Merge remote-tracking branch 'origin/master'

.gitignore

@@ -0,0 +1,12 @@
+# Node
+node_modules/
+
+# Build
+dist/
+
+# Deploy output
+svc/public/
+svc/public/**
+
+ui/dist/
+ui/dist/**

deploy/deploy.sh

@@ -0,0 +1,212 @@
+#!/bin/bash
+set -euo pipefail
+umask 022
+
+export NODE_OPTIONS="--max_old_space_size=4096"
+export CI="true"
+export npm_config_progress="false"
+export npm_config_loglevel="warn"
+export FORCE_COLOR="0"
+
+LOG_FILE="/var/log/bssapp_deploy.log"
+APP_DIR="/opt/bssapp"
+LOCK_FILE="/tmp/bssapp_deploy.lock"
+RUNTIME_BACKUP_DIR=""
+RUNTIME_PRESERVE_FILES=(
+  ".env"
+  "mail.env"
+  "svc/.env"
+  "svc/mail.env"
+  "svc/fonts"
+  "svc/public"
+)
+
+log_step() {
+  echo "== $1 =="
+}
+
+backup_runtime_files() {
+  RUNTIME_BACKUP_DIR="$(mktemp -d /tmp/bssapp-runtime.XXXXXX)"
+
+  for rel in "${RUNTIME_PRESERVE_FILES[@]}"; do
+    src="$APP_DIR/$rel"
+    dst="$RUNTIME_BACKUP_DIR/$rel"
+    if [[ -e "$src" ]]; then
+      mkdir -p "$(dirname "$dst")"
+      cp -a "$src" "$dst"
+    fi
+  done
+}
+
+restore_runtime_files() {
+  [[ -n "$RUNTIME_BACKUP_DIR" && -d "$RUNTIME_BACKUP_DIR" ]] || return 0
+  find "$RUNTIME_BACKUP_DIR" -mindepth 1 -print -quit | grep -q . || return 0
+  cp -a "$RUNTIME_BACKUP_DIR/." "$APP_DIR/"
+}
+
+cleanup_runtime_backup() {
+  if [[ -n "$RUNTIME_BACKUP_DIR" && -d "$RUNTIME_BACKUP_DIR" ]]; then
+    rm -rf "$RUNTIME_BACKUP_DIR"
+  fi
+}
+
+ensure_runtime_env_files() {
+  [[ -f "$APP_DIR/.env" ]] || touch "$APP_DIR/.env"
+  [[ -f "$APP_DIR/mail.env" ]] || touch "$APP_DIR/mail.env"
+  [[ -f "$APP_DIR/svc/.env" ]] || touch "$APP_DIR/svc/.env"
+  [[ -f "$APP_DIR/svc/mail.env" ]] || touch "$APP_DIR/svc/mail.env"
+}
+
+ensure_pdf_fonts() {
+  local font_dir="$APP_DIR/svc/fonts"
+  local sys_font_dir="/usr/share/fonts/truetype/dejavu"
+
+  mkdir -p "$font_dir"
+
+  if [[ ! -f "$font_dir/DejaVuSans.ttf" && -f "$sys_font_dir/DejaVuSans.ttf" ]]; then
+    cp -a "$sys_font_dir/DejaVuSans.ttf" "$font_dir/DejaVuSans.ttf"
+  fi
+  if [[ ! -f "$font_dir/DejaVuSans-Bold.ttf" && -f "$sys_font_dir/DejaVuSans-Bold.ttf" ]]; then
+    cp -a "$sys_font_dir/DejaVuSans-Bold.ttf" "$font_dir/DejaVuSans-Bold.ttf"
+  fi
+
+  if [[ ! -f "$font_dir/DejaVuSans.ttf" || ! -f "$font_dir/DejaVuSans-Bold.ttf" ]]; then
+    echo "ERROR: Required PDF fonts missing in $font_dir"
+    return 1
+  fi
+}
+
+ensure_ui_permissions() {
+  local ui_root="$APP_DIR/ui/dist/spa"
+
+  if [[ ! -d "$ui_root" ]]; then
+    echo "ERROR: UI build output not found at $ui_root"
+    return 1
+  fi
+
+  chmod 755 /opt "$APP_DIR" "$APP_DIR/ui" "$APP_DIR/ui/dist" "$ui_root"
+  find "$ui_root" -type d -exec chmod 755 {} \;
+  find "$ui_root" -type f -exec chmod 644 {} \;
+}
+
+ensure_ui_readable_by_nginx() {
+  local ui_index="$APP_DIR/ui/dist/spa/index.html"
+
+  if [[ ! -f "$ui_index" ]]; then
+    echo "ERROR: UI index not found at $ui_index"
+    return 1
+  fi
+
+  if id -u www-data >/dev/null 2>&1; then
+    if ! su -s /bin/sh -c "test -r '$ui_index'" www-data; then
+      echo "ERROR: www-data cannot read $ui_index"
+      namei -l "$ui_index" || true
+      return 1
+    fi
+  fi
+}
+
+build_api_binary() {
+  if ! command -v go >/dev/null 2>&1; then
+    echo "ERROR: go command not found"
+    return 1
+  fi
+
+  export GOPATH="${GOPATH:-/var/cache/bssapp-go}"
+  export GOMODCACHE="${GOMODCACHE:-$GOPATH/pkg/mod}"
+  export GOCACHE="${GOCACHE:-/var/cache/bssapp-go-build}"
+  mkdir -p "$GOPATH" "$GOMODCACHE" "$GOCACHE"
+
+  cd "$APP_DIR/svc"
+  GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-w -s" -o "$APP_DIR/svc/bssapp" ./main.go
+  chmod +x "$APP_DIR/svc/bssapp"
+}
+
+restart_services() {
+  systemctl daemon-reload || true
+
+  systemctl restart bssapp
+  if ! systemctl is-active --quiet bssapp; then
+    echo "ERROR: bssapp service failed to start"
+    return 1
+  fi
+
+  if systemctl cat nginx >/dev/null 2>&1; then
+    systemctl restart nginx
+    if ! systemctl is-active --quiet nginx; then
+      echo "ERROR: nginx service failed to start"
+      return 1
+    fi
+  else
+    echo "WARN: nginx service not found; frontend may be unreachable."
+  fi
+}
+
+run_deploy() {
+  trap cleanup_runtime_backup EXIT
+
+  exec 9>"$LOCK_FILE"
+  if ! flock -n 9; then
+    echo "[$(date '+%F %T')] Deploy already running. Skipping new request."
+    return 0
+  fi
+
+  echo "=============================="
+  echo "[DEPLOY START] $(date '+%F %T')"
+  echo "=============================="
+
+  cd "$APP_DIR"
+
+  log_step "GIT SYNC"
+  backup_runtime_files
+  git fetch origin
+  git reset --hard origin/master
+  git clean -fdx \
+    -e .env \
+    -e mail.env \
+    -e svc/.env \
+    -e svc/mail.env \
+    -e svc/fonts \
+    -e svc/public \
+    -e svc/bssapp
+  restore_runtime_files
+  echo "DEPLOY COMMIT: $(git rev-parse --short HEAD)"
+
+  log_step "BUILD UI"
+  cd "$APP_DIR/ui"
+  npm ci --no-audit --no-fund --include=optional
+  npm i -D --no-audit --no-fund sass-embedded@1.93.2
+  npm run build
+
+  log_step "ENSURE UI PERMISSIONS"
+  ensure_ui_permissions
+  ensure_ui_readable_by_nginx
+
+  log_step "BUILD API"
+  build_api_binary
+
+  log_step "ENSURE ENV FILES"
+  ensure_runtime_env_files
+
+  log_step "ENSURE PDF FONTS"
+  ensure_pdf_fonts
+
+  log_step "RESTART SERVICES"
+  restart_services
+
+  echo "[DEPLOY FINISHED] $(date '+%F %T')"
+}
+
+if [[ "${1:-}" == "--run" ]]; then
+  mkdir -p "$(dirname "$LOG_FILE")"
+  if command -v logger >/dev/null 2>&1; then
+    run_deploy 2>&1 | tee -a "$LOG_FILE" >(logger -t bssapp-deploy -p user.info)
+    exit ${PIPESTATUS[0]}
+  else
+    run_deploy >>"$LOG_FILE" 2>&1
+    exit $?
+  fi
+fi
+
+nohup /bin/bash "$0" --run </dev/null >/dev/null 2>&1 &
+exit 0

deploy/hooks.json

@@ -0,0 +1,57 @@
+[
+  {
+    "id": "bssapp-deploy",
+    "execute-command": "/bin/bash",
+    "command-working-directory": "/opt/bssapp",
+    "pass-arguments-to-command": [
+      {
+        "source": "string",
+        "name": "/opt/bssapp/deploy/deploy.sh"
+      }
+    ],
+    "trigger-rule": {
+      "or": [
+        {
+          "match": {
+            "type": "value",
+            "value": "Bearer bssapp-secret-2026",
+            "parameter": {
+              "source": "header",
+              "name": "Authorization"
+            }
+          }
+        },
+        {
+          "match": {
+            "type": "value",
+            "value": "bssapp-secret-2026",
+            "parameter": {
+              "source": "header",
+              "name": "Authorization"
+            }
+          }
+        },
+        {
+          "match": {
+            "type": "value",
+            "value": "X-BSSAPP-SECRET: bssapp-secret-2026",
+            "parameter": {
+              "source": "header",
+              "name": "Authorization"
+            }
+          }
+        },
+        {
+          "match": {
+            "type": "value",
+            "value": "bssapp-secret-2026",
+            "parameter": {
+              "source": "header",
+              "name": "X-BSSAPP-SECRET"
+            }
+          }
+        }
+      ]
+    }
+  }
+]

scripts/sql/add_indexes_order_validate.sql

@@ -0,0 +1,27 @@
+/* Indexes for order validate performance */
+
+IF NOT EXISTS (
+  SELECT 1
+  FROM sys.indexes
+  WHERE name = 'IX_trOrderLine_OrderHeader_ItemCode'
+    AND object_id = OBJECT_ID('dbo.trOrderLine')
+)
+BEGIN
+  CREATE NONCLUSTERED INDEX IX_trOrderLine_OrderHeader_ItemCode
+  ON dbo.trOrderLine (OrderHeaderID, ItemCode)
+  INCLUDE (ItemTypeCode, ColorCode, ItemDim1Code, ItemDim2Code, ItemDim3Code, LineDescription, SortOrder, OrderLineID);
+END
+GO
+
+IF NOT EXISTS (
+  SELECT 1
+  FROM sys.indexes
+  WHERE name = 'IX_prItemVariant_Combo'
+    AND object_id = OBJECT_ID('dbo.prItemVariant')
+)
+BEGIN
+  CREATE NONCLUSTERED INDEX IX_prItemVariant_Combo
+  ON dbo.prItemVariant (ItemTypeCode, ItemCode, ColorCode, ItemDim1Code, ItemDim2Code, ItemDim3Code)
+  INCLUDE (PLU);
+END
+GO

svc/.env.local

@@ -0,0 +1,33 @@
+# ===============================
+# SECURITY
+# ===============================
+JWT_SECRET=bssapp_super_secret_key_1234567890
+PASSWORD_RESET_SECRET=1dc7d6d52fd0459a8b1f288a6590428e760f54339f8e47beb20db36b6df6070b
+
+# ===============================
+# URLS (PRODUCTION)
+# ===============================
+APP_FRONTEND_URL=http://ss.baggi.com.tr/app
+API_URL=http://46.224.33.150
+
+# Eğer Nginx ile /api varsa:
+# API_URL=http://46.224.33.150/api
+
+# ===============================
+# UI
+# ===============================
+UI_DIR=/opt/bssapp/ui/dist
+
+# ===============================
+# DATABASES
+# ===============================
+POSTGRES_CONN=host=46.224.33.150 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable
+MSSQL_CONN=sqlserver://sa:Gil_0150@100.127.186.137:1433?database=BAGGI_V3&encrypt=disable
+
+# ===============================
+# PDF
+# ===============================
+PDF_FONT_DIR=/opt/bssapp/svc/fonts
+API_HOST=0.0.0.0
+API_PORT=8080
+

svc/db/mssql.go

@@ -12,12 +12,11 @@ import (
 
 var MssqlDB *sql.DB
 
+// ConnectMSSQL MSSQL baglantisini ortam degiskeninden baslatir.
 func ConnectMSSQL() {
 	connString := strings.TrimSpace(os.Getenv("MSSQL_CONN"))
-
 	if connString == "" {
-		// Fallback
+		log.Fatal("MSSQL_CONN tanımlı değil")
-		connString = "server=100.127.186.137;user id=sa;password=Gi l_0150;port=1433;database=BAGGI_V3"
 	}
 
 	var err error
@@ -26,12 +25,11 @@ func ConnectMSSQL() {
 		log.Fatal("MSSQL bağlantı hatası:", err)
 	}
 
-	err = MssqlDB.Ping()
+	if err = MssqlDB.Ping(); err != nil {
-	if err != nil {
 		log.Fatal("MSSQL erişilemiyor:", err)
 	}
 
-	fmt.Println("✅ MSSQL bağlantısı başarılı!")
+	fmt.Println("MSSQL bağlantısı başarılı")
 }
 
 func GetDB() *sql.DB {

svc/db/postgres.go

@@ -13,14 +13,11 @@ import (
 
 var PgDB *sql.DB
 
-// ConnectPostgres → PostgreSQL veritabanına bağlanır
+// ConnectPostgres PostgreSQL veritabanına bağlanır.
 func ConnectPostgres() (*sql.DB, error) {
-	// Bağlantı stringi (istersen .env’den oku)
+	connStr := strings.TrimSpace(os.Getenv("POSTGRES_CONN"))
-	connStr := os.Getenv("POSTGRES_CONN")
 	if connStr == "" {
-		// fallback → sabit tanımlı bağlantı
+		return nil, fmt.Errorf("POSTGRES_CONN tanımlı değil")
-		connStr = "host= 46.224.33.150 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable"
-		//connStr = "host=172.16.0.3 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable"
 	}
 
 	db, err := sql.Open("postgres", connStr)
@@ -28,15 +25,13 @@ func ConnectPostgres() (*sql.DB, error) {
 		return nil, fmt.Errorf("PostgreSQL bağlantı hatası: %w", err)
 	}
 
-	// =======================================================
+	// Bağlantı havuzu ayarları (audit log uyumlu).
-	// 🔹 BAĞLANTI HAVUZU (AUDIT LOG UYUMLU)
+	db.SetMaxOpenConns(30)
-	// =======================================================
-	db.SetMaxOpenConns(30) // audit + api paralel çalışsın
 	db.SetMaxIdleConns(10)
 	db.SetConnMaxLifetime(30 * time.Minute)
-	db.SetConnMaxIdleTime(5 * time.Minute) // 🔥 uzun idle audit bağlantılarını kapat
+	db.SetConnMaxIdleTime(5 * time.Minute)
 
-	// 🔹 Test et
+	// Bağlantıyı test et.
 	if err = db.Ping(); err != nil {
 		// Some managed PostgreSQL servers require TLS. If the current DSN uses
 		// sslmode=disable and server rejects with "no encryption", retry once
@@ -45,7 +40,7 @@ func ConnectPostgres() (*sql.DB, error) {
 			strings.Contains(err.Error(), "no encryption") &&
 			strings.Contains(strings.ToLower(connStr), "sslmode=disable") {
 			secureConnStr := strings.Replace(connStr, "sslmode=disable", "sslmode=require", 1)
-			log.Println("⚠️ PostgreSQL requires TLS, retrying with sslmode=require")
+			log.Println("PostgreSQL TLS gerektiriyor, sslmode=require ile tekrar deneniyor")
 
 			_ = db.Close()
 			db, err = sql.Open("postgres", secureConnStr)
@@ -66,13 +61,12 @@ func ConnectPostgres() (*sql.DB, error) {
 		}
 	}
 
-	log.Println("✅ PostgreSQL bağlantısı başarılı!")
+	log.Println("PostgreSQL bağlantısı başarılı")
 	PgDB = db
 	return db, nil
-
 }
 
-// GetPostgresUsers → test amaçlı ilk 5 kullanıcıyı listeler
+// GetPostgresUsers test amaçlı ilk 5 kullanıcıyı listeler.
 func GetPostgresUsers(db *sql.DB) error {
 	query := `SELECT id, code, email FROM mk_dfusr ORDER BY id LIMIT 5`
 	rows, err := db.Query(query)
@@ -81,14 +75,14 @@ func GetPostgresUsers(db *sql.DB) error {
 	}
 	defer rows.Close()
 
-	fmt.Println("📋 İlk 5 PostgreSQL kullanıcısı:")
+	fmt.Println("İlk 5 PostgreSQL kullanıcısı:")
 	for rows.Next() {
 		var id int
 		var code, email string
 		if err := rows.Scan(&id, &code, &email); err != nil {
 			return err
 		}
-		fmt.Printf("  ➜ ID: %-4d | USER: %-20s | EMAIL: %s\n", id, code, email)
+		fmt.Printf("  -> ID: %-4d | USER: %-20s | EMAIL: %s\n", id, code, email)
 	}
 
 	return rows.Err()

svc/internal/mailer/password_reset.go

@@ -9,8 +9,9 @@ func (m *GraphMailer) SendPasswordResetMail(toEmail string, resetURL string) err
 		<p>Merhaba,</p>
 		<p>Parolanızı sıfırlamak için aşağıdaki bağlantıya tıklayın:</p>
 		<p>
-		  <a href="%s">%s</a>
+		  <a href="%s">Parolayı sıfırla</a>
 		</p>
+		<p style="font-size:12px;color:#666;">Bağlantı: %s</p>
 		<p>Bu bağlantı <strong>30 dakika</strong> geçerlidir ve tek kullanımlıktır.</p>
 	`, resetURL, resetURL)
 

svc/internal/security/password_reset.go

@@ -2,12 +2,28 @@ package security
 
 import (
 	"os"
+	"strings"
 )
 
 func BuildResetURL(token string) string {
-	base := os.Getenv("FRONTEND_URL")
+	base := os.Getenv("APP_FRONTEND_URL")
+	if base == "" {
+		base = os.Getenv("FRONTEND_URL")
+	}
 	if base == "" {
 		base = "http://localhost:9000"
 	}
+	base = strings.TrimRight(base, "/")
+	// If base already points to password-reset, just append token if needed.
+	if strings.Contains(base, "/password-reset") {
+		if strings.HasSuffix(base, "/password-reset") || strings.HasSuffix(base, "/password-reset/") ||
+			strings.HasSuffix(base, "/#/password-reset") || strings.HasSuffix(base, "/#/password-reset/") {
+			return strings.TrimRight(base, "/") + "/" + token
+		}
+		return base
+	}
+	if strings.Contains(base, "#") {
 		return base + "/password-reset/" + token
 	}
+	return base + "/#/password-reset/" + token
+}

svc/main.go

@@ -207,24 +207,41 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
 		routes.AuthRefreshHandler(pgDB),
 	)
 
+	// Password reset flow (public)
+	bindV3(r, pgDB,
+		"/api/password/forgot", "POST",
+		"auth", "update",
+		routes.ForgotPasswordHandler(pgDB, ml),
+	)
+	bindV3(r, pgDB,
+		"/api/password/reset/validate/{token}", "GET",
+		"auth", "view",
+		routes.ValidatePasswordResetTokenHandler(pgDB),
+	)
+	bindV3(r, pgDB,
+		"/api/password/reset", "POST",
+		"auth", "update",
+		routes.CompletePasswordResetHandler(pgDB),
+	)
+
 	// ============================================================
 	// SYSTEM
 	// ============================================================
 	bindV3(r, pgDB,
 		"/api/password/change", "POST",
-		"system", "update",
+		"auth", "update",
 		wrapV3(http.HandlerFunc(routes.FirstPasswordChangeHandler(pgDB))),
 	)
 
 	bindV3(r, pgDB,
 		"/api/activity-logs", "GET",
-		"user", "view",
+		"system", "read",
 		wrapV3(routes.AdminActivityLogsHandler(pgDB)),
 	)
 
 	bindV3(r, pgDB,
 		"/api/test-mail", "POST",
-		"user", "insert",
+		"system", "update",
 		wrapV3(routes.TestMailHandler(ml)),
 	)
 
@@ -235,12 +252,12 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
 
 	bindV3(r, pgDB,
 		rolePerm, "GET",
-		"user", "update",
+		"system", "update",
 		wrapV3(routes.GetRolePermissionMatrix(pgDB)),
 	)
 	bindV3(r, pgDB,
 		rolePerm, "POST",
-		"user", "update",
+		"system", "update",
 		wrapV3(routes.SaveRolePermissionMatrix(pgDB)),
 	)
 
@@ -248,12 +265,12 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
 
 	bindV3(r, pgDB,
 		userPerm, "GET",
-		"user", "update",
+		"system", "update",
 		wrapV3(routes.GetUserPermissionsHandler(pgDB)),
 	)
 	bindV3(r, pgDB,
 		userPerm, "POST",
-		"user", "update",
+		"system", "update",
 		wrapV3(routes.SaveUserPermissionsHandler(pgDB)),
 	)
 
@@ -286,17 +303,17 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
 
 	bindV3(r, pgDB,
 		"/api/role-dept-permissions/list", "GET",
-		"user", "update",
+		"system", "update",
 		wrapV3(http.HandlerFunc(rdHandler.List)),
 	)
 	bindV3(r, pgDB,
 		rdPerm, "GET",
-		"user", "update",
+		"system", "update",
 		wrapV3(http.HandlerFunc(rdHandler.Get)),
 	)
 	bindV3(r, pgDB,
 		rdPerm, "POST",
-		"user", "update",
+		"system", "update",
 		wrapV3(http.HandlerFunc(rdHandler.Save)),
 	)
 
@@ -325,6 +342,11 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
 		"user", "update",
 		wrapV3(routes.UserDetailRoute(pgDB)),
 	)
+	bindV3(r, pgDB,
+		"/api/users/{id}", "DELETE",
+		"user", "delete",
+		wrapV3(routes.UserDetailRoute(pgDB)),
+	)
 
 	bindV3(r, pgDB,
 		"/api/users/{id}/admin-reset-password", "POST",
@@ -434,6 +456,11 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
 		{"/api/order/update", "POST", "update", http.HandlerFunc(routes.UpdateOrderHandler)},
 		{"/api/order/get/{id}", "GET", "view", routes.GetOrderByIDHandler(mssql)},
 		{"/api/orders/list", "GET", "view", routes.OrderListRoute(mssql)},
+		{"/api/orders/production-list", "GET", "update", routes.OrderProductionListRoute(mssql)},
+		{"/api/orders/production-items/{id}", "GET", "view", routes.OrderProductionItemsRoute(mssql)},
+		{"/api/orders/production-items/{id}/insert-missing", "POST", "update", routes.OrderProductionInsertMissingRoute(mssql)},
+		{"/api/orders/production-items/{id}/validate", "POST", "update", routes.OrderProductionValidateRoute(mssql)},
+		{"/api/orders/production-items/{id}/apply", "POST", "update", routes.OrderProductionApplyRoute(mssql)},
 		{"/api/orders/close-ready", "GET", "update", routes.OrderCloseReadyListRoute(mssql)},
 		{"/api/orders/bulk-close", "POST", "update", routes.OrderBulkCloseRoute(mssql)},
 		{"/api/orders/export", "GET", "export", routes.OrderListExcelRoute(mssql)},
@@ -611,8 +638,21 @@ func main() {
 		),
 	)
 
-	log.Println("✅ Server çalışıyor: http://localhost:8080")
+	host := strings.TrimSpace(os.Getenv("API_HOST"))
-	log.Fatal(http.ListenAndServe(":8080", handler))
+	port := strings.TrimSpace(os.Getenv("API_PORT"))
+
+	if host == "" {
+		host = "0.0.0.0"
+	}
+	if port == "" {
+		port = "8080"
+	}
+
+	addr := host + ":" + port
+
+	log.Println("🚀 Server running at:", addr)
+	log.Fatal(http.ListenAndServe(addr, handler))
+
 }
 
 func mountSPA(r *mux.Router) {
@@ -672,12 +712,17 @@ func uiRootDir() string {
 		return d
 	}
 
-	candidates := []string{"../ui/dist", "./ui/dist"}
+	candidates := []string{
+		"../ui/dist/spa",
+		"./ui/dist/spa",
+		"../ui/dist",
+		"./ui/dist",
+	}
 	for _, d := range candidates {
 		if fi, err := os.Stat(d); err == nil && fi.IsDir() {
 			return d
 		}
 	}
 
-	return "../ui/dist"
+	return "../ui/dist/spa"
 }

svc/middlewares/auth_middleware.go

@@ -10,29 +10,49 @@ import (
 
 func AuthMiddleware(db *sql.DB, next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-
 		authHeader := r.Header.Get("Authorization")
 		if authHeader == "" {
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			log.Printf(
+				"AUTH_MIDDLEWARE 401 reason=missing_authorization_header method=%s path=%s",
+				r.Method,
+				r.URL.Path,
+			)
+			http.Error(w, "unauthorized: authorization header missing", http.StatusUnauthorized)
 			return
 		}
 
 		parts := strings.SplitN(authHeader, " ", 2)
 		if len(parts) != 2 || parts[0] != "Bearer" {
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			log.Printf(
+				"AUTH_MIDDLEWARE 401 reason=invalid_authorization_format method=%s path=%s raw=%q",
+				r.Method,
+				r.URL.Path,
+				authHeader,
+			)
+			http.Error(w, "unauthorized: invalid authorization format", http.StatusUnauthorized)
 			return
 		}
 
 		claims, err := auth.ValidateToken(parts[1])
 		if err != nil {
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			log.Printf(
+				"AUTH_MIDDLEWARE 401 reason=token_validation_failed method=%s path=%s err=%v",
+				r.Method,
+				r.URL.Path,
+				err,
+			)
+			http.Error(w, "unauthorized: token validation failed", http.StatusUnauthorized)
 			return
 		}
 
-		// 🔥 BU SATIR ŞART
 		ctx := auth.WithClaims(r.Context(), claims)
-
+		log.Printf(
-		log.Printf("🔐 AUTH CTX SET user=%d role=%s", claims.ID, claims.RoleCode)
+			"AUTH_MIDDLEWARE PASS user=%d role=%s method=%s path=%s",
+			claims.ID,
+			claims.RoleCode,
+			r.Method,
+			r.URL.Path,
+		)
 
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})

svc/middlewares/authz_v2.go

@@ -859,7 +859,12 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
 			// =====================================================
 			claims, ok := auth.GetClaimsFromContext(r.Context())
 			if !ok || claims == nil {
-				http.Error(w, "unauthorized", http.StatusUnauthorized)
+				log.Printf(
+					"AUTHZ_BY_ROUTE 401 reason=claims_missing method=%s path=%s",
+					r.Method,
+					r.URL.Path,
+				)
+				http.Error(w, "unauthorized: token missing or invalid", http.StatusUnauthorized)
 				return
 			}
 
@@ -873,7 +878,7 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
 					r.Method, r.URL.Path,
 				)
 
-				http.Error(w, "route not resolved", 403)
+				http.Error(w, "route not resolved", http.StatusForbidden)
 				return
 			}
 
@@ -881,7 +886,22 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
 			if err != nil {
 				log.Printf("❌ AUTHZ: path template error: %v", err)
 
-				http.Error(w, "route template error", 403)
+				http.Error(w, "route template error", http.StatusForbidden)
+				return
+			}
+
+			// Password change must be reachable for every authenticated user.
+			// This avoids permission deadlocks during forced first-password flow.
+			if pathTemplate == "/api/password/change" {
+				next.ServeHTTP(w, r)
+				return
+			}
+
+			// Self permission endpoints are required right after login
+			// to hydrate UI permission state for the authenticated user.
+			switch pathTemplate {
+			case "/api/permissions/routes", "/api/permissions/effective":
+				next.ServeHTTP(w, r)
 				return
 			}
 
@@ -908,7 +928,12 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
 					pathTemplate,
 				)
 
-				http.Error(w, "route permission not found", 403)
+				if pathTemplate == "/api/password/change" {
+					http.Error(w, "password change route permission not found", http.StatusForbidden)
+					return
+				}
+
+				http.Error(w, "route permission not found", http.StatusForbidden)
 				return
 			}
 
@@ -935,7 +960,12 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
 					err,
 				)
 
-				http.Error(w, "forbidden", 403)
+				if pathTemplate == "/api/password/change" {
+					http.Error(w, "password change permission check failed", http.StatusForbidden)
+					return
+				}
+
+				http.Error(w, "forbidden", http.StatusForbidden)
 				return
 			}
 
@@ -948,7 +978,12 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
 					action,
 				)
 
-				http.Error(w, "forbidden", 403)
+				if pathTemplate == "/api/password/change" {
+					http.Error(w, "password change forbidden: permission denied", http.StatusForbidden)
+					return
+				}
+
+				http.Error(w, "forbidden", http.StatusForbidden)
 				return
 			}
 

svc/models/orderlist.go

@@ -21,6 +21,7 @@ type OrderList struct {
 	// ℹ️ Sipariş Durumu
 	CreditableConfirmedDate string `json:"CreditableConfirmedDate"`
 	IsCreditableConfirmed   bool   `json:"IsCreditableConfirmed"`
+	HasUretimUrunu          bool   `json:"HasUretimUrunu"`
 
 	// 💱 Para Birimi
 	DocCurrencyCode string `json:"DocCurrencyCode"`

svc/models/orderproductionitem.go

@@ -0,0 +1,25 @@
+package models
+
+// ========================================================
+// 📌 OrderProductionItem — U ile başlayan ürün satırı
+// ========================================================
+type OrderProductionItem struct {
+	OrderHeaderID string `json:"OrderHeaderID"`
+	OrderLineID   string `json:"OrderLineID"`
+
+	ItemTypeCode int16  `json:"ItemTypeCode"`
+	OldDim1      string `json:"OldDim1"`
+	OldDim3      string `json:"OldDim3"`
+
+	OldItemCode string `json:"OldItemCode"`
+	OldColor    string `json:"OldColor"`
+	OldDim2     string `json:"OldDim2"`
+	OldDesc     string `json:"OldDesc"`
+
+	NewItemCode string `json:"NewItemCode"`
+	NewColor    string `json:"NewColor"`
+	NewDim2     string `json:"NewDim2"`
+	NewDesc     string `json:"NewDesc"`
+
+	IsVariantMissing bool `json:"IsVariantMissing"`
+}

svc/models/orderproductionupdate.go

@@ -0,0 +1,24 @@
+package models
+
+type OrderProductionUpdateLine struct {
+	OrderLineID string `json:"OrderLineID"`
+	NewItemCode string `json:"NewItemCode"`
+	NewColor    string `json:"NewColor"`
+	NewDim2     string `json:"NewDim2"`
+	NewDesc     string `json:"NewDesc"`
+}
+
+type OrderProductionUpdatePayload struct {
+	Lines         []OrderProductionUpdateLine `json:"lines"`
+	InsertMissing bool                        `json:"insertMissing"`
+}
+
+type OrderProductionMissingVariant struct {
+	OrderLineID   string `json:"OrderLineID"`
+	ItemTypeCode  int16  `json:"ItemTypeCode"`
+	ItemCode      string `json:"ItemCode"`
+	ColorCode     string `json:"ColorCode"`
+	ItemDim1Code  string `json:"ItemDim1Code"`
+	ItemDim2Code  string `json:"ItemDim2Code"`
+	ItemDim3Code  string `json:"ItemDim3Code"`
+}

svc/queries/order_bulk_close.go

@@ -183,7 +183,6 @@ WHERE
     AND h.ProcessCode   = 'WS'
     AND h.IsClosed      = 0
     AND ISNULL(l.TotalAmount,0) > 0
-    AND (ISNULL(l.PackedAmount,0) * 100.0) / NULLIF(l.TotalAmount,0) >= 100
 
     AND EXISTS (
         SELECT 1
@@ -322,7 +321,6 @@ WHERE
         ) t
         WHERE t.OrderHeaderID = h.OrderHeaderID
           AND t.TotalAmount > 0
-          AND (t.PackedAmount * 100.0) / NULLIF(t.TotalAmount,0) >= 100
     );
 `, strings.Join(placeholders, ","), piyasaWhere)
 

svc/queries/order_pdf.go

@@ -101,8 +101,8 @@ SELECT
     L.ItemDim1Code,
     L.ItemDim2Code,
     L.Qty1,
-    L.Price,
+    ISNULL(CD.Price, 0) AS Price,
-    L.DocCurrencyCode,
+    ISNULL(CD.CurrencyCode, ISNULL(L.DocCurrencyCode, 'TRY')) AS DocCurrencyCode,
     L.DeliveryDate,
     L.LineDescription,
     P.ProductAtt01Desc,
@@ -115,6 +115,9 @@ SELECT
     L.VatCode,
     L.VatRate
 FROM BAGGI_V3.dbo.trOrderLine AS L
+LEFT JOIN BAGGI_V3.dbo.trOrderLineCurrency AS CD WITH (NOLOCK)
+    ON CD.OrderLineID = L.OrderLineID
+    AND CD.CurrencyCode = ISNULL(NULLIF(LTRIM(RTRIM(L.DocCurrencyCode)), ''), 'TRY')
 LEFT JOIN ProductFilterWithDescription('TR') AS P
     ON LTRIM(RTRIM(P.ProductCode)) = LTRIM(RTRIM(L.ItemCode))
 WHERE L.OrderHeaderID = @p1

svc/queries/order_write.go

@@ -13,6 +13,7 @@ import (
 	"bssapp-backend/models"
 	"database/sql"
 	"fmt"
+	"math"
 	"strings"
 	"time"
 
