M_Kececi/bssapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: M_Kececi:480521680872f00db872a6eb9fe5ea1264ec7661
Branches Tags
M_Kececi:master
...
compare: M_Kececi:008eeb3e5f3633ef9e95fa23d400047d2248b997
Branches Tags
M_Kececi:master

2 Commits
4805216808 ... 008eeb3e5f

Author SHA1 Message Date
M_Kececi
008eeb3e5f Merge remote-tracking branch 'origin/master' 2026-03-03 13:29:43 +03:00
M_Kececi
d355ef7acd Merge remote-tracking branch 'origin/master' 2026-03-03 13:29:17 +03:00
26 changed files with 705 additions and 102 deletions
Expand all files Collapse all files

47
svc/internal/authz/mssql.go
View File

@@ -1,6 +1,7 @@
package authz
import (
"bssapp-backend/auth"
"context"
"fmt"
"strings"
@@ -10,23 +11,53 @@ func BuildMSSQLPiyasaFilter(
ctx context.Context,
column string,
) string {
claims, ok := auth.GetClaimsFromContext(ctx)
if ok && claims != nil && claims.IsAdmin() {
return "1=1"
}
codes := GetPiyasaCodesFromCtx(ctx)
if len(codes) == 0 {
return "1=1"
return "1=0"
}
return BuildMSSQLPiyasaFilterWithCodes(column, codes)
}
var quoted []string
func BuildMSSQLPiyasaFilterWithCodes(column string, codes []string) string {
normalizedCol := fmt.Sprintf("UPPER(LTRIM(RTRIM(%s)))", column)
exact := BuildINClause(normalizedCol, codes)
prefixCodes := first3Codes(codes)
if len(prefixCodes) == 0 {
return exact
}
prefix := BuildINClause(
fmt.Sprintf("LEFT(%s, 3)", normalizedCol),
prefixCodes,
)
return fmt.Sprintf("(%s OR %s)", exact, prefix)
}
func first3Codes(codes []string) []string {
seen := make(map[string]struct{}, len(codes))
out := make([]string, 0, len(codes))
for _, c := range codes {
quoted = append(quoted, "'"+c+"'")
n := strings.ToUpper(strings.TrimSpace(c))
if len(n) < 3 {
continue
}
n = n[:3]
if _, ok := seen[n]; ok {
continue
}
seen[n] = struct{}{}
out = append(out, n)
}
return fmt.Sprintf(
"%s IN (%s)",
column,
strings.Join(quoted, ","),
)
return out
}

28
svc/internal/authz/piyasa_repo.go
View File

@@ -3,6 +3,7 @@ package authz
import (
"database/sql"
"fmt"
"strings"
"sync"
)
@@ -35,10 +36,21 @@ func GetUserPiyasaCodes(pg *sql.DB, userID int) ([]string, error) {
// DB QUERY
// -----------------------------
rows, err := pg.Query(`
SELECT piyasa_code
FROM dfusr_piyasa
WHERE dfusr_id = $1
AND is_allowed = true
WITH user_piyasa AS (
SELECT TRIM(up.piyasa_code) AS raw_code
FROM dfusr_piyasa up
WHERE up.dfusr_id = $1
AND up.is_allowed = true
)
SELECT DISTINCT
COALESCE(p_code.code, p_title.code, u.raw_code) AS piyasa_code
FROM user_piyasa u
LEFT JOIN mk_sales_piy p_code
ON UPPER(translate(TRIM(p_code.code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(u.raw_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
LEFT JOIN mk_sales_piy p_title
ON UPPER(translate(TRIM(p_title.title),'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(u.raw_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
`, userID)
if err != nil {
return nil, fmt.Errorf("pg piyasa query error: %w", err)
@@ -46,12 +58,20 @@ func GetUserPiyasaCodes(pg *sql.DB, userID int) ([]string, error) {
defer rows.Close()
var out []string
seen := make(map[string]struct{})
for rows.Next() {
var code string
if err := rows.Scan(&code); err == nil {
code = strings.ToUpper(strings.TrimSpace(code))
if code != "" {
if _, ok := seen[code]; ok {
continue
}
seen[code] = struct{}{}
out = append(out, code)
}
}
}
// -----------------------------
// CACHE WRITE

