M_Kececi/bssapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source
This commit is contained in:
M_Kececi
2026-03-03 13:29:17 +03:00
parent 4805216808
commit d355ef7acd
21 changed files with 279 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
svc/internal/authz/mssql.go
View File

@@ -1,6 +1,7 @@
package authz package authz
import ( import (
"bssapp-backend/auth"
"context" "context"
"fmt" "fmt"
"strings" "strings"
@@ -10,23 +11,53 @@ func BuildMSSQLPiyasaFilter(
ctx context.Context, ctx context.Context,
column string, column string,
) string { ) string {
claims, ok := auth.GetClaimsFromContext(ctx)
if ok && claims != nil && claims.IsAdmin() {
return "1=1"
}
codes := GetPiyasaCodesFromCtx(ctx) codes := GetPiyasaCodesFromCtx(ctx)
if len(codes) == 0 { if len(codes) == 0 {
return "1=1" return "1=0"
} }
return BuildMSSQLPiyasaFilterWithCodes(column, codes)
}
var quoted []string func BuildMSSQLPiyasaFilterWithCodes(column string, codes []string) string {
normalizedCol := fmt.Sprintf("UPPER(LTRIM(RTRIM(%s)))", column)
exact := BuildINClause(normalizedCol, codes)
prefixCodes := first3Codes(codes)
if len(prefixCodes) == 0 {
return exact
}
prefix := BuildINClause(
fmt.Sprintf("LEFT(%s, 3)", normalizedCol),
prefixCodes,
)
return fmt.Sprintf("(%s OR %s)", exact, prefix)
}
func first3Codes(codes []string) []string {
seen := make(map[string]struct{}, len(codes))
out := make([]string, 0, len(codes))
for _, c := range codes { for _, c := range codes {
quoted = append(quoted, "'"+c+"'") n := strings.ToUpper(strings.TrimSpace(c))
if len(n) < 3 {
continue
}
n = n[:3]
if _, ok := seen[n]; ok {
continue
}
seen[n] = struct{}{}
out = append(out, n)
} }
return fmt.Sprintf( return out
"%s IN (%s)",
column,
strings.Join(quoted, ","),
)
} }

28
svc/internal/authz/piyasa_repo.go
View File

@@ -3,6 +3,7 @@ package authz
import ( import (
"database/sql" "database/sql"
"fmt" "fmt"
"strings"
"sync" "sync"
) )
@@ -35,10 +36,21 @@ func GetUserPiyasaCodes(pg *sql.DB, userID int) ([]string, error) {
// DB QUERY // DB QUERY
// ----------------------------- // -----------------------------
rows, err := pg.Query(` rows, err := pg.Query(`
SELECT piyasa_code WITH user_piyasa AS (
FROM dfusr_piyasa SELECT TRIM(up.piyasa_code) AS raw_code
WHERE dfusr_id = $1 FROM dfusr_piyasa up
AND is_allowed = true WHERE up.dfusr_id = $1
AND up.is_allowed = true
)
SELECT DISTINCT
COALESCE(p_code.code, p_title.code, u.raw_code) AS piyasa_code
FROM user_piyasa u
LEFT JOIN mk_sales_piy p_code
ON UPPER(translate(TRIM(p_code.code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(u.raw_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
LEFT JOIN mk_sales_piy p_title
ON UPPER(translate(TRIM(p_title.title),'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(u.raw_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
`, userID) `, userID)
if err != nil { if err != nil {
return nil, fmt.Errorf("pg piyasa query error: %w", err) return nil, fmt.Errorf("pg piyasa query error: %w", err)
@@ -46,12 +58,20 @@ func GetUserPiyasaCodes(pg *sql.DB, userID int) ([]string, error) {
defer rows.Close() defer rows.Close()
var out []string var out []string
seen := make(map[string]struct{})
for rows.Next() { for rows.Next() {
var code string var code string
if err := rows.Scan(&code); err == nil { if err := rows.Scan(&code); err == nil {
code = strings.ToUpper(strings.TrimSpace(code))
if code != "" {
if _, ok := seen[code]; ok {
continue
}
seen[code] = struct{}{}
out = append(out, code) out = append(out, code)
} }
} }
}
// ----------------------------- // -----------------------------
// CACHE WRITE // CACHE WRITE