@@ -1114,8 +1115,9 @@ func UpdateOrder(header models.OrderHeader, lines []models.OrderDetail, user *mo
 DELETE FROM BAGGI_V3.dbo.trOrderLine
 WHERE OrderHeaderID=@p1 AND OrderLineID=@p2 AND ISNULL(IsClosed,0)=0
 `, header.OrderHeaderID, lineID); err != nil {
-			fmt.Printf("[ORDER_UPDATE] hard delete failed, trying soft-close line_id=%s err=%v\n", lineID, err)
+			fmt.Printf("[ORDER_UPDATE] hard delete failed, trying qty-zero soft-close line_id=%s err=%v\n", lineID, err)
 
+			// IsClosed computed olabilir; sadece miktarları sıfırla.
 			if _, err2 := tx.Exec(`
 UPDATE BAGGI_V3.dbo.trOrderLine
 SET
@@ -1123,12 +1125,11 @@ SET
 	Qty2 = 0,
 	CancelQty1 = 0,
 	CancelQty2 = 0,
-	IsClosed = 1,
 	LastUpdatedUserName = @p1,
 	LastUpdatedDate = @p2
 WHERE OrderHeaderID=@p3 AND OrderLineID=@p4 AND ISNULL(IsClosed,0)=0
 `, v3User, now, header.OrderHeaderID, lineID); err2 != nil {
-				return fmt.Errorf("line delete failed line_id=%s: %v; soft-close failed: %w", lineID, err, err2)
+				return fmt.Errorf("line delete failed line_id=%s: %v; qty-zero soft-close failed: %w", lineID, err, err2)
 			}
 		}
 
@@ -1155,6 +1156,13 @@ WHERE OrderHeaderID=@p3 AND OrderLineID=@p4 AND ISNULL(IsClosed,0)=0
 		color        string
 		dim1         string
 		dim2         string
+		qty1         float64
+		price        float64
+		docCurrency  string
+		vatRate      float64
+		lineDesc     string
+		deliveryDate string
+		plannedDate  string
 	})
 
 	rows, err := tx.Query(`
@@ -1164,7 +1172,14 @@ SELECT
     ISNULL(ItemCode,''),
     ISNULL(ColorCode,''),
     ISNULL(ItemDim1Code,''),
-    ISNULL(ItemDim2Code,'')
+    ISNULL(ItemDim2Code,''),
+    ISNULL(Qty1, 0),
+    ISNULL(Price, 0),
+    ISNULL(DocCurrencyCode, ''),
+    ISNULL(VatRate, 0),
+    ISNULL(LineDescription, ''),
+    CONVERT(varchar(10), DeliveryDate, 23),
+    CONVERT(varchar(10), PlannedDateOfLading, 23)
 FROM BAGGI_V3.dbo.trOrderLine
 WHERE OrderHeaderID=@p1
 `, header.OrderHeaderID)
@@ -1175,9 +1190,15 @@ WHERE OrderHeaderID=@p1
 
 	for rows.Next() {
 		var id, item, color, dim1, dim2 string
+		var docCurrency, lineDesc, deliveryDate, plannedDate string
+		var qty1, price, vatRate float64
 		var closed bool
 
-		if err := rows.Scan(&id, &closed, &item, &color, &dim1, &dim2); err != nil {
+		if err := rows.Scan(
+			&id, &closed, &item, &color, &dim1, &dim2,
+			&qty1, &price, &docCurrency, &vatRate, &lineDesc,
+			&deliveryDate, &plannedDate,
+		); err != nil {
 			return nil, err
 		}
 
@@ -1195,11 +1216,25 @@ WHERE OrderHeaderID=@p1
 				color        string
 				dim1         string
 				dim2         string
+				qty1         float64
+				price        float64
+				docCurrency  string
+				vatRate      float64
+				lineDesc     string
+				deliveryDate string
+				plannedDate  string
 			}{
 				item:         strings.TrimSpace(item),
 				color:        strings.TrimSpace(color),
 				dim1:         strings.TrimSpace(dim1),
 				dim2:         strings.TrimSpace(dim2),
+				qty1:         qty1,
+				price:        price,
+				docCurrency:  strings.TrimSpace(docCurrency),
+				vatRate:      vatRate,
+				lineDesc:     strings.TrimSpace(lineDesc),
+				deliveryDate: strings.TrimSpace(deliveryDate),
+				plannedDate:  strings.TrimSpace(plannedDate),
 			}
 			if combo != "" {
 				existingOpenCombo[combo] = id
@@ -1391,6 +1426,46 @@ WHERE OrderLineID=@p42 AND ISNULL(IsClosed,0)=0`)
 			}
 		}
 
+		// Eğer satır DB'deki değerlerle aynıysa, update/upsert yapma (performans)
+		if !isNew && ln.OrderLineID != "" {
+			if meta, ok := existingOpenMeta[ln.OrderLineID]; ok {
+				trim := strings.TrimSpace
+				floatEq := func(a, b float64) bool { return math.Abs(a-b) < 0.0001 }
+				dateOnly := func(nt models.NullTime) string {
+					if nt.Valid && !nt.Time.IsZero() {
+						return nt.Time.Format("2006-01-02")
+					}
+					return ""
+				}
+				plannedStr := ""
+				if ln.PlannedDateOfLading.Valid {
+					plannedStr = strings.TrimSpace(ln.PlannedDateOfLading.String)
+				}
+				deliveryStr := dateOnly(ln.DeliveryDate)
+
+				payloadHasDates := deliveryStr != "" && plannedStr != ""
+
+				if payloadHasDates &&
+					trim(meta.item) == trim(safeNS(ln.ItemCode)) &&
+					trim(meta.color) == trim(safeNS(ln.ColorCode)) &&
+					trim(meta.dim1) == trim(safeNS(ln.ItemDim1Code)) &&
+					trim(meta.dim2) == trim(safeNS(ln.ItemDim2Code)) &&
+					floatEq(meta.qty1, nf0(ln.Qty1)) &&
+					floatEq(meta.price, nf0(ln.Price)) &&
+					trim(meta.docCurrency) == trim(safeNS(ln.DocCurrencyCode)) &&
+					floatEq(meta.vatRate, nf0(ln.VatRate)) &&
+					trim(meta.lineDesc) == trim(safeNS(ln.LineDescription)) &&
+					trim(meta.deliveryDate) == trim(deliveryStr) &&
+					trim(meta.plannedDate) == trim(plannedStr) {
+
+					// Bu satırı "işlendi" say, ama DB yazma yok
+					delete(existingOpen, ln.OrderLineID)
+					delete(existingOpenCombo, comboKey)
+					continue
+				}
+			}
+		}
+
 		// Variant guard
 		if qtyValue(ln.Qty1) > 0 {
 			if err := ValidateItemVariant(tx, ln); err != nil {

svc/queries/orderlist.go

@@ -112,6 +112,16 @@ SELECT
     END                                            AS PackedRatePct,
 
     ISNULL(h.IsCreditableConfirmed,0)              AS IsCreditableConfirmed,
+    CASE
+        WHEN EXISTS (
+            SELECT 1
+            FROM dbo.trOrderLine l2
+            WHERE l2.OrderHeaderID = h.OrderHeaderID
+              AND ISNULL(l2.ItemCode,'') LIKE 'U%%'
+        )
+            THEN CAST(1 AS bit)
+        ELSE CAST(0 AS bit)
+    END                                            AS HasUretimUrunu,
     ISNULL(h.Description,'')                       AS Description,
 
     usd.Rate                                       AS ExchangeRateUSD

svc/queries/orderproduction_items.go

@@ -0,0 +1,222 @@
+package queries
+
+import (
+	"database/sql"
+
+	"bssapp-backend/models"
+)
+
+// ========================================================
+// 📌 GetOrderProductionItems — OrderHeaderID için U ürünleri
+// ========================================================
+func GetOrderProductionItems(mssql *sql.DB, orderHeaderID string) (*sql.Rows, error) {
+	return mssql.Query(`
+SELECT
+    CAST(l.OrderHeaderID AS NVARCHAR(50)) AS OrderHeaderID,
+    CAST(l.OrderLineID   AS NVARCHAR(50)) AS OrderLineID,
+    l.ItemTypeCode       AS ItemTypeCode,
+    ISNULL(l.ItemDim1Code,'') AS OldDim1,
+    ISNULL(l.ItemDim3Code,'') AS OldDim3,
+
+    ISNULL(l.ItemCode,'')      AS OldItemCode,
+    ISNULL(l.ColorCode,'')     AS OldColor,
+    ISNULL(l.ItemDim2Code,'')  AS OldDim2,
+    ISNULL(l.LineDescription,'') AS OldDesc,
+
+    CAST('' AS NVARCHAR(60))   AS NewItemCode,
+    CAST('' AS NVARCHAR(30))   AS NewColor,
+    CAST('' AS NVARCHAR(30))   AS NewDim2,
+    CAST('' AS NVARCHAR(250))  AS NewDesc,
+
+    CAST(0 AS bit) AS IsVariantMissing
+FROM dbo.trOrderLine l
+WHERE l.OrderHeaderID = @p1
+  AND ISNULL(l.ItemCode,'') LIKE 'U%'
+ORDER BY l.SortOrder, l.OrderLineID
+`, orderHeaderID)
+}
+
+// ========================================================
+// 📌 InsertMissingProductionVariants — eksik prItemVariant ekler
+// ========================================================
+func InsertMissingProductionVariants(mssql *sql.DB, orderHeaderID string, username string) (int64, error) {
+	query := `
+;WITH Missing AS (
+    SELECT DISTINCT
+        l.ItemTypeCode,
+        l.ItemCode,
+        l.ColorCode,
+        l.ItemDim1Code,
+        l.ItemDim2Code,
+        l.ItemDim3Code
+    FROM dbo.trOrderLine l
+    LEFT JOIN dbo.prItemVariant pv
+      ON pv.ItemTypeCode = l.ItemTypeCode
+     AND pv.ItemCode     = l.ItemCode
+     AND pv.ColorCode    = l.ColorCode
+     AND ISNULL(pv.ItemDim1Code,'') = ISNULL(l.ItemDim1Code,'')
+     AND ISNULL(pv.ItemDim2Code,'') = ISNULL(l.ItemDim2Code,'')
+     AND ISNULL(pv.ItemDim3Code,'') = ISNULL(l.ItemDim3Code,'')
+    WHERE l.OrderHeaderID = @p1
+      AND ISNULL(l.ItemCode,'') LIKE 'U%'
+      AND pv.ItemCode IS NULL
+),
+MaxPlu AS (
+    SELECT ISNULL(MAX(PLU),0) AS BasePlu
+    FROM dbo.prItemVariant WITH (UPDLOCK, HOLDLOCK)
+)
+INSERT INTO dbo.prItemVariant (
+    ItemTypeCode,
+    ItemCode,
+    ColorCode,
+    ItemDim1Code,
+    ItemDim2Code,
+    ItemDim3Code,
+    PLU,
+    CreatedUserName,
+    CreatedDate,
+    LastUpdatedUserName,
+    LastUpdatedDate
+)
+SELECT
+    m.ItemTypeCode,
+    m.ItemCode,
+    m.ColorCode,
+    m.ItemDim1Code,
+    m.ItemDim2Code,
+    m.ItemDim3Code,
+    mp.BasePlu + ROW_NUMBER() OVER (ORDER BY m.ItemCode, m.ColorCode, m.ItemDim1Code, m.ItemDim2Code, m.ItemDim3Code),
+    @p2,
+    GETDATE(),
+    @p2,
+    GETDATE()
+FROM Missing m
+CROSS JOIN MaxPlu mp;
+`
+
+	res, err := mssql.Exec(query, orderHeaderID, username)
+	if err != nil {
+		return 0, err
+	}
+	return res.RowsAffected()
+}
+
+// ========================================================
+// OrderProductionUpdate - variant kontrolu ve guncelleme
+// ========================================================
+func GetOrderLineDims(mssql *sql.DB, orderHeaderID string, orderLineID string) (int16, string, string, string, error) {
+	var itemTypeCode int16
+	var dim1 string
+	var dim2 string
+	var dim3 string
+	err := mssql.QueryRow(`
+SELECT
+    ItemTypeCode,
+    ISNULL(ItemDim1Code,'') AS ItemDim1Code,
+    ISNULL(ItemDim2Code,'') AS ItemDim2Code,
+    ISNULL(ItemDim3Code,'') AS ItemDim3Code
+FROM dbo.trOrderLine
+WHERE OrderHeaderID = @p1 AND OrderLineID = @p2
+`, orderHeaderID, orderLineID).Scan(&itemTypeCode, &dim1, &dim2, &dim3)
+	return itemTypeCode, dim1, dim2, dim3, err
+}
+
+func VariantExists(mssql *sql.DB, itemTypeCode int16, itemCode string, colorCode string, dim1 string, dim2 string, dim3 string) (bool, error) {
+	var exists int
+	err := mssql.QueryRow(`
+SELECT TOP 1 1
+FROM dbo.prItemVariant
+WHERE ItemTypeCode = @p1
+  AND ItemCode     = @p2
+  AND ColorCode    = @p3
+  AND ISNULL(ItemDim1Code,'') = ISNULL(@p4,'')
+  AND ISNULL(ItemDim2Code,'') = ISNULL(@p5,'')
+  AND ISNULL(ItemDim3Code,'') = ISNULL(@p6,'')
+`, itemTypeCode, itemCode, colorCode, dim1, dim2, dim3).Scan(&exists)
+	if err == sql.ErrNoRows {
+		return false, nil
+	}
+	if err != nil {
+		return false, err
+	}
+	return true, nil
+}
+
+func InsertMissingVariantsTx(tx *sql.Tx, missing []models.OrderProductionMissingVariant, username string) (int64, error) {
+	if len(missing) == 0 {
+		return 0, nil
+	}
+
+	var basePlu int64
+	if err := tx.QueryRow(`
+SELECT ISNULL(MAX(PLU),0) AS BasePlu
+FROM dbo.prItemVariant WITH (UPDLOCK, HOLDLOCK)
+`).Scan(&basePlu); err != nil {
+		return 0, err
+	}
+
+	var inserted int64
+	for i, v := range missing {
+		plu := basePlu + int64(i) + 1
+		res, err := tx.Exec(`
+IF NOT EXISTS (
+    SELECT 1
+    FROM dbo.prItemVariant
+    WHERE ItemTypeCode = @p1
+      AND ItemCode     = @p2
+      AND ColorCode    = @p3
+      AND ISNULL(ItemDim1Code,'') = ISNULL(@p4,'')
+      AND ISNULL(ItemDim2Code,'') = ISNULL(@p5,'')
+      AND ISNULL(ItemDim3Code,'') = ISNULL(@p6,'')
+)
+INSERT INTO dbo.prItemVariant (
+    ItemTypeCode,
+    ItemCode,
+    ColorCode,
+    ItemDim1Code,
+    ItemDim2Code,
+    ItemDim3Code,
+    PLU,
+    CreatedUserName,
+    CreatedDate,
+    LastUpdatedUserName,
+    LastUpdatedDate
+)
+VALUES (
+    @p1, @p2, @p3, @p4, @p5, @p6,
+    @p7, @p8, GETDATE(), @p8, GETDATE()
+);
+`, v.ItemTypeCode, v.ItemCode, v.ColorCode, v.ItemDim1Code, v.ItemDim2Code, v.ItemDim3Code, plu, username)
+		if err != nil {
+			return inserted, err
+		}
+		if rows, err := res.RowsAffected(); err == nil {
+			inserted += rows
+		}
+	}
+	return inserted, nil
+}
+
+func UpdateOrderLinesTx(tx *sql.Tx, orderHeaderID string, lines []models.OrderProductionUpdateLine, username string) (int64, error) {
+	var updated int64
+	for _, line := range lines {
+		res, err := tx.Exec(`
+UPDATE dbo.trOrderLine
+SET
+    ItemCode = @p1,
+    ColorCode = @p2,
+    ItemDim2Code = @p3,
+    LineDescription = COALESCE(NULLIF(@p4,''), LineDescription),
+    LastUpdatedUserName = @p5,
+    LastUpdatedDate = GETDATE()
+WHERE OrderHeaderID = @p6 AND OrderLineID = @p7
+`, line.NewItemCode, line.NewColor, line.NewDim2, line.NewDesc, username, orderHeaderID, line.OrderLineID)
+		if err != nil {
+			return updated, err
+		}
+		if rows, err := res.RowsAffected(); err == nil {
+			updated += rows
+		}
+	}
+	return updated, nil
+}

svc/queries/orderproductionlist.go

@@ -0,0 +1,269 @@
+package queries
+
+import (
+	"bssapp-backend/auth"
+	"bssapp-backend/internal/authz"
+	"context"
+	"database/sql"
+	"fmt"
+)
+
+// ========================================================
+// 📌 GetOrderProductionList — Üretime verilecek ürün içeren siparişler
+// ========================================================
+func GetOrderProductionList(
+	ctx context.Context,
+	mssql *sql.DB,
+	pg *sql.DB,
+	search string,
+) (*sql.Rows, error) {
+
+	claims, ok := auth.GetClaimsFromContext(ctx)
+	if !ok || claims == nil {
+		return nil, fmt.Errorf("unauthorized: claims not found")
+	}
+
+	// ----------------------------------------------------
+	// 🔐 PIYASA FILTER (ADMIN BYPASS)
+	// ----------------------------------------------------
+	piyasaWhere := "1=1"
+
+	if !claims.IsAdmin() {
+
+		codes, err := authz.GetUserPiyasaCodes(pg, int(claims.ID))
+		if err != nil {
+			return nil, fmt.Errorf("piyasa codes load error: %w", err)
+		}
+
+		if len(codes) == 0 {
+			piyasaWhere = "1=0"
+		} else {
+			piyasaWhere = authz.BuildINClause(
+				"UPPER(f2.CustomerAtt01)",
+				codes,
+			)
+		}
+	}
+
+	// ----------------------------------------------------
+	// 📄 BASE QUERY (orderlist.go ile aynı kolonlar)
+	// ----------------------------------------------------
+	baseQuery := fmt.Sprintf(`
+SELECT
+    CAST(h.OrderHeaderID AS NVARCHAR(50))           AS OrderHeaderID,
+    ISNULL(h.OrderNumber, '')                      AS OrderNumber,
+    CONVERT(varchar, h.OrderDate, 23)              AS OrderDate,
+
+    ISNULL(h.CurrAccCode, '')                      AS CurrAccCode,
+    ISNULL(ca.CurrAccDescription, '')              AS CurrAccDescription,
+
+    ISNULL(mt.AttributeDescription, '')            AS MusteriTemsilcisi,
+    ISNULL(py.AttributeDescription, '')            AS Piyasa,
+
+    CONVERT(varchar, h.CreditableConfirmedDate,23) AS CreditableConfirmedDate,
+    ISNULL(h.DocCurrencyCode,'TRY')                AS DocCurrencyCode,
+
+    ISNULL(l.TotalAmount,0)                        AS TotalAmount,
+
+    ----------------------------------------------------------------
+    -- USD HESABI (TRY / EUR / GBP / USD DESTEKLİ)
+    ----------------------------------------------------------------
+    CASE
+        WHEN h.DocCurrencyCode = 'USD'
+            THEN ISNULL(l.TotalAmount,0)
+
+        WHEN h.DocCurrencyCode = 'TRY'
+             AND usd.Rate > 0
+            THEN ISNULL(l.TotalAmount,0) / usd.Rate
+
+        WHEN h.DocCurrencyCode IN ('EUR','GBP')
+             AND cur.Rate > 0
+             AND usd.Rate > 0
+            THEN (ISNULL(l.TotalAmount,0) * cur.Rate) / usd.Rate
+
+        ELSE 0
+    END                                            AS TotalAmountUSD,
+
+    ISNULL(l.PackedAmount,0)                       AS PackedAmount,
+
+    CASE
+        WHEN h.DocCurrencyCode = 'USD'
+            THEN ISNULL(l.PackedAmount,0)
+
+        WHEN h.DocCurrencyCode = 'TRY'
+             AND usd.Rate > 0
+            THEN ISNULL(l.PackedTRY,0) / usd.Rate
+
+        WHEN cur.Rate > 0
+             AND usd.Rate > 0
+            THEN (ISNULL(l.PackedAmount,0) * cur.Rate) / usd.Rate
+
+        ELSE 0
+    END                                            AS PackedUSD,
+
+    CASE
+        WHEN ISNULL(l.TotalAmount,0) > 0
+            THEN (ISNULL(l.PackedAmount,0) * 100.0) / NULLIF(l.TotalAmount,0)
+        ELSE 0
+    END                                            AS PackedRatePct,
+
+    ISNULL(h.IsCreditableConfirmed,0)              AS IsCreditableConfirmed,
+    CAST(1 AS bit)                                 AS HasUretimUrunu,
+    ISNULL(h.Description,'')                       AS Description,
+
+    usd.Rate                                       AS ExchangeRateUSD
+
+FROM dbo.trOrderHeader h
+
+-- ✅ TOPLAM ARTIK trOrderLineCurrency'den: CurrencyCode = DocCurrencyCode
+JOIN (
+    SELECT
+        l.OrderHeaderID,
+        SUM(ISNULL(c.NetAmount,0)) AS TotalAmount,
+        SUM(
+            CASE
+                WHEN ISNULL(c.CurrencyCode,'') = 'TRY'
+                    THEN ISNULL(c.NetAmount,0)
+                ELSE 0
+            END
+        ) AS TotalTRY,
+        SUM(
+            CASE
+                WHEN ISNULL(l.IsClosed,0) = 1
+                    THEN ISNULL(c.NetAmount,0)
+                ELSE 0
+            END
+        ) AS PackedAmount,
+        SUM(
+            CASE
+                WHEN ISNULL(l.IsClosed,0) = 1
+                     AND ISNULL(c.CurrencyCode,'') = 'TRY'
+                    THEN ISNULL(c.NetAmount,0)
+                ELSE 0
+            END
+        ) AS PackedTRY
+    FROM dbo.trOrderLine l
+    JOIN dbo.trOrderHeader h2
+      ON h2.OrderHeaderID = l.OrderHeaderID
+    LEFT JOIN dbo.trOrderLineCurrency c
+      ON c.OrderLineID  = l.OrderLineID
+     AND c.CurrencyCode = ISNULL(h2.DocCurrencyCode,'TRY')
+    GROUP BY l.OrderHeaderID
+) l
+  ON l.OrderHeaderID = h.OrderHeaderID
+
+LEFT JOIN dbo.cdCurrAccDesc ca
+  ON ca.CurrAccCode = h.CurrAccCode
+ AND ca.LangCode = 'TR'
+
+-- müşteri temsilcisi + piyasa açıklamaları
+LEFT JOIN dbo.CustomerAttributesFilter f
+  ON f.CurrAccCode = h.CurrAccCode
+
+LEFT JOIN dbo.cdCurrAccAttributeDesc mt
+  ON mt.CurrAccTypeCode    = 3
+ AND mt.AttributeTypeCode  = 2
+ AND mt.AttributeCode      = f.CustomerAtt02
+ AND mt.LangCode           = 'TR'
+
+LEFT JOIN dbo.cdCurrAccAttributeDesc py
+  ON py.CurrAccTypeCode    = 3
+ AND py.AttributeTypeCode  = 1
+ AND py.AttributeCode      = f.CustomerAtt01
+ AND py.LangCode           = 'TR'
+
+----------------------------------------------------------------
+-- USD → TRY
+----------------------------------------------------------------
+OUTER APPLY (
+    SELECT TOP 1 Rate
+    FROM dbo.AllExchangeRates
+    WHERE CurrencyCode = 'USD'
+      AND RelationCurrencyCode = 'TRY'
+      AND ExchangeTypeCode = 6
+      AND Rate > 0
+      AND Date <= CAST(GETDATE() AS date)
+    ORDER BY Date DESC
+) usd
+
+----------------------------------------------------------------
+-- ORDER PB → TRY
+----------------------------------------------------------------
+OUTER APPLY (
+    SELECT TOP 1 Rate
+    FROM dbo.AllExchangeRates
+    WHERE CurrencyCode = h.DocCurrencyCode
+      AND RelationCurrencyCode = 'TRY'
+      AND ExchangeTypeCode = 6
+      AND Rate > 0
+      AND Date <= CAST(GETDATE() AS date)
+    ORDER BY Date DESC
+) cur
+
+WHERE
+    ISNULL(h.IsCancelOrder,0) = 0
+    AND h.OrderTypeCode = 1
+    AND h.ProcessCode   = 'WS'
+    AND h.IsClosed      = 0
+    -- 🔐 PIYASA AUTHZ (EXISTS — SAĞLAM YOL)
+    AND EXISTS (
+        SELECT 1
+        FROM dbo.CustomerAttributesFilter f2
+        WHERE f2.CurrAccCode = h.CurrAccCode
+          AND %s
+    )
+    -- ✅ Üretime verilecek ürün filtresi
+    AND EXISTS (
+        SELECT 1
+        FROM dbo.trOrderLine l2
+        WHERE l2.OrderHeaderID = h.OrderHeaderID
+          AND ISNULL(l2.ItemCode,'') LIKE 'U%%'
+    )
+`, piyasaWhere)
+
+	// ----------------------------------------------------
+	// 🔍 SEARCH FILTER (CASE + TR SAFE)
+	// ----------------------------------------------------
+	if search != "" {
+		baseQuery += `
+AND EXISTS (
+  SELECT 1
+  FROM dbo.trOrderHeader h2
+  LEFT JOIN dbo.cdCurrAccDesc ca2
+    ON ca2.CurrAccCode = h2.CurrAccCode
+   AND ca2.LangCode = 'TR'
+  WHERE h2.OrderHeaderID = h.OrderHeaderID
+    AND (
+      LOWER(REPLACE(REPLACE(h2.OrderNumber,'İ','I'),'ı','i'))
+        COLLATE Latin1_General_CI_AI LIKE LOWER(@p1)
+
+      OR LOWER(REPLACE(REPLACE(h2.CurrAccCode,'İ','I'),'ı','i'))
+        COLLATE Latin1_General_CI_AI LIKE LOWER(@p1)
+
+      OR LOWER(REPLACE(REPLACE(ca2.CurrAccDescription,'İ','I'),'ı','i'))
+        COLLATE Latin1_General_CI_AI LIKE LOWER(@p1)
+
+      OR LOWER(REPLACE(REPLACE(h2.Description,'İ','I'),'ı','i'))
+        COLLATE Latin1_General_CI_AI LIKE LOWER(@p1)
+    )
+)
+`
+	}
+
+	// ----------------------------------------------------
+	// 📌 ORDER
+	// ----------------------------------------------------
+	baseQuery += `
+ORDER BY h.CreatedDate DESC
+`
+
+	// ----------------------------------------------------
+	// ▶ EXECUTE
+	// ----------------------------------------------------
+	if search != "" {
+		searchLike := fmt.Sprintf("%%%s%%", search)
+		return mssql.Query(baseQuery, searchLike)
+	}
+
+	return mssql.Query(baseQuery)
+}

svc/queries/statement_header.go

@@ -10,74 +10,135 @@ import (
 
 // Ana tabloyu getiren fonksiyon (Vue header tablosu için)
 func GetStatements(params models.StatementParams) ([]models.StatementHeader, error) {
+
 	// AccountCode normalize: "ZLA0127" → "ZLA 0127"
 	if len(params.AccountCode) == 7 && strings.ContainsAny(params.AccountCode, "0123456789") {
 		params.AccountCode = params.AccountCode[:3] + " " + params.AccountCode[3:]
 	}
+	if strings.TrimSpace(params.LangCode) == "" {
+		params.LangCode = "TR"
+	}
 
 	// Parislemler []string → '1','2','3'
 	parislemFilter := "''"
 	if len(params.Parislemler) > 0 {
-		quoted := make([]string, len(params.Parislemler))
+		quoted := make([]string, 0, len(params.Parislemler))
-		for i, v := range params.Parislemler {
+		for _, v := range params.Parislemler {
-			quoted[i] = fmt.Sprintf("'%s'", v)
+			v = strings.TrimSpace(v)
+			if v == "" {
+				continue
 			}
+			quoted = append(quoted, fmt.Sprintf("'%s'", strings.ReplaceAll(v, "'", "''")))
+		}
+		if len(quoted) > 0 {
 			parislemFilter = strings.Join(quoted, ",")
 		}
+	}
 
 	query := fmt.Sprintf(`
-;WITH Opening AS (
+;WITH CurrDesc AS (
     SELECT
-        b.CurrAccCode AS Cari_Kod,
+        CurrAccCode,
-        b.DocCurrencyCode AS Para_Birimi,
+        MAX(CurrAccDescription) AS CurrAccDescription
-        SUM(c.Debit - c.Credit) AS Devir_Bakiyesi
+    FROM cdCurrAccDesc
+    WHERE LangCode = @LangCode
+    GROUP BY CurrAccCode
+),
+
+/* =========================================================
+   ✅ Bu aralıkta hareket var mı?
+   Varsa : Devir = startdate öncesi
+   Yoksa : Devir = enddate dahil (enddate itibariyle bakiye)
+   ========================================================= */
+HasMovement AS (
+    SELECT
+        CASE WHEN EXISTS (
+            SELECT 1
             FROM trCurrAccBook b
+            INNER JOIN CurrAccBookATAttributesFilter f
+              ON f.CurrAccBookID = b.CurrAccBookID
+             AND f.ATAtt01 IN (%s)
+            WHERE b.CurrAccCode LIKE '%%' + @Carikod + '%%'
+              AND b.DocumentDate BETWEEN @startdate AND @enddate
+        ) THEN 1 ELSE 0 END AS HasMov
+),
+
+/* =========================================================
+   ✅ Opening (Devir) — TEK CARİ KOD ALTINDA KONSOLİDE
+   Cari_Kod = @Carikod (sabit)
+   ========================================================= */
+Opening AS (
+    SELECT
+        @Carikod           AS Cari_Kod,
+        b.DocCurrencyCode  AS Para_Birimi,
+        SUM(ISNULL(c.Debit,0) - ISNULL(c.Credit,0)) AS Devir_Bakiyesi
+    FROM trCurrAccBook b
+    CROSS JOIN HasMovement hm
+    INNER JOIN CurrAccBookATAttributesFilter f2
+      ON f2.CurrAccBookID = b.CurrAccBookID
+     AND f2.ATAtt01 IN (%s)
     LEFT JOIN trCurrAccBookCurrency c
       ON c.CurrAccBookID = b.CurrAccBookID
      AND c.CurrencyCode  = b.DocCurrencyCode
     WHERE b.CurrAccCode LIKE '%%' + @Carikod + '%%'
-      AND b.DocumentDate < @startdate
+      AND (
-      AND EXISTS (
+            (hm.HasMov = 1 AND b.DocumentDate <  @startdate)  -- hareket varsa: klasik devir
-            SELECT 1
+         OR (hm.HasMov = 0 AND b.DocumentDate <= @enddate)    -- hareket yoksa: enddate itibariyle bakiye
-            FROM CurrAccBookATAttributesFilter f2
-            WHERE f2.CurrAccBookID = b.CurrAccBookID
-              AND f2.ATAtt01 IN (%s)
       )
-    GROUP BY b.CurrAccCode, b.DocCurrencyCode
+    GROUP BY b.DocCurrencyCode
 ),
+
+/* =========================================================
+   ✅ Hareketler (Movements) — TEK CARİ KOD ALTINDA KONSOLİDE
+   Cari_Kod = @Carikod (sabit)
+   Running sadece aralıktaki hareketlerden gelir.
+   ========================================================= */
 Movements AS (
     SELECT
-        b.CurrAccCode        AS Cari_Kod,
+        @Carikod AS Cari_Kod,
-        d.CurrAccDescription AS Cari_Isim,
+
+        COALESCE(
+            (SELECT TOP 1 cd.CurrAccDescription
+             FROM CurrDesc cd
+             WHERE cd.CurrAccCode = @Carikod),
+            (SELECT TOP 1 cd.CurrAccDescription
+             FROM CurrDesc cd
+             WHERE cd.CurrAccCode LIKE '%%' + @Carikod + '%%'
+             ORDER BY cd.CurrAccCode)
+        ) AS Cari_Isim,
+
         CONVERT(varchar(10), b.DocumentDate, 23) AS Belge_Tarihi,
         CONVERT(varchar(10), b.DueDate, 23)      AS Vade_Tarihi,
+
         b.RefNumber           AS Belge_No,
         b.BaseApplicationCode AS Islem_Tipi,
         b.LineDescription     AS Aciklama,
+
         b.DocCurrencyCode     AS Para_Birimi,
-        c.Debit              AS Borc,
+
-        c.Credit             AS Alacak,
+        ISNULL(c.Debit,0)     AS Borc,
-        SUM(c.Debit - c.Credit)
+        ISNULL(c.Credit,0)    AS Alacak,
-            OVER (PARTITION BY b.CurrAccCode, c.CurrencyCode 
+
-                  ORDER BY b.DocumentDate, b.CurrAccBookID) AS Hareket_Bakiyesi,
+        SUM(ISNULL(c.Debit,0) - ISNULL(c.Credit,0))
+            OVER (
+              PARTITION BY b.DocCurrencyCode
+              ORDER BY b.DocumentDate, b.CurrAccBookID
+            ) AS Hareket_Bakiyesi,
+
         f.ATAtt01 AS Parislemtipi
+
     FROM trCurrAccBook b
-    LEFT JOIN cdCurrAccDesc d
+    INNER JOIN CurrAccBookATAttributesFilter f
-        ON b.CurrAccCode = d.CurrAccCode 
+      ON f.CurrAccBookID = b.CurrAccBookID
+     AND f.ATAtt01 IN (%s)
     LEFT JOIN trCurrAccBookCurrency c
-        ON b.CurrAccBookID = c.CurrAccBookID
+      ON c.CurrAccBookID = b.CurrAccBookID
-       AND b.DocCurrencyCode = c.CurrencyCode
+     AND c.CurrencyCode  = b.DocCurrencyCode
-    LEFT JOIN CurrAccBookATAttributesFilter f
+
-        ON b.CurrAccBookID = f.CurrAccBookID
     WHERE b.CurrAccCode LIKE '%%' + @Carikod + '%%'
       AND b.DocumentDate BETWEEN @startdate AND @enddate
-      AND EXISTS (
-            SELECT 1 
-            FROM CurrAccBookATAttributesFilter f2
-            WHERE f2.CurrAccBookID = b.CurrAccBookID
-              AND f2.ATAtt01 IN (%s)
-      )
 )
+
 SELECT
     m.Cari_Kod,
     m.Cari_Isim,
@@ -89,8 +150,12 @@ SELECT
     m.Para_Birimi,
     m.Borc,
     m.Alacak,
+
+    /* ✅ Bakiye = Devir + Aralıktaki Running */
     ISNULL(o.Devir_Bakiyesi,0) + m.Hareket_Bakiyesi AS Bakiye,
+
     m.Parislemtipi AS Parislemler
+
 FROM Movements m
 LEFT JOIN Opening o
   ON o.Cari_Kod    = m.Cari_Kod
@@ -98,43 +163,49 @@ LEFT JOIN Opening o
 