26
svc/middlewares/authz_v2.go
View File

@@ -537,9 +537,15 @@ func cachedPiyasaIntersectionAny(pg *sql.DB, c *ttlCache, userID, roleID int64,
err := pg.QueryRow(`
SELECT 1
FROM dfusr_piyasa up
LEFT JOIN mk_sales_piy p_code
ON UPPER(translate(TRIM(p_code.code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(up.piyasa_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
LEFT JOIN mk_sales_piy p_title
ON UPPER(translate(TRIM(p_title.title), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(up.piyasa_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
WHERE up.dfusr_id = $1
AND up.is_allowed = true
AND up.piyasa_code = ANY($2)
AND UPPER(TRIM(COALESCE(p_code.code, p_title.code, up.piyasa_code))) = ANY($2)
LIMIT 1
`, userID, pqArray(piyasaCodes)).Scan(&dummy)
@@ -988,7 +994,23 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
}
// =====================================================
// 5PASS
// 5SCOPE CONTEXT ENRICH (for MSSQL piyasa filters)
// =====================================================
if !claims.IsAdmin() {
userPiy, err := authz.GetUserPiyasaCodes(pg, int(claims.ID))
if err != nil {
log.Printf("❌ AUTHZ: user piyasa resolve error user=%d err=%v", claims.ID, err)
http.Error(w, "forbidden", http.StatusForbidden)
return
}
if len(userPiy) > 0 {
r = r.WithContext(authz.WithPiyasaCodes(r.Context(), normalizeCodes(userPiy)))
}
}
// =====================================================
// 6⃣ PASS
// =====================================================
next.ServeHTTP(w, r)
})

51
svc/queries/account.go
View File

@@ -13,13 +13,48 @@ import (
func GetAccounts(ctx context.Context) ([]models.Account, error) {
piyasaFilter := authz.BuildMSSQLPiyasaFilter(ctx, "f2.CustomerAtt01")
piyasaFilter := authz.BuildMSSQLPiyasaFilter(
ctx,
"CASE WHEN b.CurrAccTypeCode = 1 THEN vp.VendorAtt01 ELSE f2.CustomerAtt01 END",
)
if strings.TrimSpace(piyasaFilter) == "" {
piyasaFilter = "1=1"
}
query := fmt.Sprintf(`
;WITH VendorPiyasa AS
(
SELECT
Cari8 = LEFT(P.CurrAccCode, 8),
VendorAtt01 = MAX(P.VendorAtt01)
FROM
(
SELECT
CurrAccTypeCode,
CurrAccCode,
VendorAtt01 = MAX(ISNULL([1], ''))
FROM
(
SELECT
c.CurrAccTypeCode,
c.CurrAccCode,
a.AttributeTypeCode,
a.AttributeCode
FROM cdCurrAcc c WITH (NOLOCK)
LEFT JOIN prCurrAccAttribute a WITH (NOLOCK)
ON a.CurrAccTypeCode = c.CurrAccTypeCode
AND a.CurrAccCode = c.CurrAccCode
WHERE c.CurrAccTypeCode = 1
) d
PIVOT
(
MAX(AttributeCode) FOR AttributeTypeCode IN ([1])
) pvt
GROUP BY CurrAccTypeCode, CurrAccCode
) P
GROUP BY LEFT(P.CurrAccCode, 8)
)
SELECT
x.AccountCode,
MAX(x.AccountName) AS AccountName
@@ -29,10 +64,16 @@ func GetAccounts(ctx context.Context) ([]models.Account, error) {
COALESCE(d.CurrAccDescription, '') AS AccountName
FROM trCurrAccBook b
LEFT JOIN cdCurrAccDesc d
ON d.CurrAccCode = b.CurrAccCode
JOIN CustomerAttributesFilter f2
ON f2.CurrAccCode = b.CurrAccCode
WHERE %s
ON d.CurrAccTypeCode = b.CurrAccTypeCode
AND d.CurrAccCode = b.CurrAccCode
AND d.LangCode = 'TR'
LEFT JOIN CustomerAttributesFilter f2
ON f2.CurrAccTypeCode = b.CurrAccTypeCode
AND f2.CurrAccCode = b.CurrAccCode
LEFT JOIN VendorPiyasa vp
ON vp.Cari8 = LEFT(b.CurrAccCode, 8)
WHERE b.CurrAccTypeCode IN (1,3)
AND %s
) x
GROUP BY x.AccountCode
ORDER BY x.AccountCode

12
svc/queries/customer_balance_list.go
View File

@@ -314,7 +314,12 @@ ORDER BY F.MasterCari;
}
func loadBalanceLines(ctx context.Context, selectedDate, cariSearch string) ([]mkCariBakiyeLine, error) {
query := `
piyasaScope, err := buildPiyasaExistsForCariCode(ctx, "CariKodu")
if err != nil {
return nil, err
}
query := fmt.Sprintf(`
SELECT
CurrAccTypeCode,
CariKodu,
@@ -326,8 +331,9 @@ func loadBalanceLines(ctx context.Context, selectedDate, cariSearch string) ([]m
CAST(0 AS DECIMAL(18,4)) AS Vade_Gun,
CAST(0 AS DECIMAL(18,4)) AS Vade_BelgeTarihi_Gun
FROM dbo.MK_CARI_BAKIYE_LIST(@SonTarih)
WHERE (@CariSearch = '' OR CariKodu LIKE '%' + @CariSearch + '%')
`
WHERE (@CariSearch = '' OR CariKodu LIKE '%%' + @CariSearch + '%%')
AND %s
`, piyasaScope)
rows, err := db.MssqlDB.QueryContext(ctx, query,
sql.Named("SonTarih", selectedDate),