26
svc/middlewares/authz_v2.go
View File

@@ -537,9 +537,15 @@ func cachedPiyasaIntersectionAny(pg *sql.DB, c *ttlCache, userID, roleID int64,
err := pg.QueryRow(` err := pg.QueryRow(`
SELECT 1 SELECT 1
FROM dfusr_piyasa up FROM dfusr_piyasa up
LEFT JOIN mk_sales_piy p_code
ON UPPER(translate(TRIM(p_code.code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(up.piyasa_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
LEFT JOIN mk_sales_piy p_title
ON UPPER(translate(TRIM(p_title.title), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(up.piyasa_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
WHERE up.dfusr_id = $1 WHERE up.dfusr_id = $1
AND up.is_allowed = true AND up.is_allowed = true
AND up.piyasa_code = ANY($2) AND UPPER(TRIM(COALESCE(p_code.code, p_title.code, up.piyasa_code))) = ANY($2)
LIMIT 1 LIMIT 1
`, userID, pqArray(piyasaCodes)).Scan(&dummy) `, userID, pqArray(piyasaCodes)).Scan(&dummy)
@@ -988,7 +994,23 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
} }
// ===================================================== // =====================================================
// 5PASS // 5SCOPE CONTEXT ENRICH (for MSSQL piyasa filters)
// =====================================================
if !claims.IsAdmin() {
userPiy, err := authz.GetUserPiyasaCodes(pg, int(claims.ID))
if err != nil {
log.Printf("❌ AUTHZ: user piyasa resolve error user=%d err=%v", claims.ID, err)
http.Error(w, "forbidden", http.StatusForbidden)
return
}
if len(userPiy) > 0 {
r = r.WithContext(authz.WithPiyasaCodes(r.Context(), normalizeCodes(userPiy)))
}
}
// =====================================================
// 6⃣ PASS
// ===================================================== // =====================================================
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
}) })

51
svc/queries/account.go
View File

@@ -13,13 +13,48 @@ import (
func GetAccounts(ctx context.Context) ([]models.Account, error) { func GetAccounts(ctx context.Context) ([]models.Account, error) {
piyasaFilter := authz.BuildMSSQLPiyasaFilter(ctx, "f2.CustomerAtt01") piyasaFilter := authz.BuildMSSQLPiyasaFilter(
ctx,
"CASE WHEN b.CurrAccTypeCode = 1 THEN vp.VendorAtt01 ELSE f2.CustomerAtt01 END",
)
if strings.TrimSpace(piyasaFilter) == "" { if strings.TrimSpace(piyasaFilter) == "" {
piyasaFilter = "1=1" piyasaFilter = "1=1"
} }
query := fmt.Sprintf(` query := fmt.Sprintf(`
;WITH VendorPiyasa AS
(
SELECT
Cari8 = LEFT(P.CurrAccCode, 8),
VendorAtt01 = MAX(P.VendorAtt01)
FROM
(
SELECT
CurrAccTypeCode,
CurrAccCode,
VendorAtt01 = MAX(ISNULL([1], ''))
FROM
(
SELECT
c.CurrAccTypeCode,
c.CurrAccCode,
a.AttributeTypeCode,
a.AttributeCode
FROM cdCurrAcc c WITH (NOLOCK)
LEFT JOIN prCurrAccAttribute a WITH (NOLOCK)
ON a.CurrAccTypeCode = c.CurrAccTypeCode
AND a.CurrAccCode = c.CurrAccCode
WHERE c.CurrAccTypeCode = 1
) d
PIVOT
(
MAX(AttributeCode) FOR AttributeTypeCode IN ([1])
) pvt
GROUP BY CurrAccTypeCode, CurrAccCode
) P
GROUP BY LEFT(P.CurrAccCode, 8)
)
SELECT SELECT
x.AccountCode, x.AccountCode,
MAX(x.AccountName) AS AccountName MAX(x.AccountName) AS AccountName
@@ -29,10 +64,16 @@ func GetAccounts(ctx context.Context) ([]models.Account, error) {
COALESCE(d.CurrAccDescription, '') AS AccountName COALESCE(d.CurrAccDescription, '') AS AccountName
FROM trCurrAccBook b FROM trCurrAccBook b
LEFT JOIN cdCurrAccDesc d LEFT JOIN cdCurrAccDesc d
ON d.CurrAccCode = b.CurrAccCode ON d.CurrAccTypeCode = b.CurrAccTypeCode
JOIN CustomerAttributesFilter f2 AND d.CurrAccCode = b.CurrAccCode
ON f2.CurrAccCode = b.CurrAccCode AND d.LangCode = 'TR'
WHERE %s LEFT JOIN CustomerAttributesFilter f2
ON f2.CurrAccTypeCode = b.CurrAccTypeCode
AND f2.CurrAccCode = b.CurrAccCode
LEFT JOIN VendorPiyasa vp
ON vp.Cari8 = LEFT(b.CurrAccCode, 8)
WHERE b.CurrAccTypeCode IN (1,3)
AND %s
) x ) x
GROUP BY x.AccountCode GROUP BY x.AccountCode
ORDER BY x.AccountCode ORDER BY x.AccountCode

