append(line, formatMoneyPDF(r.VadeGun), formatMoneyPDF(r.VadeBelgeGun))
+			}
+
+			rowH := calcPDFRowHeight(pdf, line, detailW, map[int]bool{1: true}, 5.8, 3.3)
+			if needPage(rowH) {
 				header()
 				pdf.SetFont("dejavu", "B", 8)
 				pdf.SetFillColor(218, 193, 151)
@@ -401,38 +443,77 @@ func drawCustomerBalancePDF(
 				pdf.SetTextColor(40, 40, 40)
 			}
 
-			line := []string{
-				r.CariKodu,
-				r.CariDetay,
-				r.Sirket,
-				r.MuhasebeKodu,
-				r.CariDoviz,
-				formatMoneyPDF(r.Bakiye12),
-				formatMoneyPDF(r.Bakiye13),
-				formatMoneyPDF(r.USDBakiye12),
-				formatMoneyPDF(r.TLBakiye12),
-				formatMoneyPDF(r.USDBakiye13),
-				formatMoneyPDF(r.TLBakiye13),
-			}
-
 			rowY := pdf.GetY()
 			rowX := marginL
 			for i, v := range line {
-				pdf.Rect(rowX, rowY, detailW[i], 5.8, "")
+				pdf.Rect(rowX, rowY, detailW[i], rowH, "")
 				align := "L"
 				if i >= 5 {
 					align = "R"
 				}
-				pdf.SetXY(rowX+1, rowY+0.8)
-				pdf.CellFormat(detailW[i]-2, 4.0, v, "", 0, align, false, 0, "")
+				if includeVadeColumns && (i == len(line)-1 || i == len(line)-2) {
+					align = "C"
+				}
+				drawPDFCellWrapped(pdf, v, rowX, rowY, detailW[i], rowH, align, 3.3)
 				rowX += detailW[i]
 			}
-			pdf.SetY(rowY + 5.8)
+			pdf.SetY(rowY + rowH)
 		}
 		pdf.Ln(1.2)
 	}
 }
 
+func formatDateTR(v string) string {
+	s := strings.TrimSpace(v)
+	if s == "" {
+		return s
+	}
+	if t, err := time.Parse("2006-01-02", s); err == nil {
+		return t.Format("02.01.2006")
+	}
+	if t, err := time.Parse(time.RFC3339, s); err == nil {
+		return t.Format("02.01.2006")
+	}
+	return s
+}
+
+func calcPDFRowHeight(pdf *gofpdf.Fpdf, row []string, widths []float64, wrapIdx map[int]bool, minH, lineH float64) float64 {
+	maxLines := 1
+	for i, v := range row {
+		if !wrapIdx[i] {
+			continue
+		}
+		lines := pdf.SplitLines([]byte(strings.TrimSpace(v)), widths[i]-2)
+		if len(lines) > maxLines {
+			maxLines = len(lines)
+		}
+	}
+	h := float64(maxLines)*lineH + 2
+	if h < minH {
+		return minH
+	}
+	return h
+}
+
+func drawPDFCellWrapped(pdf *gofpdf.Fpdf, value string, x, y, w, h float64, align string, lineH float64) {
+	text := strings.TrimSpace(value)
+	lines := pdf.SplitLines([]byte(text), w-2)
+	if len(lines) == 0 {
+		lines = [][]byte{[]byte("")}
+	}
+
+	startY := y + (h-(float64(len(lines))*lineH))/2
+	if startY < y+0.7 {
+		startY = y + 0.7
+	}
+
+	for _, ln := range lines {
+		pdf.SetXY(x+1, startY)
+		pdf.CellFormat(w-2, lineH, string(ln), "", 0, align, false, 0, "")
+		startY += lineH
+	}
+}
+
 func formatCurrencyMapPDF(m map[string]float64) string {
 	if len(m) == 0 {
 		return "-"
diff --git a/svc/routes/login.go b/svc/routes/login.go
index f342921..d9a340f 100644
--- a/svc/routes/login.go
+++ b/svc/routes/login.go
@@ -445,6 +445,12 @@ func UserCreateRoute(db *sql.DB) http.HandlerFunc {
 			return
 		}
 