58
svc/queries/piyasa_scope.go Normal file
View File

@@ -0,0 +1,58 @@
package queries
import (
"bssapp-backend/auth"
"bssapp-backend/internal/authz"
"context"
"fmt"
"strings"
)
func resolvePiyasaScopeInClause(ctx context.Context, column string) (string, error) {
claims, ok := auth.GetClaimsFromContext(ctx)
if !ok || claims == nil {
return "", fmt.Errorf("unauthorized: claims not found")
}
if claims.IsAdmin() {
return "1=1", nil
}
rawCodes := authz.GetPiyasaCodesFromCtx(ctx)
codes := normalizePiyasaCodes(rawCodes)
if len(codes) == 0 {
return "1=0", nil
}
return authz.BuildMSSQLPiyasaFilterWithCodes(column, codes), nil
}
func buildPiyasaExistsForCariCode(ctx context.Context, cariCodeExpr string) (string, error) {
inClause, err := resolvePiyasaScopeInClause(ctx, "PF.CustomerAtt01")
if err != nil {
return "", err
}
return fmt.Sprintf(`
EXISTS (
SELECT 1
FROM CustomerAttributesFilter PF WITH(NOLOCK)
WHERE (PF.CurrAccCode = %s OR LEFT(PF.CurrAccCode, 8) = LEFT(%s, 8))
AND %s
)`, cariCodeExpr, cariCodeExpr, inClause), nil
}
func normalizePiyasaCodes(codes []string) []string {
out := make([]string, 0, len(codes))
seen := make(map[string]struct{}, len(codes))
for _, c := range codes {
n := strings.ToUpper(strings.TrimSpace(c))
if n == "" {
continue
}
if _, ok := seen[n]; ok {
continue
}
seen[n] = struct{}{}
out = append(out, n)
}
return out
}

12
svc/queries/statement_aging_balance_list.go
View File

@@ -182,7 +182,12 @@ func GetStatementAgingBalanceList(ctx context.Context, params models.CustomerBal
}
func loadAgingBalanceLines(ctx context.Context, cariSearch string) ([]mkCariBakiyeLine, error) {
query := `
piyasaScope, err := buildPiyasaExistsForCariCode(ctx, "LTRIM(RTRIM(CariKodu))")
if err != nil {
return nil, err
}
query := fmt.Sprintf(`
SELECT
CurrAccTypeCode,
CariKodu = LTRIM(RTRIM(CariKodu)),
@@ -194,9 +199,10 @@ func loadAgingBalanceLines(ctx context.Context, cariSearch string) ([]mkCariBaki
Vade_Gun,
Vade_BelgeTarihi_Gun
FROM dbo.CARI_BAKIYE_GUN_CACHE
WHERE (@CariSearch = '' OR LTRIM(RTRIM(CariKodu)) LIKE '%' + @CariSearch + '%')
WHERE (@CariSearch = '' OR LTRIM(RTRIM(CariKodu)) LIKE '%%' + @CariSearch + '%%')
AND %s
ORDER BY CariKodu, CariDoviz, PislemTipi
`
`, piyasaScope)
rows, err := db.MssqlDB.QueryContext(ctx, query, sql.Named("CariSearch", strings.TrimSpace(cariSearch)))
if err != nil {