12
svc/queries/customer_balance_list.go
View File

@@ -314,7 +314,12 @@ ORDER BY F.MasterCari;
} }
func loadBalanceLines(ctx context.Context, selectedDate, cariSearch string) ([]mkCariBakiyeLine, error) { func loadBalanceLines(ctx context.Context, selectedDate, cariSearch string) ([]mkCariBakiyeLine, error) {
query := ` piyasaScope, err := buildPiyasaExistsForCariCode(ctx, "CariKodu")
if err != nil {
return nil, err
}
query := fmt.Sprintf(`
SELECT SELECT
CurrAccTypeCode, CurrAccTypeCode,
CariKodu, CariKodu,
@@ -326,8 +331,9 @@ func loadBalanceLines(ctx context.Context, selectedDate, cariSearch string) ([]m
CAST(0 AS DECIMAL(18,4)) AS Vade_Gun, CAST(0 AS DECIMAL(18,4)) AS Vade_Gun,
CAST(0 AS DECIMAL(18,4)) AS Vade_BelgeTarihi_Gun CAST(0 AS DECIMAL(18,4)) AS Vade_BelgeTarihi_Gun
FROM dbo.MK_CARI_BAKIYE_LIST(@SonTarih) FROM dbo.MK_CARI_BAKIYE_LIST(@SonTarih)
WHERE (@CariSearch = '' OR CariKodu LIKE '%' + @CariSearch + '%') WHERE (@CariSearch = '' OR CariKodu LIKE '%%' + @CariSearch + '%%')
` AND %s
`, piyasaScope)
rows, err := db.MssqlDB.QueryContext(ctx, query, rows, err := db.MssqlDB.QueryContext(ctx, query,
sql.Named("SonTarih", selectedDate), sql.Named("SonTarih", selectedDate),

12
svc/queries/statement_aging_balance_list.go
View File

@@ -182,7 +182,12 @@ func GetStatementAgingBalanceList(ctx context.Context, params models.CustomerBal
} }
func loadAgingBalanceLines(ctx context.Context, cariSearch string) ([]mkCariBakiyeLine, error) { func loadAgingBalanceLines(ctx context.Context, cariSearch string) ([]mkCariBakiyeLine, error) {
query := ` piyasaScope, err := buildPiyasaExistsForCariCode(ctx, "LTRIM(RTRIM(CariKodu))")
if err != nil {
return nil, err
}
query := fmt.Sprintf(`
SELECT SELECT
CurrAccTypeCode, CurrAccTypeCode,
CariKodu = LTRIM(RTRIM(CariKodu)), CariKodu = LTRIM(RTRIM(CariKodu)),
@@ -194,9 +199,10 @@ func loadAgingBalanceLines(ctx context.Context, cariSearch string) ([]mkCariBaki
Vade_Gun, Vade_Gun,
Vade_BelgeTarihi_Gun Vade_BelgeTarihi_Gun
FROM dbo.CARI_BAKIYE_GUN_CACHE FROM dbo.CARI_BAKIYE_GUN_CACHE
WHERE (@CariSearch = '' OR LTRIM(RTRIM(CariKodu)) LIKE '%' + @CariSearch + '%') WHERE (@CariSearch = '' OR LTRIM(RTRIM(CariKodu)) LIKE '%%' + @CariSearch + '%%')
AND %s
ORDER BY CariKodu, CariDoviz, PislemTipi ORDER BY CariKodu, CariDoviz, PislemTipi
` `, piyasaScope)
rows, err := db.MssqlDB.QueryContext(ctx, query, sql.Named("CariSearch", strings.TrimSpace(cariSearch))) rows, err := db.MssqlDB.QueryContext(ctx, query, sql.Named("CariSearch", strings.TrimSpace(cariSearch)))
if err != nil { if err != nil {