 UNION ALL
 
--- Devir satırı
+/* =========================================================
+   ✅ Devir Satırı (kur bazında) — Opening'den gelir
+   Hareket varsa: startdate öncesi
+   Hareket yoksa: enddate itibariyle bakiye
+   ========================================================= */
 SELECT
-    @Carikod                    AS Cari_Kod,
+    o.Cari_Kod,
-    MAX(d.CurrAccDescription)   AS Cari_Isim,
+    COALESCE(
+        (SELECT TOP 1 cd.CurrAccDescription
+         FROM CurrDesc cd
+         WHERE cd.CurrAccCode = @Carikod),
+        (SELECT TOP 1 cd.CurrAccDescription
+         FROM CurrDesc cd
+         WHERE cd.CurrAccCode LIKE '%%' + @Carikod + '%%'
+         ORDER BY cd.CurrAccCode)
+    ) AS Cari_Isim,
+
     CONVERT(varchar(10), @startdate, 23) AS Belge_Tarihi,
     CONVERT(varchar(10), @startdate, 23) AS Vade_Tarihi,
+
     'Baslangic_devir' AS Belge_No,
     'Devir'           AS Islem_Tipi,
     'Devir Bakiyesi'  AS Aciklama,
-    b.DocCurrencyCode           AS Para_Birimi,
-    SUM(c.Debit)                AS Borc,
-    SUM(c.Credit)               AS Alacak,
-    SUM(c.Debit) - SUM(c.Credit) AS Bakiye,
-    (
-      SELECT STRING_AGG(x.ATAtt01, ',')
-      FROM (
-        SELECT DISTINCT f2.ATAtt01
-        FROM CurrAccBookATAttributesFilter f2
-        INNER JOIN trCurrAccBook bb
-          ON f2.CurrAccBookID = bb.CurrAccBookID
-        WHERE bb.CurrAccCode LIKE '%%' + @Carikod + '%%'
-          AND bb.DocumentDate < @startdate
-          AND f2.ATAtt01 IN (%s)
-      ) x
-    ) AS Parislemler
-FROM trCurrAccBook b
-LEFT JOIN cdCurrAccDesc d
-    ON b.CurrAccCode = d.CurrAccCode 
-LEFT JOIN trCurrAccBookCurrency c
-    ON b.CurrAccBookID = c.CurrAccBookID
-   AND b.DocCurrencyCode = c.CurrencyCode
-WHERE b.CurrAccCode LIKE '%%' + @Carikod + '%%'
-  AND b.DocumentDate < @startdate
-GROUP BY b.DocCurrencyCode
 
-ORDER BY Para_Birimi, Belge_Tarihi;
+    o.Para_Birimi,
-`, parislemFilter, parislemFilter, parislemFilter)
+
+    CASE WHEN o.Devir_Bakiyesi >= 0 THEN o.Devir_Bakiyesi ELSE 0 END AS Borc,
+    CASE WHEN o.Devir_Bakiyesi <  0 THEN ABS(o.Devir_Bakiyesi) ELSE 0 END AS Alacak,
+
+    o.Devir_Bakiyesi AS Bakiye,
+
+    CAST(NULL AS varchar(32)) AS Parislemler
+
+FROM Opening o
+
+ORDER BY
+    Para_Birimi,
+    Belge_Tarihi;
+`,
+		parislemFilter, // HasMovement
+		parislemFilter, // Opening
+		parislemFilter, // Movements
+	)
 
 	rows, err := db.MssqlDB.Query(query,
 		sql.Named("startdate", params.StartDate),

svc/queries/statement_header_pdf.go

@@ -1,187 +1,18 @@
-// queries/statements_header_pdf.go
 package queries
 
 import (
-	"bssapp-backend/db"
 	"bssapp-backend/models"
-	"database/sql"
-	"fmt"
 	"log"
-	"strings"
 )
 
-// küçük yardımcı: boşlukları temizle, her değeri ayrı tırnakla sar
-func buildQuotedHList(vals []string) string {
-	var pp []string
-	for _, v := range vals {
-		v = strings.TrimSpace(v)
-		if v != "" {
-			pp = append(pp, fmt.Sprintf("'%s'", v)) // '1','2' gibi
-		}
-	}
-	if len(pp) == 0 {
-		return ""
-	}
-	return strings.Join(pp, ",")
-}
-
-/* ============================ HEADER (Ana Tablo) ============================ */
-
 func GetStatementsHPDF(accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) {
-	// Account normalize
+	headers, err := getStatementsForPDF(accountCode, startDate, endDate, parislemler)
-	if len(accountCode) == 7 && strings.ContainsAny(accountCode, "0123456789") {
-		accountCode = accountCode[:3] + " " + accountCode[3:]
-	}
-
-	// IN list parse et
-	inList := buildQuotedHList(parislemler)
-	parislemCond := "''"
-	if inList != "" {
-		parislemCond = inList
-	}
-
-	query := fmt.Sprintf(`
-;WITH Opening AS (
-    SELECT 
-        b.CurrAccCode AS Cari_Kod,
-        b.DocCurrencyCode AS Para_Birimi,
-        SUM(c.Debit - c.Credit) AS Devir_Bakiyesi
-    FROM trCurrAccBook b
-    LEFT JOIN trCurrAccBookCurrency c
-      ON c.CurrAccBookID = b.CurrAccBookID
-     AND c.CurrencyCode  = b.DocCurrencyCode
-    WHERE b.CurrAccCode LIKE @Carikod
-      AND b.DocumentDate < @StartDate
-      AND EXISTS (
-            SELECT 1
-            FROM CurrAccBookATAttributesFilter f2
-            WHERE f2.CurrAccBookID = b.CurrAccBookID
-              AND f2.ATAtt01 IN (%s)
-      )
-    GROUP BY b.CurrAccCode, b.DocCurrencyCode
-),
-Movements AS (
-    SELECT 
-        b.CurrAccCode        AS Cari_Kod,
-        d.CurrAccDescription AS Cari_Isim,
-        CONVERT(varchar(10), b.DocumentDate, 23) AS Belge_Tarihi, 
-        CONVERT(varchar(10), b.DueDate, 23)      AS Vade_Tarihi, 
-        b.RefNumber          AS Belge_No,
-        b.BaseApplicationCode AS Islem_Tipi,
-        b.LineDescription    AS Aciklama,
-        b.DocCurrencyCode    AS Para_Birimi,
-        c.Debit              AS Borc,
-        c.Credit             AS Alacak,
-        SUM(c.Debit - c.Credit)
-            OVER (PARTITION BY b.CurrAccCode, c.CurrencyCode 
-                  ORDER BY b.DocumentDate, b.CurrAccBookID) AS Hareket_Bakiyesi,
-        f.ATAtt01 AS Parislemler
-    FROM trCurrAccBook b
-    LEFT JOIN cdCurrAccDesc d
-        ON b.CurrAccCode = d.CurrAccCode AND d.LangCode = 'TR'
-    LEFT JOIN trCurrAccBookCurrency c
-        ON b.CurrAccBookID = c.CurrAccBookID
-       AND b.DocCurrencyCode = c.CurrencyCode
-    LEFT JOIN CurrAccBookATAttributesFilter f
-        ON b.CurrAccBookID = f.CurrAccBookID
-    WHERE b.CurrAccCode LIKE @Carikod
-      AND b.DocumentDate BETWEEN @StartDate AND @EndDate
-      AND EXISTS (
-            SELECT 1 
-            FROM CurrAccBookATAttributesFilter f2
-            WHERE f2.CurrAccBookID = b.CurrAccBookID
-              AND f2.ATAtt01 IN (%s)
-      )
-)`, parislemCond, parislemCond)
-	query += fmt.Sprintf(`
-SELECT 
-    m.Cari_Kod,
-    m.Cari_Isim,
-    m.Belge_Tarihi,
-    m.Vade_Tarihi,
-    m.Belge_No,
-    m.Islem_Tipi,
-    m.Aciklama,
-    m.Para_Birimi,
-    m.Borc,
-    m.Alacak,
-    ISNULL(o.Devir_Bakiyesi,0) + m.Hareket_Bakiyesi AS Bakiye,
-    m.Parislemler
-FROM Movements m
-LEFT JOIN Opening o
-  ON o.Cari_Kod = m.Cari_Kod
- AND o.Para_Birimi = m.Para_Birimi
-
-UNION ALL
-
--- Devir satırı
-SELECT  
-    @Carikod                    AS Cari_Kod,
-    MAX(d.CurrAccDescription)   AS Cari_Isim,
-    CONVERT(varchar(10), @StartDate, 23) AS Belge_Tarihi, 
-    CONVERT(varchar(10), @StartDate, 23) AS Vade_Tarihi, 
-    'Baslangic_devir'           AS Belge_No,
-    'Devir'                     AS Islem_Tipi,
-    'Devir Bakiyesi'            AS Aciklama,
-    b.DocCurrencyCode           AS Para_Birimi,
-    SUM(c.Debit)                AS Borc,
-    SUM(c.Credit)               AS Alacak,
-    SUM(c.Debit) - SUM(c.Credit) AS Bakiye,
-    (
-      SELECT STRING_AGG(x.ATAtt01, ',')
-      FROM (
-        SELECT DISTINCT f2.ATAtt01
-        FROM CurrAccBookATAttributesFilter f2
-        INNER JOIN trCurrAccBook bb
-          ON f2.CurrAccBookID = bb.CurrAccBookID
-        WHERE bb.CurrAccCode LIKE @Carikod
-          AND bb.DocumentDate < @StartDate
-          AND f2.ATAtt01 IN (%s)
-      ) x
-    ) AS Parislemler
-FROM trCurrAccBook b
-LEFT JOIN cdCurrAccDesc d
-    ON b.CurrAccCode = d.CurrAccCode AND d.LangCode = 'TR'
-LEFT JOIN trCurrAccBookCurrency c
-    ON b.CurrAccBookID = c.CurrAccBookID
-   AND b.DocCurrencyCode = c.CurrencyCode
-WHERE b.CurrAccCode LIKE @Carikod
-  AND b.DocumentDate < @StartDate
-GROUP BY b.DocCurrencyCode
-
-ORDER BY Para_Birimi, Belge_Tarihi;`, parislemCond)
-
-	rows, err := db.MssqlDB.Query(query,
-		sql.Named("Carikod", "%"+accountCode+"%"),
-		sql.Named("StartDate", startDate),
-		sql.Named("EndDate", endDate),
-	)
 	if err != nil {
-		log.Printf("❌ Header sorgu hatası: %v", err)
+		log.Printf("Header query error: %v", err)
-		return nil, nil, fmt.Errorf("header sorgu hatası: %v", err)
-	}
-	defer rows.Close()
-
-	var headers []models.StatementHeader
-	var belgeNos []string
-	for rows.Next() {
-		var h models.StatementHeader
-		if err := rows.Scan(
-			&h.CariKod, &h.CariIsim,
-			&h.BelgeTarihi, &h.VadeTarihi,
-			&h.BelgeNo, &h.IslemTipi,
-			&h.Aciklama, &h.ParaBirimi,
-			&h.Borc, &h.Alacak,
-			&h.Bakiye, &h.Parislemler,
-		); err != nil {
-			log.Printf("❌ Header scan hatası: %v", err)
 		return nil, nil, err
 	}
-		headers = append(headers, h)
+
-		if h.BelgeNo != "" {
+	belgeNos := collectBelgeNos(headers)
-			belgeNos = append(belgeNos, h.BelgeNo)
+	log.Printf("Header rows fetched: %d, belge no count: %d", len(headers), len(belgeNos))
-		}
-	}
-	log.Printf("✅ Header verileri alındı: %d kayıt, %d belge no", len(headers), len(belgeNos))
 	return headers, belgeNos, nil
 }

svc/queries/statement_pdf_common.go

@@ -0,0 +1,35 @@
+package queries
+
+import "bssapp-backend/models"
+
+func getStatementsForPDF(
+	accountCode string,
+	startDate string,
+	endDate string,
+	parislemler []string,
+) ([]models.StatementHeader, error) {
+	return GetStatements(models.StatementParams{
+		AccountCode: accountCode,
+		StartDate:   startDate,
+		EndDate:     endDate,
+		LangCode:    "TR",
+		Parislemler: parislemler,
+	})
+}
+
+func collectBelgeNos(headers []models.StatementHeader) []string {
+	seen := make(map[string]struct{}, len(headers))
+	out := make([]string, 0, len(headers))
+	for _, h := range headers {
+		no := h.BelgeNo
+		if no == "" || no == "Baslangic_devir" {
+			continue
+		}
+		if _, ok := seen[no]; ok {
+			continue
+		}
+		seen[no] = struct{}{}
+		out = append(out, no)
+	}
+	return out
+}

svc/queries/statements_detail.go

@@ -32,8 +32,16 @@ SELECT
     a.ItemCode       AS Urun_Kodu,
     a.ColorCode      AS Urun_Rengi,
     SUM(a.Qty1) AS Toplam_Adet,
-    SUM(ABS(a.Doc_Price)) AS Toplam_Fiyat,
+
-    CAST(SUM(a.Qty1 * ABS(a.Doc_Price)) AS numeric(18,2)) AS Toplam_Tutar
+CAST(
+    SUM(a.Qty1 * ABS(a.Doc_Price)) 
+    / NULLIF(SUM(a.Qty1),0)
+AS numeric(18,4)) AS Doviz_Fiyat,
+
+CAST(
+    SUM(a.Qty1 * ABS(a.Doc_Price)) 
+AS numeric(18,2)) AS Toplam_Tutar
+
 FROM AllInvoicesWithAttributes a
 LEFT JOIN prItemAttribute AnaGrup
     ON a.ItemCode = AnaGrup.ItemCode AND AnaGrup.AttributeTypeCode = 1

svc/queries/statements_pdf.go

@@ -10,179 +10,15 @@ import (
 	"strings"
 )
 
-// küçük yardımcı: boşlukları temizle, her değeri ayrı tırnakla sar
-func buildQuotedList(vals []string) string {
-	var pp []string
-	for _, v := range vals {
-		v = strings.TrimSpace(v)
-		if v != "" {
-			pp = append(pp, fmt.Sprintf("'%s'", v)) // '1','2' gibi
-		}
-	}
-	if len(pp) == 0 {
-		return ""
-	}
-	return strings.Join(pp, ",")
-}
-
-/* ============================ HEADER (Ana Tablo) ============================ */
-
 func GetStatementsPDF(accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) {
-	// Account normalize
+	headers, err := getStatementsForPDF(accountCode, startDate, endDate, parislemler)
-	if len(accountCode) == 7 && strings.ContainsAny(accountCode, "0123456789") {
-		accountCode = accountCode[:3] + " " + accountCode[3:]
-	}
-
-	// IN list parse et
-	inList := buildQuotedList(parislemler)
-	parislemCond := "''"
-	if inList != "" {
-		parislemCond = inList
-	}
-
-	query := fmt.Sprintf(`
-;WITH Opening AS (
-    SELECT 
-        b.CurrAccCode AS Cari_Kod,
-        b.DocCurrencyCode AS Para_Birimi,
-        SUM(c.Debit - c.Credit) AS Devir_Bakiyesi
-    FROM trCurrAccBook b
-    LEFT JOIN trCurrAccBookCurrency c
-      ON c.CurrAccBookID = b.CurrAccBookID
-     AND c.CurrencyCode  = b.DocCurrencyCode
-    WHERE b.CurrAccCode LIKE @Carikod
-      AND b.DocumentDate < @StartDate
-      AND EXISTS (
-            SELECT 1
-            FROM CurrAccBookATAttributesFilter f2
-            WHERE f2.CurrAccBookID = b.CurrAccBookID
-              AND f2.ATAtt01 IN (%s)
-      )
-    GROUP BY b.CurrAccCode, b.DocCurrencyCode
-),
-Movements AS (
-    SELECT 
-        b.CurrAccCode        AS Cari_Kod,
-        d.CurrAccDescription AS Cari_Isim,
-        CONVERT(varchar(10), b.DocumentDate, 23) AS Belge_Tarihi, 
-        CONVERT(varchar(10), b.DueDate, 23)      AS Vade_Tarihi, 
-        b.RefNumber          AS Belge_No,
-        b.BaseApplicationCode AS Islem_Tipi,
-        b.LineDescription    AS Aciklama,
-        b.DocCurrencyCode    AS Para_Birimi,
-        c.Debit              AS Borc,
-        c.Credit             AS Alacak,
-        SUM(c.Debit - c.Credit)
-            OVER (PARTITION BY b.CurrAccCode, c.CurrencyCode 
-                  ORDER BY b.DocumentDate, b.CurrAccBookID) AS Hareket_Bakiyesi,
-        f.ATAtt01 AS Parislemler
-    FROM trCurrAccBook b
-    LEFT JOIN cdCurrAccDesc d
-        ON b.CurrAccCode = d.CurrAccCode AND d.LangCode = 'TR'
-    LEFT JOIN trCurrAccBookCurrency c
-        ON b.CurrAccBookID = c.CurrAccBookID
-       AND b.DocCurrencyCode = c.CurrencyCode
-    LEFT JOIN CurrAccBookATAttributesFilter f
-        ON b.CurrAccBookID = f.CurrAccBookID
-    WHERE b.CurrAccCode LIKE @Carikod
-      AND b.DocumentDate BETWEEN @StartDate AND @EndDate
-      AND EXISTS (
-            SELECT 1 
-            FROM CurrAccBookATAttributesFilter f2
-            WHERE f2.CurrAccBookID = b.CurrAccBookID
-              AND f2.ATAtt01 IN (%s)
-      )
-)`, parislemCond, parislemCond)
-	query += fmt.Sprintf(`
-SELECT 
-    m.Cari_Kod,
-    m.Cari_Isim,
-    m.Belge_Tarihi,
-    m.Vade_Tarihi,
-    m.Belge_No,
-    m.Islem_Tipi,
-    m.Aciklama,
-    m.Para_Birimi,
-    m.Borc,
-    m.Alacak,
-    ISNULL(o.Devir_Bakiyesi,0) + m.Hareket_Bakiyesi AS Bakiye,
-    m.Parislemler
-FROM Movements m
-LEFT JOIN Opening o
-  ON o.Cari_Kod = m.Cari_Kod
- AND o.Para_Birimi = m.Para_Birimi
-
-UNION ALL
-
--- Devir satırı
-SELECT  
-    @Carikod                    AS Cari_Kod,
-    MAX(d.CurrAccDescription)   AS Cari_Isim,
-    CONVERT(varchar(10), @StartDate, 23) AS Belge_Tarihi, 
-    CONVERT(varchar(10), @StartDate, 23) AS Vade_Tarihi, 
-    'Baslangic_devir'           AS Belge_No,
-    'Devir'                     AS Islem_Tipi,
-    'Devir Bakiyesi'            AS Aciklama,
-    b.DocCurrencyCode           AS Para_Birimi,
-    SUM(c.Debit)                AS Borc,
-    SUM(c.Credit)               AS Alacak,
-    SUM(c.Debit) - SUM(c.Credit) AS Bakiye,
-    (
-      SELECT STRING_AGG(x.ATAtt01, ',')
-      FROM (
-        SELECT DISTINCT f2.ATAtt01
-        FROM CurrAccBookATAttributesFilter f2
-        INNER JOIN trCurrAccBook bb
-          ON f2.CurrAccBookID = bb.CurrAccBookID
-        WHERE bb.CurrAccCode LIKE @Carikod
-          AND bb.DocumentDate < @StartDate
-          AND f2.ATAtt01 IN (%s)
-      ) x
-    ) AS Parislemler
-FROM trCurrAccBook b
-LEFT JOIN cdCurrAccDesc d
-    ON b.CurrAccCode = d.CurrAccCode AND d.LangCode = 'TR'
-LEFT JOIN trCurrAccBookCurrency c
-    ON b.CurrAccBookID = c.CurrAccBookID
-   AND b.DocCurrencyCode = c.CurrencyCode
-WHERE b.CurrAccCode LIKE @Carikod
-  AND b.DocumentDate < @StartDate
-GROUP BY b.DocCurrencyCode
-
-ORDER BY Para_Birimi, Belge_Tarihi;`, parislemCond)
-
-	rows, err := db.MssqlDB.Query(query,
-		sql.Named("Carikod", "%"+accountCode+"%"),
-		sql.Named("StartDate", startDate),
-		sql.Named("EndDate", endDate),
-	)
 	if err != nil {
-		log.Printf("❌ Header sorgu hatası: %v", err)
+		log.Printf("Header query error: %v", err)
-		return nil, nil, fmt.Errorf("header sorgu hatası: %v", err)
-	}
-	defer rows.Close()
-
-	var headers []models.StatementHeader
-	var belgeNos []string
-	for rows.Next() {
-		var h models.StatementHeader
-		if err := rows.Scan(
-			&h.CariKod, &h.CariIsim,
-			&h.BelgeTarihi, &h.VadeTarihi,
-			&h.BelgeNo, &h.IslemTipi,
-			&h.Aciklama, &h.ParaBirimi,
-			&h.Borc, &h.Alacak,
-			&h.Bakiye, &h.Parislemler,
-		); err != nil {
-			log.Printf("❌ Header scan hatası: %v", err)
 		return nil, nil, err
 	}
-		headers = append(headers, h)
+
-		if h.BelgeNo != "" {
+	belgeNos := collectBelgeNos(headers)
-			belgeNos = append(belgeNos, h.BelgeNo)
+	log.Printf("Header rows fetched: %d, belge no count: %d", len(headers), len(belgeNos))
-		}
-	}
-	log.Printf("✅ Header verileri alındı: %d kayıt, %d belge no", len(headers), len(belgeNos))
 	return headers, belgeNos, nil
 }
 
@@ -191,7 +27,7 @@ ORDER BY Para_Birimi, Belge_Tarihi;`, parislemCond)
 func GetDetailsMapPDF(belgeNos []string, startDate, endDate string) (map[string][]models.StatementDetail, error) {
 	result := make(map[string][]models.StatementDetail)
 	if len(belgeNos) == 0 {
-		log.Println("⚠️ GetDetailsMapPDF: belge listesi boş")
+		log.Println("GetDetailsMapPDF: belge listesi bos")
 		return result, nil
 	}
 
@@ -219,7 +55,11 @@ SELECT
    MAX(ISNULL(KisaKarDesc.AttributeDescription, '')) AS Icerik,
 
     a.ItemCode, a.ColorCode,
-    SUM(a.Qty1), SUM(ABS(a.Doc_Price)),
+    SUM(a.Qty1),
+    CAST(
+        SUM(a.Qty1 * ABS(a.Doc_Price))
+        / NULLIF(SUM(a.Qty1), 0)
+    AS numeric(18,4)),
     CAST(SUM(a.Qty1 * ABS(a.Doc_Price)) AS numeric(18,2))
 
 FROM AllInvoicesWithAttributes a
@@ -258,7 +98,7 @@ LEFT JOIN cdItemAttributeDesc FitDesc
  AND FitTbl.AttributeCode     = FitDesc.AttributeCode
  AND FitTbl.ItemTypeCode      = FitDesc.ItemTypeCode
 
--- Kısa Karışım
+-- Kisa Karisim
 LEFT JOIN prItemAttribute KisaKar
   ON a.ItemCode = KisaKar.ItemCode AND KisaKar.AttributeTypeCode = 41
 LEFT JOIN cdItemAttributeDesc KisaKarDesc
@@ -274,8 +114,8 @@ ORDER BY a.InvoiceNumber, a.ItemCode, a.ColorCode;`, inBelge)
 		sql.Named("EndDate", endDate),
 	)
 	if err != nil {
-		log.Printf("❌ Detay sorgu hatası: %v", err)
+		log.Printf("Detail query error: %v", err)
-		return nil, fmt.Errorf("detay sorgu hatası: %v", err)
+		return nil, fmt.Errorf("detay sorgu hatasi: %v", err)
 	}
 	defer rows.Close()
 
@@ -295,11 +135,11 @@ ORDER BY a.InvoiceNumber, a.ItemCode, a.ColorCode;`, inBelge)
 			&d.ToplamFiyat,
 			&d.ToplamTutar,
 		); err != nil {
-			log.Printf("❌ Detay scan hatası: %v", err)
+			log.Printf("Detail scan error: %v", err)
 			return nil, err
 		}
 		result[d.BelgeRefNumarasi] = append(result[d.BelgeRefNumarasi], d)
 	}
-	log.Printf("✅ Detay verileri alındı: %d belge için detay var", len(result))
+	log.Printf("Detail rows fetched for %d belge", len(result))
 	return result, nil
 }

svc/repository/user_repo.go

@@ -234,11 +234,18 @@ func (r *UserRepository) GetLegacyUserForLogin(login string) (*models.User, erro
 			COALESCE(u.upass,'') as upass,
 			u.is_active,
 			COALESCE(u.email,''),
-			COALESCE(u.dfrole_id,0) as role_id,
+			COALESCE(ru.dfrole_id,0) as role_id,
 			COALESCE(dr.code,'')    as role_code,
 			COALESCE(u.force_password_change,false)
 		FROM dfusr u
-		LEFT JOIN dfrole dr ON dr.id = u.dfrole_id
+		LEFT JOIN LATERAL (
+			SELECT dfrole_id
+			FROM dfrole_usr
+			WHERE dfusr_id = u.id
+			ORDER BY dfrole_id
+			LIMIT 1
+		) ru ON true
+		LEFT JOIN dfrole dr ON dr.id = ru.dfrole_id
 		WHERE u.is_active = true
 		  AND (
 			LOWER(u.code)  = LOWER($1)

svc/routes/admin_reset_password.go

@@ -62,7 +62,7 @@ func AdminResetPasswordHandler(db *sql.DB) http.HandlerFunc {
 		// ---------------------------------------------------
 		// 4️⃣ UPDATE mk_dfusr
 		// ---------------------------------------------------
-		_, err = db.Exec(`
+		res, err := db.Exec(`
 			UPDATE mk_dfusr
 			SET
 				password_hash = $1,
@@ -77,6 +77,24 @@ func AdminResetPasswordHandler(db *sql.DB) http.HandlerFunc {
 			return
 		}
 
+		affected, _ := res.RowsAffected()
+		if affected == 0 {
+			_, err = db.Exec(`
+				UPDATE dfusr
+				SET
+					upass = $1,
+					force_password_change = true,
+					last_updated_date = NOW()
+				WHERE id = $2
+				  AND is_active = true
+			`, string(hash), userID)
+
+			if err != nil {
+				http.Error(w, "legacy password reset failed", http.StatusInternalServerError)
+				return
+			}
+		}
+
 		// ---------------------------------------------------
 		// 5️⃣ REFRESH TOKEN REVOKE
 		// ---------------------------------------------------

svc/routes/first_password_change.go

@@ -6,10 +6,13 @@ import (
 	"bssapp-backend/internal/security"
 	"bssapp-backend/models"
 	"bssapp-backend/repository"
+	"bssapp-backend/services"
 	"database/sql"
 	"encoding/json"
+	"errors"
 	"log"
 	"net/http"
+	"strings"
 	"time"
 
 	"golang.org/x/crypto/bcrypt"
@@ -17,86 +20,128 @@ import (
 
 func FirstPasswordChangeHandler(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-
 		w.Header().Set("Content-Type", "application/json; charset=utf-8")
 
-		// --------------------------------------------------
-		// 1️⃣ JWT CLAIMS
-		// --------------------------------------------------
 		claims, ok := auth.GetClaimsFromContext(r.Context())
 		if !ok || claims == nil {
-			http.Error(w, "unauthorized", http.StatusUnauthorized)
+			log.Printf(
+				"FIRST_PASSWORD_CHANGE 401 reason=claims_missing method=%s path=%s",
+				r.Method,
+				r.URL.Path,
+			)
+			http.Error(w, "yetkisiz: token eksik veya geçersiz", http.StatusUnauthorized)
 			return
 		}
 
-		// --------------------------------------------------
-		// 2️⃣ PAYLOAD
-		// --------------------------------------------------
 		var req struct {
 			CurrentPassword string `json:"current_password"`
 			NewPassword     string `json:"new_password"`
 		}
 
 		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-			http.Error(w, "invalid payload", http.StatusBadRequest)
+			http.Error(w, "geçersiz istek gövdesi", http.StatusBadRequest)
 			return
 		}
 
+		req.CurrentPassword = strings.TrimSpace(req.CurrentPassword)
+		req.NewPassword = strings.TrimSpace(req.NewPassword)
 		if req.CurrentPassword == "" || req.NewPassword == "" {
-			http.Error(w, "password fields required", http.StatusUnprocessableEntity)
+			http.Error(w, "şifre alanları zorunludur", http.StatusUnprocessableEntity)
 			return
 		}
 
-		// --------------------------------------------------
+		mkRepo := repository.NewMkUserRepository(db)
-		// 3️⃣ LOAD USER (mk_dfusr)
+		legacyRepo := repository.NewUserRepository(db)
-		// --------------------------------------------------
-		var currentHash string
-		err := db.QueryRow(`
-			SELECT password_hash
-			FROM mk_dfusr
-			WHERE id = $1
-		`, claims.ID).Scan(&currentHash)
 
-		if err != nil || currentHash == "" {
+		mkUser, mkErr := mkRepo.GetByID(claims.ID)
-			http.Error(w, "user not found", http.StatusUnauthorized)
+		hasMkUser := mkErr == nil
+		if mkErr != nil && !errors.Is(mkErr, repository.ErrMkUserNotFound) {
+			log.Printf(
+				"FIRST_PASSWORD_CHANGE 500 reason=mk_lookup_failed user_id=%d err=%v",
+				claims.ID,
+				mkErr,
+			)
+			http.Error(w, "kullanıcı sorgulama hatası", http.StatusInternalServerError)
 			return
 		}
 
-		// --------------------------------------------------
+		var legacyUser *models.User
-		// 4️⃣ CURRENT PASSWORD CHECK
+
-		// --------------------------------------------------
+		// If user already exists in mk_dfusr with hash, verify against mk hash.
+		// Otherwise verify against legacy dfusr password before migration.
+		if hasMkUser && strings.TrimSpace(mkUser.PasswordHash) != "" {
 			if bcrypt.CompareHashAndPassword(
-			[]byte(currentHash),
+				[]byte(mkUser.PasswordHash),
 				[]byte(req.CurrentPassword),
 			) != nil {
+				log.Printf(
+					"FIRST_PASSWORD_CHANGE 401 reason=current_password_mismatch_mk user_id=%d username=%s",
+					claims.ID,
+					claims.Username,
+				)
 				http.Error(w, "mevcut şifre hatalı", http.StatusUnauthorized)
 				return
 			}
+		} else {
+			var err error
+			legacyUser, err = legacyRepo.GetLegacyUserForLogin(claims.Username)
+			if err != nil || legacyUser == nil || !legacyUser.IsActive {
+				log.Printf(
+					"FIRST_PASSWORD_CHANGE 401 reason=legacy_user_not_found user_id=%d username=%s err=%v",
+					claims.ID,
+					claims.Username,
+					err,
+				)
+				http.Error(w, "yetkisiz: kullanıcı bulunamadı", http.StatusUnauthorized)
+				return
+			}
+			if !hasMkUser && int64(legacyUser.ID) != claims.ID {
+				log.Printf(
+					"FIRST_PASSWORD_CHANGE 401 reason=legacy_id_mismatch user_id=%d legacy_id=%d username=%s",
+					claims.ID,
+					legacyUser.ID,
+					claims.Username,
+				)
+				http.Error(w, "yetkisiz: kullanıcı bulunamadı", http.StatusUnauthorized)
+				return
+			}
+
+			if !services.CheckPasswordWithLegacy(legacyUser, req.CurrentPassword) {
+				log.Printf(
+					"FIRST_PASSWORD_CHANGE 401 reason=current_password_mismatch_legacy user_id=%d username=%s",
+					claims.ID,
+					claims.Username,
+				)
+				http.Error(w, "mevcut şifre hatalı", http.StatusUnauthorized)
+				return
+			}
+		}
 