+		payload.Code = strings.TrimSpace(payload.Code)
+		payload.FullName = strings.TrimSpace(payload.FullName)
+		payload.Email = strings.TrimSpace(payload.Email)
+		payload.Mobile = strings.TrimSpace(payload.Mobile)
+		payload.Address = strings.TrimSpace(payload.Address)
+
 		if payload.Code == "" {
 			http.Error(w, "Kullanıcı kodu zorunludur", http.StatusUnprocessableEntity)
 			return
@@ -460,16 +466,17 @@ func UserCreateRoute(db *sql.DB) http.HandlerFunc {
 		var newID int64
 		err = tx.QueryRow(`
 			INSERT INTO mk_dfusr (
-				code,
+				username,
 				is_active,
 				full_name,
 				email,
 				mobile,
 				address,
 				force_password_change,
-				last_updated_date
+				created_at,
+				updated_at
 			)
-			VALUES ($1,$2,$3,$4,$5,$6,true,NOW())
+			VALUES ($1,$2,$3,$4,$5,$6,true,NOW(),NOW())
 			RETURNING id
 		`,
 			payload.Code,
@@ -481,7 +488,7 @@ func UserCreateRoute(db *sql.DB) http.HandlerFunc {
 		).Scan(&newID)
 
 		if err != nil {
-			log.Println("USER INSERT ERROR:", err)
+			log.Printf("USER INSERT ERROR code=%q email=%q err=%v", payload.Code, payload.Email, err)
 			http.Error(w, "Kullanıcı oluşturulamadı", http.StatusInternalServerError)
 			return
 		}
diff --git a/svc/routes/statement_aging_pdf.go b/svc/routes/statement_aging_pdf.go
index 780d4ad..0a6cb73 100644
--- a/svc/routes/statement_aging_pdf.go
+++ b/svc/routes/statement_aging_pdf.go
@@ -78,6 +78,7 @@ func ExportStatementAgingPDFHandler(_ *sql.DB) http.HandlerFunc {
 			params.CariSearch,
 			detailed,
 			"Cari Yaslandirmali Ekstre",
+			true,
 			summaries,
 			detailsByMaster,
 		)
diff --git a/ui/src/pages/AccountAgingStatement.vue b/ui/src/pages/AccountAgingStatement.vue
index 9b6fa95..66482c9 100644
--- a/ui/src/pages/AccountAgingStatement.vue
+++ b/ui/src/pages/AccountAgingStatement.vue
@@ -186,8 +186,8 @@
                       <template #body-cell-usd_tutar="d">
                         <q-td :props="d" class="text-right">{{ formatAmount(d.row.usd_tutar) }}</q-td>
                       </template>
-                      <template #body-cell-currency_try_rate="d">
-                        <q-td :props="d" class="text-right">{{ formatAmount(d.row.currency_try_rate) }}</q-td>
+                      <template #body-cell-currency_usd_rate="d">
+                        <q-td :props="d" class="text-right">{{ formatAmount(d.row.currency_usd_rate) }}</q-td>
                       </template>
                       <template #body-cell-gun_sayisi="d">
                         <q-td :props="d" class="text-center">{{ formatAmount(d.row.gun_sayisi, 0) }}</q-td>
@@ -266,7 +266,7 @@ const detailColumns = [
   { name: 'odeme_doc_date', label: 'Ödeme DocDate', field: 'odeme_doc_date', align: 'left' },
   { name: 'eslesen_tutar', label: 'Eşleşen Tutar', field: 'eslesen_tutar', align: 'right' },
   { name: 'usd_tutar', label: 'USD Tutar', field: 'usd_tutar', align: 'right' },
-  { name: 'currency_try_rate', label: 'Kur', field: 'currency_try_rate', align: 'right' },
+  { name: 'currency_usd_rate', label: 'Kur', field: 'currency_usd_rate', align: 'right' },
   { name: 'gun_sayisi', label: 'Gün', field: 'gun_sayisi', align: 'center' },
   { name: 'gun_sayisi_docdate', label: 'Gün (DocDate)', field: 'gun_sayisi_docdate', align: 'center' },
   { name: 'aciklama', label: 'Açıklama', field: 'aciklama', align: 'left' },
diff --git a/ui/src/pages/AgingCustomerBalancelist.go.vue b/ui/src/pages/AgingCustomerBalancelist.go.vue
index 40352ab..61ad6c7 100644
--- a/ui/src/pages/AgingCustomerBalancelist.go.vue
+++ b/ui/src/pages/AgingCustomerBalancelist.go.vue
@@ -507,6 +507,7 @@ Vue
         title="Cari Yaşlandırmalı Cari Bakiye Listesi"
         :rows="store.summaryRows"
         :columns="summaryColumns"
+        v-model:pagination="summaryPagination"
         row-key="group_key"
         :loading="store.loading"
         flat
@@ -516,7 +517,6 @@ Vue
         separator="cell"
         hide-bottom
         :rows-per-page-options="[0]"
-        :pagination="{ rowsPerPage: 0 }"
         :table-style="{ tableLayout: 'fixed', width: '100%' }"
         class="balance-table"
       >
@@ -628,6 +628,12 @@ const store = useAccountAgingBalanceStore()
 const expanded = ref({})
 const allDetailsOpen = ref(false)
 const filtersCollapsed = ref(false)
+const summaryPagination = ref({
+  page: 1,
+  rowsPerPage: 0,
+  sortBy: 'ana_cari_kodu',
+  descending: false
+})
 const $q = useQuasar()
 