22
svc/queries/statement_header.go
View File

@@ -3,13 +3,14 @@ package queries
import ( import (
"bssapp-backend/db" "bssapp-backend/db"
"bssapp-backend/models" "bssapp-backend/models"
"context"
"database/sql" "database/sql"
"fmt" "fmt"
"strings" "strings"
) )
// Ana tabloyu getiren fonksiyon (Vue header tablosu için) // Ana tabloyu getiren fonksiyon (Vue header tablosu için)
func GetStatements(params models.StatementParams) ([]models.StatementHeader, error) { func GetStatements(ctx context.Context, params models.StatementParams) ([]models.StatementHeader, error) {
// AccountCode normalize: "ZLA0127" → "ZLA 0127" // AccountCode normalize: "ZLA0127" → "ZLA 0127"
params.AccountCode = normalizeMasterAccountCode(params.AccountCode) params.AccountCode = normalizeMasterAccountCode(params.AccountCode)
@@ -33,6 +34,11 @@ func GetStatements(params models.StatementParams) ([]models.StatementHeader, err
} }
} }
piyasaScope, err := buildPiyasaExistsForCariCode(ctx, "b.CurrAccCode")
if err != nil {
return nil, err
}
query := fmt.Sprintf(` query := fmt.Sprintf(`
;WITH CurrDesc AS ( ;WITH CurrDesc AS (
SELECT SELECT
@@ -58,6 +64,7 @@ HasMovement AS (
AND f.ATAtt01 IN (%s) AND f.ATAtt01 IN (%s)
WHERE LEFT(REPLACE(b.CurrAccCode, ' ', ''), 7) = REPLACE(@Carikod, ' ', '') WHERE LEFT(REPLACE(b.CurrAccCode, ' ', ''), 7) = REPLACE(@Carikod, ' ', '')
AND b.DocumentDate BETWEEN @startdate AND @enddate AND b.DocumentDate BETWEEN @startdate AND @enddate
AND %s
) THEN 1 ELSE 0 END AS HasMov ) THEN 1 ELSE 0 END AS HasMov
), ),
@@ -79,6 +86,7 @@ Opening AS (
ON c.CurrAccBookID = b.CurrAccBookID ON c.CurrAccBookID = b.CurrAccBookID
AND c.CurrencyCode = b.DocCurrencyCode AND c.CurrencyCode = b.DocCurrencyCode
WHERE LEFT(REPLACE(b.CurrAccCode, ' ', ''), 7) = REPLACE(@Carikod, ' ', '') WHERE LEFT(REPLACE(b.CurrAccCode, ' ', ''), 7) = REPLACE(@Carikod, ' ', '')
AND %s
AND ( AND (
(hm.HasMov = 1 AND b.DocumentDate < @startdate) -- hareket varsa: klasik devir (hm.HasMov = 1 AND b.DocumentDate < @startdate) -- hareket varsa: klasik devir
OR (hm.HasMov = 0 AND b.DocumentDate <= @enddate) -- hareket yoksa: enddate itibariyle bakiye OR (hm.HasMov = 0 AND b.DocumentDate <= @enddate) -- hareket yoksa: enddate itibariyle bakiye
@@ -135,6 +143,7 @@ Movements AS (
AND c.CurrencyCode = b.DocCurrencyCode AND c.CurrencyCode = b.DocCurrencyCode
WHERE LEFT(REPLACE(b.CurrAccCode, ' ', ''), 7) = REPLACE(@Carikod, ' ', '') WHERE LEFT(REPLACE(b.CurrAccCode, ' ', ''), 7) = REPLACE(@Carikod, ' ', '')
AND %s
AND b.DocumentDate BETWEEN @startdate AND @enddate AND b.DocumentDate BETWEEN @startdate AND @enddate
) )
@@ -201,12 +210,15 @@ ORDER BY
Para_Birimi, Para_Birimi,
Belge_Tarihi; Belge_Tarihi;
`, `,
parislemFilter, // HasMovement parislemFilter, // HasMovement ATAtt01
parislemFilter, // Opening piyasaScope, // HasMovement piyasa scope
parislemFilter, // Movements parislemFilter, // Opening ATAtt01
piyasaScope, // Opening piyasa scope
parislemFilter, // Movements ATAtt01
piyasaScope, // Movements piyasa scope
) )
rows, err := db.MssqlDB.Query(query, rows, err := db.MssqlDB.QueryContext(ctx, query,
sql.Named("startdate", params.StartDate), sql.Named("startdate", params.StartDate),
sql.Named("enddate", params.EndDate), sql.Named("enddate", params.EndDate),
sql.Named("Carikod", params.AccountCode), sql.Named("Carikod", params.AccountCode),

5
svc/queries/statement_header_pdf.go
View File

@@ -2,11 +2,12 @@ package queries
import ( import (
"bssapp-backend/models" "bssapp-backend/models"
"context"
"log" "log"
) )
func GetStatementsHPDF(accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) { func GetStatementsHPDF(ctx context.Context, accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) {
headers, err := getStatementsForPDF(accountCode, startDate, endDate, parislemler) headers, err := getStatementsForPDF(ctx, accountCode, startDate, endDate, parislemler)
if err != nil { if err != nil {
log.Printf("Header query error: %v", err) log.Printf("Header query error: %v", err)
return nil, nil, err return nil, nil, err

8
svc/queries/statement_pdf_common.go
View File

@@ -1,14 +1,18 @@
package queries package queries
import "bssapp-backend/models" import (
"bssapp-backend/models"
"context"
)
func getStatementsForPDF( func getStatementsForPDF(
ctx context.Context,
accountCode string, accountCode string,
startDate string, startDate string,
endDate string, endDate string,
parislemler []string, parislemler []string,
) ([]models.StatementHeader, error) { ) ([]models.StatementHeader, error) {
return GetStatements(models.StatementParams{ return GetStatements(ctx, models.StatementParams{
AccountCode: accountCode, AccountCode: accountCode,
StartDate: startDate, StartDate: startDate,
EndDate: endDate, EndDate: endDate,