-		// --------------------------------------------------
-		// 5️⃣ PASSWORD POLICY
-		// --------------------------------------------------
 		if err := security.ValidatePassword(req.NewPassword); err != nil {
 			http.Error(w, err.Error(), http.StatusUnprocessableEntity)
 			return
 		}
 
-		// --------------------------------------------------
-		// 6️⃣ HASH NEW PASSWORD
-		// --------------------------------------------------
 		hash, err := bcrypt.GenerateFromPassword(
 			[]byte(req.NewPassword),
 			bcrypt.DefaultCost,
 		)
 		if err != nil {
-			http.Error(w, "password hash error", http.StatusInternalServerError)
+			http.Error(w, "şifre hash hatası", http.StatusInternalServerError)
 			return
 		}
 
-		// --------------------------------------------------
+		tx, err := db.Begin()
-		// 7️⃣ UPDATE mk_dfusr
+		if err != nil {
-		// --------------------------------------------------
+			http.Error(w, "işlem başlatılamadı", http.StatusInternalServerError)
-		_, err = db.Exec(`
+			return
+		}
+		defer tx.Rollback()
+
+		migratedFromLegacy := false
+
+		if hasMkUser {
+			res, err := tx.Exec(`
 				UPDATE mk_dfusr
 				SET
 					password_hash = $1,
@@ -105,27 +150,124 @@ func FirstPasswordChangeHandler(db *sql.DB) http.HandlerFunc {
 					updated_at = NOW()
 				WHERE id = $2
 			`, string(hash), claims.ID)
-
 			if err != nil {
-			http.Error(w, "password update failed", http.StatusInternalServerError)
+				log.Printf(
+					"FIRST_PASSWORD_CHANGE 500 reason=password_update_failed user_id=%d err=%v",
+					claims.ID,
+					err,
+				)
+				http.Error(w, "şifre güncellenemedi", http.StatusInternalServerError)
 				return
 			}
 
-		// --------------------------------------------------
+			affected, _ := res.RowsAffected()
-		// 8️⃣ REFRESH TOKEN REVOKE
+			if affected == 0 {
-		// --------------------------------------------------
+				log.Printf(
-		_ = repository.
+					"FIRST_PASSWORD_CHANGE 500 reason=password_update_no_rows user_id=%d",
-			NewRefreshTokenRepository(db).
+					claims.ID,
-			RevokeAllForUser(claims.ID)
+				)
+				http.Error(w, "şifre güncellenemedi", http.StatusInternalServerError)
+				return
+			}
+		} else {
+			if legacyUser == nil {
+				// Defensive fallback, should not happen.
+				legacyUser, err = legacyRepo.GetLegacyUserForLogin(claims.Username)
+				if err != nil || legacyUser == nil {
+					log.Printf(
+						"FIRST_PASSWORD_CHANGE 500 reason=legacy_reload_failed user_id=%d username=%s err=%v",
+						claims.ID,
+						claims.Username,
+						err,
+					)
+					http.Error(w, "legacy kullanıcı yeniden yüklenemedi", http.StatusInternalServerError)
+					return
+				}
+				if !hasMkUser && int64(legacyUser.ID) != claims.ID {
+					log.Printf(
+						"FIRST_PASSWORD_CHANGE 500 reason=legacy_reload_id_mismatch user_id=%d legacy_id=%d username=%s",
+						claims.ID,
+						legacyUser.ID,
+						claims.Username,
+					)
+					http.Error(w, "legacy kullanıcı yeniden yüklenemedi", http.StatusInternalServerError)
+					return
+				}
+			}
+
+			_, err = tx.Exec(`
+				INSERT INTO mk_dfusr (
+					id,
+					username,
+					email,
+					full_name,
+					mobile,
+					address,
+					is_active,
+					password_hash,
+					force_password_change,
+					password_updated_at,
+					created_at,
+					updated_at
+				)
+				VALUES (
+					$1,$2,$3,$4,$5,$6,$7,$8,false,NOW(),NOW(),NOW()
+				)
+				ON CONFLICT (id)
+				DO UPDATE SET
+					username = EXCLUDED.username,
+					email = EXCLUDED.email,
+					full_name = EXCLUDED.full_name,
+					mobile = EXCLUDED.mobile,
+					address = EXCLUDED.address,
+					is_active = EXCLUDED.is_active,
+					password_hash = EXCLUDED.password_hash,
+					force_password_change = false,
+					password_updated_at = NOW(),
+					updated_at = NOW()
+			`,
+				int64(legacyUser.ID),
+				strings.TrimSpace(legacyUser.Username),
+				strings.TrimSpace(legacyUser.Email),
+				strings.TrimSpace(legacyUser.FullName),
+				strings.TrimSpace(legacyUser.Mobile),
+				strings.TrimSpace(legacyUser.Address),
+				legacyUser.IsActive,
+				string(hash),
+			)
+			if err != nil {
+				log.Printf(
+					"FIRST_PASSWORD_CHANGE 500 reason=legacy_migration_failed user_id=%d username=%s err=%v",
+					claims.ID,
+					claims.Username,
+					err,
+				)
+				http.Error(w, "legacy geçişi başarısız", http.StatusInternalServerError)
+				return
+			}
+
+			migratedFromLegacy = true
+		}
+
+		if err := tx.Commit(); err != nil {
+			log.Printf(
+				"FIRST_PASSWORD_CHANGE 500 reason=tx_commit_failed user_id=%d err=%v",
+				claims.ID,
+				err,
+			)
+			http.Error(w, "işlem tamamlanamadı", http.StatusInternalServerError)
+			return
+		}
+
+		_ = repository.NewRefreshTokenRepository(db).RevokeAllForUser(claims.ID)
 
-		// --------------------------------------------------
-		// 9️⃣ NEW JWT (TEK DOĞRU YOL)
-		// --------------------------------------------------
 		newClaims := auth.BuildClaimsFromUser(
 			&models.MkUser{
 				ID:                  claims.ID,
 				Username:            claims.Username,
+				RoleID:              claims.RoleID,
 				RoleCode:            claims.RoleCode,
+				DepartmentCodes:     claims.DepartmentCodes,
 				V3Username:          claims.V3Username,
 				V3UserGroup:         claims.V3UserGroup,
 				SessionID:           claims.SessionID,
@@ -140,22 +282,20 @@ func FirstPasswordChangeHandler(db *sql.DB) http.HandlerFunc {
 			false,
 		)
 		if err != nil {
-			http.Error(w, "token generation failed", http.StatusInternalServerError)
+			http.Error(w, "token üretilemedi", http.StatusInternalServerError)
 			return
 		}
 
-		// --------------------------------------------------
+		source := "mk_password_update"
-		// 🔟 AUDIT
+		if migratedFromLegacy {
-		// --------------------------------------------------
+			source = "legacy_migration_completed"
+		}
 		auditlog.ForcePasswordChangeCompleted(
 			r.Context(),
 			claims.ID,
-			"self_change",
+			source,
 		)
 
-		// --------------------------------------------------
-		// 1️⃣1️⃣ RESPONSE
-		// --------------------------------------------------
 		_ = json.NewEncoder(w).Encode(map[string]any{
 			"token": newToken,
 			"user": map[string]any{
@@ -163,7 +303,14 @@ func FirstPasswordChangeHandler(db *sql.DB) http.HandlerFunc {
 				"username":              claims.Username,
 				"force_password_change": false,
 			},
+			"migrated_from_legacy": migratedFromLegacy,
 		})
-		log.Printf("✅ FIRST-PASS claims user=%d role=%s", claims.ID, claims.RoleCode)
+
+		log.Printf(
+			"FIRST_PASSWORD_CHANGE 200 user=%d role=%s migrated_from_legacy=%v",
+			claims.ID,
+			claims.RoleCode,
+			migratedFromLegacy,
+		)
 	}
 }

svc/routes/login.go

@@ -3,6 +3,7 @@ package routes
 import (
 	"bssapp-backend/auth"
 	"bssapp-backend/internal/auditlog"
+	"bssapp-backend/internal/security"
 	"bssapp-backend/models"
 	"bssapp-backend/queries"
 	"bssapp-backend/repository"
@@ -29,6 +30,76 @@ type LoginRequest struct {
 	Password string `json:"password"`
 }
 
+func looksLikeBcryptHash(value string) bool {
+	return strings.HasPrefix(value, "$2a$") ||
+		strings.HasPrefix(value, "$2b$") ||
+		strings.HasPrefix(value, "$2y$")
+}
+
+func ensureLegacyUserReadyForSession(db *sql.DB, legacyUser *models.User) (int64, error) {
+	desiredID := int64(legacyUser.ID)
+
+	_, err := db.Exec(`
+		INSERT INTO mk_dfusr (
+			id,
+			username,
+			email,
+			full_name,
+			mobile,
+			address,
+			is_active,
+			password_hash,
+			force_password_change,
+			created_at,
+			updated_at
+		)
+		VALUES (
+			$1,$2,$3,$4,$5,$6,$7,'',true,NOW(),NOW()
+		)
+		ON CONFLICT (id)
+		DO UPDATE SET
+			username = EXCLUDED.username,
+			email = EXCLUDED.email,
+			full_name = COALESCE(NULLIF(EXCLUDED.full_name, ''), mk_dfusr.full_name),
+			mobile = COALESCE(NULLIF(EXCLUDED.mobile, ''), mk_dfusr.mobile),
+			address = COALESCE(NULLIF(EXCLUDED.address, ''), mk_dfusr.address),
+			is_active = EXCLUDED.is_active,
+			force_password_change = true,
+			updated_at = NOW()
+	`,
+		desiredID,
+		strings.TrimSpace(legacyUser.Username),
+		strings.TrimSpace(legacyUser.Email),
+		strings.TrimSpace(legacyUser.FullName),
+		strings.TrimSpace(legacyUser.Mobile),
+		strings.TrimSpace(legacyUser.Address),
+		legacyUser.IsActive,
+	)
+	if err == nil {
+		return desiredID, nil
+	}
+
+	mkRepo := repository.NewMkUserRepository(db)
+	existing, lookupErr := mkRepo.GetByUsername(legacyUser.Username)
+	if lookupErr != nil {
+		return 0, err
+	}
+
+	_, updErr := db.Exec(`
+		UPDATE mk_dfusr
+		SET
+			is_active = $1,
+			force_password_change = true,
+			updated_at = NOW()
+		WHERE id = $2
+	`, legacyUser.IsActive, existing.ID)
+	if updErr != nil {
+		return 0, updErr
+	}
+
+	return existing.ID, nil
+}
+
 func LoginHandler(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 
@@ -83,20 +154,37 @@ func LoginHandler(db *sql.DB) http.HandlerFunc {
 		if err == nil {
 
 			// mk_dfusr authoritative
-			if strings.TrimSpace(mkUser.PasswordHash) != "" {
+			mkHash := strings.TrimSpace(mkUser.PasswordHash)
-
+			if mkHash != "" {
-				if bcrypt.CompareHashAndPassword(
+				if looksLikeBcryptHash(mkHash) {
-					[]byte(mkUser.PasswordHash),
+					cmpErr := bcrypt.CompareHashAndPassword(
+						[]byte(mkHash),
 						[]byte(pass),
-				) != nil {
+					)
-					http.Error(w, "Kullanıcı adı veya parola hatalı", http.StatusUnauthorized)
+					if cmpErr == nil {
-					return
-				}
-
 						_ = mkRepo.TouchLastLogin(mkUser.ID)
 						writeLoginResponse(w, db, mkUser)
 						return
 					}
+
+					if !mkUser.ForcePasswordChange {
+						http.Error(w, "invalid credentials", http.StatusUnauthorized)
+						return
+					}
+
+					log.Printf(
+						"LOGIN FALLBACK legacy allowed (force_password_change=true) username=%s id=%d",
+						mkUser.Username,
+						mkUser.ID,
+					)
+				} else {
+					log.Printf(
+						"LOGIN FALLBACK legacy allowed (non-bcrypt mk hash) username=%s id=%d",
+						mkUser.Username,
+						mkUser.ID,
+					)
+				}
+			}
 			// password_hash boşsa legacy fallback
 		} else if err != repository.ErrMkUserNotFound {
 			log.Println("❌ mk_dfusr lookup error:", err)
@@ -133,31 +221,30 @@ func LoginHandler(db *sql.DB) http.HandlerFunc {
 		}
 
 		// ==================================================
-		// 3️⃣ MIGRATION (dfusr → mk_dfusr)
+		// 3️⃣ LEGACY SESSION (PENDING MIGRATION)
+		// - mk_dfusr migration is completed in /api/password/change
 		// ==================================================
-		newHash, err := bcrypt.GenerateFromPassword(
+		mkID, err := ensureLegacyUserReadyForSession(db, legacyUser)
-			[]byte(pass),
-			bcrypt.DefaultCost,
-		)
 		if err != nil {
-			http.Error(w, "Şifre üretilemedi", http.StatusInternalServerError)
+			log.Printf("LEGACY LOGIN MIGRATION BIND FAILED username=%s err=%v", login, err)
+			http.Error(w, "Giriş yapılamadı", http.StatusInternalServerError)
 			return
 		}
 
-		mkUser, err = mkRepo.CreateFromLegacy(legacyUser, string(newHash))
+		mkUser = &models.MkUser{
-		if err != nil {
+			ID:                  mkID,
-			log.Println("❌ CREATE_FROM_LEGACY FAILED:", err)
+			Username:            legacyUser.Username,
-			http.Error(w, "Kullanıcı migrate edilemedi", http.StatusInternalServerError)
+			Email:               legacyUser.Email,
-			return
+			IsActive:            legacyUser.IsActive,
+			RoleID:              int64(legacyUser.RoleID),
+			RoleCode:            legacyUser.RoleCode,
+			ForcePasswordChange: true,
 		}
 
-		// 🔥 KRİTİK: TOKEN GUARD İÇİN GARANTİ
-		mkUser.ForcePasswordChange = true
-
 		auditlog.Write(auditlog.ActivityLog{
-			ActionType:     "LEGACY_USER_MIGRATED",
+			ActionType:     "LEGACY_USER_LOGIN_PENDING_MIGRATION",
 			ActionCategory: "security",
-			Description:    "dfusr -> mk_dfusr on login",
+			Description:    "legacy giriş başarılı, ilk şifre değişikliği gerekli",
 			IsSuccess:      true,
 		})
 
@@ -216,6 +303,22 @@ func writeLoginResponse(w http.ResponseWriter, db *sql.DB, user *models.MkUser)
 		return
 	}
 
+	refreshPlain, refreshHash, err := security.GenerateRefreshToken()
+	if err != nil {
+		http.Error(w, "Refresh token üretilemedi", http.StatusInternalServerError)
+		return
+	}
+
+	refreshExp := time.Now().Add(14 * 24 * time.Hour)
+	rtRepo := repository.NewRefreshTokenRepository(db)
+	if err := rtRepo.IssueRefreshToken(user.ID, refreshHash, refreshExp); err != nil {
+		log.Printf("refresh token store failed user=%d err=%v", user.ID, err)
+		http.Error(w, "Session başlatılamadı", http.StatusInternalServerError)
+		return
+	}
+
+	setRefreshCookie(w, refreshPlain, refreshExp)
+
 	_ = json.NewEncoder(w).Encode(map[string]any{
 		"token": token,
 		"user": map[string]any{

svc/routes/order_pdf.go

@@ -5,8 +5,6 @@ import (
 	"database/sql"
 	"errors"
 	"fmt"
-	"github.com/gorilla/mux"
-	"github.com/jung-kurt/gofpdf"
 	"log"
 	"math"
 	"net/http"
@@ -15,6 +13,9 @@ import (
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/gorilla/mux"
+	"github.com/jung-kurt/gofpdf"
 )
 
 /* ===========================================================
@@ -408,7 +409,7 @@ func newOrderPdf() (*gofpdf.Fpdf, error) {
 	pdf.SetMargins(10, 10, 10)
 	pdf.SetAutoPageBreak(false, 12)
 
-	if err := registerDejavuFonts(pdf, "dejavu", "dejavu-b"); err != nil {
+	if err := registerDejavuFonts(pdf, "dejavu"); err != nil {
 		return nil, err
 	}
 
@@ -416,7 +417,7 @@ func newOrderPdf() (*gofpdf.Fpdf, error) {
 	pdf.AliasNbPages("")
 	pdf.SetFooterFunc(func() {
 		pdf.SetY(-10)
-		pdf.SetFont("dejavu", "", 8)
+		pdf.SetFont("dejavu", "B", 8)
 		txt := fmt.Sprintf("Sayfa %d/{nb}", pdf.PageNo())
 		pdf.CellFormat(0, 10, txt, "", 0, "R", false, 0, "")
 	})
@@ -445,7 +446,7 @@ func getOrderHeaderFromDB(db *sql.DB, orderID string) (*OrderHeader, error) {
             ISNULL((
                 SELECT TOP (1) ca.AttributeDescription
                 FROM BAGGI_V3.dbo.cdCurrAccAttributeDesc AS ca WITH (NOLOCK)
-                WHERE ca.CurrAccTypeCode   = 3
+                WHERE ca.CurrAccTypeCode   IN (1,3)
                   AND ca.AttributeTypeCode = 2      -- 🟡 Müşteri Temsilcisi
                   AND ca.AttributeCode     = f.CustomerAtt02
                   AND ca.LangCode         = 'TR'
@@ -506,8 +507,8 @@ func getOrderLinesFromDB(db *sql.DB, orderID string) ([]OrderLineRaw, error) {
             L.ItemDim1Code,
             L.ItemDim2Code,
             L.Qty1,
-            L.Price,
+            ISNULL(CD.Price, 0) AS Price,
-            L.DocCurrencyCode,
+            ISNULL(CD.CurrencyCode, ISNULL(L.DocCurrencyCode, 'TRY')) AS DocCurrencyCode,
             L.DeliveryDate,
             L.LineDescription,
             P.ProductAtt01Desc,
@@ -520,6 +521,9 @@ func getOrderLinesFromDB(db *sql.DB, orderID string) ([]OrderLineRaw, error) {
             L.VatCode,
             L.VatRate
         FROM BAGGI_V3.dbo.trOrderLine AS L
+        LEFT JOIN BAGGI_V3.dbo.trOrderLineCurrency AS CD WITH (NOLOCK)
+            ON CD.OrderLineID = L.OrderLineID
+            AND CD.CurrencyCode = ISNULL(NULLIF(LTRIM(RTRIM(L.DocCurrencyCode)), ''), 'TRY')
         LEFT JOIN ProductFilterWithDescription('TR') AS P
             ON LTRIM(RTRIM(P.ProductCode)) = LTRIM(RTRIM(L.ItemCode))
         WHERE L.OrderHeaderID = @p1
@@ -724,7 +728,7 @@ func drawOrderHeader(pdf *gofpdf.Fpdf, h *OrderHeader, showDesc bool) float64 {
 	pdf.SetFillColor(149, 113, 22) // Baggi altın
 	pdf.Rect(titleX, titleY, titleW, 10, "F")
 
-	pdf.SetFont("dejavu-b", "", 13)
+	pdf.SetFont("dejavu", "B", 13)
 	pdf.SetTextColor(255, 255, 255)
 	pdf.SetXY(titleX+4, titleY+2)
 	pdf.CellFormat(titleW-8, 6, "BAGGI TEKSTİL - SİPARİŞ FORMU", "", 0, "L", false, 0, "")
@@ -740,7 +744,7 @@ func drawOrderHeader(pdf *gofpdf.Fpdf, h *OrderHeader, showDesc bool) float64 {
 	pdf.SetDrawColor(180, 180, 180)
 	pdf.Rect(boxX, boxY, boxW, boxH, "")
 
-	pdf.SetFont("dejavu-b", "", 9)
+	pdf.SetFont("dejavu", "B", 9)
 	pdf.SetTextColor(149, 113, 22)
 	rep := strings.TrimSpace(h.CustomerRep)
 	if rep == "" {
@@ -776,8 +780,12 @@ func drawOrderHeader(pdf *gofpdf.Fpdf, h *OrderHeader, showDesc bool) float64 {
 	/* ----------------------------------------------------
 	   5) AÇIKLAMA (Varsa)
 	---------------------------------------------------- */
-	if showDesc && strings.TrimSpace(h.Description) != "" {
+	desc := strings.TrimSpace(h.Description)
-		text := strings.TrimSpace(h.Description)
+	if desc == "" {
+		desc = strings.TrimSpace(h.InternalDesc)
+	}
+	if showDesc && desc != "" {
+		text := desc
 
 		pdf.SetFont("dejavu", "", 8) // wrap’te kullanılacak font
 		lineH := 4.0
@@ -795,7 +803,7 @@ func drawOrderHeader(pdf *gofpdf.Fpdf, h *OrderHeader, showDesc bool) float64 {
 		pdf.Rect(marginL, y, pageW-marginL*2, descBoxH, "")
 
 		// Başlık
-		pdf.SetFont("dejavu-b", "", 8)
+		pdf.SetFont("dejavu", "B", 8)
 		pdf.SetTextColor(149, 113, 22)
 		pdf.SetXY(marginL+3, y+2)
 		pdf.CellFormat(40, 4, "Sipariş Genel Açıklaması:", "", 0, "L", false, 0, "")
@@ -823,7 +831,7 @@ func drawOrderHeader(pdf *gofpdf.Fpdf, h *OrderHeader, showDesc bool) float64 {
 	===========================================================
 */
 func drawGridHeader(pdf *gofpdf.Fpdf, layout pdfLayout, startY float64, catSizes CategorySizeMap) float64 {
-	pdf.SetFont("dejavu-b", "", 6)
+	pdf.SetFont("dejavu", "B", 6)
 	pdf.SetDrawColor(baggiGrayBorderR, baggiGrayBorderG, baggiGrayBorderB)
 	pdf.SetFillColor(baggiCreamR, baggiCreamG, baggiCreamB)
 	pdf.SetTextColor(20, 20, 20) // 🟣 TÜM HEADER YAZILARI SİYAH
@@ -1191,7 +1199,7 @@ func drawTotalsBox(
 	valueX := x + w - 70 // değerlerin sağda hizalanacağı kolon
 
 	pdf.SetTextColor(149, 113, 22) // Sol başlık gold
-	pdf.SetFont("dejavu-b", "", 8.5)
+	pdf.SetFont("dejavu", "B", 8.5)
 
 	y := startY + 2
 
@@ -1202,7 +1210,7 @@ func drawTotalsBox(
 	pdf.CellFormat(80, lineH, "TOPLAM TUTAR", "", 0, "L", false, 0, "")
 
 	pdf.SetTextColor(201, 162, 39)
-	pdf.SetFont("dejavu-b", "", 9)
+	pdf.SetFont("dejavu", "B", 9)
 
 	pdf.SetXY(valueX, y)
 	pdf.CellFormat(65, lineH,
@@ -1217,7 +1225,7 @@ func drawTotalsBox(
 	if hasVat {
 
 		pdf.SetTextColor(149, 113, 22) // gold başlık
-		pdf.SetFont("dejavu-b", "", 8.5)
+		pdf.SetFont("dejavu", "B", 8.5)
 
 		pdf.SetXY(labelX, y)
 		pdf.CellFormat(80, lineH,
@@ -1225,7 +1233,7 @@ func drawTotalsBox(
 			"", 0, "L", false, 0, "")
 
 		pdf.SetTextColor(20, 20, 20)
-		pdf.SetFont("dejavu-b", "", 9)
+		pdf.SetFont("dejavu", "B", 9)
 
 		pdf.SetXY(valueX, y)
 		pdf.CellFormat(65, lineH,
@@ -1238,13 +1246,13 @@ func drawTotalsBox(
 		   3️⃣ KDV DAHİL TOPLAM
 		---------------------------------------------------- */
 		pdf.SetTextColor(201, 162, 39)
-		pdf.SetFont("dejavu-b", "", 8.5)
+		pdf.SetFont("dejavu", "B", 8.5)
 
 		pdf.SetXY(labelX, y)
 		pdf.CellFormat(80, lineH, "KDV DAHİL TOPLAM TUTAR", "", 0, "L", false, 0, "")
 
 		pdf.SetTextColor(20, 20, 20)
-		pdf.SetFont("dejavu-b", "", 9)
+		pdf.SetFont("dejavu", "B", 9)
 
 		pdf.SetXY(valueX, y)
 		pdf.CellFormat(65, lineH,
@@ -1273,7 +1281,7 @@ func drawGroupSummaryBar(pdf *gofpdf.Fpdf, layout pdfLayout, groupName string, t
 	pdf.SetDrawColor(214, 192, 106)
 	pdf.Rect(x, y, w, h, "DF")
 
-	pdf.SetFont("dejavu-b", "", 8.5)
+	pdf.SetFont("dejavu", "B", 8.5)
 	pdf.SetTextColor(20, 20, 20)
 
 	leftTxt := strings.ToUpper(strings.TrimSpace(groupName))

svc/routes/orderlist.go

@@ -58,7 +58,7 @@ func OrderListRoute(mssql *sql.DB) http.Handler {
 		count := 0
 
 		// ==================================================
-		// 🧠 SCAN — SQL SELECT ile BİRE BİR (17 kolon)
+		// 🧠 SCAN — SQL SELECT ile BİRE BİR (18 kolon)
 		// ==================================================
 		for rows.Next() {
 
@@ -85,9 +85,10 @@ func OrderListRoute(mssql *sql.DB) http.Handler {
 				&o.PackedRatePct,  // 14
 
 				&o.IsCreditableConfirmed, // 15
-				&o.Description,           // 16
+				&o.HasUretimUrunu,        // 16
+				&o.Description,           // 17
 
-				&o.ExchangeRateUSD, // 17
+				&o.ExchangeRateUSD, // 18
 			)
 
 			if err != nil {

svc/routes/orderproductionitems.go

@@ -0,0 +1,294 @@
+package routes
+
+import (
+	"bssapp-backend/auth"
+	"bssapp-backend/models"
+	"bssapp-backend/queries"
+	"database/sql"
+	"encoding/json"
+	"errors"
+	"log"
+	"net/http"
+	"strings"
+
+	"github.com/gorilla/mux"
+)
+
+// ======================================================
+// 📌 OrderProductionItemsRoute — U ürün satırları
+// ======================================================
+func OrderProductionItemsRoute(mssql *sql.DB) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+
+		id := mux.Vars(r)["id"]
+		if id == "" {
+			http.Error(w, "OrderHeaderID bulunamadı", http.StatusBadRequest)
+			return
+		}
+
+		rows, err := queries.GetOrderProductionItems(mssql, id)
+		if err != nil {
+			log.Printf("❌ SQL sorgu hatası: %v", err)
+			http.Error(w, "Veritabanı hatası", http.StatusInternalServerError)
+			return
+		}
+		defer rows.Close()
+
+		list := make([]models.OrderProductionItem, 0, 100)
+
+		for rows.Next() {
+			var o models.OrderProductionItem
+			if err := rows.Scan(
+				&o.OrderHeaderID,
+				&o.OrderLineID,
+				&o.ItemTypeCode,
+				&o.OldDim1,
+				&o.OldDim3,
+				&o.OldItemCode,
+				&o.OldColor,
+				&o.OldDim2,
+				&o.OldDesc,
+				&o.NewItemCode,
+				&o.NewColor,
+				&o.NewDim2,
+				&o.NewDesc,
+				&o.IsVariantMissing,
+			); err != nil {
+				log.Printf("⚠️ SCAN HATASI: %v", err)
+				continue
+			}
+			list = append(list, o)
+		}
+
+		if err := rows.Err(); err != nil {
+			log.Printf("⚠️ rows.Err(): %v", err)
+		}
+
+		if err := json.NewEncoder(w).Encode(list); err != nil {
+			log.Printf("❌ encode error: %v", err)
+		}
+	})
+}
+
+// ======================================================
+// 📌 OrderProductionInsertMissingRoute — eksik varyantları ekler
+// ======================================================
+func OrderProductionInsertMissingRoute(mssql *sql.DB) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+
+		id := mux.Vars(r)["id"]
+		if id == "" {
+			http.Error(w, "OrderHeaderID bulunamadı", http.StatusBadRequest)
+			return
+		}
+
+		claims, _ := auth.GetClaimsFromContext(r.Context())
+		username := ""
+		if claims != nil {
+			username = claims.Username
+		}
+		if username == "" {
+			username = "system"
+		}
+
+		affected, err := queries.InsertMissingProductionVariants(mssql, id, username)
+		if err != nil {
+			log.Printf("❌ INSERT varyant hatası: %v", err)
+			http.Error(w, "Veritabanı hatası", http.StatusInternalServerError)
+			return
+		}
+
+		resp := map[string]any{
+			"inserted": affected,
+		}
+		if err := json.NewEncoder(w).Encode(resp); err != nil {
+			log.Printf("❌ encode error: %v", err)
+		}
+	})
+}
+
+// ======================================================
+// OrderProductionValidateRoute - yeni model varyant kontrolu
+// ======================================================
+func OrderProductionValidateRoute(mssql *sql.DB) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+
+		id := mux.Vars(r)["id"]
+		if id == "" {
+			http.Error(w, "OrderHeaderID bulunamadi", http.StatusBadRequest)
+			return
+		}
+
+		var payload models.OrderProductionUpdatePayload
+		if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
+			http.Error(w, "Gecersiz istek", http.StatusBadRequest)
+			return
+		}
+		if err := validateUpdateLines(payload.Lines); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		missing, err := buildMissingVariants(mssql, id, payload.Lines)
+		if err != nil {
+			log.Printf("❌ validate error: %v", err)
+			http.Error(w, "Veritabani hatasi", http.StatusInternalServerError)
+			return
+		}
+
+		resp := map[string]any{
+			"missingCount": len(missing),
+			"missing":      missing,
+		}
+		if err := json.NewEncoder(w).Encode(resp); err != nil {
+			log.Printf("❌ encode error: %v", err)
+		}
+	})
+}
+
+// ======================================================
+// OrderProductionApplyRoute - yeni model varyant guncelleme
+// ======================================================
+func OrderProductionApplyRoute(mssql *sql.DB) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+
+		id := mux.Vars(r)["id"]
+		if id == "" {
+			http.Error(w, "OrderHeaderID bulunamadi", http.StatusBadRequest)
+			return
+		}
+
+		var payload models.OrderProductionUpdatePayload
+		if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
+			http.Error(w, "Gecersiz istek", http.StatusBadRequest)
+			return
+		}
+		if err := validateUpdateLines(payload.Lines); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		missing, err := buildMissingVariants(mssql, id, payload.Lines)
+		if err != nil {
+			log.Printf("❌ apply validate error: %v", err)
+			http.Error(w, "Veritabani hatasi", http.StatusInternalServerError)
+			return
+		}
+
+		if len(missing) > 0 && !payload.InsertMissing {
+			w.WriteHeader(http.StatusConflict)
+			_ = json.NewEncoder(w).Encode(map[string]any{
+				"missingCount": len(missing),
+				"missing":      missing,
+				"message":      "Eksik varyantlar var",
+			})
+			return
+		}
+
+		claims, _ := auth.GetClaimsFromContext(r.Context())
+		username := ""
+		if claims != nil {
+			username = claims.Username
+		}
+		if strings.TrimSpace(username) == "" {
+			username = "system"
+		}
+
+		tx, err := mssql.Begin()
+		if err != nil {
+			http.Error(w, "Veritabani hatasi", http.StatusInternalServerError)
+			return
+		}
+		defer tx.Rollback()
+
+		var inserted int64
+		if payload.InsertMissing {
+			inserted, err = queries.InsertMissingVariantsTx(tx, missing, username)
+			if err != nil {
+				log.Printf("❌ insert missing error: %v", err)
+				http.Error(w, "Veritabani hatasi", http.StatusInternalServerError)
+				return
+			}
+		}
+
+		updated, err := queries.UpdateOrderLinesTx(tx, id, payload.Lines, username)
+		if err != nil {
+			log.Printf("❌ update order lines error: %v", err)
+			http.Error(w, "Veritabani hatasi", http.StatusInternalServerError)
+			return
+		}
+
+		if err := tx.Commit(); err != nil {
+			log.Printf("❌ commit error: %v", err)
+			http.Error(w, "Veritabani hatasi", http.StatusInternalServerError)
+			return
+		}
+
+		resp := map[string]any{
+			"updated":  updated,
+			"inserted": inserted,
+		}
+		if err := json.NewEncoder(w).Encode(resp); err != nil {
+			log.Printf("❌ encode error: %v", err)
+		}
+	})
+}
+
+func buildMissingVariants(mssql *sql.DB, orderHeaderID string, lines []models.OrderProductionUpdateLine) ([]models.OrderProductionMissingVariant, error) {
+	missing := make([]models.OrderProductionMissingVariant, 0)
+
+	for _, line := range lines {
+		lineID := strings.TrimSpace(line.OrderLineID)
+		newItem := strings.TrimSpace(line.NewItemCode)
+		newColor := strings.TrimSpace(line.NewColor)
+		newDim2 := strings.TrimSpace(line.NewDim2)
+
+		if lineID == "" || newItem == "" || newColor == "" {
+			continue
+		}
+
+		itemTypeCode, dim1, _, dim3, err := queries.GetOrderLineDims(mssql, orderHeaderID, lineID)
+		if err != nil {
+			return nil, err
+		}
+
+		exists, err := queries.VariantExists(mssql, itemTypeCode, newItem, newColor, dim1, newDim2, dim3)
+		if err != nil {
+			return nil, err
+		}
+		if !exists {
+			missing = append(missing, models.OrderProductionMissingVariant{
+				OrderLineID:  lineID,
+				ItemTypeCode: itemTypeCode,
+				ItemCode:     newItem,
+				ColorCode:    newColor,
+				ItemDim1Code: dim1,
+				ItemDim2Code: newDim2,
+				ItemDim3Code: dim3,
+			})
+		}
+	}
+
+	return missing, nil
+}
+
+func validateUpdateLines(lines []models.OrderProductionUpdateLine) error {
+	for _, line := range lines {
+		if strings.TrimSpace(line.OrderLineID) == "" {
+			return errors.New("OrderLineID zorunlu")
+		}
+		if strings.TrimSpace(line.NewItemCode) == "" {
+			return errors.New("Yeni urun kodu zorunlu")
+		}
+		if strings.TrimSpace(line.NewColor) == "" {
+			return errors.New("Yeni renk kodu zorunlu")
+		}
+	}
+	return nil
+}