 const { canRead, canExport } = usePermission()
diff --git a/ui/src/pages/CustomerBalanceList.vue b/ui/src/pages/CustomerBalanceList.vue
index 2282315..8bf2873 100644
--- a/ui/src/pages/CustomerBalanceList.vue
+++ b/ui/src/pages/CustomerBalanceList.vue
@@ -424,6 +424,7 @@
         title="Cari Bakiye Listesi"
         :rows="store.summaryRows"
         :columns="summaryColumns"
+        v-model:pagination="summaryPagination"
         row-key="group_key"
         :loading="store.loading"
         flat
@@ -433,7 +434,6 @@
         separator="cell"
         hide-bottom
         :rows-per-page-options="[0]"
-        :pagination="{ rowsPerPage: 0 }"
         :table-style="{ tableLayout: 'fixed', width: '100%' }"
         class="balance-table"
       >
@@ -531,6 +531,12 @@ const store = useCustomerBalanceListStore()
 const expanded = ref({})
 const allDetailsOpen = ref(false)
 const filtersCollapsed = ref(false)
+const summaryPagination = ref({
+  page: 1,
+  rowsPerPage: 0,
+  sortBy: 'ana_cari_kodu',
+  descending: false
+})
 const $q = useQuasar()
 
 const { canRead, canExport } = usePermission()
diff --git a/ui/src/pages/OrderEntry.vue b/ui/src/pages/OrderEntry.vue
index 12e8f0d..f29e91b 100644
--- a/ui/src/pages/OrderEntry.vue
+++ b/ui/src/pages/OrderEntry.vue
@@ -800,6 +800,7 @@ import dayjs from 'dayjs'
 import api from 'src/services/api.js'
 import { useAuthStore } from 'src/stores/authStore'
 import { formatDateInput, formatDateDisplay } from 'src/utils/formatters'
+import { normalizeSearchText } from 'src/utils/searchText'
 import { usePermission } from 'src/composables/usePermission'
 
 const { canRead, canWrite, canUpdate, canExport } = usePermission()
@@ -1956,13 +1957,13 @@ function filterCari(val, update) {
     return
   }
 