22
svc/queries/statement_header.go
View File

@@ -3,13 +3,14 @@ package queries
import (
"bssapp-backend/db"
"bssapp-backend/models"
"context"
"database/sql"
"fmt"
"strings"
)
// Ana tabloyu getiren fonksiyon (Vue header tablosu için)
func GetStatements(params models.StatementParams) ([]models.StatementHeader, error) {
func GetStatements(ctx context.Context, params models.StatementParams) ([]models.StatementHeader, error) {
// AccountCode normalize: "ZLA0127" → "ZLA 0127"
params.AccountCode = normalizeMasterAccountCode(params.AccountCode)
@@ -33,6 +34,11 @@ func GetStatements(params models.StatementParams) ([]models.StatementHeader, err
}
}
piyasaScope, err := buildPiyasaExistsForCariCode(ctx, "b.CurrAccCode")
if err != nil {
return nil, err
}
query := fmt.Sprintf(`
;WITH CurrDesc AS (
SELECT
@@ -58,6 +64,7 @@ HasMovement AS (
AND f.ATAtt01 IN (%s)
WHERE LEFT(REPLACE(b.CurrAccCode, ' ', ''), 7) = REPLACE(@Carikod, ' ', '')
AND b.DocumentDate BETWEEN @startdate AND @enddate
AND %s
) THEN 1 ELSE 0 END AS HasMov
),
@@ -79,6 +86,7 @@ Opening AS (
ON c.CurrAccBookID = b.CurrAccBookID
AND c.CurrencyCode = b.DocCurrencyCode
WHERE LEFT(REPLACE(b.CurrAccCode, ' ', ''), 7) = REPLACE(@Carikod, ' ', '')
AND %s
AND (
(hm.HasMov = 1 AND b.DocumentDate < @startdate) -- hareket varsa: klasik devir
OR (hm.HasMov = 0 AND b.DocumentDate <= @enddate) -- hareket yoksa: enddate itibariyle bakiye
@@ -135,6 +143,7 @@ Movements AS (
AND c.CurrencyCode = b.DocCurrencyCode
WHERE LEFT(REPLACE(b.CurrAccCode, ' ', ''), 7) = REPLACE(@Carikod, ' ', '')
AND %s
AND b.DocumentDate BETWEEN @startdate AND @enddate
)
@@ -201,12 +210,15 @@ ORDER BY
Para_Birimi,
Belge_Tarihi;
`,
parislemFilter, // HasMovement
parislemFilter, // Opening
parislemFilter, // Movements
parislemFilter, // HasMovement ATAtt01
piyasaScope, // HasMovement piyasa scope
parislemFilter, // Opening ATAtt01
piyasaScope, // Opening piyasa scope
parislemFilter, // Movements ATAtt01
piyasaScope, // Movements piyasa scope
)
rows, err := db.MssqlDB.Query(query,
rows, err := db.MssqlDB.QueryContext(ctx, query,
sql.Named("startdate", params.StartDate),
sql.Named("enddate", params.EndDate),
sql.Named("Carikod", params.AccountCode),

5
svc/queries/statement_header_pdf.go
View File

@@ -2,11 +2,12 @@ package queries
import (
"bssapp-backend/models"
"context"
"log"
)
func GetStatementsHPDF(accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) {
headers, err := getStatementsForPDF(accountCode, startDate, endDate, parislemler)
func GetStatementsHPDF(ctx context.Context, accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) {
headers, err := getStatementsForPDF(ctx, accountCode, startDate, endDate, parislemler)
if err != nil {
log.Printf("Header query error: %v", err)
return nil, nil, err

8
svc/queries/statement_pdf_common.go
View File

@@ -1,14 +1,18 @@
package queries
import "bssapp-backend/models"
import (
"bssapp-backend/models"
"context"
)
func getStatementsForPDF(
ctx context.Context,
accountCode string,
startDate string,
endDate string,
parislemler []string,
) ([]models.StatementHeader, error) {
return GetStatements(models.StatementParams{
return GetStatements(ctx, models.StatementParams{
AccountCode: accountCode,
StartDate: startDate,
EndDate: endDate,