36
svc/queries/statements_detail.go
View File

@@ -3,15 +3,14 @@ package queries
import ( import (
"bssapp-backend/db" "bssapp-backend/db"
"bssapp-backend/models" "bssapp-backend/models"
"context"
"database/sql" "database/sql"
"fmt" "fmt"
"strings" "strings"
) )
/* ============================ DETAIL (ALT TABLO) ============================ */ // DETAIL (ALT TABLO)
func GetStatementDetails(ctx context.Context, accountCode, startDate, endDate string, parislemler []string) ([]models.StatementDetail, error) {
func GetStatementDetails(accountCode, startDate, endDate string, parislemler []string) ([]models.StatementDetail, error) {
// Parislemler filtresi hazırlanır (ör: 1,2,3)
inParislem := "" inParislem := ""
if len(parislemler) > 0 { if len(parislemler) > 0 {
pp := make([]string, len(parislemler)) pp := make([]string, len(parislemler))
@@ -20,6 +19,12 @@ func GetStatementDetails(accountCode, startDate, endDate string, parislemler []s
} }
inParislem = strings.Join(pp, ",") inParislem = strings.Join(pp, ",")
} }
piyasaScope, err := buildPiyasaExistsForCariCode(ctx, "a.CurrAccCode")
if err != nil {
return nil, err
}
query := fmt.Sprintf(` query := fmt.Sprintf(`
SELECT SELECT
CONVERT(varchar(10), a.InvoiceDate, 23) AS Belge_Tarihi, CONVERT(varchar(10), a.InvoiceDate, 23) AS Belge_Tarihi,
@@ -32,16 +37,8 @@ SELECT
a.ItemCode AS Urun_Kodu, a.ItemCode AS Urun_Kodu,
a.ColorCode AS Urun_Rengi, a.ColorCode AS Urun_Rengi,
SUM(a.Qty1) AS Toplam_Adet, SUM(a.Qty1) AS Toplam_Adet,
CAST(SUM(a.Qty1 * ABS(a.Doc_Price)) / NULLIF(SUM(a.Qty1),0) AS numeric(18,4)) AS Doviz_Fiyat,
CAST( CAST(SUM(a.Qty1 * ABS(a.Doc_Price)) AS numeric(18,2)) AS Toplam_Tutar
SUM(a.Qty1 * ABS(a.Doc_Price))
/ NULLIF(SUM(a.Qty1),0)
AS numeric(18,4)) AS Doviz_Fiyat,
CAST(
SUM(a.Qty1 * ABS(a.Doc_Price))
AS numeric(18,2)) AS Toplam_Tutar
FROM AllInvoicesWithAttributes a FROM AllInvoicesWithAttributes a
LEFT JOIN prItemAttribute AnaGrup LEFT JOIN prItemAttribute AnaGrup
ON a.ItemCode = AnaGrup.ItemCode AND AnaGrup.AttributeTypeCode = 1 ON a.ItemCode = AnaGrup.ItemCode AND AnaGrup.AttributeTypeCode = 1
@@ -49,28 +46,24 @@ LEFT JOIN cdItemAttributeDesc AnaGrupDesc
ON AnaGrup.AttributeTypeCode = AnaGrupDesc.AttributeTypeCode ON AnaGrup.AttributeTypeCode = AnaGrupDesc.AttributeTypeCode
AND AnaGrup.AttributeCode = AnaGrupDesc.AttributeCode AND AnaGrup.AttributeCode = AnaGrupDesc.AttributeCode
AND AnaGrup.ItemTypeCode = AnaGrupDesc.ItemTypeCode AND AnaGrup.ItemTypeCode = AnaGrupDesc.ItemTypeCode
LEFT JOIN prItemAttribute AltGrup LEFT JOIN prItemAttribute AltGrup
ON a.ItemCode = AltGrup.ItemCode AND AltGrup.AttributeTypeCode = 2 ON a.ItemCode = AltGrup.ItemCode AND AltGrup.AttributeTypeCode = 2
LEFT JOIN cdItemAttributeDesc AltGrupDesc LEFT JOIN cdItemAttributeDesc AltGrupDesc
ON AltGrup.AttributeTypeCode = AltGrupDesc.AttributeTypeCode ON AltGrup.AttributeTypeCode = AltGrupDesc.AttributeTypeCode
AND AltGrup.AttributeCode = AltGrupDesc.AttributeCode AND AltGrup.AttributeCode = AltGrupDesc.AttributeCode
AND AltGrup.ItemTypeCode = AltGrupDesc.ItemTypeCode AND AltGrup.ItemTypeCode = AltGrupDesc.ItemTypeCode
LEFT JOIN prItemAttribute Garson LEFT JOIN prItemAttribute Garson
ON a.ItemCode = Garson.ItemCode AND Garson.AttributeTypeCode = 44 ON a.ItemCode = Garson.ItemCode AND Garson.AttributeTypeCode = 44
LEFT JOIN cdItemAttributeDesc GarsonDesc LEFT JOIN cdItemAttributeDesc GarsonDesc
ON Garson.AttributeTypeCode = GarsonDesc.AttributeTypeCode ON Garson.AttributeTypeCode = GarsonDesc.AttributeTypeCode
AND Garson.AttributeCode = GarsonDesc.AttributeCode AND Garson.AttributeCode = GarsonDesc.AttributeCode
AND Garson.ItemTypeCode = GarsonDesc.ItemTypeCode AND Garson.ItemTypeCode = GarsonDesc.ItemTypeCode
LEFT JOIN prItemAttribute FitTbl LEFT JOIN prItemAttribute FitTbl
ON a.ItemCode = FitTbl.ItemCode AND FitTbl.AttributeTypeCode = 38 ON a.ItemCode = FitTbl.ItemCode AND FitTbl.AttributeTypeCode = 38
LEFT JOIN cdItemAttributeDesc FitDesc LEFT JOIN cdItemAttributeDesc FitDesc
ON FitTbl.AttributeTypeCode = FitDesc.AttributeTypeCode ON FitTbl.AttributeTypeCode = FitDesc.AttributeTypeCode
AND FitTbl.AttributeCode = FitDesc.AttributeCode AND FitTbl.AttributeCode = FitDesc.AttributeCode
AND FitTbl.ItemTypeCode = FitDesc.ItemTypeCode AND FitTbl.ItemTypeCode = FitDesc.ItemTypeCode
LEFT JOIN prItemAttribute KisaKar LEFT JOIN prItemAttribute KisaKar
ON a.ItemCode = KisaKar.ItemCode AND KisaKar.AttributeTypeCode = 41 ON a.ItemCode = KisaKar.ItemCode AND KisaKar.AttributeTypeCode = 41
LEFT JOIN cdItemAttributeDesc KisaKarDesc LEFT JOIN cdItemAttributeDesc KisaKarDesc
@@ -79,9 +72,11 @@ LEFT JOIN cdItemAttributeDesc KisaKarDesc
AND KisaKar.ItemTypeCode = KisaKarDesc.ItemTypeCode AND KisaKar.ItemTypeCode = KisaKarDesc.ItemTypeCode
WHERE a.CurrAccCode LIKE @Carikod WHERE a.CurrAccCode LIKE @Carikod
AND a.InvoiceDate BETWEEN @StartDate AND @EndDate AND a.InvoiceDate BETWEEN @StartDate AND @EndDate
AND %s
%s %s
GROUP BY a.InvoiceDate, a.InvoiceNumber, a.ItemCode, a.ColorCode GROUP BY a.InvoiceDate, a.InvoiceNumber, a.ItemCode, a.ColorCode
ORDER BY Belge_Tarihi, Belge_Ref_Numarasi, Urun_Kodu;`, ORDER BY Belge_Tarihi, Belge_Ref_Numarasi, Urun_Kodu;`,
piyasaScope,
func() string { func() string {
if inParislem == "" { if inParislem == "" {
return "" return ""
@@ -94,13 +89,14 @@ ORDER BY Belge_Tarihi, Belge_Ref_Numarasi, Urun_Kodu;`,
)`, inParislem) )`, inParislem)
}(), }(),
) )
rows, err := db.MssqlDB.Query(query,
rows, err := db.MssqlDB.QueryContext(ctx, query,
sql.Named("Carikod", "%"+accountCode+"%"), sql.Named("Carikod", "%"+accountCode+"%"),
sql.Named("StartDate", startDate), sql.Named("StartDate", startDate),
sql.Named("EndDate", endDate), sql.Named("EndDate", endDate),
) )
if err != nil { if err != nil {
return nil, fmt.Errorf("detay sorgu hatası: %v", err) return nil, fmt.Errorf("detay sorgu hatasi: %v", err)
} }
defer rows.Close() defer rows.Close()