-  const needle = val.toLowerCase()
+  const needle = normalizeSearchText(val)
 
   update(() => {
     filteredCariOptions.value = cariOptions.value.filter(opt => {
-      const kod   = (opt.Cari_Kod || '').toLowerCase()
-      const ad    = (opt.Cari_Ad  || '').toLowerCase()
-      const unvan = (opt.Unvan    || '').toLowerCase()
+      const kod = normalizeSearchText(opt.Cari_Kod)
+      const ad = normalizeSearchText(opt.Cari_Ad)
+      const unvan = normalizeSearchText(opt.Unvan)
       return `${kod} ${ad} ${unvan}`.includes(needle)
     })
   })
@@ -2575,9 +2576,9 @@ function filterModel(val, update) {
     return
   }
   update(() => {
-    const needle = val.toLowerCase()
+    const needle = normalizeSearchText(val)
     filteredModelOptions.value = modelOptions.value.filter(v =>
-      (v.label || '').toLowerCase().includes(needle)
+      normalizeSearchText(v.label).includes(needle)
     )
   })
 }
diff --git a/ui/src/pages/OrderProductionUpdate.vue b/ui/src/pages/OrderProductionUpdate.vue
index e3b4274..ddc36dc 100644
--- a/ui/src/pages/OrderProductionUpdate.vue
+++ b/ui/src/pages/OrderProductionUpdate.vue
@@ -213,6 +213,7 @@ import { computed, onMounted, ref, watch } from 'vue'
 import { useRoute } from 'vue-router'
 import { useQuasar } from 'quasar'
 import { useOrderProductionItemStore } from 'src/stores/OrderProductionItemStore'
+import { normalizeSearchText } from 'src/utils/searchText'
 
 const route = useRoute()
 const $q = useQuasar()
@@ -278,18 +279,18 @@ function formatDate (val) {
 }
 
 const filteredProducts = computed(() => {
-  const needle = String(productSearch.value || '').toLowerCase()
+  const needle = normalizeSearchText(productSearch.value)
   if (!needle) return productOptions.value.slice(0, 50)
   return productOptions.value.filter(p =>
-    String(p?.ProductCode || '').toLowerCase().includes(needle)
+    normalizeSearchText(p?.ProductCode).includes(needle)
   ).slice(0, 50)
 })
 
 const filteredRows = computed(() => {
-  const needle = String(descFilter.value || '').toLowerCase().trim()
+  const needle = normalizeSearchText(descFilter.value)
   if (!needle) return rows.value
   return rows.value.filter(r =>
-    String(r?.OldDesc || '').toLowerCase().includes(needle)
+    normalizeSearchText(r?.OldDesc).includes(needle)
   )
 })
 
diff --git a/ui/src/pages/ProductStockByAttributes.vue b/ui/src/pages/ProductStockByAttributes.vue
index 9fe2f75..850590c 100644
--- a/ui/src/pages/ProductStockByAttributes.vue
+++ b/ui/src/pages/ProductStockByAttributes.vue
@@ -243,6 +243,7 @@ import { computed, onMounted, onUnmounted, ref } from 'vue'
 import { useQuasar } from 'quasar'
 import api from 'src/services/api'
 import { usePermission } from 'src/composables/usePermission'
+import { normalizeSearchText } from 'src/utils/searchText'
 import {
   detectBedenGroup,
   normalizeBedenLabel,
@@ -339,6 +340,13 @@ function parseNumber(value) {
   return Number.isFinite(n) ? n : 0
 }
 
+function sortByTotalQtyDesc(a, b) {
+  const qa = Number(a?.totalQty || 0)
+  const qb = Number(b?.totalQty || 0)
+  if (qb !== qa) return qb - qa
+  return String(a?.key || '').localeCompare(String(b?.key || ''), 'tr', { sensitivity: 'base' })
+}
+
 function buildImageKey(code, color) {
   return `${String(code || '').trim().toUpperCase()}::${String(color || '').trim().toUpperCase()}`
 }
@@ -491,7 +499,7 @@ async function ensureProductImage(code, color) {
 
     const resolved = resolveProductImageUrl(first)
 