36
svc/queries/statements_detail.go
View File

@@ -3,15 +3,14 @@ package queries
import (
"bssapp-backend/db"
"bssapp-backend/models"
"context"
"database/sql"
"fmt"
"strings"
)
/* ============================ DETAIL (ALT TABLO) ============================ */
func GetStatementDetails(accountCode, startDate, endDate string, parislemler []string) ([]models.StatementDetail, error) {
// Parislemler filtresi hazırlanır (ör: 1,2,3)
// DETAIL (ALT TABLO)
func GetStatementDetails(ctx context.Context, accountCode, startDate, endDate string, parislemler []string) ([]models.StatementDetail, error) {
inParislem := ""
if len(parislemler) > 0 {
pp := make([]string, len(parislemler))
@@ -20,6 +19,12 @@ func GetStatementDetails(accountCode, startDate, endDate string, parislemler []s
}
inParislem = strings.Join(pp, ",")
}
piyasaScope, err := buildPiyasaExistsForCariCode(ctx, "a.CurrAccCode")
if err != nil {
return nil, err
}
query := fmt.Sprintf(`
SELECT
CONVERT(varchar(10), a.InvoiceDate, 23) AS Belge_Tarihi,
@@ -32,16 +37,8 @@ SELECT
a.ItemCode AS Urun_Kodu,
a.ColorCode AS Urun_Rengi,
SUM(a.Qty1) AS Toplam_Adet,
CAST(
SUM(a.Qty1 * ABS(a.Doc_Price))
/ NULLIF(SUM(a.Qty1),0)
AS numeric(18,4)) AS Doviz_Fiyat,
CAST(
SUM(a.Qty1 * ABS(a.Doc_Price))
AS numeric(18,2)) AS Toplam_Tutar
CAST(SUM(a.Qty1 * ABS(a.Doc_Price)) / NULLIF(SUM(a.Qty1),0) AS numeric(18,4)) AS Doviz_Fiyat,
CAST(SUM(a.Qty1 * ABS(a.Doc_Price)) AS numeric(18,2)) AS Toplam_Tutar
FROM AllInvoicesWithAttributes a
LEFT JOIN prItemAttribute AnaGrup
ON a.ItemCode = AnaGrup.ItemCode AND AnaGrup.AttributeTypeCode = 1
@@ -49,28 +46,24 @@ LEFT JOIN cdItemAttributeDesc AnaGrupDesc
ON AnaGrup.AttributeTypeCode = AnaGrupDesc.AttributeTypeCode
AND AnaGrup.AttributeCode = AnaGrupDesc.AttributeCode
AND AnaGrup.ItemTypeCode = AnaGrupDesc.ItemTypeCode
LEFT JOIN prItemAttribute AltGrup
ON a.ItemCode = AltGrup.ItemCode AND AltGrup.AttributeTypeCode = 2
LEFT JOIN cdItemAttributeDesc AltGrupDesc
ON AltGrup.AttributeTypeCode = AltGrupDesc.AttributeTypeCode
AND AltGrup.AttributeCode = AltGrupDesc.AttributeCode
AND AltGrup.ItemTypeCode = AltGrupDesc.ItemTypeCode
LEFT JOIN prItemAttribute Garson
ON a.ItemCode = Garson.ItemCode AND Garson.AttributeTypeCode = 44
LEFT JOIN cdItemAttributeDesc GarsonDesc
ON Garson.AttributeTypeCode = GarsonDesc.AttributeTypeCode
AND Garson.AttributeCode = GarsonDesc.AttributeCode
AND Garson.ItemTypeCode = GarsonDesc.ItemTypeCode
LEFT JOIN prItemAttribute FitTbl
ON a.ItemCode = FitTbl.ItemCode AND FitTbl.AttributeTypeCode = 38
LEFT JOIN cdItemAttributeDesc FitDesc
ON FitTbl.AttributeTypeCode = FitDesc.AttributeTypeCode
AND FitTbl.AttributeCode = FitDesc.AttributeCode
AND FitTbl.ItemTypeCode = FitDesc.ItemTypeCode
LEFT JOIN prItemAttribute KisaKar
ON a.ItemCode = KisaKar.ItemCode AND KisaKar.AttributeTypeCode = 41
LEFT JOIN cdItemAttributeDesc KisaKarDesc
@@ -79,9 +72,11 @@ LEFT JOIN cdItemAttributeDesc KisaKarDesc
AND KisaKar.ItemTypeCode = KisaKarDesc.ItemTypeCode
WHERE a.CurrAccCode LIKE @Carikod
AND a.InvoiceDate BETWEEN @StartDate AND @EndDate
AND %s
%s
GROUP BY a.InvoiceDate, a.InvoiceNumber, a.ItemCode, a.ColorCode
ORDER BY Belge_Tarihi, Belge_Ref_Numarasi, Urun_Kodu;`,
piyasaScope,
func() string {
if inParislem == "" {
return ""
@@ -94,13 +89,14 @@ ORDER BY Belge_Tarihi, Belge_Ref_Numarasi, Urun_Kodu;`,
)`, inParislem)
}(),
)
rows, err := db.MssqlDB.Query(query,
rows, err := db.MssqlDB.QueryContext(ctx, query,
sql.Named("Carikod", "%"+accountCode+"%"),
sql.Named("StartDate", startDate),
sql.Named("EndDate", endDate),
)
if err != nil {
return nil, fmt.Errorf("detay sorgu hatası: %v", err)
return nil, fmt.Errorf("detay sorgu hatasi: %v", err)
}
defer rows.Close()

5
svc/queries/statements_pdf.go
View File

@@ -4,14 +4,15 @@ package queries
import (
"bssapp-backend/db"
"bssapp-backend/models"
"context"
"database/sql"
"fmt"
"log"
"strings"
)
func GetStatementsPDF(accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) {
headers, err := getStatementsForPDF(accountCode, startDate, endDate, parislemler)
func GetStatementsPDF(ctx context.Context, accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) {
headers, err := getStatementsForPDF(ctx, accountCode, startDate, endDate, parislemler)
if err != nil {
log.Printf("Header query error: %v", err)
return nil, nil, err