svc/routes/orderproductionlist.go

@@ -0,0 +1,130 @@
+package routes
+
+import (
+	"bssapp-backend/auth"
+	"bssapp-backend/db"
+	"bssapp-backend/models"
+	"bssapp-backend/queries"
+	"database/sql"
+	"encoding/json"
+	"log"
+	"net/http"
+	"strings"
+)
+
+// ======================================================
+// 📌 OrderProductionListRoute — Üretime verilecek siparişler
+// ======================================================
+func OrderProductionListRoute(mssql *sql.DB) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+
+		// --------------------------------------------------
+		// 🔍 Query Param (RAW + TRIM)
+		// --------------------------------------------------
+		raw := r.URL.Query().Get("search")
+		search := strings.TrimSpace(raw)
+
+		log.Printf(
+			"📥 /api/orders/production-list search raw=%q trimmed=%q lenRaw=%d lenTrim=%d",
+			raw,
+			search,
+			len(raw),
+			len(search),
+		)
+
+		// --------------------------------------------------
+		// 🗄 SQL CALL (WITH CONTEXT)
+		// --------------------------------------------------
+		rows, err := queries.GetOrderProductionList(
+			r.Context(),
+			mssql,
+			db.PgDB,
+			search,
+		)
+
+		if err != nil {
+			log.Printf("❌ SQL sorgu hatası: %v", err)
+			http.Error(w, "Veritabanı hatası", http.StatusInternalServerError)
+			return
+		}
+		defer rows.Close()
+
+		// --------------------------------------------------
+		// 📦 Sonuç Listesi
+		// --------------------------------------------------
+		list := make([]models.OrderList, 0, 100)
+		count := 0
+
+		// ==================================================
+		// 🧠 SCAN — SQL SELECT ile BİRE BİR (18 kolon)
+		// ==================================================
+		for rows.Next() {
+
+			var o models.OrderList
+
+			err = rows.Scan(
+				&o.OrderHeaderID, // 1
+				&o.OrderNumber,   // 2
+				&o.OrderDate,     // 3
+
+				&o.CurrAccCode,        // 4
+				&o.CurrAccDescription, // 5
+
+				&o.MusteriTemsilcisi, // 6
+				&o.Piyasa,            // 7
+
+				&o.CreditableConfirmedDate, // 8
+				&o.DocCurrencyCode,         // 9
+
+				&o.TotalAmount,    // 10
+				&o.TotalAmountUSD, // 11
+				&o.PackedAmount,   // 12
+				&o.PackedUSD,      // 13
+				&o.PackedRatePct,  // 14
+
+				&o.IsCreditableConfirmed, // 15
+				&o.HasUretimUrunu,        // 16
+				&o.Description,           // 17
+
+				&o.ExchangeRateUSD, // 18
+			)
+
+			if err != nil {
+				log.Printf(
+					"⚠️ SCAN HATASI | OrderHeaderID=%v | err=%v",
+					o.OrderHeaderID,
+					err,
+				)
+				continue
+			}
+
+			list = append(list, o)
+			count++
+		}
+
+		if err := rows.Err(); err != nil {
+			log.Printf("⚠️ rows.Err(): %v", err)
+		}
+
+		// --------------------------------------------------
+		// 📊 RESULT LOG
+		// --------------------------------------------------
+		claims, _ := auth.GetClaimsFromContext(r.Context())
+
+		log.Printf(
+			"✅ Order production list DONE | user=%d | search=%q | resultCount=%d",
+			claims.ID,
+			search,
+			count,
+		)
+
+		// --------------------------------------------------
+		// ✅ JSON RESPONSE
+		// --------------------------------------------------
+		if err := json.NewEncoder(w).Encode(list); err != nil {
+			log.Printf("❌ encode error: %v", err)
+		}
+	})
+}

svc/routes/orderproductionupdate.go

@@ -0,0 +1,230 @@
+package routes
+
+import (
+	"bssapp-backend/auth"
+	"bssapp-backend/db"
+	"database/sql"
+	"encoding/json"
+	"errors"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/gorilla/mux"
+)
+
+type ProductionUpdateLine struct {
+	OrderLineID string `json:"OrderLineID"`
+	ItemTypeCode int16  `json:"ItemTypeCode"`
+	ItemCode     string `json:"ItemCode"`
+	ColorCode    string `json:"ColorCode"`
+	ItemDim1Code string `json:"ItemDim1Code"`
+	ItemDim2Code string `json:"ItemDim2Code"`
+	ItemDim3Code string `json:"ItemDim3Code"`
+	LineDescription string `json:"LineDescription"`
+}
+
+type ProductionUpdateRequest struct {
+	Lines         []ProductionUpdateLine `json:"lines"`
+	InsertMissing bool                   `json:"insertMissing"`
+}
+
+type MissingVariant struct {
+	ItemTypeCode int16  `json:"ItemTypeCode"`
+	ItemCode     string `json:"ItemCode"`
+	ColorCode    string `json:"ColorCode"`
+	ItemDim1Code string `json:"ItemDim1Code"`
+	ItemDim2Code string `json:"ItemDim2Code"`
+	ItemDim3Code string `json:"ItemDim3Code"`
+}
+
+// ======================================================
+// 📌 OrderProductionUpdateRoute — U ürün satırlarını güncelle
+// ======================================================
+func OrderProductionUpdateRoute(mssql *sql.DB) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+
+		id := mux.Vars(r)["id"]
+		if id == "" {
+			http.Error(w, "OrderHeaderID bulunamadı", http.StatusBadRequest)
+			return
+		}
+
+		var req ProductionUpdateRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			http.Error(w, "Geçersiz JSON", http.StatusBadRequest)
+			return
+		}
+
+		if len(req.Lines) == 0 {
+			http.Error(w, "Satır bulunamadı", http.StatusBadRequest)
+			return
+		}
+
+		claims, _ := auth.GetClaimsFromContext(r.Context())
+		username := ""
+		if claims != nil {
+			username = claims.Username
+		}
+		if username == "" {
+			username = "system"
+		}
+
+		tx, err := db.MssqlDB.Begin()
+		if err != nil {
+			http.Error(w, "İşlem başlatılamadı", http.StatusInternalServerError)
+			return
+		}
+		defer tx.Rollback()
+
+		// 1) Eksik varyantları kontrol et
+		missingMap := make(map[string]MissingVariant)
+		checkStmt, err := tx.Prepare(`
+SELECT TOP 1 1
+FROM dbo.prItemVariant
+WHERE ItemTypeCode = @p1
+  AND ItemCode = @p2
+  AND ColorCode = @p3
+  AND ISNULL(ItemDim1Code,'') = ISNULL(@p4,'')
+  AND ISNULL(ItemDim2Code,'') = ISNULL(@p5,'')
+  AND ISNULL(ItemDim3Code,'') = ISNULL(@p6,'')
+`)
+		if err != nil {
+			http.Error(w, "Varyant kontrolü hazırlanamadı", http.StatusInternalServerError)
+			return
+		}
+		defer checkStmt.Close()
+
+		for _, ln := range req.Lines {
+			if strings.TrimSpace(ln.ItemCode) == "" {
+				http.Error(w, "Yeni model kodu boş", http.StatusBadRequest)
+				return
+			}
+			row := checkStmt.QueryRow(
+				ln.ItemTypeCode,
+				ln.ItemCode,
+				ln.ColorCode,
+				ln.ItemDim1Code,
+				ln.ItemDim2Code,
+				ln.ItemDim3Code,
+			)
+			var ok int
+			if err := row.Scan(&ok); err != nil {
+				if errors.Is(err, sql.ErrNoRows) {
+					key := strings.Join([]string{
+						ln.ItemCode, ln.ColorCode, ln.ItemDim1Code, ln.ItemDim2Code, ln.ItemDim3Code,
+					}, "|")
+					missingMap[key] = MissingVariant{
+						ItemTypeCode: ln.ItemTypeCode,
+						ItemCode:     ln.ItemCode,
+						ColorCode:    ln.ColorCode,
+						ItemDim1Code: ln.ItemDim1Code,
+						ItemDim2Code: ln.ItemDim2Code,
+						ItemDim3Code: ln.ItemDim3Code,
+					}
+					continue
+				}
+				http.Error(w, "Varyant kontrolü hatası", http.StatusInternalServerError)
+				return
+			}
+		}
+
+		if len(missingMap) > 0 && !req.InsertMissing {
+			missing := make([]MissingVariant, 0, len(missingMap))
+			for _, v := range missingMap {
+				missing = append(missing, v)
+			}
+			w.WriteHeader(http.StatusConflict)
+			_ = json.NewEncoder(w).Encode(map[string]any{
+				"missing": missing,
+			})
+			return
+		}
+
+		// 2) Eksikleri ekle (gerekirse)
+		if len(missingMap) > 0 {
+			// PLU üretimi (max + row_number)
+			var basePlu int64
+			if err := tx.QueryRow(`SELECT ISNULL(MAX(PLU),0) FROM dbo.prItemVariant WITH (UPDLOCK, HOLDLOCK)`).Scan(&basePlu); err != nil {
+				http.Error(w, "PLU alınamadı", http.StatusInternalServerError)
+				return
+			}
+
+			now := time.Now()
+			i := int64(0)
+			for _, v := range missingMap {
+				i++
+				if _, err := tx.Exec(`
+INSERT INTO dbo.prItemVariant
+(
+	ItemTypeCode, ItemCode, ColorCode, ItemDim1Code, ItemDim2Code, ItemDim3Code,
+	PLU, CreatedUserName, CreatedDate, LastUpdatedUserName, LastUpdatedDate
+)
+VALUES
+(@p1,@p2,@p3,@p4,@p5,@p6,@p7,@p8,@p9,@p8,@p9)
+`,
+					v.ItemTypeCode,
+					v.ItemCode,
+					v.ColorCode,
+					v.ItemDim1Code,
+					v.ItemDim2Code,
+					v.ItemDim3Code,
+					basePlu+i,
+					username,
+					now,
+				); err != nil {
+					http.Error(w, "Varyant insert hatası", http.StatusInternalServerError)
+					return
+				}
+			}
+		}
+
+		// 3) trOrderLine güncelle
+		updStmt, err := tx.Prepare(`
+UPDATE dbo.trOrderLine
+SET
+	ItemCode = @p1,
+	ColorCode = @p2,
+	ItemDim2Code = @p3,
+	LineDescription = @p4,
+	LastUpdatedUserName = @p5,
+	LastUpdatedDate = @p6
+WHERE OrderHeaderID = @p7
+  AND OrderLineID = @p8
+`)
+		if err != nil {
+			http.Error(w, "Update hazırlığı başarısız", http.StatusInternalServerError)
+			return
+		}
+		defer updStmt.Close()
+
+		now := time.Now()
+		for _, ln := range req.Lines {
+			if _, err := updStmt.Exec(
+				ln.ItemCode,
+				ln.ColorCode,
+				ln.ItemDim2Code,
+				ln.LineDescription,
+				username,
+				now,
+				id,
+				ln.OrderLineID,
+			); err != nil {
+				http.Error(w, "Satır güncelleme hatası", http.StatusInternalServerError)
+				return
+			}
+		}
+
+		if err := tx.Commit(); err != nil {
+			http.Error(w, "Commit hatası", http.StatusInternalServerError)
+			return
+		}
+
+		_ = json.NewEncoder(w).Encode(map[string]any{
+			"status":  "ok",
+			"updated": len(req.Lines),
+		})
+	})
+}

svc/routes/password_forgot.go

@@ -6,9 +6,7 @@ import (
 	"bssapp-backend/internal/security"
 	"database/sql"
 	"encoding/json"
-	"fmt"
 	"net/http"
-	"os"
 	"strings"
 	"time"
 )
@@ -75,7 +73,7 @@ func ForgotPasswordHandler(
 		_, _ = db.Exec(`
 			INSERT INTO dfusr_password_reset (
 				dfusr_id,
-				token,
+				token_hash,
 				expires_at
 			)
 			VALUES ($1, $2, $3)
@@ -84,11 +82,7 @@ func ForgotPasswordHandler(
 		// -------------------------------------------------------
 		// 5️⃣ Reset URL (PLAIN token)
 		// -------------------------------------------------------
-		resetURL := fmt.Sprintf(
+		resetURL := security.BuildResetURL(plain)
-			"%s/password-reset/%s",
-			os.Getenv("FRONTEND_URL"),
-			plain,
-		)
 
 		// -------------------------------------------------------
 		// 6️⃣ Mail gönder (fail olsa bile enumeration yok)

svc/routes/password_reset_complete.go

@@ -43,9 +43,9 @@ func CompletePasswordResetHandler(db *sql.DB) http.HandlerFunc {
 		var expiresAt time.Time
 
 		err := db.QueryRow(`
-			SELECT mk_dfusr_id, expires_at
+			SELECT dfusr_id, expires_at
-			FROM mk_dfusr_password_reset
+			FROM dfusr_password_reset
-			WHERE token = $1
+			WHERE token_hash = $1
 			  AND used_at IS NULL
 		`, tokenHash).Scan(&userID, &expiresAt)
 
@@ -84,9 +84,10 @@ func CompletePasswordResetHandler(db *sql.DB) http.HandlerFunc {
 
 		// token tüket
 		if _, err := tx.Exec(`
-			UPDATE mk_dfusr_password_reset
+			UPDATE dfusr_password_reset
 			SET used_at = now()
-			WHERE token = $1
+			WHERE token_hash = $1
+			  AND used_at IS NULL
 		`, tokenHash); err != nil {
 			http.Error(w, "token update failed", http.StatusInternalServerError)
 			return

svc/routes/password_reset_validate.go

@@ -1,9 +1,8 @@
 package routes
 
 import (
-	"crypto/sha256"
+	"bssapp-backend/internal/security"
 	"database/sql"
-	"encoding/hex"
 	"net/http"
 	"time"
 
@@ -21,8 +20,7 @@ func ValidatePasswordResetTokenHandler(db *sql.DB) http.HandlerFunc {
 		}
 
 		// 🔐 plain token -> hash
-		h := sha256.Sum256([]byte(token))
+		tokenHash := security.HashToken(token)
-		tokenHash := hex.EncodeToString(h[:])
 
 		var (
 			userID    int64
@@ -31,8 +29,8 @@ func ValidatePasswordResetTokenHandler(db *sql.DB) http.HandlerFunc {
 		)
 
 		err := db.QueryRow(`
-			SELECT user_id, expires_at, used_at
+			SELECT dfusr_id, expires_at, used_at
-			FROM password_reset_tokens
+			FROM dfusr_password_reset
 			WHERE token_hash = $1
 			LIMIT 1
 		`, tokenHash).Scan(&userID, &expiresAt, &usedAt)

svc/routes/pdf_assets.go

@@ -18,14 +18,17 @@ func resolvePdfAssetPath(name string) (string, error) {
 		return "", fmt.Errorf("env PDF_FONT_DIR not set")
 	}
 
-	// Mutlaka absolute olsun
+	if !strings.HasPrefix(base, "/") {
-	if !filepath.IsAbs(base) {
+		base = "/" + base
-		return "", fmt.Errorf("PDF_FONT_DIR must be absolute: %s", base)
 	}
 
-	full := filepath.Clean(filepath.Join(base, name))
+	name = strings.TrimSpace(name)
+	name = strings.TrimPrefix(name, "/")
+	name = strings.TrimPrefix(name, "\\")
+
+	full := filepath.Join(base, name)
+	full = filepath.Clean(full)
 
-	// DEBUG
 	log.Printf("📄 PDF FONT PATH = %s", full)
 
 	if _, err := os.Stat(full); err != nil {
@@ -84,21 +87,42 @@ func resolveAssetPath(fileName string, relativeDirs []string) (string, error) {
 	return "", fmt.Errorf("asset not found: %s (tried: %s)", fileName, strings.Join(tried, ", "))
 }
 
-func registerDejavuFonts(pdf *gofpdf.Fpdf, regularFamily, boldFamily string) error {
+func registerDejavuFonts(pdf *gofpdf.Fpdf, s string) error {
-	regularFont, err := resolvePdfAssetPath("DejaVuSans.ttf")
+
-	if err != nil {
+	regPath, err := resolvePdfAssetPath("DejaVuSans.ttf")
-		return err
-	}
-	boldFont, err := resolvePdfAssetPath("DejaVuSans-Bold.ttf")
 	if err != nil {
 		return err
 	}
 
-	pdf.AddUTF8Font(regularFamily, "", regularFont)
+	boldPath, err := resolvePdfAssetPath("DejaVuSans-Bold.ttf")
-	pdf.AddUTF8Font(boldFamily, "", boldFont)
+	if err != nil {
-
+		return err
-	if err := pdf.Error(); err != nil {
-		return fmt.Errorf("font init failed: %w", err)
 	}
+
+	// SAME FAMILY: "dejavu"
+	pdf.AddUTF8FontFromBytes(
+		"dejavu",
+		"",
+		mustReadFile(regPath),
+	)
+
+	pdf.AddUTF8FontFromBytes(
+		"dejavu",
+		"B",
+		mustReadFile(boldPath),
+	)
+
+	if pdf.Error() != nil {
+		return fmt.Errorf("font init failed: %w", pdf.Error())
+	}
+
 	return nil
 }
+
+func mustReadFile(path string) []byte {
+	b, err := os.ReadFile(path)
+	if err != nil {
+		panic("FONT READ ERROR: " + err.Error())
+	}
+	return b
+}

svc/routes/role_department_permissions.go

@@ -14,6 +14,7 @@ import (
 	"strings"
 
 	"github.com/gorilla/mux"
+	"github.com/lib/pq"
 )
 
 type IdTitleOption struct {
@@ -57,7 +58,7 @@ type RoleDepartmentPermissionHandler struct {
 func NewRoleDepartmentPermissionHandler(db *sql.DB) *RoleDepartmentPermissionHandler {
 
 	return &RoleDepartmentPermissionHandler{
-		DB:   db, // ✅ EKLENDİ
+		DB:   db, // Added
 		Repo: permissions.NewRoleDepartmentPermissionRepo(db),
 	}
 }
@@ -417,7 +418,7 @@ func (h *PermissionHandler) GetUserOverrides(w http.ResponseWriter, r *http.Requ
 
 	list, err := h.Repo.GetUserOverridesByUserID(userID)
 	if err != nil {
-		log.Println("❌ USER OVERRIDE LOAD ERROR:", err)
+		log.Println("USER OVERRIDE LOAD ERROR:", err)
 		http.Error(w, "db error", http.StatusInternalServerError)
 		return
 	}
@@ -425,6 +426,138 @@ func (h *PermissionHandler) GetUserOverrides(w http.ResponseWriter, r *http.Requ
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	_ = json.NewEncoder(w).Encode(list)
 }
+
+type routePermissionSeed struct {
+	Module string
+	Action string
+	Path   string
+}
+
+type moduleActionSeed struct {
+	Module string
+	Action string
+}
+
+type permissionSnapshot struct {
+	user     map[string]bool
+	roleDept map[string]bool
+	role     map[string]bool
+}
+
+func permissionKey(module, action string) string {
+	return module + "|" + action
+}
+
+func loadPermissionSnapshot(
+	db *sql.DB,
+	userID int64,
+	roleID int64,
+	deptCodes []string,
+) (permissionSnapshot, error) {
+	snapshot := permissionSnapshot{
+		user:     make(map[string]bool, 128),
+		roleDept: make(map[string]bool, 128),
+		role:     make(map[string]bool, 128),
+	}
+
+	userRows, err := db.Query(`
+		SELECT module_code, action, allowed
+		FROM mk_sys_user_permissions
+		WHERE user_id = $1
+	`, userID)
+	if err != nil {
+		return snapshot, err
+	}
+	for userRows.Next() {
+		var module, action string
+		var allowed bool
+		if err := userRows.Scan(&module, &action, &allowed); err != nil {
+			_ = userRows.Close()
+			return snapshot, err
+		}
+		snapshot.user[permissionKey(module, action)] = allowed
+	}
+	if err := userRows.Err(); err != nil {
+		_ = userRows.Close()
+		return snapshot, err
+	}
+	_ = userRows.Close()
+
+	if len(deptCodes) > 0 {
+		roleDeptRows, err := db.Query(`
+			SELECT module_code, action, BOOL_OR(allowed) AS allowed
+			FROM vw_role_dept_permissions
+			WHERE role_id = $1
+			  AND department_code = ANY($2)
+			GROUP BY module_code, action
+		`,
+			roleID,
+			pq.Array(deptCodes),
+		)
+		if err != nil {
+			return snapshot, err
+		}
+		for roleDeptRows.Next() {
+			var module, action string
+			var allowed bool
+			if err := roleDeptRows.Scan(&module, &action, &allowed); err != nil {
+				_ = roleDeptRows.Close()
+				return snapshot, err
+			}
+			snapshot.roleDept[permissionKey(module, action)] = allowed
+		}
+		if err := roleDeptRows.Err(); err != nil {
+			_ = roleDeptRows.Close()
+			return snapshot, err
+		}
+		_ = roleDeptRows.Close()
+	}
+
+	roleRows, err := db.Query(`
+		SELECT module_code, action, allowed
+		FROM mk_sys_role_permissions
+		WHERE role_id = $1
+	`, roleID)
+	if err != nil {
+		return snapshot, err
+	}
+	for roleRows.Next() {
+		var module, action string
+		var allowed bool
+		if err := roleRows.Scan(&module, &action, &allowed); err != nil {
+			_ = roleRows.Close()
+			return snapshot, err
+		}
+		snapshot.role[permissionKey(module, action)] = allowed
+	}
+	if err := roleRows.Err(); err != nil {
+		_ = roleRows.Close()
+		return snapshot, err
+	}
+	_ = roleRows.Close()
+
+	return snapshot, nil
+}
+
+func resolvePermissionFromSnapshot(
+	s permissionSnapshot,
+	module string,
+	action string,
+) bool {
+	key := permissionKey(module, action)
+
+	if allowed, ok := s.user[key]; ok {
+		return allowed
+	}
+	if allowed, ok := s.roleDept[key]; ok {
+		return allowed
+	}
+	if allowed, ok := s.role[key]; ok {
+		return allowed
+	}
+	return false
+}
+
 func GetUserRoutePermissionsHandler(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 
@@ -436,10 +569,16 @@ func GetUserRoutePermissionsHandler(db *sql.DB) http.HandlerFunc {
 			return
 		}
 
-		repo := permissions.NewPermissionRepository(db)
+		snapshot, err := loadPermissionSnapshot(
-
+			db,
-		// JWT’den departmanlar
+			int64(claims.ID),
-		depts := claims.DepartmentCodes
+			int64(claims.RoleID),
+			claims.DepartmentCodes,
+		)
+		if err != nil {
+			http.Error(w, err.Error(), 500)
+			return
+		}
 
 		rows, err := db.Query(`
 			SELECT DISTINCT
@@ -454,17 +593,9 @@ func GetUserRoutePermissionsHandler(db *sql.DB) http.HandlerFunc {
 		}
 		defer rows.Close()
 
-		type Row struct {
+		routeSeeds := make([]routePermissionSeed, 0, 128)
-			Route     string `json:"route"`
-			CanAccess bool   `json:"can_access"`
-		}
-
-		list := make([]Row, 0, 64)
-
 		for rows.Next() {
-
 			var module, action, path string
-
 			if err := rows.Scan(
 				&module,
 				&action,
@@ -473,22 +604,26 @@ func GetUserRoutePermissionsHandler(db *sql.DB) http.HandlerFunc {
 				continue
 			}
 
-			allowed, err := repo.ResolvePermissionChain(
+			routeSeeds = append(routeSeeds, routePermissionSeed{
-				int64(claims.ID),
+				Module: module,
-				int64(claims.RoleID),
+				Action: action,
-				depts,
+				Path:   path,
-				module,
+			})
-				action,
+		}
-			)
+		if err := rows.Err(); err != nil {
-
+			http.Error(w, err.Error(), 500)
-			if err != nil {
+			return
-				log.Println("PERM RESOLVE ERROR:", err)
-				continue
 		}
 
+		list := make([]Row, 0, len(routeSeeds))
+		for _, route := range routeSeeds {
 			list = append(list, Row{
-				Route:     path,
+				Route: route.Path,
-				CanAccess: allowed,
+				CanAccess: resolvePermissionFromSnapshot(
+					snapshot,
+					route.Module,
+					route.Action,
+				),
 			})
 		}
 
@@ -507,18 +642,17 @@ func GetMyEffectivePermissions(db *sql.DB) http.HandlerFunc {
 			return
 		}
 
-		repo := permissions.NewPermissionRepository(db)
+		snapshot, err := loadPermissionSnapshot(
-
+			db,
-		// ✅ JWT'DEN DEPARTMENTS
+			int64(claims.ID),
-		depts := claims.DepartmentCodes
+			int64(claims.RoleID),
-
+			claims.DepartmentCodes,
-		log.Printf("🧪 EFFECTIVE PERM | user=%d role=%d depts=%v",
-			claims.ID,
-			claims.RoleID,
-			depts,
 		)
+		if err != nil {
+			http.Error(w, err.Error(), 500)
+			return
+		}
 
-		// all system perms
 		all, err := db.Query(`
 			SELECT DISTINCT module_code, action
 			FROM mk_sys_routes
@@ -529,14 +663,7 @@ func GetMyEffectivePermissions(db *sql.DB) http.HandlerFunc {
 		}
 		defer all.Close()
 
-		type Row struct {
+		moduleActions := make([]moduleActionSeed, 0, 128)
-			Module  string `json:"module"`
-			Action  string `json:"action"`
-			Allowed bool   `json:"allowed"`
-		}
-
-		list := make([]Row, 0, 128)
-
 		for all.Next() {
 
 			var m, a string
@@ -544,22 +671,32 @@ func GetMyEffectivePermissions(db *sql.DB) http.HandlerFunc {
 				continue
 			}
 
-			allowed, err := repo.ResolvePermissionChain(
+			moduleActions = append(moduleActions, moduleActionSeed{
-				int64(claims.ID),
-				int64(claims.RoleID),
-				depts,
-				m,
-				a,
-			)
-
-			if err != nil {
-				continue
-			}
-
-			list = append(list, Row{
 				Module: m,
 				Action: a,
-				Allowed: allowed,
+			})
+		}
+		if err := all.Err(); err != nil {
+			http.Error(w, err.Error(), 500)
+			return
+		}
+
+		type Row struct {
+			Module  string `json:"module"`
+			Action  string `json:"action"`
+			Allowed bool   `json:"allowed"`
+		}
+
+		list := make([]Row, 0, len(moduleActions))
+		for _, item := range moduleActions {
+			list = append(list, Row{
+				Module: item.Module,
+				Action: item.Action,
+				Allowed: resolvePermissionFromSnapshot(
+					snapshot,
+					item.Module,
+					item.Action,
+				),
 			})
 		}
 

svc/routes/statement_header_pdf.go

@@ -52,7 +52,7 @@ var hMainWbase = []float64{
 // Font dosyaları
 const (
 	hFontFamilyReg  = "dejavu"
-	hFontFamilyBold = "dejavu-b"
+	hFontFamilyBold = "dejavu"
 )
 
 // Renkler
@@ -64,7 +64,7 @@ var (
 /* ============================ FONT / FORMAT ============================ */
 
 func hEnsureFonts(pdf *gofpdf.Fpdf) error {
-	return registerDejavuFonts(pdf, hFontFamilyReg, hFontFamilyBold)
+	return registerDejavuFonts(pdf, hFontFamilyReg)
 }
 
 func hNormalizeWidths(base []float64, targetTotal float64) []float64 {

svc/routes/statements_pdf.go

@@ -78,7 +78,7 @@ var dWbase = []float64{
 // Font dosyaları
 const (
 	fontFamilyReg  = "dejavu"
-	fontFamilyBold = "dejavu-b"
+	fontFamilyBold = "dejavu"
 )
 
 // Kurumsal renkler
@@ -132,7 +132,7 @@ func formatCurrencyTR(n float64) string {
 
 // Fontları yükle
 func ensureFonts(pdf *gofpdf.Fpdf) error {
-	return registerDejavuFonts(pdf, fontFamilyReg, fontFamilyBold)
+	return registerDejavuFonts(pdf, fontFamilyReg)
 }
 
 // Güvenli satır kırma

svc/routes/user_detail.go

@@ -1,6 +1,7 @@
 package routes
 
 import (
+	"bssapp-backend/auth"
 	"bssapp-backend/internal/auditlog"
 	"bssapp-backend/internal/mailer"
 	"bssapp-backend/internal/security"
@@ -13,12 +14,12 @@ import (
 	"io"
 	"log"
 	"net/http"
-	"os"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/gorilla/mux"
+	"github.com/lib/pq"
 )
 
 // ======================================================
@@ -51,6 +52,8 @@ func UserDetailRoute(db *sql.DB) http.Handler {
 			handleUserGet(db, w, userID)
 		case http.MethodPut:
 			handleUserUpdate(db, w, r, userID)
+		case http.MethodDelete:
+			handleUserDelete(db, w, r, userID)
 		case http.MethodOptions:
 			w.WriteHeader(http.StatusOK)
 		default:
@@ -323,6 +326,116 @@ func handleUserUpdate(db *sql.DB, w http.ResponseWriter, r *http.Request, userID
 	_ = json.NewEncoder(w).Encode(map[string]any{"success": true})
 }
 
+// ======================================================
+// 🗑️ DELETE USER (HARD DELETE)
+// ======================================================
+func handleUserDelete(db *sql.DB, w http.ResponseWriter, r *http.Request, userID int64) {
+	claims, _ := auth.GetClaimsFromContext(r.Context())
+	if claims != nil && int64(claims.ID) == userID {
+		http.Error(w, "Kendi kullanicinizi silemezsiniz", http.StatusConflict)
+		return
+	}
+
+	tx, err := db.Begin()
+	if err != nil {
+		http.Error(w, "Transaction baslatilamadi", http.StatusInternalServerError)
+		return
+	}
+	defer tx.Rollback()
+
+	var username string
+	_ = tx.QueryRow(`
+		SELECT username
+		FROM mk_dfusr
+		WHERE id = $1
+	`, userID).Scan(&username)
+
+	if strings.TrimSpace(username) == "" {
+		_ = tx.QueryRow(`
+			SELECT code
+			FROM dfusr
+			WHERE id = $1
+		`, userID).Scan(&username)
+	}
+
+	if strings.TrimSpace(username) == "" {
+		http.Error(w, "Kullanici bulunamadi", http.StatusNotFound)
+		return
+	}
+
+	cleanupQueries := []string{
+		`DELETE FROM mk_refresh_tokens WHERE mk_user_id = $1`,
+		`DELETE FROM mk_dfusr_password_reset WHERE mk_dfusr_id = $1`,
+		`DELETE FROM dfusr_password_reset WHERE dfusr_id = $1`,
+		`DELETE FROM mk_sys_user_permissions WHERE user_id = $1`,
+		`DELETE FROM dfrole_usr WHERE dfusr_id = $1`,
+		`DELETE FROM dfusr_dprt WHERE dfusr_id = $1`,
+		`DELETE FROM dfusr_piyasa WHERE dfusr_id = $1`,
+		`DELETE FROM dfusr_nebim_user WHERE dfusr_id = $1`,
+	}
+
+	isUndefinedTable := func(err error) bool {
+		if err == nil {
+			return false
+		}
+		if pe, ok := err.(*pq.Error); ok {
+			return pe.Code == "42P01" // undefined_table
+		}
+		return false
+	}
+
+	for _, q := range cleanupQueries {
+		if _, err := tx.Exec(q, userID); err != nil {
+			if isUndefinedTable(err) {
+				log.Printf("⚠️ [UserDetail] cleanup skipped (table missing) user_id=%d query=%s", userID, q)
+				continue
+			}
+			log.Printf("❌ [UserDetail] cleanup failed user_id=%d err=%v query=%s", userID, err, q)
+			http.Error(w, "Kullanici baglantilari silinemedi", http.StatusInternalServerError)
+			return
+		}
+	}
+
+	if _, err := tx.Exec(`DELETE FROM mk_dfusr WHERE id = $1`, userID); err != nil {
+		log.Printf("❌ [UserDetail] delete mk_dfusr failed user_id=%d err=%v", userID, err)
+		http.Error(w, "Kullanici silinemedi", http.StatusInternalServerError)
+		return
+	}
+
+	if _, err := tx.Exec(`DELETE FROM dfusr WHERE id = $1`, userID); err != nil {
+		log.Printf("❌ [UserDetail] delete dfusr failed user_id=%d err=%v", userID, err)
+		http.Error(w, "Kullanici silinemedi", http.StatusInternalServerError)
+		return
+	}
+
+	if err := tx.Commit(); err != nil {
+		log.Printf("❌ [UserDetail] delete commit failed user_id=%d err=%v", userID, err)
+		http.Error(w, "Commit basarisiz", http.StatusInternalServerError)
+		return
+	}
+
+	if claims != nil {
+		auditlog.Enqueue(r.Context(), auditlog.ActivityLog{
+			ActionType:     "user_delete",
+			ActionCategory: "user_admin",
+			ActionTarget:   fmt.Sprintf("/api/users/%d", userID),
+			Description:    "user deleted from mk_dfusr and dfusr",
+			Username:       claims.Username,
+			RoleCode:       claims.RoleCode,
+			DfUsrID:        int64(claims.ID),
+			TargetDfUsrID:  userID,
+			TargetUsername: username,
+			IsSuccess:      true,
+		})
+	}
+
+	_ = json.NewEncoder(w).Encode(map[string]any{
+		"success":  true,
+		"deleted":  userID,
+		"username": username,
+	})
+}
+
 // ======================================================
 // 🔐 ADMIN — PASSWORD RESET MAIL
 // ======================================================
@@ -358,16 +471,12 @@ func SendPasswordResetMailHandler(
 