-    productImageCache.value[key] = resolved.publicUrl || resolved.contentUrl || ''
+    productImageCache.value[key] = resolved.contentUrl || resolved.publicUrl || ''
     productImageFallbackByKey.value[key] = resolved.contentUrl || ''
   } catch (err) {
     console.warn('[ProductStockByAttributes] product image fetch failed', { code, color, err })
@@ -680,13 +688,17 @@ const level1Groups = computed(() => {
     })
   }
 
-  return Array.from(l1Map.values()).map((l1) => ({
-    ...l1,
-    children: Array.from(l1.childrenMap.values()).map((l2) => ({
-      ...l2,
-      children: Array.from(l2.childrenMap.values())
+  return Array.from(l1Map.values())
+    .map((l1) => ({
+      ...l1,
+      children: Array.from(l1.childrenMap.values())
+        .map((l2) => ({
+          ...l2,
+          children: Array.from(l2.childrenMap.values()).sort(sortByTotalQtyDesc)
+        }))
+        .sort(sortByTotalQtyDesc)
     }))
-  }))
+    .sort(sortByTotalQtyDesc)
 })
 
 function normalizeText(v) {
@@ -748,10 +760,10 @@ function filterOptions(field, val, update) {
     })
     return
   }
-  const needle = String(val || '').toLocaleLowerCase('tr-TR')
+  const needle = normalizeSearchText(val)
   update(() => {
     filteredOptionLists.value[field] = source.filter((opt) =>
-      String(opt || '').toLocaleLowerCase('tr-TR').includes(needle)
+      normalizeSearchText(opt).includes(needle)
     )
   })
 }
diff --git a/ui/src/pages/ProductStockQuery.vue b/ui/src/pages/ProductStockQuery.vue
index 2ee3136..67ec3da 100644
--- a/ui/src/pages/ProductStockQuery.vue
+++ b/ui/src/pages/ProductStockQuery.vue
@@ -241,6 +241,7 @@ import { computed, onMounted, onUnmounted, ref } from 'vue'
 import { useQuasar } from 'quasar'
 import api from 'src/services/api'
 import { usePermission } from 'src/composables/usePermission'
+import { normalizeSearchText } from 'src/utils/searchText'
 import {
   detectBedenGroup,
   normalizeBedenLabel,
@@ -446,7 +447,7 @@ async function ensureProductImage(code, color) {
     if (!first) first = list[0] || null
 
     const resolved = resolveProductImageUrl(first)
-    productImageCache.value[key] = resolved.publicUrl || resolved.contentUrl || ''
+    productImageCache.value[key] = resolved.contentUrl || resolved.publicUrl || ''
     productImageFallbackByKey.value[key] = resolved.contentUrl || ''
   } catch (err) {
     console.warn('[ProductStockQuery] product image fetch failed', { code, color, err })
@@ -651,10 +652,10 @@ function filterProducts(val, update) {
     })
     return
   }
-  const needle = String(val || '').toLocaleLowerCase('tr-TR')
+  const needle = normalizeSearchText(val)
   update(() => {
     filteredProductOptions.value = productOptions.value.filter(opt =>
-      String(opt.label || '').toLocaleLowerCase('tr-TR').includes(needle)
+      normalizeSearchText(opt.label).includes(needle)
     )
   })
 }
diff --git a/ui/src/pages/ProductionWorkerGateway.vue b/ui/src/pages/ProductionWorkerGateway.vue
index fe79e11..1058927 100644
--- a/ui/src/pages/ProductionWorkerGateway.vue
+++ b/ui/src/pages/ProductionWorkerGateway.vue
@@ -96,6 +96,7 @@
 import { ref, computed } from 'vue'
 import { useRouter } from 'vue-router'
 import { usePermission } from 'src/composables/usePermission'
+import { normalizeSearchText } from 'src/utils/searchText'
 
 const { canRead, canWrite } = usePermission()
 