5
svc/queries/statements_pdf.go
View File

@@ -4,14 +4,15 @@ package queries
import ( import (
"bssapp-backend/db" "bssapp-backend/db"
"bssapp-backend/models" "bssapp-backend/models"
"context"
"database/sql" "database/sql"
"fmt" "fmt"
"log" "log"
"strings" "strings"
) )
func GetStatementsPDF(accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) { func GetStatementsPDF(ctx context.Context, accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) {
headers, err := getStatementsForPDF(accountCode, startDate, endDate, parislemler) headers, err := getStatementsForPDF(ctx, accountCode, startDate, endDate, parislemler)
if err != nil { if err != nil {
log.Printf("Header query error: %v", err) log.Printf("Header query error: %v", err)
return nil, nil, err return nil, nil, err

13
svc/queries/user_detail.go
View File

@@ -52,12 +52,19 @@ ORDER BY d.code
// 🌍 PIYASALAR // 🌍 PIYASALAR
// ====================================================== // ======================================================
const GetUserPiyasalar = ` const GetUserPiyasalar = `
SELECT p.code, p.title SELECT
COALESCE(p_code.code, p_title.code, up.piyasa_code) AS code,
COALESCE(p_code.title, p_title.title, up.piyasa_code) AS title
FROM dfusr_piyasa up FROM dfusr_piyasa up
JOIN mk_sales_piy p ON p.code = up.piyasa_code LEFT JOIN mk_sales_piy p_code
ON UPPER(translate(TRIM(p_code.code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(up.piyasa_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
LEFT JOIN mk_sales_piy p_title
ON UPPER(translate(TRIM(p_title.title), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(up.piyasa_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
WHERE up.dfusr_id = $1 WHERE up.dfusr_id = $1
AND up.is_allowed = true AND up.is_allowed = true
ORDER BY p.code ORDER BY 1
` `
// ====================================================== // ======================================================