 		// 💾 DB → SADECE HASH
 		_, _ = db.Exec(`
-			INSERT INTO dfusr_password_reset (dfusr_id, token, expires_at)
+			INSERT INTO dfusr_password_reset (dfusr_id, token_hash, expires_at)
 			VALUES ($1,$2,$3)
 		`, userID, hash, expires)
 
 		// 🔗 URL → PLAIN
-		resetURL := fmt.Sprintf(
+		resetURL := security.BuildResetURL(plain)
-			"%s/password-reset/%s",
-			os.Getenv("FRONTEND_URL"),
-			plain,
-		)
 
 		_ = mailer.SendPasswordResetMail(email, resetURL)
 

svc/services/auth.go

@@ -2,6 +2,10 @@ package services
 
 import (
 	"bssapp-backend/models"
+	"crypto/md5"
+	"crypto/sha1"
+	"encoding/hex"
+	"log"
 	"strings"
 
 	"golang.org/x/crypto/bcrypt"
@@ -16,7 +20,6 @@ func CheckPasswordWithLegacy(user *models.User, plain string) bool {
 		return false
 	}
 
-	plain = strings.TrimSpace(plain)
 	if plain == "" {
 		return false
 	}
@@ -28,11 +31,100 @@ func CheckPasswordWithLegacy(user *models.User, plain string) bool {
 
 	// 1️⃣ bcrypt hash mi?
 	if isBcryptHash(stored) {
-		return bcrypt.CompareHashAndPassword([]byte(stored), []byte(plain)) == nil
+		candidates := make([]string, 0, 10)
+		seen := map[string]struct{}{}
+		add := func(v string) {
+			if v == "" {
+				return
+			}
+			if _, ok := seen[v]; ok {
+				return
+			}
+			seen[v] = struct{}{}
+			candidates = append(candidates, v)
+		}
+
+		add(plain)
+		trimmed := strings.TrimSpace(plain)
+		add(trimmed)
+
+		bases := append([]string(nil), candidates...)
+		for _, base := range bases {
+			md5Sum := md5.Sum([]byte(base))
+			md5Hex := hex.EncodeToString(md5Sum[:])
+			add(md5Hex)
+			add(strings.ToUpper(md5Hex))
+
+			sha1Sum := sha1.Sum([]byte(base))
+			sha1Hex := hex.EncodeToString(sha1Sum[:])
+			add(sha1Hex)
+			add(strings.ToUpper(sha1Hex))
+		}
+
+		var lastErr error
+		for _, candidate := range candidates {
+			if err := bcrypt.CompareHashAndPassword([]byte(stored), []byte(candidate)); err == nil {
+				return true
+			} else {
+				lastErr = err
+			}
+			if encoded, ok := encodeLegacySingleByte(candidate); ok {
+				if err := bcrypt.CompareHashAndPassword([]byte(stored), encoded); err == nil {
+					return true
+				} else {
+					lastErr = err
+				}
+			}
+		}
+		if lastErr != nil {
+			log.Printf(
+				"LEGACY BCRYPT MISMATCH stored_len=%d candidates=%d last_err=%v",
+				len(stored),
+				len(candidates),
+				lastErr,
+			)
+		}
+
+		return false
 	}
 
 	// 2️⃣ TAM LEGACY — düz metin (eski kayıtlar)
-	return stored == plain
+	if stored == plain {
+		return true
+	}
+	trimmed := strings.TrimSpace(plain)
+	if trimmed != plain && trimmed != "" && stored == trimmed {
+		return true
+	}
+
+	// 3️⃣ Legacy hash variants seen in old dfusr.upass data.
+	if isHexDigest(stored, 32) {
+		sumRaw := md5.Sum([]byte(plain))
+		if strings.EqualFold(stored, hex.EncodeToString(sumRaw[:])) {
+			return true
+		}
+		if trimmed != plain && trimmed != "" {
+			sumTrim := md5.Sum([]byte(trimmed))
+			if strings.EqualFold(stored, hex.EncodeToString(sumTrim[:])) {
+				return true
+			}
+		}
+	}
+
+	if isHexDigest(stored, 40) {
+		sumRaw := sha1.Sum([]byte(plain))
+		if strings.EqualFold(stored, hex.EncodeToString(sumRaw[:])) {
+			return true
+		}
+		if trimmed != plain && trimmed != "" {
+			sumTrim := sha1.Sum([]byte(trimmed))
+			if strings.EqualFold(stored, hex.EncodeToString(sumTrim[:])) {
+				return true
+			}
+		}
+	}
+
+	return false
 }
 
 func isBcryptHash(s string) bool {
@@ -40,3 +132,46 @@ func isBcryptHash(s string) bool {
 		strings.HasPrefix(s, "$2b$") ||
 		strings.HasPrefix(s, "$2y$")
 }
+
+func isHexDigest(s string, expectedLen int) bool {
+	if len(s) != expectedLen {
+		return false
+	}
+	for _, r := range s {
+		if (r < '0' || r > '9') &&
+			(r < 'a' || r > 'f') &&
+			(r < 'A' || r > 'F') {
+			return false
+		}
+	}
+	return true
+}
+
+// encodeLegacySingleByte converts text to a Turkish-compatible single-byte
+// representation (similar to Windows-1254 / ISO-8859-9) for legacy bcrypt data.
+func encodeLegacySingleByte(s string) ([]byte, bool) {
+	out := make([]byte, 0, len(s))
+	for _, r := range s {
+		switch r {
+		case 'Ğ':
+			out = append(out, 0xD0)
+		case 'ğ':
+			out = append(out, 0xF0)
+		case 'İ':
+			out = append(out, 0xDD)
+		case 'ı':
+			out = append(out, 0xFD)
+		case 'Ş':
+			out = append(out, 0xDE)
+		case 'ş':
+			out = append(out, 0xFE)
+		default:
+			if r >= 0 && r <= 0xFF {
+				out = append(out, byte(r))
+			} else {
+				return nil, false
+			}
+		}
+	}
+	return out, true
+}

ui/.env.development

@@ -1 +1 @@
-VITE_API_BASE_URL=http://localhost:8080
+VITE_API_BASE_URL=http://localhost:8080/api

ui/.quasar/dev-spa/client-entry.js

@@ -146,8 +146,6 @@ createQuasarApp(createApp, quasarUserOptions)
 
     return Promise[ method ]([
       
-      import(/* webpackMode: "eager" */ 'boot/axios'),
-      
       import(/* webpackMode: "eager" */ 'boot/dayjs')
       
     ]).then(bootFiles => {

ui/.quasar/prod-spa/app.js

@@ -1,75 +0,0 @@
-/* eslint-disable */
-/**
- * THIS FILE IS GENERATED AUTOMATICALLY.
- * DO NOT EDIT.
- *
- * You are probably looking on adding startup/initialization code.
- * Use "quasar new boot <name>" and add it there.
- * One boot file per concern. Then reference the file(s) in quasar.config file > boot:
- * boot: ['file', ...] // do not add ".js" extension to it.
- *
- * Boot files are your "main.js"
- **/
-
-
-
-
-
-import { Quasar } from 'quasar'
-import { markRaw } from 'vue'
-import RootComponent from 'app/src/App.vue'
-
-import createStore from 'app/src/stores/index'
-import createRouter from 'app/src/router/index'
-
-
-
-
-
-export default async function (createAppFn, quasarUserOptions) {
-  
-
-  // Create the app instance.
-  // Here we inject into it the Quasar UI, the router & possibly the store.
-  const app = createAppFn(RootComponent)
-
-  
-
-  app.use(Quasar, quasarUserOptions)
-
-  
-
-  
-    const store = typeof createStore === 'function'
-      ? await createStore({})
-      : createStore
-
-    
-      app.use(store)
-
-      
-    
-  
-
-  const router = markRaw(
-    typeof createRouter === 'function'
-      ? await createRouter({store})
-      : createRouter
-  )
-
-  
-    // make router instance available in store
-    
-      store.use(({ store }) => { store.router = router })
-    
-  
-
-  // Expose the app, the router and the store.
-  // Note that we are not mounting the app here, since bootstrapping will be
-  // different depending on whether we are in a browser or on the server.
-  return {
-    app,
-    store,
-    router
-  }
-}

ui/.quasar/prod-spa/client-entry.js

@@ -1,154 +0,0 @@
-/* eslint-disable */
-/**
- * THIS FILE IS GENERATED AUTOMATICALLY.
- * DO NOT EDIT.
- *
- * You are probably looking on adding startup/initialization code.
- * Use "quasar new boot <name>" and add it there.
- * One boot file per concern. Then reference the file(s) in quasar.config file > boot:
- * boot: ['file', ...] // do not add ".js" extension to it.
- *
- * Boot files are your "main.js"
- **/
-
-
-import { createApp } from 'vue'
-
-
-
-
-
-
-
-import '@quasar/extras/roboto-font/roboto-font.css'
-
-import '@quasar/extras/material-icons/material-icons.css'
-
-
-
-
-// We load Quasar stylesheet file
-import 'quasar/dist/quasar.sass'
-
-
-
-
-import 'src/css/app.css'
-
-
-import createQuasarApp from './app.js'
-import quasarUserOptions from './quasar-user-options.js'
-
-
-
-
-
-
-
-
-const publicPath = `/`
-
-
-async function start ({
-  app,
-  router
-  , store
-}, bootFiles) {
-  
-  let hasRedirected = false
-  const getRedirectUrl = url => {
-    try { return router.resolve(url).href }
-    catch (err) {}
-
-    return Object(url) === url
-      ? null
-      : url
-  }
-  const redirect = url => {
-    hasRedirected = true
-
-    if (typeof url === 'string' && /^https?:\/\//.test(url)) {
-      window.location.href = url
-      return
-    }
-
-    const href = getRedirectUrl(url)
-
-    // continue if we didn't fail to resolve the url
-    if (href !== null) {
-      window.location.href = href
-      window.location.reload()
-    }
-  }
-
-  const urlPath = window.location.href.replace(window.location.origin, '')
-
-  for (let i = 0; hasRedirected === false && i < bootFiles.length; i++) {
-    try {
-      await bootFiles[i]({
-        app,
-        router,
-        store,
-        ssrContext: null,
-        redirect,
-        urlPath,
-        publicPath
-      })
-    }
-    catch (err) {
-      if (err && err.url) {
-        redirect(err.url)
-        return
-      }
-
-      console.error('[Quasar] boot error:', err)
-      return
-    }
-  }
-
-  if (hasRedirected === true) return
-  
-
-  app.use(router)
-
-  
-
-    
-
-    
-      app.mount('#q-app')
-    
-  
-
-}
-
-createQuasarApp(createApp, quasarUserOptions)
-
-  .then(app => {
-    // eventually remove this when Cordova/Capacitor/Electron support becomes old
-    const [ method, mapFn ] = Promise.allSettled !== void 0
-      ? [
-        'allSettled',
-        bootFiles => bootFiles.map(result => {
-          if (result.status === 'rejected') {
-            console.error('[Quasar] boot error:', result.reason)
-            return
-          }
-          return result.value.default
-        })
-      ]
-      : [
-        'all',
-        bootFiles => bootFiles.map(entry => entry.default)
-      ]
-
-    return Promise[ method ]([
-      
-      import(/* webpackMode: "eager" */ 'boot/dayjs')
-      
-    ]).then(bootFiles => {
-      const boot = mapFn(bootFiles).filter(entry => typeof entry === 'function')
-      start(app, boot)
-    })
-  })
-

ui/.quasar/prod-spa/client-prefetch.js

@@ -1,116 +0,0 @@
-/* eslint-disable */
-/**
- * THIS FILE IS GENERATED AUTOMATICALLY.
- * DO NOT EDIT.
- *
- * You are probably looking on adding startup/initialization code.
- * Use "quasar new boot <name>" and add it there.
- * One boot file per concern. Then reference the file(s) in quasar.config file > boot:
- * boot: ['file', ...] // do not add ".js" extension to it.
- *
- * Boot files are your "main.js"
- **/
-
-
-
-import App from 'app/src/App.vue'
-let appPrefetch = typeof App.preFetch === 'function'
-  ? App.preFetch
-  : (
-    // Class components return the component options (and the preFetch hook) inside __c property
-    App.__c !== void 0 && typeof App.__c.preFetch === 'function'
-      ? App.__c.preFetch
-      : false
-    )
-
-
-function getMatchedComponents (to, router) {
-  const route = to
-    ? (to.matched ? to : router.resolve(to).route)
-    : router.currentRoute.value
-
-  if (!route) { return [] }
-
-  const matched = route.matched.filter(m => m.components !== void 0)
-
-  if (matched.length === 0) { return [] }
-
-  return Array.prototype.concat.apply([], matched.map(m => {
-    return Object.keys(m.components).map(key => {
-      const comp = m.components[key]
-      return {
-        path: m.path,
-        c: comp
-      }
-    })
-  }))
-}
-
-export function addPreFetchHooks ({ router, store, publicPath }) {
-  // Add router hook for handling preFetch.
-  // Doing it after initial route is resolved so that we don't double-fetch
-  // the data that we already have. Using router.beforeResolve() so that all
-  // async components are resolved.
-  router.beforeResolve((to, from, next) => {
-    const
-      urlPath = window.location.href.replace(window.location.origin, ''),
-      matched = getMatchedComponents(to, router),
-      prevMatched = getMatchedComponents(from, router)
-
-    let diffed = false
-    const preFetchList = matched
-      .filter((m, i) => {
-        return diffed || (diffed = (
-          !prevMatched[i] ||
-          prevMatched[i].c !== m.c ||
-          m.path.indexOf('/:') > -1 // does it has params?
-        ))
-      })
-      .filter(m => m.c !== void 0 && (
-        typeof m.c.preFetch === 'function'
-        // Class components return the component options (and the preFetch hook) inside __c property
-        || (m.c.__c !== void 0 && typeof m.c.__c.preFetch === 'function')
-      ))
-      .map(m => m.c.__c !== void 0 ? m.c.__c.preFetch : m.c.preFetch)
-
-    
-    if (appPrefetch !== false) {
-      preFetchList.unshift(appPrefetch)
-      appPrefetch = false
-    }
-    
-
-    if (preFetchList.length === 0) {
-      return next()
-    }
-
-    let hasRedirected = false
-    const redirect = url => {
-      hasRedirected = true
-      next(url)
-    }
-    const proceed = () => {
-      
-      if (hasRedirected === false) { next() }
-    }
-
-    
-
-    preFetchList.reduce(
-      (promise, preFetch) => promise.then(() => hasRedirected === false && preFetch({
-        store,
-        currentRoute: to,
-        previousRoute: from,
-        redirect,
-        urlPath,
-        publicPath
-      })),
-      Promise.resolve()
-    )
-    .then(proceed)
-    .catch(e => {
-      console.error(e)
-      proceed()
-    })
-  })
-}

ui/.quasar/prod-spa/quasar-user-options.js

@@ -1,23 +0,0 @@
-/* eslint-disable */
-/**
- * THIS FILE IS GENERATED AUTOMATICALLY.
- * DO NOT EDIT.
- *
- * You are probably looking on adding startup/initialization code.
- * Use "quasar new boot <name>" and add it there.
- * One boot file per concern. Then reference the file(s) in quasar.config file > boot:
- * boot: ['file', ...] // do not add ".js" extension to it.
- *
- * Boot files are your "main.js"
- **/
-
-import lang from 'quasar/lang/tr.js'
-
-
-
-import {Loading,Dialog,Notify} from 'quasar'
-
-
-
-export default { config: {"notify":{"position":"top","timeout":2500}},lang,plugins: {Loading,Dialog,Notify} }
-

ui/dist/spa/css/358.36bfde07.css

@@ -1 +0,0 @@
-.ol-page[data-v-68dfbebc]{padding:10px}.ol-filter-bar[data-v-68dfbebc]{margin-bottom:8px}.ol-filter-row[data-v-68dfbebc]{align-items:center;display:flex;flex-wrap:nowrap;gap:10px}.ol-filter-input[data-v-68dfbebc]{flex:0 0 136px;min-width:118px;width:136px}.ol-search[data-v-68dfbebc]{flex:1 1 360px;max-width:420px;min-width:240px}.ol-filter-actions[data-v-68dfbebc]{display:flex;flex:0 0 auto;flex-wrap:nowrap;gap:8px}.ol-filter-total[data-v-68dfbebc]{align-items:flex-end;align-self:center;display:flex;flex:0 0 auto;flex-direction:column;gap:2px;justify-content:center;line-height:1.2;margin-left:auto;min-width:250px}.ol-total-line[data-v-68dfbebc]{align-items:baseline;display:flex;gap:8px;white-space:nowrap}.ol-total-label[data-v-68dfbebc]{color:#4b5563;font-size:12px}.ol-total-value[data-v-68dfbebc]{font-size:13px}.ol-table[data-v-68dfbebc] .q-table thead th{font-size:11px;padding:4px 6px;white-space:nowrap}.ol-table[data-v-68dfbebc] .q-table tbody td{font-size:11px;padding:3px 6px}.ol-col-multiline[data-v-68dfbebc]{display:block;display:-webkit-box;line-height:1.15;overflow:hidden;text-overflow:ellipsis;white-space:normal!important;word-break:break-word;-webkit-box-orient:vertical;-webkit-line-clamp:2;max-height:2.35em}.ol-col-cari[data-v-68dfbebc]{max-width:160px}.ol-col-short[data-v-68dfbebc]{max-width:88px}.ol-col-desc[data-v-68dfbebc]{max-width:160px}.ol-pack-rate-cell[data-v-68dfbebc]{font-weight:700}.pack-rate-danger[data-v-68dfbebc]{color:#c62828}.pack-rate-warn[data-v-68dfbebc]{color:#8a6d00}.pack-rate-ok[data-v-68dfbebc]{color:#1f7a4f}@media (max-width:1440px){.ol-filter-row[data-v-68dfbebc]{align-items:flex-start;flex-wrap:wrap}.ol-filter-actions[data-v-68dfbebc]{flex-wrap:wrap}.ol-filter-input[data-v-68dfbebc]{flex:1 1 140px}.ol-filter-total[data-v-68dfbebc]{align-items:flex-start;margin-left:0;margin-top:6px;min-width:100%}.ol-total-line[data-v-68dfbebc]{justify-content:space-between;width:100%}}

ui/dist/spa/css/398.961173a2.css

@@ -1 +0,0 @@
-.bulk-close-page[data-v-734820af]{padding:10px}.bulk-filter-bar[data-v-734820af]{margin-bottom:8px}.bulk-filter-row[data-v-734820af]{align-items:flex-start;display:flex;flex-wrap:wrap;gap:10px}.bulk-search[data-v-734820af]{flex:1 1 420px;max-width:520px;min-width:320px}.bulk-filter-actions[data-v-734820af]{display:flex;flex-wrap:wrap;gap:8px}.bulk-summary[data-v-734820af]{align-items:flex-end;display:flex;flex-direction:column;font-size:12px;margin-left:auto;min-width:140px}.bulk-table[data-v-734820af] .q-table thead th{font-size:11px;font-weight:700;white-space:nowrap}.bulk-table[data-v-734820af] .q-table tbody td{font-size:11px;white-space:nowrap}.pack-rate-danger[data-v-734820af]{color:#c62828}.pack-rate-warn[data-v-734820af]{color:#8a6d00}.pack-rate-ok[data-v-734820af]{color:#1f7a4f}@media (max-width:1200px){.bulk-summary[data-v-734820af]{align-items:flex-start;margin-left:0}}

ui/dist/spa/css/54.b237f020.css

@@ -1 +0,0 @@
-.rdp-list-page[data-v-a17e51d4]{--rdp-header-h:56px;--rdp-filter-h:96px;background:#fff;display:flex;flex-direction:column;height:calc(100vh - var(--rdp-header-h));overflow:auto;padding:10px}.rdp-filter-bar[data-v-a17e51d4]{align-items:center;background:#fff;border-bottom:1px solid #ddd;box-shadow:0 1px 2px #0000000f;display:flex;margin-bottom:8px;min-height:var(--rdp-filter-h);padding:10px 12px;position:sticky;top:0;z-index:600}.rdp-filter-row[data-v-a17e51d4]{align-items:flex-end;display:flex;flex-wrap:nowrap;gap:12px}.rdp-filter-input[data-v-a17e51d4]{max-width:300px;min-width:180px}.rdp-search[data-v-a17e51d4]{flex:1 1 360px;max-width:520px;min-width:300px}.rdp-config-menus[data-v-a17e51d4],.rdp-filter-actions[data-v-a17e51d4]{align-items:center;display:flex;flex:0 0 auto;gap:8px;white-space:nowrap}.rdp-menu-list[data-v-a17e51d4]{max-height:420px;min-width:260px}.rdp-summary[data-v-a17e51d4]{align-self:center;background:#f9fafb;border:1px solid #e0e0e0;border-radius:6px;color:#4b5563;font-size:12px;margin-left:auto;padding:8px 12px;white-space:nowrap}.rdp-table[data-v-a17e51d4] .q-table__middle{max-height:none!important;overflow:visible!important}.rdp-table[data-v-a17e51d4] .q-table thead th{background:#fff;box-shadow:0 2px 4px #00000014;font-size:11px;position:sticky;top:var(--rdp-filter-h);white-space:nowrap;z-index:500}.rdp-table[data-v-a17e51d4] .q-table tbody td{font-size:11px;padding:3px 6px}.rdp-table[data-v-a17e51d4] .q-checkbox__inner{pointer-events:none}.rdp-table[data-v-a17e51d4] .freeze-col{background:#fff;position:sticky;z-index:510}.rdp-table[data-v-a17e51d4] thead .freeze-col{background:#fff;z-index:520}.rdp-table[data-v-a17e51d4] .freeze-1{left:0}.rdp-table[data-v-a17e51d4] .freeze-2{left:56px}.rdp-table[data-v-a17e51d4] .freeze-3{left:276px}@media (max-width:1400px){.rdp-filter-row[data-v-a17e51d4]{align-items:flex-start;flex-wrap:wrap}.rdp-config-menus[data-v-a17e51d4],.rdp-filter-actions[data-v-a17e51d4]{flex-wrap:wrap}.rdp-summary[data-v-a17e51d4]{margin-left:0;margin-top:6px;min-width:100%}}

ui/dist/spa/css/607.8d5cccce.css

@@ -1 +0,0 @@
-.perm-gateway[data-v-57a9abef]{padding:24px}

ui/dist/spa/css/713.e99910ab.css

@@ -1 +0,0 @@
-.login-bg[data-v-2ea21061]{min-height:100%;position:relative}.login-bg[data-v-2ea21061]:before{background:url(/images/Baggi-Fabrika-resmi.jpg) no-repeat 50%;background-size:cover;content:"";inset:0;opacity:.3;position:absolute}.login-bg[data-v-2ea21061]>*{position:relative;z-index:1}.login-card[data-v-2ea21061]{background:var(--q-secondary);border-radius:16px;color:#fff;max-width:90%;width:400px}.login-title[data-v-2ea21061]{color:var(--q-primary);font-size:1.3rem;font-weight:700}.custom-input[data-v-2ea21061]{background:#fdfcfc;border-radius:8px}.full-width[data-v-2ea21061]{width:100%}.login-card[data-v-2ea21061] .q-field__input,.login-card[data-v-2ea21061] .q-field__native{color:var(--q-primary)!important;font-weight:600}.login-card[data-v-2ea21061] .q-field__native::placeholder{color:#95711699}.login-card[data-v-2ea21061] .q-field--focused .q-field__native,.login-card[data-v-2ea21061] .q-field__label{color:var(--q-primary)}.login-card[data-v-2ea21061] input:-webkit-autofill{-webkit-text-fill-color:var(--q-primary)!important;-webkit-transition:background-color 9999s ease-in-out 0s;transition:background-color 9999s ease-in-out 0s}

ui/dist/spa/css/784.5916f342.css

@@ -1 +0,0 @@
-.user-gateway-page[data-v-7b115e06]{background:#fafafa}.gateway-container[data-v-7b115e06]{max-width:900px;padding:24px;width:100%}.gateway-header[data-v-7b115e06]{text-align:center}.gateway-actions[data-v-7b115e06]{justify-content:center}.gateway-card[data-v-7b115e06]{transition:all .2s ease;width:280px}.gateway-card[data-v-7b115e06]:hover{box-shadow:0 8px 24px #00000014;transform:translateY(-4px)}