@@ -175,9 +176,10 @@ const filters = ref({
 
 const filteredRows = computed(() => {
   return rows.value.filter(r => {
+    const workOrderNoNeedle = normalizeSearchText(filters.value.workOrderNo)
     if (
-      filters.value.workOrderNo &&
-      !r.workOrderNo.includes(filters.value.workOrderNo)
+      workOrderNoNeedle &&
+      !normalizeSearchText(r.workOrderNo).includes(workOrderNoNeedle)
     ) return false
 
     if (
diff --git a/ui/src/pages/StatementReport.vue b/ui/src/pages/StatementReport.vue
index 63962cb..2adf9f3 100644
--- a/ui/src/pages/StatementReport.vue
+++ b/ui/src/pages/StatementReport.vue
@@ -276,6 +276,7 @@ import { useStatementdetailStore } from 'src/stores/statementdetailStore'
 import { useDownloadstpdfStore } from 'src/stores/downloadstpdfStore'
 import dayjs from 'dayjs'
 import { usePermission } from 'src/composables/usePermission'
+import { normalizeSearchText } from 'src/utils/searchText'
 
 const { canRead, canExport } = usePermission()
 const canReadFinance = canRead('finance')
@@ -297,10 +298,10 @@ function filterCari(val, update) {
     update(() => { filteredOptions.value = accountStore.accountOptions })
     return
   }
-  const needle = val.toLowerCase()
+  const needle = normalizeSearchText(val)
   update(() => {
     filteredOptions.value = accountStore.accountOptions.filter(o =>
-      o.label.toLowerCase().includes(needle) || o.value.toLowerCase().includes(needle)
+      normalizeSearchText(o.label).includes(needle) || normalizeSearchText(o.value).includes(needle)
     )
   })
 }
diff --git a/ui/src/pages/UserDetail.vue b/ui/src/pages/UserDetail.vue
index ec0c588..e05a983 100644
--- a/ui/src/pages/UserDetail.vue
+++ b/ui/src/pages/UserDetail.vue
@@ -404,8 +404,6 @@ async function onSave () {
   }
 
   try {
-    console.log('🟢 onSave() START', { mode: mode.value })
-
     if (form.value.mobile) {
       form.value.mobile = form.value.mobile.replace(/_/g, '').trim()
     }
@@ -415,8 +413,6 @@ async function onSave () {
     if (isNew.value) {
       id = await store.createUser()
 
-      console.log('➡️ CREATE → EDIT MODE id=', id)
-
       // 🔄 EDIT MODE’A GEÇ
       router.replace({
         name: 'user-edit',
@@ -431,7 +427,6 @@ async function onSave () {
     $q.notify({ type: 'positive', message: 'İşlem başarılı' })
 
   } catch (e) {
-    console.error('❌ onSave ERROR', e)
     $q.notify({ type: 'negative', message: store.error || 'İşlem başarısız' })
   }
 }
diff --git a/ui/src/pages/statementofaccount.vue b/ui/src/pages/statementofaccount.vue
index ea53c89..d214554 100644
--- a/ui/src/pages/statementofaccount.vue
+++ b/ui/src/pages/statementofaccount.vue
@@ -323,9 +323,6 @@ function filterCari (val, update) {
 
 onMounted(async () => {
   await accountStore.fetchAccounts()
-  console.log("ACCOUNTS LEN:", accountStore.accounts?.length)
-  console.log("OPTIONS LEN:", accountStore.accountOptions?.length)
-  console.log("FIRST 5:", accountStore.accountOptions?.slice(0,5))
   filteredOptions.value = accountStore.accountOptions
 
 
diff --git a/ui/src/router/index.js b/ui/src/router/index.js
index d82e2e7..d671219 100644
--- a/ui/src/router/index.js
+++ b/ui/src/router/index.js
@@ -26,13 +26,6 @@ export default route(function () {
     const auth = useAuthStore()
     const perm = usePermissionStore()
 