2
svc/routes/statement_detail.go
View File

@@ -25,7 +25,7 @@ func GetStatementDetailsHandler(w http.ResponseWriter, r *http.Request) {
endDate := r.URL.Query().Get("enddate") endDate := r.URL.Query().Get("enddate")
parislemler := r.URL.Query()["parislemler"] parislemler := r.URL.Query()["parislemler"]
details, err := queries.GetStatementDetails(accountCode, startDate, endDate, parislemler) details, err := queries.GetStatementDetails(r.Context(), accountCode, startDate, endDate, parislemler)
if err != nil { if err != nil {
http.Error(w, "Error fetching statement details: "+err.Error(), http.StatusInternalServerError) http.Error(w, "Error fetching statement details: "+err.Error(), http.StatusInternalServerError)
return return

2
svc/routes/statement_header.go
View File

@@ -25,7 +25,7 @@ func GetStatementHeadersHandler(w http.ResponseWriter, r *http.Request) {
Parislemler: r.URL.Query()["parislemler"], Parislemler: r.URL.Query()["parislemler"],
} }
statements, err := queries.GetStatements(params) statements, err := queries.GetStatements(r.Context(), params)
if err != nil { if err != nil {
http.Error(w, "Error fetching statements: "+err.Error(), http.StatusInternalServerError) http.Error(w, "Error fetching statements: "+err.Error(), http.StatusInternalServerError)
return return

2
svc/routes/statement_header_pdf.go
View File

@@ -292,7 +292,7 @@ func ExportStatementHeaderReportPDFHandler(mssql *sql.DB) http.HandlerFunc {
} }
} }
headers, _, err := queries.GetStatementsHPDF(accountCode, startDate, endDate, parislemler) headers, _, err := queries.GetStatementsHPDF(r.Context(), accountCode, startDate, endDate, parislemler)
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
return return

2
svc/routes/statements_pdf.go
View File

@@ -445,7 +445,7 @@ func ExportPDFHandler(mssql *sql.DB) http.HandlerFunc {
accountCode, startDate, endDate, parislemler) accountCode, startDate, endDate, parislemler)
// 1) Header verileri // 1) Header verileri
headers, belgeNos, err := queries.GetStatementsPDF(accountCode, startDate, endDate, parislemler) headers, belgeNos, err := queries.GetStatementsPDF(r.Context(), accountCode, startDate, endDate, parislemler)
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
return return

8
svc/routes/user_detail.go
View File

@@ -3,8 +3,10 @@ package routes
import ( import (
"bssapp-backend/auth" "bssapp-backend/auth"
"bssapp-backend/internal/auditlog" "bssapp-backend/internal/auditlog"
"bssapp-backend/internal/authz"
"bssapp-backend/internal/mailer" "bssapp-backend/internal/mailer"
"bssapp-backend/internal/security" "bssapp-backend/internal/security"
"bssapp-backend/middlewares"
"bssapp-backend/models" "bssapp-backend/models"
"bssapp-backend/queries" "bssapp-backend/queries"
"bytes" "bytes"
@@ -323,6 +325,9 @@ func handleUserUpdate(db *sql.DB, w http.ResponseWriter, r *http.Request, userID
return return
} }
authz.ClearPiyasaCache(int(userID))
middlewares.ClearAuthzScopeCacheForUser(userID)
_ = json.NewEncoder(w).Encode(map[string]any{"success": true}) _ = json.NewEncoder(w).Encode(map[string]any{"success": true})
} }
@@ -424,6 +429,9 @@ func handleUserDelete(db *sql.DB, w http.ResponseWriter, r *http.Request, userID
return return
} }
authz.ClearPiyasaCache(int(userID))
middlewares.ClearAuthzScopeCacheForUser(userID)
if claims != nil { if claims != nil {
auditlog.Enqueue(r.Context(), auditlog.ActivityLog{ auditlog.Enqueue(r.Context(), auditlog.ActivityLog{
ActionType: "user_delete", ActionType: "user_delete",