ui/dist/spa/css/app.53116624.css

@@ -1 +0,0 @@
-.with-bg{min-height:100%;position:relative}.with-bg:before{background:url(/images/Baggi-tekstilas-logolu.jpg) no-repeat top;background-size:400px auto;content:"";inset:0;opacity:.15;pointer-events:none;position:absolute;z-index:0}.with-bg>*{position:relative;z-index:1}.q-page{margin-top:5px}@media (max-width:768px){.with-bg:before{background-size:260px auto}}.filter-sticky{position:sticky;top:56px;z-index:300}.filter-collapsible,.filter-sticky{background:#fff}.table-scroll{height:calc(100vh - 56px);margin-top:0;overflow-x:auto;overflow-y:auto;position:relative}.sticky-table .q-table__middle{max-height:none!important;overflow:visible!important}.sticky-table .q-table__top{background:#fff;box-shadow:0 2px 4px #00000014;position:sticky;top:0;z-index:220}.sticky-table thead th{background:#fff;position:sticky;top:40px;z-index:210}.sticky-bar{background:#fff;border-bottom:1px solid #ddd;padding:4px 8px;position:sticky;top:0;z-index:230}.sticky-table thead th{max-width:400px;min-width:80px;overflow:auto;resize:horizontal}.sticky-table td{font-size:.95rem;font-weight:600;line-height:1.2rem;max-width:400px;min-width:80px;overflow-wrap:break-word!important;padding:4px 8px!important;white-space:normal!important;word-break:break-word!important}.baggi-ppct{display:block;margin:30px auto 0;max-width:400px;opacity:.4}.col-desc{font-size:.75rem!important;line-height:1.1rem;max-width:220px!important;min-width:180px!important;overflow-wrap:break-word;white-space:normal!important;width:220px!important;word-break:break-word!important}.custom-table{font-size:.8rem}.custom-table th{background:#fff;color:#222;font-weight:800}.custom-table td{color:#333;font-weight:600}.custom-subtable{background:#fafafa;font-size:.72rem}.custom-subtable th{background:#f9f9f9;color:#555;font-weight:500}.custom-subtable td{color:#666;font-weight:400}.col-narrow{font-size:.72rem;max-width:90px;overflow:hidden;padding:2px 6px!important;text-overflow:ellipsis;white-space:nowrap}.group-row{background:#f1f1f1!important;border-bottom:2px solid #ccc;border-top:2px solid #ccc;color:#222;font-weight:700!important}.balance-card{align-items:center;border-radius:8px;display:flex;justify-content:center;min-height:120px;width:100%}.q-table td[data-col=BELGE_NO],.q-table td[data-col=Belge_No],.q-table td[data-col=belge_no]{color:var(--q-primary)!important;font-weight:600!important}.permissions-toolbar{align-items:center;background:#fff;border-bottom:1px solid #ddd;display:flex;gap:12px;padding:8px 16px;position:sticky;top:42px;z-index:300}.permissions-table-scroll{height:calc(100vh - 112px);overflow-x:auto;overflow-y:auto;position:relative}.permissions-table .q-table__middle{max-height:none!important;overflow:auto!important;padding-top:0}.permissions-table thead th{background:#fff;box-shadow:0 2px 4px #00000014;top:10px;z-index:210}.permissions-table td{background:#fff;font-size:.95rem;line-height:1.2rem;max-width:400px;min-width:80px;overflow-wrap:break-word!important;padding:4px 8px!important;white-space:normal!important;word-break:break-word!important}.permissions-table .permissions-sticky-col{background:#fff;box-shadow:2px 0 4px #0000000a;left:0;position:sticky;z-index:205}:root{--header-h:0px;--filter-h:72px;--save-h:60px;--grid-header-h:172px;--sub-header-h:34px;--drawer-w:240px;--col-model:90px;--col-renk:80px;--col-ana:100px;--col-alt:100px;--col-aciklama:140px;--col-adet:70px;--col-fiyat:70px;--col-pb:70px;--col-tutar:70px;--grp-title-w:90px;--grp-title-gap:4px;--beden-w:44px;--beden-h:28px;--beden-count:16;--baggi-gold:#c9a227;--baggi-gold-pale:#fff9e6;--baggi-gold-light:#fff7d2;--baggi-cream:#fffef9;--baggi-gray-border:#bbb}*,:after,:before{box-sizing:border-box}body,html{height:100%;margin:0}body{background:#fff;color:#222;font-family:Inter,Segoe UI,Arial,sans-serif;font-size:14px;line-height:1.4}#q-app,.q-page-container{margin:0;padding:0}.q-layout__page{top:0!important}.order-page{background:#fff;display:flex;flex-direction:column;height:calc(100vh - var(--header-h));overflow-x:visible;overflow-y:auto}.body--drawer-left-open .q-page-container{margin-left:var(--drawer-w);width:calc(100% - var(--drawer-w))}.body--drawer-left-closed .q-page-container{margin-left:0;width:100%}.order-scroll-x{flex:1}.order-page::-webkit-scrollbar-thumb,.order-scroll-x::-webkit-scrollbar{height:8px;width:8px}.order-scroll-x::-webkit-scrollbar-thumb{background:#c0a75e;border-radius:4px}.order-scroll-x::-webkit-scrollbar-track{background:#f9f5e6}.q-header{box-shadow:0 1px 2px #00000014;position:sticky;top:0;z-index:1000}.sticky-stack{background:#fff;box-shadow:0 1px 3px #0000000d;display:flex;flex-direction:column;margin-top:0!important;position:sticky;top:var(--header-h);z-index:950}.filter-bar{background:#fafafa;margin-top:0!important;padding:12px 24px}.filter-bar,.save-toolbar{border-bottom:1px solid #ddd}.save-toolbar{align-items:center;background:var(--baggi-gold-pale);border-top:1px solid #ddd;display:flex;justify-content:space-between;padding:10px 16px;z-index:940}.save-toolbar .label{color:#6a5314;font-weight:700}.save-toolbar .value{color:#000;font-weight:700}.save-toolbar .q-btn{border-radius:6px;font-weight:600;text-transform:none}.order-grid-header{background:var(--baggi-cream);border-bottom:2px solid var(--baggi-gray-border);box-shadow:0 2px 3px #0000000d;display:grid;grid-auto-flow:column;grid-template-columns:var(--col-model) var(--col-renk) var(--col-ana) var(--col-alt) var(--col-aciklama) calc(var(--grp-title-w) + var(--grp-title-gap) + var(--beden-w)*var(--beden-count)) var(--col-adet) var(--col-fiyat) var(--col-pb) var(--col-tutar) var(--col-termin);position:sticky;top:calc(var(--header-h) + var(--filter-h) + var(--save-h));z-index:700}.order-grid-header .col-fixed{align-items:center;background:var(--baggi-gold-light);border:1px solid #aaa;display:flex;font-size:12.5px;font-weight:700;height:var(--grid-header-h);justify-content:center;transform:rotate(180deg);writing-mode:vertical-lr}.order-grid-header .aciklama-col{background:#fff9c4;border-right:2px solid #a6a6a6}.order-grid-header .beden-block{background:#fff;border:1px solid #ccc;display:flex;flex-direction:column;height:var(--grid-header-h)}.order-grid-header .grp-row{align-items:center;display:flex;height:var(--beden-h)}.order-grid-header .grp-title{font-size:12px;font-weight:700;padding-right:4px;text-align:right;width:var(--grp-title-w)}.order-grid-header .grp-body{display:grid;grid-auto-columns:var(--beden-w);grid-auto-flow:column}.order-grid-header .grp-cell.hdr{align-items:center;border:1px solid #bbb;display:flex;font-size:11.5px;font-weight:600;height:var(--beden-h);justify-content:center;width:var(--beden-w)}.order-grid-header .total-row{align-items:stretch;background:#fff59d;display:flex;justify-content:space-between}.order-grid-header .total-cell{align-items:center;background:var(--baggi-gold-pale);border-right:1px solid #bbb;display:flex;font-size:12px;font-weight:700;justify-content:center;transform:rotate(180deg);width:var(--col-adet);writing-mode:vertical-lr}.order-sub-header{align-items:center;background:linear-gradient(90deg,#fffbe9,#fff4c4 50%,#fff1b0);border-bottom:1px solid #d6c06a;border-top:1px solid #d6c06a;box-sizing:border-box;display:grid;grid-auto-flow:column;grid-template-columns:var(--col-model) var(--col-renk) var(--col-ana) var(--col-alt) var(--col-aciklama) calc(var(--grp-title-w) + var(--grp-title-gap) + var(--beden-w)*var(--beden-count)) var(--col-adet) var(--col-fiyat) var(--col-pb) var(--col-tutar) var(--col-termin);height:var(--sub-header-h);justify-items:stretch;margin-right:0!important;margin:0!important;min-height:var(--sub-header-h);padding-right:0!important;padding:0!important;position:sticky;top:calc(var(--header-h) + var(--filter-h) + var(--save-h) + var(--grid-header-h));z-index:650}:root{--col-termin:142px}.order-sub-header .sub-left{align-items:center;color:#2b1f05;display:flex;font-weight:800;grid-column:1/span 5;padding-left:6px}.order-sub-header .sub-center{align-items:center;box-sizing:border-box;display:grid;grid-auto-columns:var(--beden-w);grid-auto-flow:column;grid-column:6/7;height:100%;justify-content:start;margin-left:var(--grp-title-gap);padding-left:var(--grp-title-w);width:calc(var(--grp-title-w) + var(--grp-title-gap) + var(--beden-w)*var(--beden-count))}.order-sub-header .beden-cell{align-items:center;background:#fffdf3;border:1px solid #d8c16b;border-right:none;box-sizing:border-box;display:flex;font-size:12px;font-weight:600;height:100%;justify-content:center;width:var(--beden-w)}.order-sub-header .beden-cell:last-child{border-right:1px solid #d8c16b}.order-sub-header .sub-right{align-items:flex-end;color:#3b2f09;display:flex;flex-direction:column;font-size:13.5px;font-weight:900;grid-column:7/-1;justify-content:center;line-height:1.3;padding-right:0;text-align:right;text-transform:uppercase;transform:translateX(-60px)}.order-sub-header:hover{background:linear-gradient(90deg,#fff9cf,#fff3b0 70%,#ffe88f)}:root{--sub-header-h:60px}.order-sub-header{overflow:hidden}.order-grid-body{background:#fff;margin-top:0!important;padding-top:var(--sub-header-h);position:relative;z-index:100}.summary-row{display:grid;grid-template-columns:var(--col-model) var(--col-renk) var(--col-ana) var(--col-alt) var(--col-aciklama) calc(var(--grp-title-w) + var(--grp-title-gap) + var(--beden-w)*var(--beden-count)) var(--col-adet) var(--col-fiyat) var(--col-pb) var(--col-tutar) var(--col-termin)}.summary-row .cell{box-sizing:border-box;color:#222;font-size:13px;height:var(--beden-h)}.summary-row.row-closed{background:#f5f5f5;opacity:.55}.summary-row.row-closed:hover{background:#f5f5f5!important}.summary-row:nth-child(odd){background:#fffef9}.summary-row .grp-area{display:flex;flex-direction:column;justify-content:center;transform:translateX(calc(var(--grp-title-w) - var(--beden-w)))}.summary-row .grp-row{display:grid;grid-auto-columns:var(--beden-w);grid-auto-flow:column}.summary-row .grp-row .cell.beden{align-items:center;border:1px solid #ddd;display:flex;font-size:12px;height:var(--beden-h);justify-content:center;width:var(--beden-w)}.cell.beden.ghost{border:1px solid #0000!important;opacity:0;pointer-events:none}.summary-row .cell.adet,.summary-row .cell.fiyat,.summary-row .cell.pb,.summary-row .cell.termin,.summary-row .cell.tutar{border-left:none!important;color:#000;font-weight:600;height:100%}.summary-row .cell.tutar{border-right:none!important;justify-content:flex-end;padding-right:8px;text-align:right}.summary-row .cell.termin{align-items:center;background:#fffef9;justify-content:center;min-width:var(--col-termin)}.summary-row .cell.termin .q-input{box-sizing:border-box;max-width:142px!important;width:100%}.summary-row .cell.termin input{font-size:13px;text-align:center}.editor{background:#fffef9;border-top:1px solid #ddd;margin-top:24px;padding:16px;position:relative;z-index:50}.editor:before{background:linear-gradient(90deg,#c9a227,#e5d28b,#fff7d2);border-radius:2px;content:"";display:block;height:4px;margin-bottom:12px}.editor .q-input,.editor .q-select{font-size:14px;margin-bottom:8px}.cell.termin .termin-label{align-items:center;background:#fffef9;border-left:1px solid #ccc;box-sizing:border-box;color:#222;display:flex;font-size:13px;font-weight:600;height:100%;justify-content:center;width:100%}@media (max-width:1024px){:root{--beden-w:40px;--col-aciklama:120px}.order-grid-header .col-fixed{font-size:11px}.order-sub-header{font-size:12.5px}}@media (max-width:768px){:root{--beden-w:36px;--col-model:70px;--col-renk:60px;--col-aciklama:100px}.order-page{font-size:13px}.order-grid-header .total-cell{font-size:10.5px}}.summary-row .cell{align-items:center;display:flex;height:auto;justify-content:center;padding:4px 6px;text-align:center;white-space:normal;word-wrap:break-word}.summary-row .grp-area,.summary-row .grp-row,.summary-row .grp-row .cell.beden{align-items:center;height:100%}.summary-row .cell.aciklama{align-items:flex-start!important;background:#fff!important;border-right:1px solid #ccc!important;box-sizing:border-box!important;display:flex!important;flex-direction:column!important;font-size:13px!important;grid-column:5/6!important;justify-content:flex-start!important;line-height:1.4!important;margin-right:-92px!important;min-height:36px!important;overflow-wrap:break-word!important;padding:6px 12px!important;position:relative!important;text-align:left!important;white-space:normal!important;width:calc(var(--col-aciklama) + 92px)!important;word-break:break-word!important;z-index:10!important}.order-grid-header .col-fixed,.summary-row .cell,.summary-row .grp-row .cell.beden{border-color:#bbb!important}.summary-row .cell:not(:last-child){border-right:1px solid #bdbdbd!important}.summary-row{border-bottom:1px solid #ccc}.summary-row:last-child{border-bottom:2px solid #b7a33a}.summary-row .cell,.summary-row .grp-row .cell.beden{border-bottom:1px solid #ddd!important}.summary-row:hover{background:#fffce0}.summary-row.is-editing{background:#fff3cd;outline:2px solid #caa83f;z-index:2}.editor .q-btn:hover{background:#d2b04d;color:#fff}.summary-row:hover .cell,.summary-row:hover .grp-row .cell.beden{border-bottom:1px solid #ccc!important}.stok-red{color:#e53935;font-weight:600}.stok-yellow{color:#f9a825;font-weight:600}.stok-green{color:#43a047;font-weight:600}.q-banner.rounded-borders{border-radius:8px}.order-gateway{background:linear-gradient(145deg,#fff,#fafafa);height:100%}.order-btn{border-radius:12px;font-size:1.2rem;min-width:280px;padding:20px 40px;transition:all .2s ease}.order-btn:hover{box-shadow:0 4px 12px #00000026;transform:translateY(-3px)}.body--drawer-left-open .order-page{overflow-x:visible;width:calc(100vw - var(--drawer-w))}.order-scroll-x{box-sizing:border-box;max-width:100%}.order-grid-body,.order-grid-header,.order-sub-header{box-sizing:border-box;min-width:fit-content;width:100%}.body--drawer-left-open .filter-bar,.body--drawer-left-open .order-grid-body,.body--drawer-left-open .order-grid-header,.body--drawer-left-open .order-sub-header,.body--drawer-left-open .save-toolbar{box-sizing:border-box;margin-left:0;margin-right:0;overflow-x:hidden;width:calc(100vw - var(--drawer-w))}.body--drawer-left-closed .filter-bar,.body--drawer-left-closed .order-grid-body,.body--drawer-left-closed .order-grid-header,.body--drawer-left-closed .order-sub-header,.body--drawer-left-closed .save-toolbar{width:100vw}.order-grid-body,.order-grid-header,.order-sub-header{border-right:2px solid var(--baggi-gold)}.body--drawer-left-open .filter-bar,.body--drawer-left-open .order-grid-body,.body--drawer-left-open .order-grid-header,.body--drawer-left-open .order-page,.body--drawer-left-open .order-sub-header,.body--drawer-left-open .save-toolbar{margin-right:0!important;overflow-x:visible!important;padding-right:0!important;width:calc(100vw - var(--drawer-w) - 8px)}.order-grid-body{border-right:2px solid var(--baggi-gold)}.order-scroll-x{align-items:flex-start;background:#fff;display:flex;flex-direction:column;overflow-x:auto;overflow-y:visible}.filter-bar,.order-grid-header,.order-sub-header,.save-toolbar{box-sizing:border-box;min-width:100%;width:fit-content}.order-grid-body{box-sizing:border-box;width:fit-content}.summary-row.row-closed{opacity:.65;pointer-events:none}.summary-row.row-closed,.summary-row.row-closed:hover{background:#e6e6e6!important}.summary-row.row-closed.is-editing{outline:none!important}.filter-bar,.order-grid-body,.order-grid-header,.order-sub-header,.save-toolbar{border-right:none!important;margin-right:0!important;padding-right:0!important}.summary-row.row-error{background:#c1001514}.row-error-icon{left:4px;position:absolute;top:50%;transform:translateY(-50%)}.body--drawer-left-closed .order-scroll-x,.body--drawer-left-open .order-scroll-x{overflow-x:auto;width:100%}:root{--ol-header-h:56px;--ol-filter-h:96px}.ol-page{background:#fff;display:flex;flex-direction:column;height:calc(100vh - var(--ol-header-h));overflow:auto}.ol-filter-bar{align-items:center;box-shadow:0 1px 2px #0000000f;display:flex;min-height:var(--ol-filter-h);padding:10px 16px}.ol-table .q-table__middle{max-height:none!important;overflow:visible!important}.ol-table thead th{background:#fff;box-shadow:0 2px 4px #00000014;font-weight:700;position:sticky;top:var(--ol-filter-h);z-index:500}.ol-table .q-table__body .q-tr:nth-child(odd){background-color:#f7f7f7!important}.ol-table .q-table__body .q-tr:nth-child(2n){background-color:#fff!important}.ol-table .q-table__body .q-tr:hover{background-color:#fff7d1!important;transition:background-color .15s ease}.ol-table .q-td{font-size:.9rem;line-height:1.3;padding:6px 8px!important}.q-header{z-index:1000!important}.q-drawer{z-index:950!important}@media (max-width:768px){:root{--ol-filter-h:64px}.ol-filter-bar{padding:8px 12px}}.ol-table .q-table__body .q-tr:nth-child(odd),.ol-table tbody tr:nth-child(odd){background-color:#faf8ef!important}.ol-table .q-table__body .q-tr:nth-child(2n),.ol-table tbody tr:nth-child(2n){background-color:#fff!important}.ol-table .q-table__body .q-tr:hover,.ol-table tbody tr:hover{background-color:#fff4cc!important;transition:background-color .2s ease}.ol-qbanner{background:#f9fafb;border:1px solid #e0e0e0;border-radius:6px;padding:8px 12px}.ol-qbanner-amount{color:#1976d2;margin-left:6px}.ol-col-multiline{line-height:1.25rem;overflow:hidden;white-space:normal!important;word-break:break-word}.ol-col-cari{font-size:.88rem;font-weight:600;max-width:200px;min-width:150px}.ol-col-cari,.ol-col-desc{display:-webkit-box;-webkit-box-orient:vertical}.ol-col-desc{color:#444;font-size:.82rem;max-width:220px;min-width:160px}.ol-table .q-td.ol-col-cari,.ol-table .q-td.ol-col-desc{padding-bottom:6px!important;padding-top:6px!important}.ol-table th.ol-col-cari,.ol-table th.ol-col-desc{white-space:nowrap}.ol-filter-bar{background:#fff;border-bottom:1px solid #ddd;padding:10px 12px;position:sticky;top:0;z-index:600}.ol-filter-row{align-items:flex-end;display:flex;flex-wrap:nowrap;gap:12px}.ol-filter-input{max-width:260px;min-width:180px}.ol-search{min-width:280px}.ol-filter-actions{align-items:center;display:flex;gap:8px;white-space:nowrap}.ol-filter-total{background:#f9fafb;border:1px solid #e0e0e0;border-radius:6px;margin-left:auto;padding:8px 12px;white-space:nowrap}@media (max-width:1200px){.ol-filter-row{flex-wrap:wrap;row-gap:8px}.ol-filter-total{justify-content:flex-end;width:100%}}.order-gateway{min-height:100vh}.draft-card{max-width:90vw;width:320px}.act-page{background:#fff;height:calc(100vh - 56px);overflow:auto}.act-filter-bar{background:#fff;border-bottom:1px solid #ddd;box-shadow:0 1px 2px #0000000f;padding:10px 16px;position:sticky;top:0;z-index:620}.act-filter-row{align-items:flex-end;display:flex;flex-wrap:nowrap;gap:12px}.act-filter-input{max-width:240px;min-width:160px}.act-filter-wide{min-width:260px}.act-filter-actions{display:flex;gap:8px;margin-left:auto;white-space:nowrap}.act-table{font-size:.85rem}.act-table thead th{background:#fff;box-shadow:0 2px 4px #00000014;font-weight:700;position:sticky;top:56px;z-index:500}.act-table tbody tr:nth-child(odd){background:#faf8ef}.act-table tbody tr:nth-child(2n){background:#fff}.act-table tbody tr:hover{background:#fff4cc}.act-table .q-td{font-weight:600;line-height:1.25;padding:6px 8px!important}.act-row-success{background:#43a0470f}.act-row-fail{background:#d32f2f0f}.act-badge-ok{background:#43a047}.act-badge-fail{background:#e53935}.act-col-narrow{max-width:90px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.act-col-route{font-size:.8rem;max-width:260px;white-space:normal;word-break:break-word}.act-col-meta{color:#555;font-size:.75rem}.ol-col-piyasa{padding-bottom:6px!important;padding-top:6px!important;vertical-align:top}.piyasa-wrap{align-content:flex-start;column-gap:6px;display:flex;flex-wrap:wrap;max-height:none;overflow:visible;row-gap:4px}.piyasa-chip{flex:0 0 calc(25% - 6px);font-size:11px;font-weight:600;line-height:1.1;max-width:calc(25% - 6px);overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.user-detail-page{background:#fafafa}.image-preview{border-radius:6px;width:100%}.image-thumb{border-radius:4px;width:100%}.workorder-page{padding-bottom:80px}.permissions-page{background:#fff;display:flex;flex-direction:column;height:calc(100vh - 56px)}.permissions-table-scroll{background:#fff;flex:1;overflow:auto}.permissions-table{font-size:.85rem}.permissions-table thead th{background:var(--baggi-cream);box-shadow:0 2px 3px #0000000f;color:#222;font-weight:800;position:sticky;top:0;z-index:300}.permissions-table td{color:#333;font-weight:600;padding:6px 8px!important}.permissions-table tbody tr:nth-child(odd){background:#fffef7}.permissions-table tbody tr:nth-child(2n){background:#fff}.permissions-table tbody tr:hover{background:#fff4cc}.permissions-sticky-col{background:#fff;box-shadow:2px 0 4px #0000000a;font-weight:700;left:0;position:sticky;z-index:250}.permissions-table .q-th .column{gap:2px}

ui/dist/spa/index.html

@@ -1 +0,0 @@
-<!DOCTYPE html><html><head><title>Baggi SS</title><meta charset=utf-8><meta name=description content="A Quasar Project"><meta name=format-detection content="telephone=no"><meta name=msapplication-tap-highlight content=no><meta name=viewport content="user-scalable=no,initial-scale=1,maximum-scale=1,minimum-scale=1,width=device-width"><link rel=icon type=image/png sizes=128x128 href=/icons/favicon-128x128.png><link rel=icon type=image/png sizes=96x96 href=/icons/favicon-96x96.png><link rel=icon type=image/png sizes=32x32 href=/icons/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/icons/favicon-16x16.png><link rel=icon type=image/ico href=/favicon.ico><script defer src=/js/vendor.1e1ff7a5.js></script><script defer src=/js/app.292f5316.js></script><link href=/css/vendor.724dcfab.css rel=stylesheet><link href=/css/app.53116624.css rel=stylesheet></head><body><div id=q-app></div></body></html>

ui/dist/spa/js/238.471bb852.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[238],{2238:(e,a,l)=>{l.r(a),l.d(a,{default:()=>_});var t=l(1347),r=l(7763),o=l(4187),s=l(455),n=l(3022),i=l(2986),u=l(5767);const d={class:"q-mt-xs"},c={__name:"ResetPassword",setup(e){const a=(0,n.A)(),l=(0,s.lq)(),c=(0,s.rd)(),v=(0,u.n)(),g=(0,o.KR)(""),m=(0,o.KR)(""),p=(0,o.KR)(""),b=(0,o.KR)(!1),y=(0,o.KR)(!0),k=(0,o.KR)(!1),f=(0,o.KR)(null),x=(0,o.KR)(!1),h=(0,o.KR)(!1),w=e=>!!e&&e.length>=8||"En az 8 karakter olmalı",A=e=>e===m.value||"Parolalar eşleşmiyor",q=(0,t.EW)(()=>k.value&&m.value.length>=8&&m.value===p.value&&!b.value),C=(0,t.EW)(()=>{const e=m.value||"";let a=0;e.length>=8&&a++,/[A-Z]/.test(e)&&a++,/[0-9]/.test(e)&&a++,/[^A-Za-z0-9]/.test(e)&&a++;const l=[{value:.1,label:"Çok zayıf",color:"red",textColor:"text-red"},{value:.25,label:"Zayıf",color:"orange",textColor:"text-orange"},{value:.5,label:"Orta",color:"amber",textColor:"text-amber"},{value:.75,label:"İyi",color:"blue",textColor:"text-blue"},{value:1,label:"Güçlü",color:"green",textColor:"text-green"}];return l[Math.min(a,l.length-1)]});async function _(){f.value=null,b.value=!0;try{const e=await(0,i.bE)("/password/reset",{token:g.value,password:m.value});if(!e?.success||!e?.token)throw new Error("reset-failed");v.token=e.token,v.user=e.user,v.permissions=Array.isArray(e.permissions)?e.permissions:[],v.role_id=Number(e.user?.role_id||null),v.forcePasswordChange=!1,v.lastLogin=(new Date).toISOString(),localStorage.setItem("token",v.token),localStorage.setItem("user",JSON.stringify(v.user)),localStorage.setItem("permissions",JSON.stringify(v.permissions)),localStorage.setItem("role_id",String(v.role_id)),localStorage.setItem("lastLogin",v.lastLogin),localStorage.setItem("forcePasswordChange","0"),a.notify({type:"positive",message:"Parolanız güncellendi, giriş yapıldı",position:"top-right"}),c.replace("/app")}catch(e){f.value=e?.message||"Parola politikaya uymuyor (büyük/küçük/rakam/özel karakter)",a.notify({type:"negative",message:f.value,position:"top-right"})}finally{b.value=!1}}return(0,t.sV)(async()=>{try{if(g.value=decodeURIComponent(l.params.token||""),!g.value)throw new Error("empty-token");await i.Ay.get(`/password/reset/validate/${g.value}`),k.value=!0}catch{k.value=!1}finally{y.value=!1}}),(e,a)=>{const l=(0,t.g2)("q-inner-loading"),s=(0,t.g2)("q-card-section"),n=(0,t.g2)("q-separator"),i=(0,t.g2)("q-icon"),u=(0,t.g2)("q-input"),v=(0,t.g2)("q-linear-progress"),g=(0,t.g2)("q-banner"),S=(0,t.g2)("q-btn"),L=(0,t.g2)("q-card-actions"),R=(0,t.g2)("q-card"),I=(0,t.g2)("q-page");return(0,t.uX)(),(0,t.Wv)(I,{class:"flex flex-center bg-grey-2"},{default:(0,t.k6)(()=>[y.value?((0,t.uX)(),(0,t.Wv)(l,{key:0,showing:""})):k.value?((0,t.uX)(),(0,t.Wv)(R,{key:1,class:"q-pa-sm",style:{width:"420px","max-width":"90vw"}},{default:(0,t.k6)(()=>[(0,t.bF)(s,null,{default:(0,t.k6)(()=>[...a[5]||(a[5]=[(0,t.Lk)("div",{class:"text-h6 text-weight-bold"}," 🔐 Parola Sıfırlama ",-1),(0,t.Lk)("div",{class:"text-caption text-grey-7 q-mt-xs"}," Yeni parolanızı belirleyin ",-1)])]),_:1}),(0,t.bF)(n),(0,t.bF)(s,null,{default:(0,t.k6)(()=>[(0,t.bF)(u,{modelValue:m.value,"onUpdate:modelValue":a[1]||(a[1]=e=>m.value=e),type:x.value?"text":"password",label:"Yeni Parola",dense:"",filled:"",rules:[w]},{append:(0,t.k6)(()=>[(0,t.bF)(i,{name:x.value?"visibility_off":"visibility",class:"cursor-pointer",onClick:a[0]||(a[0]=e=>x.value=!x.value)},null,8,["name"])]),_:1},8,["modelValue","type","rules"]),(0,t.Lk)("div",d,[(0,t.bF)(v,{value:C.value.value,color:C.value.color,rounded:"",size:"6px"},null,8,["value","color"]),(0,t.Lk)("div",{class:(0,r.C4)(["text-caption q-mt-xs",C.value.textColor])},(0,r.v_)(C.value.label),3)]),(0,t.bF)(u,{modelValue:p.value,"onUpdate:modelValue":a[3]||(a[3]=e=>p.value=e),type:h.value?"text":"password",label:"Parola Tekrar",dense:"",filled:"",class:"q-mt-sm",rules:[A]},{append:(0,t.k6)(()=>[(0,t.bF)(i,{name:h.value?"visibility_off":"visibility",class:"cursor-pointer",onClick:a[2]||(a[2]=e=>h.value=!h.value)},null,8,["name"])]),_:1},8,["modelValue","type","rules"]),f.value?((0,t.uX)(),(0,t.Wv)(g,{key:0,class:"bg-red-1 text-red q-mt-md",rounded:""},{default:(0,t.k6)(()=>[(0,t.eW)((0,r.v_)(f.value),1)]),_:1})):(0,t.Q3)("",!0)]),_:1}),(0,t.bF)(L,{align:"right"},{default:(0,t.k6)(()=>[(0,t.bF)(S,{label:"PAROLAYI GÜNCELLE",color:"primary",loading:b.value,disable:!q.value,onClick:_},null,8,["loading","disable"])]),_:1})]),_:1})):((0,t.uX)(),(0,t.Wv)(R,{key:2,class:"q-pa-md text-center",style:{width:"420px","max-width":"90vw"}},{default:(0,t.k6)(()=>[a[6]||(a[6]=(0,t.Lk)("div",{class:"text-h6 text-red"}," Bağlantı Geçersiz ",-1)),a[7]||(a[7]=(0,t.Lk)("div",{class:"text-caption text-grey-7 q-mt-sm"}," Parola sıfırlama bağlantısı süresi dolmuş veya daha önce kullanılmış olabilir. ",-1)),(0,t.bF)(S,{label:"GİRİŞ SAYFASINA DÖN",color:"primary",class:"q-mt-md",onClick:a[4]||(a[4]=e=>(0,o.R1)(c).push("/"))})]),_:1}))]),_:1})}}};var v=l(5013),g=l(8356),m=l(3341),p=l(222),b=l(6915),y=l(6067),k=l(3933),f=l(3880),x=l(7453),h=l(5034),w=l(2677),A=l(272),q=l.n(A);const C=c,_=C;q()(c,"components",{QPage:v.A,QInnerLoading:g.A,QCard:m.A,QCardSection:p.A,QSeparator:b.A,QInput:y.A,QIcon:k.A,QLinearProgress:f.A,QBanner:x.A,QCardActions:h.A,QBtn:w.A})}}]);

ui/dist/spa/js/251.ec73d906.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[251],{5251:(e,a,t)=>{t.r(a),t.d(a,{default:()=>K});var l=t(1347),s=t(4187),i=t(8633),o=t(7763),n=t(891),r=t(705),c=t(2986);const u=(0,r.nY)("activityLogStore",{state:()=>({loading:!1,rows:[],total:0,pagination:{page:1,rowsPerPage:0,sortBy:"created_at",descending:!0},filters:{username:"",actionCategory:null,actionType:"",success:null,dateFrom:"",dateTo:""}}),actions:{async fetchLogs(){this.loading=!0;try{const e={};this.pagination.rowsPerPage>0&&(e.page=this.pagination.page,e.limit=this.pagination.rowsPerPage),this.filters.username&&(e.username=this.filters.username),this.filters.actionCategory&&(e.action_category=this.filters.actionCategory),this.filters.actionType&&(e.action_type=this.filters.actionType),null!==this.filters.success&&(e.success=this.filters.success),this.filters.dateFrom&&(e.date_from=this.filters.dateFrom),this.filters.dateTo&&(e.date_to=this.filters.dateTo);const a=await(0,c.Jt)("/activity-logs",e);this.rows=a.items||[],this.total=a.total||0}finally{this.loading=!1}},quickRoleChange(){this.filters.actionCategory="role_permission",this.filters.actionType="role_department_permission_change",this.pagination.page=1,this.fetchLogs()},onTableRequest(e){const{page:a,rowsPerPage:t,sortBy:l,descending:s}=e.pagination;this.pagination.page=a,this.pagination.rowsPerPage=t,this.pagination.sortBy=l,this.pagination.descending=s,this.fetchLogs()},resetFilters(){this.filters={username:"",actionCategory:null,actionType:"",success:null,dateFrom:"",dateTo:""},this.pagination.page=1,this.fetchLogs()}}});var d=t(5767),g=t(588);const p={class:"act-filter-bar"},f={class:"act-filter-row"},b={class:"act-filter-actions"},m={class:"row q-col-gutter-md"},h={class:"col-6"},_={class:"col-6"},k={key:1},y={__name:"ActivityLogs",setup(e){const{canRead:a,canUpdate:t}=(0,g.J)(),r=a("user"),c=t("user"),y=(0,s.KR)(!1),v=(0,s.KR)({before:"",after:""}),R=u(),w=(0,d.n)(),F=[{label:"Auth",value:"auth"},{label:"Navigation",value:"nav"},{label:"Yetkilendirme (User)",value:"user_permission"},{label:"Yetkilendirme (Role)",value:"role_permission"},{label:"Genel Yetki",value:"permission"}],L=[{label:"User Permission Change",value:"user_permission_change"},{label:"Role Permission Change",value:"permission_change"},{label:"Role + Dept Change",value:"role_department_permission_change"},{label:"Login",value:"login"},{label:"Logout",value:"logout"}],C=[{label:"Başarılı",value:!0},{label:"Hatalı",value:!1}],A=[{name:"created_at",label:"Zaman",field:"created_at",sortable:!0},{name:"username",label:"İşlemi Yapan",field:"username",sortable:!0},{name:"target_username",label:"Hedef Kullanıcı",field:"target_username"},{name:"role_code",label:"Rol",field:"role_code"},{name:"action_category",label:"Kategori",field:"action_category"},{name:"action_type",label:"Action",field:"action_type"},{name:"action_target",label:"Route",field:"action_target"},{name:"http_status",label:"HTTP",field:"http_status"},{name:"duration_ms",label:"Süre (ms)",field:"duration_ms"},{name:"diff",label:"Değişiklik"},{name:"is_success",label:"Sonuç",field:"is_success"}];function V(e){return e?n.Ay.formatDate(e,"YYYY-MM-DD HH:mm:ss"):"-"}function q(){w.isAuthenticated&&w.token&&R.fetchLogs()}function T(e){v.value={before:P(e.change_before),after:P(e.change_after)},y.value=!0}function P(e){if(!e)return"-";try{return JSON.stringify(JSON.parse(e),null,2)}catch{return e}}return(0,l.sV)(()=>{q()}),(0,l.wB)(()=>w.token,e=>{e&&q()},{immediate:!0}),(e,a)=>{const t=(0,l.g2)("q-input"),n=(0,l.g2)("q-select"),u=(0,l.g2)("q-btn"),d=(0,l.g2)("q-card-section"),g=(0,l.g2)("q-separator"),w=(0,l.g2)("q-banner"),q=(0,l.g2)("q-card-actions"),P=(0,l.g2)("q-card"),Q=(0,l.g2)("q-dialog"),x=(0,l.g2)("q-td"),B=(0,l.g2)("q-badge"),S=(0,l.g2)("q-table"),U=(0,l.g2)("q-page"),D=(0,l.gN)("close-popup");return(0,s.R1)(r)?((0,l.uX)(),(0,l.Wv)(U,{key:0,class:"act-page with-bg"},{default:(0,l.k6)(()=>[(0,l.Lk)("div",p,[(0,l.Lk)("div",f,[(0,l.bF)(t,{dense:"",filled:"",modelValue:(0,s.R1)(R).filters.username,"onUpdate:modelValue":a[0]||(a[0]=e=>(0,s.R1)(R).filters.username=e),label:"Kullanıcı",clearable:"",class:"act-filter-input",onKeyup:a[1]||(a[1]=(0,i.jR)(e=>(0,s.R1)(R).fetchLogs(),["enter"]))},null,8,["modelValue"]),(0,l.bF)(n,{dense:"",filled:"",modelValue:(0,s.R1)(R).filters.actionCategory,"onUpdate:modelValue":[a[2]||(a[2]=e=>(0,s.R1)(R).filters.actionCategory=e),a[3]||(a[3]=e=>(0,s.R1)(R).fetchLogs())],options:F,label:"Kategori",clearable:"","emit-value":"","map-options":"",class:"act-filter-input"},null,8,["modelValue"]),(0,l.bF)(n,{dense:"",filled:"",modelValue:(0,s.R1)(R).filters.actionType,"onUpdate:modelValue":[a[4]||(a[4]=e=>(0,s.R1)(R).filters.actionType=e),a[5]||(a[5]=e=>(0,s.R1)(R).fetchLogs())],options:L,label:"Action",clearable:"","emit-value":"","map-options":"",class:"act-filter-input"},null,8,["modelValue"]),(0,l.bF)(n,{dense:"",filled:"",modelValue:(0,s.R1)(R).filters.success,"onUpdate:modelValue":[a[6]||(a[6]=e=>(0,s.R1)(R).filters.success=e),a[7]||(a[7]=e=>(0,s.R1)(R).fetchLogs())],options:C,label:"Sonuç",clearable:"","emit-value":"","map-options":"",class:"act-filter-input"},null,8,["modelValue"]),(0,l.bF)(t,{dense:"",filled:"",type:"date",modelValue:(0,s.R1)(R).filters.dateFrom,"onUpdate:modelValue":[a[8]||(a[8]=e=>(0,s.R1)(R).filters.dateFrom=e),a[9]||(a[9]=e=>(0,s.R1)(R).fetchLogs())],label:"Başlangıç",class:"act-filter-input"},null,8,["modelValue"]),(0,l.bF)(t,{dense:"",filled:"",type:"date",modelValue:(0,s.R1)(R).filters.dateTo,"onUpdate:modelValue":[a[10]||(a[10]=e=>(0,s.R1)(R).filters.dateTo=e),a[11]||(a[11]=e=>(0,s.R1)(R).fetchLogs())],label:"Bitiş",class:"act-filter-input"},null,8,["modelValue"]),(0,l.Lk)("div",b,[(0,l.bF)(u,{color:"primary",unelevated:"",label:"Ara",onClick:a[12]||(a[12]=e=>(0,s.R1)(R).fetchLogs())}),(0,l.bF)(u,{flat:"",label:"Temizle",onClick:a[13]||(a[13]=e=>(0,s.R1)(R).resetFilters())}),(0,s.R1)(c)?((0,l.uX)(),(0,l.Wv)(u,{key:0,outline:"",color:"secondary",label:"Rol Değişimleri",onClick:a[14]||(a[14]=e=>(0,s.R1)(R).quickRoleChange())})):(0,l.Q3)("",!0)])])]),(0,l.bF)(S,{class:"act-table sticky-table","row-key":"created_at",rows:(0,s.R1)(R).rows,columns:A,loading:(0,s.R1)(R).loading,"binary-state-sort":""},{"body-cell-created_at":(0,l.k6)(e=>[(0,l.bF)(x,{props:e},{default:(0,l.k6)(()=>[(0,l.eW)((0,o.v_)(V(e.row.created_at)),1)]),_:2},1032,["props"])]),"body-cell-action_target":(0,l.k6)(e=>[(0,l.bF)(x,{props:e,class:"act-col-route"},{default:(0,l.k6)(()=>[(0,l.eW)((0,o.v_)(e.row.action_target),1)]),_:2},1032,["props"])]),"body-cell-http_status":(0,l.k6)(e=>[(0,l.bF)(x,{props:e},{default:(0,l.k6)(()=>[e.row.http_status?((0,l.uX)(),(0,l.Wv)(B,{key:0,label:e.row.http_status,class:(0,o.C4)(e.row.http_status<300?"act-badge-ok":"act-badge-fail")},null,8,["label","class"])):(0,l.Q3)("",!0)]),_:2},1032,["props"])]),"body-cell-diff":(0,l.k6)(e=>[(0,l.bF)(x,{props:e},{default:(0,l.k6)(()=>[e.row.change_before||e.row.change_after?((0,l.uX)(),(0,l.Wv)(u,{key:0,dense:"",flat:"",color:"primary",icon:"compare_arrows",onClick:a=>T(e.row)},null,8,["onClick"])):((0,l.uX)(),(0,l.CE)("span",k,"-"))]),_:2},1032,["props"])]),"body-cell-is_success":(0,l.k6)(e=>[(0,l.bF)(x,{props:e},{default:(0,l.k6)(()=>[(0,l.bF)(B,{label:e.row.is_success?"OK":"FAIL",class:(0,o.C4)(e.row.is_success?"act-badge-ok":"act-badge-fail")},null,8,["label","class"])]),_:2},1032,["props"])]),"no-data":(0,l.k6)(()=>[...a[19]||(a[19]=[(0,l.Lk)("div",{class:"full-width row flex-center q-pa-md text-grey-6"}," Log kaydı bulunamadı. ",-1)])]),default:(0,l.k6)(()=>[(0,l.bF)(Q,{modelValue:y.value,"onUpdate:modelValue":a[15]||(a[15]=e=>y.value=e)},{default:(0,l.k6)(()=>[(0,l.bF)(P,{style:{"min-width":"700px"}},{default:(0,l.k6)(()=>[(0,l.bF)(d,{class:"text-h6"},{default:(0,l.k6)(()=>[...a[16]||(a[16]=[(0,l.eW)(" Rol Değişiklik Detayı ",-1)])]),_:1}),(0,l.bF)(g),(0,l.bF)(d,null,{default:(0,l.k6)(()=>[(0,l.Lk)("div",m,[(0,l.Lk)("div",h,[a[17]||(a[17]=(0,l.Lk)("div",{class:"text-bold q-mb-sm"},"Önce",-1)),(0,l.bF)(w,{class:"bg-grey-2 text-black"},{default:(0,l.k6)(()=>[(0,l.Lk)("pre",null,(0,o.v_)(v.value.before),1)]),_:1})]),(0,l.Lk)("div",_,[a[18]||(a[18]=(0,l.Lk)("div",{class:"text-bold q-mb-sm"},"Sonra",-1)),(0,l.bF)(w,{class:"bg-green-1 text-black"},{default:(0,l.k6)(()=>[(0,l.Lk)("pre",null,(0,o.v_)(v.value.after),1)]),_:1})])])]),_:1}),(0,l.bF)(q,{align:"right"},{default:(0,l.k6)(()=>[(0,l.bo)((0,l.bF)(u,{flat:"",label:"Kapat"},null,512),[[D]])]),_:1})]),_:1})]),_:1},8,["modelValue"])]),_:1},8,["rows","loading"])]),_:1})):((0,l.uX)(),(0,l.Wv)(U,{key:1,class:"q-pa-md flex flex-center"},{default:(0,l.k6)(()=>[...a[20]||(a[20]=[(0,l.Lk)("div",{class:"text-negative text-subtitle1"}," Bu module erisim yetkiniz yok. ",-1)])]),_:1}))}}};var v=t(5013),R=t(6067),w=t(6941),F=t(2677),L=t(6087),C=t(45),A=t(3341),V=t(222),q=t(6915),T=t(7453),P=t(5034),Q=t(8785),x=t(8155),B=t(8657),S=t(272),U=t.n(S);const D=y,K=D;U()(y,"components",{QPage:v.A,QInput:R.A,QSelect:w.A,QBtn:F.A,QTable:L.A,QDialog:C.A,QCard:A.A,QCardSection:V.A,QSeparator:q.A,QBanner:T.A,QCardActions:P.A,QTd:Q.A,QBadge:x.A}),U()(y,"directives",{ClosePopup:B.A})}}]);