-    if (typeof window !== 'undefined') {
-      console.warn('🧭 ROUTE GUARD HIT:', {
-        path: to.fullPath,
-        meta: to.meta
-      })
-    }
-
     if (typeof window !== 'undefined' && process.env.DEV) {
       window.__auth = auth
       window.__perm = perm
diff --git a/ui/src/stores/UserDetailStore.js b/ui/src/stores/UserDetailStore.js
index abe3169..a18beb4 100644
--- a/ui/src/stores/UserDetailStore.js
+++ b/ui/src/stores/UserDetailStore.js
@@ -164,23 +164,10 @@ export const useUserDetailStore = defineStore('userDetail', {
       this.error = null
 
       try {
-        console.log('🟦 saveUser() START', id)
-
         const payload = this.buildPayload()
-        console.log('📤 PUT payload', payload)
-
         await put(`/users/${id}`, payload)
-
-        console.log('✅ PUT OK → REFETCH USER')
         await this.fetchUser(id)
-
-        console.log('🔄 USER REFRESHED', {
-          hasPassword: this.hasPassword,
-          roles: this.form.roles,
-          departments: this.form.departments
-        })
       } catch (e) {
-        console.error('❌ saveUser FAILED', e)
         this.error = 'Kullanıcı güncellenemedi'
         throw e
       } finally {
@@ -196,26 +183,18 @@ export const useUserDetailStore = defineStore('userDetail', {
       this.error = null
 
       try {
-        console.log('🟢 createUser() START')
-
         const payload = this.buildPayload()
-        console.log('📤 POST payload', payload)
-
         const data = await post('/users', payload)
 
-        console.log('✅ CREATE OK response', data)
-
         const newId = data?.id
         if (!newId) {
           throw new Error('CREATE response id yok')
         }
 
-        console.log('🔁 FETCH NEW USER id=', newId)
         await this.fetchUser(newId)
 
         return newId
       } catch (e) {
-        console.error('❌ createUser FAILED', e)
         this.error = 'Kullanıcı oluşturulamadı'
         throw e
       } finally {
diff --git a/ui/src/stores/authStore.js b/ui/src/stores/authStore.js
index 3dc7a87..56e77b4 100644
--- a/ui/src/stores/authStore.js
+++ b/ui/src/stores/authStore.js
@@ -138,18 +138,6 @@ export const useAuthStore = defineStore('auth', {
       const perm = usePermissionStore()
       await perm.fetchPermissions()
 
-
-
-
-      // 🧪 DEBUG (istersen sonra kaldır)
-      console.log('🔐 AUTH DEBUG', {
-        isAdmin: this.isAdmin,
-        users: perm.hasPermission('/api/users/list'),
-        orders: perm.hasPermission('/api/orders/list'),
-        logs: perm.hasPermission('/api/activity-logs'),
-        permissions: perm.hasPermission('/api/permissions/matrix')
-      })
-
       return true
     }
   }
diff --git a/ui/src/stores/statementAgingStore.js b/ui/src/stores/statementAgingStore.js
index 093b874..08a8c8f 100644
--- a/ui/src/stores/statementAgingStore.js
+++ b/ui/src/stores/statementAgingStore.js
@@ -53,6 +53,7 @@ export const useStatementAgingStore = defineStore('statementAging', {
         const absUsd = Math.abs(usd)
         const gun = Number(row?.gun_sayisi) || 0
         const gunDoc = Number(row?.gun_sayisi_docdate) || 0
+        const usdBasedRate = Number(row?.currency_usd_rate) || 0
         const aciklama = String(row?.aciklama || '').toUpperCase()
 