13
svc/queries/user_detail.go
View File

@@ -52,12 +52,19 @@ ORDER BY d.code
// 🌍 PIYASALAR
// ======================================================
const GetUserPiyasalar = `
SELECT p.code, p.title
SELECT
COALESCE(p_code.code, p_title.code, up.piyasa_code) AS code,
COALESCE(p_code.title, p_title.title, up.piyasa_code) AS title
FROM dfusr_piyasa up
JOIN mk_sales_piy p ON p.code = up.piyasa_code
LEFT JOIN mk_sales_piy p_code
ON UPPER(translate(TRIM(p_code.code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(up.piyasa_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
LEFT JOIN mk_sales_piy p_title
ON UPPER(translate(TRIM(p_title.title), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
= UPPER(translate(TRIM(up.piyasa_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
WHERE up.dfusr_id = $1
AND up.is_allowed = true
ORDER BY p.code
ORDER BY 1
`
// ======================================================

2
svc/routes/statement_detail.go
View File

@@ -25,7 +25,7 @@ func GetStatementDetailsHandler(w http.ResponseWriter, r *http.Request) {
endDate := r.URL.Query().Get("enddate")
parislemler := r.URL.Query()["parislemler"]
details, err := queries.GetStatementDetails(accountCode, startDate, endDate, parislemler)
details, err := queries.GetStatementDetails(r.Context(), accountCode, startDate, endDate, parislemler)
if err != nil {
http.Error(w, "Error fetching statement details: "+err.Error(), http.StatusInternalServerError)
return

2
svc/routes/statement_header.go
View File

@@ -25,7 +25,7 @@ func GetStatementHeadersHandler(w http.ResponseWriter, r *http.Request) {
Parislemler: r.URL.Query()["parislemler"],
}
statements, err := queries.GetStatements(params)
statements, err := queries.GetStatements(r.Context(), params)
if err != nil {
http.Error(w, "Error fetching statements: "+err.Error(), http.StatusInternalServerError)
return

2
svc/routes/statement_header_pdf.go
View File

@@ -292,7 +292,7 @@ func ExportStatementHeaderReportPDFHandler(mssql *sql.DB) http.HandlerFunc {
}
}
headers, _, err := queries.GetStatementsHPDF(accountCode, startDate, endDate, parislemler)
headers, _, err := queries.GetStatementsHPDF(r.Context(), accountCode, startDate, endDate, parislemler)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return

2
svc/routes/statements_pdf.go
View File

@@ -445,7 +445,7 @@ func ExportPDFHandler(mssql *sql.DB) http.HandlerFunc {
accountCode, startDate, endDate, parislemler)
// 1) Header verileri
headers, belgeNos, err := queries.GetStatementsPDF(accountCode, startDate, endDate, parislemler)
headers, belgeNos, err := queries.GetStatementsPDF(r.Context(), accountCode, startDate, endDate, parislemler)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return

8
svc/routes/user_detail.go
View File

@@ -3,8 +3,10 @@ package routes
import (
"bssapp-backend/auth"
"bssapp-backend/internal/auditlog"
"bssapp-backend/internal/authz"
"bssapp-backend/internal/mailer"
"bssapp-backend/internal/security"
"bssapp-backend/middlewares"
"bssapp-backend/models"
"bssapp-backend/queries"
"bytes"
@@ -323,6 +325,9 @@ func handleUserUpdate(db *sql.DB, w http.ResponseWriter, r *http.Request, userID
return
}
authz.ClearPiyasaCache(int(userID))
middlewares.ClearAuthzScopeCacheForUser(userID)
_ = json.NewEncoder(w).Encode(map[string]any{"success": true})
}
@@ -424,6 +429,9 @@ func handleUserDelete(db *sql.DB, w http.ResponseWriter, r *http.Request, userID
return
}
authz.ClearPiyasaCache(int(userID))
middlewares.ClearAuthzScopeCacheForUser(userID)
if claims != nil {
auditlog.Enqueue(r.Context(), auditlog.ActivityLog{
ActionType: "user_delete",

75
ui/.quasar/prod-spa/app.js Normal file
View File

@@ -0,0 +1,75 @@
/* eslint-disable */
/**
* THIS FILE IS GENERATED AUTOMATICALLY.
* DO NOT EDIT.
*
* You are probably looking on adding startup/initialization code.
* Use "quasar new boot <name>" and add it there.
* One boot file per concern. Then reference the file(s) in quasar.config file > boot:
* boot: ['file', ...] // do not add ".js" extension to it.
*
* Boot files are your "main.js"
**/
import { Quasar } from 'quasar'
import { markRaw } from 'vue'
import RootComponent from 'app/src/App.vue'
import createStore from 'app/src/stores/index'
import createRouter from 'app/src/router/index'
export default async function (createAppFn, quasarUserOptions) {
// Create the app instance.
// Here we inject into it the Quasar UI, the router & possibly the store.
const app = createAppFn(RootComponent)
app.use(Quasar, quasarUserOptions)
const store = typeof createStore === 'function'
? await createStore({})
: createStore
app.use(store)
const router = markRaw(
typeof createRouter === 'function'
? await createRouter({store})
: createRouter
)
// make router instance available in store
store.use(({ store }) => { store.router = router })
// Expose the app, the router and the store.
// Note that we are not mounting the app here, since bootstrapping will be
// different depending on whether we are in a browser or on the server.
return {
app,
store,
router
}
}