125
ui/quasar.config.js.temporary.compiled.1772524399006.mjs
View File

@@ -1,125 +0,0 @@
/* eslint-disable */
/**
* THIS FILE IS GENERATED AUTOMATICALLY.
* 1. DO NOT edit this file directly as it won't do anything.
* 2. EDIT the original quasar.config file INSTEAD.
* 3. DO NOT git commit this file. It should be ignored.
*
* This file is still here because there was an error in
* the original quasar.config file and this allows you to
* investigate the Node.js stack error.
*
* After you fix the original file, this file will be
* deleted automatically.
**/
// quasar.config.js
import { defineConfig } from "@quasar/app-webpack/wrappers";
var quasar_config_default = defineConfig(() => {
const apiBaseUrl = (process.env.VITE_API_BASE_URL || "/api").trim();
return {
/* =====================================================
APP INFO
===================================================== */
productName: "Baggi BSS",
productDescription: "Baggi Tekstil Business Support System",
/* =====================================================
BOOT FILES
===================================================== */
boot: ["dayjs"],
/* =====================================================
GLOBAL CSS
===================================================== */
css: ["app.css"],
/* =====================================================
ICONS / FONTS
===================================================== */
extras: [
"roboto-font",
"material-icons"
],
/* =====================================================
BUILD (PRODUCTION)
===================================================== */
build: {
vueRouterMode: "hash",
env: {
VITE_API_BASE_URL: apiBaseUrl
},
esbuildTarget: {
browser: ["es2022", "firefox115", "chrome115", "safari14"],
node: "node20"
},
// Cache & performance
gzip: true,
preloadChunks: true
},
/* =====================================================
DEV SERVER (LOCAL)
===================================================== */
devServer: {
server: { type: "http" },
port: 9e3,
open: true,
// DEV proxy (CORS'suz)
proxy: [
{
context: ["/api"],
target: "http://localhost:8080",
changeOrigin: true,
secure: false
}
]
},
/* =====================================================
QUASAR FRAMEWORK
===================================================== */
framework: {
config: {
notify: {
position: "top",
timeout: 2500
}
},
lang: "tr",
plugins: [
"Loading",
"Dialog",
"Notify"
]
},
animations: [],
/* =====================================================
SSR / PWA (DISABLED)
===================================================== */
ssr: {
prodPort: 3e3,
middlewares: ["render"],
pwa: false
},
pwa: {
workboxMode: "GenerateSW"
},
/* =====================================================
MOBILE / DESKTOP
===================================================== */
capacitor: {
hideSplashscreen: true
},
electron: {
preloadScripts: ["electron-preload"],
inspectPort: 5858,
bundler: "packager",
builder: {
appId: "baggisowtfaresystem"
}
},
bex: {
extraScripts: []
}
};
});
export {
quasar_config_default as default
};

13
ui/src/css/app.css
View File

@@ -1262,9 +1262,16 @@ body {
padding: 6px 8px !important; padding: 6px 8px !important;
} }
/* Güvenli z-index hiyerarşisi */ /* Mobile drawer touch-fix: drawer must stay above its backdrop */
.q-header { z-index: 1000 !important; } /* header en üstte */ .q-drawer__backdrop {
.q-drawer { z-index: 950 !important; } /* drawer headerın altında */ z-index: 2999 !important;
}
.q-drawer {
z-index: 3000 !important;
}
.q-header {
z-index: 3001 !important;
}
/* Mobile */ /* Mobile */
@media (max-width: 768px) { @media (max-width: 768px) {

13
ui/src/layouts/MainLayout.vue
View File

@@ -31,7 +31,7 @@
class="bg-secondary text-white" class="bg-secondary text-white"
> >
<q-scroll-area style="height:100%"> <div class="drawer-scroll">
<q-list padding> <q-list padding>
@@ -106,7 +106,7 @@
</q-list> </q-list>
</q-scroll-area> </div>
</q-drawer> </q-drawer>
@@ -343,3 +343,12 @@ const filteredMenu = computed(() => {
}) })
</script> </script>
<style scoped>
.drawer-scroll {
height: 100%;
overflow-y: auto;
-webkit-overflow-scrolling: touch;
touch-action: pan-y;
}
</style>

8
ui/src/pages/OrderProductionUpdate.vue
View File

@@ -383,6 +383,10 @@ function normalizeShortCode (value, maxLen) {
return String(value || '').trim().toUpperCase().slice(0, maxLen) return String(value || '').trim().toUpperCase().slice(0, maxLen)
} }
function isValidBaggiModelCode (code) {
return /^[A-Z][0-9]{3}-[A-Z]{3}[0-9]{5}$/.test(code)
}
function validateRowInput (row) { function validateRowInput (row) {
const newItemCode = String(row.NewItemCode || '').trim().toUpperCase() const newItemCode = String(row.NewItemCode || '').trim().toUpperCase()
const newColor = normalizeShortCode(row.NewColor, 3) const newColor = normalizeShortCode(row.NewColor, 3)
@@ -391,7 +395,9 @@ function validateRowInput (row) {
const oldDim2 = String(row.OldDim2 || '').trim() const oldDim2 = String(row.OldDim2 || '').trim()
if (!newItemCode) return 'Yeni model kodu zorunludur.' if (!newItemCode) return 'Yeni model kodu zorunludur.'
if (newItemCode.length !== 13) return 'Yeni model kodu 13 karakter olmalidir.' if (!isValidBaggiModelCode(newItemCode)) {
return 'Girdiginiz yapi BAGGI kod yapisina uygun degildir. Format: X999-XXX99999'
}
if (oldColor && !newColor) return 'Eski kayitta 1. renk oldugu icin yeni 1. renk zorunludur.' if (oldColor && !newColor) return 'Eski kayitta 1. renk oldugu icin yeni 1. renk zorunludur.'
if (newColor && newColor.length !== 3) return 'Yeni 1. renk kodu 3 karakter olmalidir.' if (newColor && newColor.length !== 3) return 'Yeni 1. renk kodu 3 karakter olmalidir.'
if (oldDim2 && !newDim2) return 'Eski kayitta 2. renk oldugu icin yeni 2. renk zorunludur.' if (oldDim2 && !newDim2) return 'Eski kayitta 2. renk oldugu icin yeni 2. renk zorunludur.'