         if (!masterMap[masterKey]) {
@@ -69,6 +70,9 @@ export const useStatementAgingStore = defineStore('statementAging', {
             weighted_gun_sum: 0,
             weighted_gun_doc_sum: 0,
             weighted_base: 0,
+            kur_weighted_sum: 0,
+            kur_weighted_base: 0,
+            kur_fallback: 0,
             ortalama_gun: 0,
             ortalama_gun_docdate: 0
           }
@@ -90,6 +94,9 @@ export const useStatementAgingStore = defineStore('statementAging', {
             weighted_gun_sum: 0,
             weighted_gun_doc_sum: 0,
             weighted_base: 0,
+            kur_weighted_sum: 0,
+            kur_weighted_base: 0,
+            kur_fallback: 0,
             ortalama_gun: 0,
             ortalama_gun_docdate: 0
           }
@@ -124,6 +131,18 @@ export const useStatementAgingStore = defineStore('statementAging', {
           c.weighted_base += absUsd
           c.weighted_gun_sum += absUsd * gun
           c.weighted_gun_doc_sum += absUsd * gunDoc
+
+          if (usdBasedRate > 0) {
+            m.kur_weighted_base += absUsd
+            m.kur_weighted_sum += absUsd * usdBasedRate
+            c.kur_weighted_base += absUsd
+            c.kur_weighted_sum += absUsd * usdBasedRate
+          }
+        }
+
+        if (usdBasedRate > 0) {
+          m.kur_fallback = usdBasedRate
+          c.kur_fallback = usdBasedRate
         }
 
         if (!detailMap[currencyKey]) detailMap[currencyKey] = []
@@ -133,7 +152,7 @@ export const useStatementAgingStore = defineStore('statementAging', {
       this.masterRows = Object.values(masterMap)
         .map((m) => ({
           ...m,
-          kur: Math.abs(m.toplam_usd) > 0 ? (m.toplam_tutar / m.toplam_usd) : 0,
+          kur: m.kur_weighted_base > 0 ? (m.kur_weighted_sum / m.kur_weighted_base) : m.kur_fallback,
           ortalama_gun: m.weighted_base > 0 ? (m.weighted_gun_sum / m.weighted_base) : 0,
           ortalama_gun_docdate: m.weighted_base > 0 ? (m.weighted_gun_doc_sum / m.weighted_base) : 0
         }))
@@ -143,7 +162,7 @@ export const useStatementAgingStore = defineStore('statementAging', {
       for (const c of Object.values(currencyMap)) {
         const row = {
           ...c,
-          kur: Math.abs(c.toplam_usd) > 0 ? (c.toplam_tutar / c.toplam_usd) : 0,
+          kur: c.kur_weighted_base > 0 ? (c.kur_weighted_sum / c.kur_weighted_base) : c.kur_fallback,
           ortalama_gun: c.weighted_base > 0 ? (c.weighted_gun_sum / c.weighted_base) : 0,
           ortalama_gun_docdate: c.weighted_base > 0 ? (c.weighted_gun_doc_sum / c.weighted_base) : 0
         }
@@ -194,6 +213,8 @@ function normalizeRowKeys(row) {
     gun_sayisi: Number(row.GunSayisi ?? row.gun_sayisi ?? 0),
     gun_sayisi_docdate: Number(row.GunSayisi_DocDate ?? row.gun_sayisi_docdate ?? 0),
     currency_try_rate: Number(row.CurrencyTryRate ?? row.currency_try_rate ?? 0),
+    usd_try_rate: Number(row.UsdTryRate ?? row.usd_try_rate ?? 0),
+    currency_usd_rate: Number(row.CurrencyUsdRate ?? row.currency_usd_rate ?? 0),
     aciklama: row.Aciklama ?? row.aciklama ?? null,
     doc_currency_code: row.DocCurrencyCode ?? row.doc_currency_code ?? null
   }
diff --git a/ui/src/utils/searchText.js b/ui/src/utils/searchText.js
new file mode 100644
index 0000000..1a2d468
--- /dev/null
+++ b/ui/src/utils/searchText.js
@@ -0,0 +1,7 @@
+export function normalizeSearchText (value) {
+  return String(value || '')
+    .toLocaleLowerCase('tr-TR')
+    .normalize('NFD')
+    .replace(/[\u0300-\u036f]/g, '')
+    .trim()
+}