154
ui/.quasar/prod-spa/client-entry.js Normal file
View File

@@ -0,0 +1,154 @@
/* eslint-disable */
/**
* THIS FILE IS GENERATED AUTOMATICALLY.
* DO NOT EDIT.
*
* You are probably looking on adding startup/initialization code.
* Use "quasar new boot <name>" and add it there.
* One boot file per concern. Then reference the file(s) in quasar.config file > boot:
* boot: ['file', ...] // do not add ".js" extension to it.
*
* Boot files are your "main.js"
**/
import { createApp } from 'vue'
import '@quasar/extras/roboto-font/roboto-font.css'
import '@quasar/extras/material-icons/material-icons.css'
// We load Quasar stylesheet file
import 'quasar/dist/quasar.sass'
import 'src/css/app.css'
import createQuasarApp from './app.js'
import quasarUserOptions from './quasar-user-options.js'
const publicPath = `/`
async function start ({
app,
router
, store
}, bootFiles) {
let hasRedirected = false
const getRedirectUrl = url => {
try { return router.resolve(url).href }
catch (err) {}
return Object(url) === url
? null
: url
}
const redirect = url => {
hasRedirected = true
if (typeof url === 'string' && /^https?:\/\//.test(url)) {
window.location.href = url
return
}
const href = getRedirectUrl(url)
// continue if we didn't fail to resolve the url
if (href !== null) {
window.location.href = href
window.location.reload()
}
}
const urlPath = window.location.href.replace(window.location.origin, '')
for (let i = 0; hasRedirected === false && i < bootFiles.length; i++) {
try {
await bootFiles[i]({
app,
router,
store,
ssrContext: null,
redirect,
urlPath,
publicPath
})
}
catch (err) {
if (err && err.url) {
redirect(err.url)
return
}
console.error('[Quasar] boot error:', err)
return
}
}
if (hasRedirected === true) return
app.use(router)
app.mount('#q-app')
}
createQuasarApp(createApp, quasarUserOptions)
.then(app => {
// eventually remove this when Cordova/Capacitor/Electron support becomes old
const [ method, mapFn ] = Promise.allSettled !== void 0
? [
'allSettled',
bootFiles => bootFiles.map(result => {
if (result.status === 'rejected') {
console.error('[Quasar] boot error:', result.reason)
return
}
return result.value.default
})
]
: [
'all',
bootFiles => bootFiles.map(entry => entry.default)
]
return Promise[ method ]([
import(/* webpackMode: "eager" */ 'boot/dayjs')
]).then(bootFiles => {
const boot = mapFn(bootFiles).filter(entry => typeof entry === 'function')
start(app, boot)
})
})

116
ui/.quasar/prod-spa/client-prefetch.js Normal file
View File

@@ -0,0 +1,116 @@
/* eslint-disable */
/**
* THIS FILE IS GENERATED AUTOMATICALLY.
* DO NOT EDIT.
*
* You are probably looking on adding startup/initialization code.
* Use "quasar new boot <name>" and add it there.
* One boot file per concern. Then reference the file(s) in quasar.config file > boot:
* boot: ['file', ...] // do not add ".js" extension to it.
*
* Boot files are your "main.js"
**/
import App from 'app/src/App.vue'
let appPrefetch = typeof App.preFetch === 'function'
? App.preFetch
: (
// Class components return the component options (and the preFetch hook) inside __c property
App.__c !== void 0 && typeof App.__c.preFetch === 'function'
? App.__c.preFetch
: false
)
function getMatchedComponents (to, router) {
const route = to
? (to.matched ? to : router.resolve(to).route)
: router.currentRoute.value
if (!route) { return [] }
const matched = route.matched.filter(m => m.components !== void 0)
if (matched.length === 0) { return [] }
return Array.prototype.concat.apply([], matched.map(m => {
return Object.keys(m.components).map(key => {
const comp = m.components[key]
return {
path: m.path,
c: comp
}
})
}))
}
export function addPreFetchHooks ({ router, store, publicPath }) {
// Add router hook for handling preFetch.
// Doing it after initial route is resolved so that we don't double-fetch
// the data that we already have. Using router.beforeResolve() so that all
// async components are resolved.
router.beforeResolve((to, from, next) => {
const
urlPath = window.location.href.replace(window.location.origin, ''),
matched = getMatchedComponents(to, router),
prevMatched = getMatchedComponents(from, router)
let diffed = false
const preFetchList = matched
.filter((m, i) => {
return diffed || (diffed = (
!prevMatched[i] ||
prevMatched[i].c !== m.c ||
m.path.indexOf('/:') > -1 // does it has params?
))
})
.filter(m => m.c !== void 0 && (
typeof m.c.preFetch === 'function'
// Class components return the component options (and the preFetch hook) inside __c property
|| (m.c.__c !== void 0 && typeof m.c.__c.preFetch === 'function')
))
.map(m => m.c.__c !== void 0 ? m.c.__c.preFetch : m.c.preFetch)
if (appPrefetch !== false) {
preFetchList.unshift(appPrefetch)
appPrefetch = false
}
if (preFetchList.length === 0) {
return next()
}
let hasRedirected = false
const redirect = url => {
hasRedirected = true
next(url)
}
const proceed = () => {
if (hasRedirected === false) { next() }
}
preFetchList.reduce(
(promise, preFetch) => promise.then(() => hasRedirected === false && preFetch({
store,
currentRoute: to,
previousRoute: from,
redirect,
urlPath,
publicPath
})),
Promise.resolve()
)
.then(proceed)
.catch(e => {
console.error(e)
proceed()
})
})
}

23
ui/.quasar/prod-spa/quasar-user-options.js Normal file
View File

@@ -0,0 +1,23 @@
/* eslint-disable */
/**
* THIS FILE IS GENERATED AUTOMATICALLY.
* DO NOT EDIT.
*
* You are probably looking on adding startup/initialization code.
* Use "quasar new boot <name>" and add it there.
* One boot file per concern. Then reference the file(s) in quasar.config file > boot:
* boot: ['file', ...] // do not add ".js" extension to it.
*
* Boot files are your "main.js"
**/
import lang from 'quasar/lang/tr.js'
import {Loading,Dialog,Notify} from 'quasar'
export default { config: {"notify":{"position":"top","timeout":2500}},lang,plugins: {Loading,Dialog,Notify} }

0
ui/quasar.config.js.temporary.compiled.1772524399006.mjs → ui/quasar.config.js.temporary.compiled.1772532850970.mjs
View File

13
ui/src/css/app.css
View File

@@ -1262,9 +1262,16 @@ body {
padding: 6px 8px !important;
}
/* Güvenli z-index hiyerarşisi */
.q-header { z-index: 1000 !important; } /* header en üstte */
.q-drawer { z-index: 950 !important; } /* drawer headerın altında */
/* Mobile drawer touch-fix: drawer must stay above its backdrop */
.q-drawer__backdrop {
z-index: 2999 !important;
}
.q-drawer {
z-index: 3000 !important;
}
.q-header {
z-index: 3001 !important;
}
/* Mobile */
@media (max-width: 768px) {

13
ui/src/layouts/MainLayout.vue
View File

@@ -31,7 +31,7 @@
class="bg-secondary text-white"
>
<q-scroll-area style="height:100%">
<div class="drawer-scroll">
<q-list padding>
@@ -106,7 +106,7 @@
</q-list>
</q-scroll-area>
</div>
</q-drawer>
@@ -343,3 +343,12 @@ const filteredMenu = computed(() => {
})
</script>
<style scoped>
.drawer-scroll {
height: 100%;
overflow-y: auto;
-webkit-overflow-scrolling: touch;
touch-action: pan-y;
}
</style>

8
ui/src/pages/OrderProductionUpdate.vue
View File

@@ -383,6 +383,10 @@ function normalizeShortCode (value, maxLen) {
return String(value || '').trim().toUpperCase().slice(0, maxLen)
}
function isValidBaggiModelCode (code) {
return /^[A-Z][0-9]{3}-[A-Z]{3}[0-9]{5}$/.test(code)
}
function validateRowInput (row) {
const newItemCode = String(row.NewItemCode || '').trim().toUpperCase()
const newColor = normalizeShortCode(row.NewColor, 3)
@@ -391,7 +395,9 @@ function validateRowInput (row) {
const oldDim2 = String(row.OldDim2 || '').trim()
if (!newItemCode) return 'Yeni model kodu zorunludur.'
if (newItemCode.length !== 13) return 'Yeni model kodu 13 karakter olmalidir.'
if (!isValidBaggiModelCode(newItemCode)) {
return 'Girdiginiz yapi BAGGI kod yapisina uygun degildir. Format: X999-XXX99999'
}
if (oldColor && !newColor) return 'Eski kayitta 1. renk oldugu icin yeni 1. renk zorunludur.'
if (newColor && newColor.length !== 3) return 'Yeni 1. renk kodu 3 karakter olmalidir.'
if (oldDim2 && !newDim2) return 'Eski kayitta 2. renk oldugu icin yeni 2. renk zorunludur.'