ui/dist/spa/js/28.1861262a.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[28],{28:(e,t,s)=>{s.r(t),s.d(t,{default:()=>i});var l=s(1347);const o={class:"fullscreen bg-blue text-white text-center q-pa-md flex flex-center"},n={__name:"ErrorNotFound",setup(e){return(e,t)=>{const s=(0,l.g2)("q-btn");return(0,l.uX)(),(0,l.CE)("div",o,[(0,l.Lk)("div",null,[t[0]||(t[0]=(0,l.Lk)("div",{style:{"font-size":"30vh"}}," 404 ",-1)),t[1]||(t[1]=(0,l.Lk)("div",{class:"text-h2",style:{opacity:".4"}}," Oops. Nothing here... ",-1)),(0,l.bF)(s,{class:"q-mt-xl",color:"white","text-color":"blue",unelevated:"",to:"/",label:"Go Home","no-caps":""})])])}}};var a=s(2677),r=s(272),c=s.n(r);const u=n,i=u;c()(n,"components",{QBtn:a.A})}}]);

ui/dist/spa/js/330.aa2a2894.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[330],{8330:(e,l,a)=>{a.r(l),a.d(l,{default:()=>y});var n=a(1347),u=a(7763),t=a(4187),s=a(455),r=a(2986),i=a(5767);const d={__name:"FirstPasswordChange",setup(e){const l=(0,s.rd)(),a=(0,i.n)(),d=(0,t.KR)(""),o=(0,t.KR)(""),c=(0,t.KR)(""),v=(0,t.KR)(!1),g=(0,t.KR)("");async function m(){if(g.value="",d.value&&o.value&&c.value)if(o.value===c.value){v.value=!0;try{await r.Ay.post("/password/change",{current_password:d.value,new_password:o.value}),a.clearSession(),l.replace("/login")}catch(e){g.value=e?.data?.message||e?.message||"Şifre güncellenemedi"}finally{v.value=!1}}else g.value="Yeni şifreler eşleşmiyor";else g.value="Tüm alanlar zorunludur"}return(e,l)=>{const a=(0,n.g2)("q-card-section"),t=(0,n.g2)("q-input"),s=(0,n.g2)("q-banner"),r=(0,n.g2)("q-btn"),i=(0,n.g2)("q-card-actions"),p=(0,n.g2)("q-card"),b=(0,n.g2)("q-page");return(0,n.uX)(),(0,n.Wv)(b,{class:"flex flex-center"},{default:(0,n.k6)(()=>[(0,n.bF)(p,{style:{width:"420px","max-width":"90vw"}},{default:(0,n.k6)(()=>[(0,n.bF)(a,null,{default:(0,n.k6)(()=>[...l[3]||(l[3]=[(0,n.Lk)("div",{class:"text-h6"},"Şifre Yenileme Zorunlu",-1),(0,n.Lk)("div",{class:"text-caption text-grey-7 q-mt-xs"}," Sistemi kullanabilmek için yeni bir şifre belirlemelisiniz. ",-1)])]),_:1}),(0,n.bF)(a,{class:"q-gutter-md"},{default:(0,n.k6)(()=>[(0,n.bF)(t,{modelValue:d.value,"onUpdate:modelValue":l[0]||(l[0]=e=>d.value=e),type:"password",label:"Mevcut Şifre",outlined:"",dense:""},null,8,["modelValue"]),(0,n.bF)(t,{modelValue:o.value,"onUpdate:modelValue":l[1]||(l[1]=e=>o.value=e),type:"password",label:"Yeni Şifre",outlined:"",dense:""},null,8,["modelValue"]),(0,n.bF)(t,{modelValue:c.value,"onUpdate:modelValue":l[2]||(l[2]=e=>c.value=e),type:"password",label:"Yeni Şifre (Tekrar)",outlined:"",dense:""},null,8,["modelValue"]),g.value?((0,n.uX)(),(0,n.Wv)(s,{key:0,class:"bg-red-1 text-red q-mt-sm",rounded:""},{default:(0,n.k6)(()=>[(0,n.eW)((0,u.v_)(g.value),1)]),_:1})):(0,n.Q3)("",!0)]),_:1}),(0,n.bF)(i,{align:"right"},{default:(0,n.k6)(()=>[(0,n.bF)(r,{label:"Kaydet",color:"primary",loading:v.value,onClick:m},null,8,["loading"])]),_:1})]),_:1})]),_:1})}}};var o=a(5013),c=a(3341),v=a(222),g=a(6067),m=a(7453),p=a(5034),b=a(2677),f=a(272),k=a.n(f);const w=d,y=w;k()(d,"components",{QPage:o.A,QCard:c.A,QCardSection:v.A,QInput:g.A,QBanner:m.A,QCardActions:p.A,QBtn:b.A})}}]);

ui/dist/spa/js/358.629c6b73.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[358],{2358:(e,t,r)=>{r.r(t),r.d(t,{default:()=>H});var l=r(1347),a=r(4187),i=r(7763),o=r(455),s=r(3022),n=(r(939),r(6461),r(7049),r(6593),r(705)),d=r(2986);let c=0;const p=(0,n.nY)("orderlist",{state:()=>({orders:[],loading:!1,error:null,filters:{search:"",CurrAccCode:"",OrderDate:""}}),getters:{filteredOrders(e){let t=e.orders;return e.filters.CurrAccCode&&(t=t.filter(t=>t.CurrAccCode===e.filters.CurrAccCode)),e.filters.OrderDate&&(t=t.filter(t=>t.OrderDate?.startsWith(e.filters.OrderDate))),t},totalVisibleUSD(){return this.filteredOrders.reduce((e,t)=>{const r=Number(t.TotalAmountUSD||0);return e+(Number.isFinite(r)?r:0)},0)},totalPackedVisibleUSD(){return this.filteredOrders.reduce((e,t)=>{const r=Number(t.PackedUSD||0);return e+(Number.isFinite(r)?r:0)},0)},packedVisibleRatePct(){return this.totalVisibleUSD?this.totalPackedVisibleUSD/this.totalVisibleUSD*100:0}},actions:{async fetchOrders(){const e=++c,t=this.filters.search??"",r=String(t).trim();console.groupCollapsed(`%c[orders] FETCH rid=${e}`,"color:#1976d2;font-weight:bold"),console.log("raw      =",JSON.stringify(t),"len=",String(t).length),console.log("trimmed  =",JSON.stringify(r),"len=",r.length),console.log("filters  =",JSON.parse(JSON.stringify(this.filters))),console.log("lastRID  =",c),console.groupEnd(),this.loading=!0,this.error=null;try{const t={};r&&(t.search=r);const l=await d.Ay.get("/orders/list",{params:t});if(e!==c)return void console.warn(`[orders] IGNORE stale response rid=${e} last=${c}`);const a=l?.data;this.orders=Array.isArray(a)?a:[],console.groupCollapsed(`%c[orders] RESPONSE rid=${e} count=${this.orders.length}`,"color:#2e7d32;font-weight:bold"),console.log("status =",l?.status),console.log("sample =",this.orders.slice(0,5).map(e=>({id:e.OrderHeaderID,no:e.OrderNumber,code:e.CurrAccCode,name:e.CurrAccDescription})));const i=this.orders.map(e=>String(e.OrderHeaderID)),o=i.filter((e,t)=>i.indexOf(e)!==t);o.length&&console.warn("DUPLICATE OrderHeaderID sample =",o.slice(0,10)),console.groupEnd()}catch(t){if(e!==c)return;console.error("[orders] FETCH FAILED",t?.response?.status,t?.response?.data||t),this.orders=[],this.error=t?.response?.data||t?.message||"Sipariş listesi alınamadı"}finally{e===c&&(this.loading=!1)}}}});var u=r(5767),m=r(588);const b={class:"ol-filter-bar"},h={class:"ol-filter-row"},f={class:"ol-filter-actions"},g={class:"ol-filter-total"},k={class:"ol-total-line"},w={class:"ol-total-value"},y={class:"ol-total-line"},C={class:"ol-total-value"},D={class:"ol-total-line"},x={class:"ol-col-multiline"},S={class:"ol-col-multiline"},v={class:"ol-col-multiline"},_={class:"ol-col-multiline"},F={__name:"OrderList",setup(e){const{canRead:t}=(0,m.J)(),r=t("order"),n=(0,o.rd)(),c=(0,s.A)(),F=p();let O=null;function A(){const e=(0,u.n)();if(!e?.token)return void c.notify({type:"negative",message:"Oturum bulunamadı",position:"top-right"});const t=new URLSearchParams({search:F.filters.search||"",CurrAccCode:F.filters.CurrAccCode||"",OrderDate:F.filters.OrderDate||""});d.Ay.get(`/orders/export?${t.toString()}`,{responseType:"blob"}).then(e=>e.data).then(e=>{const t=document.createElement("a");t.href=URL.createObjectURL(e),t.download="siparis_listesi.xlsx",t.click()}).catch(()=>{c.notify({type:"negative",message:"Excel dosyasi indirilemedi",position:"top-right"})})}function R(e){if(!e)return"";const[t,r,l]=String(e).split("-");return t&&r&&l?`${l}.${r}.${t}`:e}function P(e){const t=Number(e||0);return t<=50?"pack-rate-danger":t<100?"pack-rate-warn":"pack-rate-ok"}(0,l.wB)(()=>F.filters.search,()=>{clearTimeout(O),O=setTimeout(()=>{F.fetchOrders()},400)});const T=[{name:"select",label:"",field:"select",align:"center",sortable:!1},{name:"OrderNumber",label:"Sipariş No",field:"OrderNumber",align:"left",sortable:!0,style:"min-width:108px;white-space:nowrap",headerStyle:"min-width:108px;white-space:nowrap"},{name:"OrderDate",label:"Tarih",field:"OrderDate",align:"center",sortable:!0,style:"min-width:82px;white-space:nowrap",headerStyle:"min-width:82px;white-space:nowrap"},{name:"CurrAccCode",label:"Cari Kod",field:"CurrAccCode",align:"left",sortable:!0,style:"min-width:82px;white-space:nowrap",headerStyle:"min-width:82px;white-space:nowrap"},{name:"CurrAccDescription",label:"Cari Adı",field:"CurrAccDescription",align:"left",sortable:!0,classes:"ol-col-cari",headerClasses:"ol-col-cari",style:"width:160px;max-width:160px",headerStyle:"width:160px;max-width:160px"},{name:"MusteriTemsilcisi",label:"Temsilci",field:"MusteriTemsilcisi",align:"left",sortable:!0,classes:"ol-col-short",headerClasses:"ol-col-short",style:"width:88px;max-width:88px",headerStyle:"width:88px;max-width:88px"},{name:"Piyasa",label:"Piyasa",field:"Piyasa",align:"left",sortable:!0,classes:"ol-col-short",headerClasses:"ol-col-short",style:"width:72px;max-width:72px",headerStyle:"width:72px;max-width:72px"},{name:"CreditableConfirmedDate",label:"Onay",field:"CreditableConfirmedDate",align:"center",sortable:!0,style:"min-width:86px;white-space:nowrap",headerStyle:"min-width:86px;white-space:nowrap"},{name:"DocCurrencyCode",label:"PB",field:"DocCurrencyCode",align:"center",sortable:!0,style:"min-width:46px;white-space:nowrap",headerStyle:"min-width:46px;white-space:nowrap"},{name:"TotalAmount",label:"Tutar",field:"TotalAmount",align:"right",sortable:!0,style:"min-width:120px;white-space:nowrap",headerStyle:"min-width:120px;white-space:nowrap",format:(e,t)=>Number(e||0).toLocaleString("tr-TR",{minimumFractionDigits:2})+" "+t.DocCurrencyCode},{name:"TotalAmountUSD",label:"Tutar (USD)",field:"TotalAmountUSD",align:"right",sortable:!0,style:"min-width:120px;white-space:nowrap",headerStyle:"min-width:120px;white-space:nowrap",format:e=>Number(e||0).toLocaleString("tr-TR",{minimumFractionDigits:2})+" USD"},{name:"PackedAmount",label:"Paketlenen",field:"PackedAmount",align:"right",sortable:!0,style:"min-width:120px;white-space:nowrap",headerStyle:"min-width:120px;white-space:nowrap",format:(e,t)=>Number(e||0).toLocaleString("tr-TR",{minimumFractionDigits:2})+" "+t.DocCurrencyCode},{name:"PackedUSD",label:"Paketlenen (USD)",field:"PackedUSD",align:"right",sortable:!0,style:"min-width:120px;white-space:nowrap",headerStyle:"min-width:120px;white-space:nowrap",format:e=>Number(e||0).toLocaleString("tr-TR",{minimumFractionDigits:2})+" USD"},{name:"PackedRatePct",label:"Paketlenme %",field:"PackedRatePct",align:"right",sortable:!0,classes:"ol-pack-rate-cell",headerClasses:"ol-pack-rate-cell",style:"min-width:96px;white-space:nowrap",headerStyle:"min-width:96px;white-space:nowrap",format:e=>Number(e||0).toLocaleString("tr-TR",{minimumFractionDigits:2})+" %"},{name:"IsCreditableConfirmed",label:"Durum",field:"IsCreditableConfirmed",align:"center",sortable:!0},{name:"Description",label:"Açıklama",field:"Description",align:"left",sortable:!1,classes:"ol-col-desc",headerClasses:"ol-col-desc",style:"width:160px;max-width:160px",headerStyle:"width:160px;max-width:160px"},{name:"pdf",label:"PDF",field:"pdf",align:"center",sortable:!1}];function L(e){e?.OrderHeaderID?n.push({name:"order-edit",params:{orderHeaderID:e.OrderHeaderID},query:{mode:"edit"}}):c.notify({type:"warning",message:"OrderHeaderID bulunamadı"})}async function U(e){if(e?.OrderHeaderID)try{const t=await d.Ay.get(`/order/pdf/${e.OrderHeaderID}`,{responseType:"blob"});window.open(URL.createObjectURL(t.data),"_blank")}catch(t){const r=await(0,d.hi)(t),l=t?.status||t?.response?.status||"-";console.error(`PDF load error [${l}] /order/pdf/${e.OrderHeaderID}: ${r}`),c.notify({type:"negative",message:`PDF yuklenemedi (${l}): ${r}`})}}function I(){F.filters.search="",F.filters.CurrAccCode="",F.filters.OrderDate="",F.fetchOrders(),c.notify({type:"info",message:"Filtreler temizlendi",position:"top-right"})}return(0,l.sV)(()=>{F.fetchOrders()}),(e,t)=>{const o=(0,l.g2)("q-icon"),s=(0,l.g2)("q-input"),n=(0,l.g2)("q-tooltip"),d=(0,l.g2)("q-btn"),c=(0,l.g2)("q-td"),p=(0,l.g2)("q-table"),u=(0,l.g2)("q-banner"),m=(0,l.g2)("q-page");return(0,a.R1)(r)?((0,l.uX)(),(0,l.Wv)(m,{key:0,class:"ol-page"},{default:(0,l.k6)(()=>[(0,l.Lk)("div",b,[(0,l.Lk)("div",h,[(0,l.bF)(s,{modelValue:(0,a.R1)(F).filters.search,"onUpdate:modelValue":t[0]||(t[0]=e=>(0,a.R1)(F).filters.search=e),class:"ol-filter-input ol-search",dense:"",filled:"",debounce:"300",clearable:"",label:"Arama (Sipariş No / Cari / Açıklama)"},{append:(0,l.k6)(()=>[(0,l.bF)(o,{name:"search"})]),_:1},8,["modelValue"]),(0,l.bF)(s,{modelValue:(0,a.R1)(F).filters.CurrAccCode,"onUpdate:modelValue":t[1]||(t[1]=e=>(0,a.R1)(F).filters.CurrAccCode=e),class:"ol-filter-input",dense:"",filled:"",clearable:"",label:"Cari Kodu"},null,8,["modelValue"]),(0,l.bF)(s,{modelValue:(0,a.R1)(F).filters.OrderDate,"onUpdate:modelValue":t[2]||(t[2]=e=>(0,a.R1)(F).filters.OrderDate=e),class:"ol-filter-input",dense:"",filled:"",type:"date",label:"Sipariş Tarihi"},null,8,["modelValue"]),(0,l.Lk)("div",f,[(0,l.bF)(d,{label:"Temizle",icon:"clear",color:"grey-7",flat:"",disable:(0,a.R1)(F).loading,onClick:I},{default:(0,l.k6)(()=>[(0,l.bF)(n,null,{default:(0,l.k6)(()=>[...t[3]||(t[3]=[(0,l.eW)("Tüm filtreleri temizle",-1)])]),_:1})]),_:1},8,["disable"]),(0,l.bF)(d,{label:"Yenile",color:"primary",icon:"refresh",loading:(0,a.R1)(F).loading,onClick:(0,a.R1)(F).fetchOrders},null,8,["loading","onClick"]),(0,l.bF)(d,{label:"Excel'e Aktar",icon:"download",color:"primary",outline:"",disable:(0,a.R1)(F).loading||0===(0,a.R1)(F).filteredOrders.length,onClick:A},null,8,["disable"])]),(0,l.Lk)("div",g,[(0,l.Lk)("div",k,[t[4]||(t[4]=(0,l.Lk)("span",{class:"ol-total-label"},"Toplam USD:",-1)),(0,l.Lk)("strong",w,(0,i.v_)((0,a.R1)(F).totalVisibleUSD.toLocaleString("tr-TR",{minimumFractionDigits:2,maximumFractionDigits:2})),1)]),(0,l.Lk)("div",y,[t[5]||(t[5]=(0,l.Lk)("span",{class:"ol-total-label"},"Paketlenen USD:",-1)),(0,l.Lk)("strong",C,(0,i.v_)((0,a.R1)(F).totalPackedVisibleUSD.toLocaleString("tr-TR",{minimumFractionDigits:2,maximumFractionDigits:2})),1)]),(0,l.Lk)("div",D,[t[6]||(t[6]=(0,l.Lk)("span",{class:"ol-total-label"},"Paketlenme %:",-1)),(0,l.Lk)("strong",{class:(0,i.C4)(["ol-total-value",P((0,a.R1)(F).packedVisibleRatePct)])},(0,i.v_)((0,a.R1)(F).packedVisibleRatePct.toLocaleString("tr-TR",{minimumFractionDigits:2,maximumFractionDigits:2})),3)])])])]),(0,l.bF)(p,{title:"Mevcut Siparişler",class:"ol-table",flat:"",bordered:"",dense:"",separator:"cell","row-key":"OrderHeaderID",rows:(0,a.R1)(F).filteredOrders,columns:T,loading:(0,a.R1)(F).loading,"no-data-label":"Sipariş bulunamadı","rows-per-page-options":[0],"hide-bottom":""},{"body-cell-IsCreditableConfirmed":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:"text-center q-gutter-sm"},{default:(0,l.k6)(()=>[(0,l.bF)(d,{icon:"picture_as_pdf",color:"red",flat:"",round:"",dense:"",onClick:t=>U(e.row)},{default:(0,l.k6)(()=>[(0,l.bF)(n,null,{default:(0,l.k6)(()=>[...t[7]||(t[7]=[(0,l.eW)("Siparişi PDF olarak aç",-1)])]),_:1})]),_:2},1032,["onClick"]),(0,l.bF)(o,{name:e.row.IsCreditableConfirmed?"check_circle":"cancel",color:e.row.IsCreditableConfirmed?"green":"red",size:"20px"},{default:(0,l.k6)(()=>[(0,l.bF)(n,null,{default:(0,l.k6)(()=>[(0,l.eW)((0,i.v_)(e.row.IsCreditableConfirmed?"Onaylı":"Onaysız"),1)]),_:2},1024)]),_:2},1032,["name","color"])]),_:2},1032,["props"])]),"body-cell-OrderDate":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:"text-center"},{default:(0,l.k6)(()=>[(0,l.eW)((0,i.v_)(R(e.row.OrderDate)),1)]),_:2},1032,["props"])]),"body-cell-CreditableConfirmedDate":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:"text-center"},{default:(0,l.k6)(()=>[(0,l.eW)((0,i.v_)(R(e.row.CreditableConfirmedDate)),1)]),_:2},1032,["props"])]),"body-cell-PackedAmount":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:"text-right text-weight-medium"},{default:(0,l.k6)(()=>[(0,l.eW)((0,i.v_)(Number(e.row.PackedAmount||0).toLocaleString("tr-TR",{minimumFractionDigits:2}))+" "+(0,i.v_)(e.row.DocCurrencyCode),1)]),_:2},1032,["props"])]),"body-cell-PackedUSD":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:"text-right text-weight-medium"},{default:(0,l.k6)(()=>[(0,l.eW)((0,i.v_)(Number(e.row.PackedUSD||0).toLocaleString("tr-TR",{minimumFractionDigits:2}))+" USD ",1)]),_:2},1032,["props"])]),"body-cell-PackedRatePct":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:(0,i.C4)(["text-right text-weight-bold ol-pack-rate-cell",P(e.row.PackedRatePct)])},{default:(0,l.k6)(()=>[(0,l.eW)((0,i.v_)(Number(e.row.PackedRatePct||0).toLocaleString("tr-TR",{minimumFractionDigits:2}))+" % ",1)]),_:2},1032,["props","class"])]),"body-cell-CurrAccDescription":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:"ol-col-cari"},{default:(0,l.k6)(()=>[(0,l.Lk)("div",x,(0,i.v_)(e.value),1),e.value?((0,l.uX)(),(0,l.Wv)(n,{key:0},{default:(0,l.k6)(()=>[(0,l.eW)((0,i.v_)(e.value),1)]),_:2},1024)):(0,l.Q3)("",!0)]),_:2},1032,["props"])]),"body-cell-MusteriTemsilcisi":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:"ol-col-short"},{default:(0,l.k6)(()=>[(0,l.Lk)("div",S,(0,i.v_)(e.value),1),e.value?((0,l.uX)(),(0,l.Wv)(n,{key:0},{default:(0,l.k6)(()=>[(0,l.eW)((0,i.v_)(e.value),1)]),_:2},1024)):(0,l.Q3)("",!0)]),_:2},1032,["props"])]),"body-cell-Piyasa":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:"ol-col-short"},{default:(0,l.k6)(()=>[(0,l.Lk)("div",v,(0,i.v_)(e.value),1),e.value?((0,l.uX)(),(0,l.Wv)(n,{key:0},{default:(0,l.k6)(()=>[(0,l.eW)((0,i.v_)(e.value),1)]),_:2},1024)):(0,l.Q3)("",!0)]),_:2},1032,["props"])]),"body-cell-Description":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:"ol-col-desc"},{default:(0,l.k6)(()=>[(0,l.Lk)("div",_,(0,i.v_)(e.value),1),e.value?((0,l.uX)(),(0,l.Wv)(n,{key:0},{default:(0,l.k6)(()=>[(0,l.eW)((0,i.v_)(e.value),1)]),_:2},1024)):(0,l.Q3)("",!0)]),_:2},1032,["props"])]),"body-cell-select":(0,l.k6)(e=>[(0,l.bF)(c,{props:e,class:"text-center"},{default:(0,l.k6)(()=>[(0,l.bF)(d,{icon:"open_in_new",color:"primary",flat:"",round:"",dense:"",onClick:t=>L(e.row)},{default:(0,l.k6)(()=>[(0,l.bF)(n,null,{default:(0,l.k6)(()=>[...t[8]||(t[8]=[(0,l.eW)("Siparişi Aç",-1)])]),_:1})]),_:2},1032,["onClick"])]),_:2},1032,["props"])]),_:1},8,["rows","loading"]),(0,a.R1)(F).error?((0,l.uX)(),(0,l.Wv)(u,{key:0,class:"bg-red text-white q-mt-sm"},{default:(0,l.k6)(()=>[(0,l.eW)(" Hata: "+(0,i.v_)((0,a.R1)(F).error),1)]),_:1})):(0,l.Q3)("",!0)]),_:1})):((0,l.uX)(),(0,l.Wv)(m,{key:1,class:"q-pa-md flex flex-center"},{default:(0,l.k6)(()=>[...t[9]||(t[9]=[(0,l.Lk)("div",{class:"text-negative text-subtitle1"}," Bu modüle erişim yetkiniz yok. ",-1)])]),_:1}))}}};var O=r(2968),A=r(5013),R=r(6067),P=r(3933),T=r(2677),L=r(8387),U=r(6087),I=r(8785),N=r(7453),W=r(272),V=r.n(W);const $=(0,O.A)(F,[["__scopeId","data-v-68dfbebc"]]),H=$;V()(F,"components",{QPage:A.A,QInput:R.A,QIcon:P.A,QBtn:T.A,QTooltip:L.A,QTable:U.A,QTd:I.A,QBanner:N.A})}}]);

ui/dist/spa/js/398.9152643f.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[398],{5398:(e,r,t)=>{t.r(r),t.d(r,{default:()=>T});t(939),t(3872),t(7049);var l=t(1347),a=t(4187),s=t(7763),o=t(9765),i=t(3022),n=t(588),d=(t(6461),t(4520),t(3142),t(8832),t(8825),t(2528),t(4207),t(9188),t(1118),t(705)),c=t(2986);const u=(0,d.nY)("orderBulkClose",{state:()=>({orders:[],selectedOrderNumbers:[],search:"",loading:!1,closing:!1,error:null}),getters:{selectedCount(e){return e.selectedOrderNumbers.length},totalCount(e){return e.orders.length}},actions:{isSelected(e){return this.selectedOrderNumbers.includes(e)},setSelected(e,r){e&&(r?this.selectedOrderNumbers.includes(e)||this.selectedOrderNumbers.push(e):this.selectedOrderNumbers=this.selectedOrderNumbers.filter(r=>r!==e))},toggleSelectMany(e,r){const t=Array.from(new Set((e||[]).filter(Boolean)));if(r){const e=new Set(this.selectedOrderNumbers);return t.forEach(r=>e.add(r)),void(this.selectedOrderNumbers=Array.from(e))}const l=new Set(t);this.selectedOrderNumbers=this.selectedOrderNumbers.filter(e=>!l.has(e))},clearSelection(){this.selectedOrderNumbers=[]},async fetchOrders(){this.loading=!0,this.error=null;try{const e=String(this.search||"").trim(),r={};e&&(r.search=e);const t=await c.Ay.get("/orders/close-ready",{params:r});this.orders=Array.isArray(t?.data)?t.data:[];const l=new Set(this.orders.map(e=>e.OrderNumber));this.selectedOrderNumbers=this.selectedOrderNumbers.filter(e=>l.has(e))}catch(e){this.orders=[],this.error=e?.response?.data||e?.message||"Siparişler alınamadı"}finally{this.loading=!1}},async closeSelectedOrders(){if(!this.selectedOrderNumbers.length)return{affected:0};this.closing=!0,this.error=null;try{const e={order_numbers:this.selectedOrderNumbers},r=await c.Ay.post("/orders/bulk-close",e),t=Number(r?.data?.affected||0),l=new Set(this.selectedOrderNumbers);return this.orders=this.orders.filter(e=>!l.has(e.OrderNumber)),this.selectedOrderNumbers=[],{affected:t}}catch(e){throw this.error=e?.response?.data||e?.message||"Toplu kapatma başarısız",e}finally{this.closing=!1}}}}),b={class:"bulk-filter-bar"},m={class:"bulk-filter-row"},g={class:"bulk-filter-actions"},p={class:"bulk-summary"},h={__name:"OrderBulkClose",setup(e){const r=(0,i.A)(),t=u(),{canUpdate:d}=(0,n.J)(),c=d("order"),h=[{name:"select",label:"",field:"select",align:"center"},{name:"OrderNumber",label:"Sipariş No",field:"OrderNumber",align:"left",sortable:!0},{name:"OrderDate",label:"Tarih",field:"OrderDate",align:"left",sortable:!0},{name:"CurrAccCode",label:"Cari Kod",field:"CurrAccCode",align:"left",sortable:!0},{name:"CurrAccDescription",label:"Cari Adı",field:"CurrAccDescription",align:"left",sortable:!0},{name:"DocCurrencyCode",label:"PB",field:"DocCurrencyCode",align:"center",sortable:!0},{name:"TotalAmountUSD",label:"Toplam USD",field:"TotalAmountUSD",align:"right",sortable:!0},{name:"PackedUSD",label:"Paket USD",field:"PackedUSD",align:"right",sortable:!0},{name:"PackedRatePct",label:"Paket %",field:"PackedRatePct",align:"right",sortable:!0},{name:"Description",label:"Açıklama",field:"Description",align:"left"}],k=(0,l.EW)(()=>!!t.totalCount&&t.orders.every(e=>t.isSelected(e.OrderNumber)));let f=null;function y(e){const r=t.orders.map(e=>e.OrderNumber);t.toggleSelectMany(r,e)}function O(e){if(!e)return"";const[r,t,l]=String(e).split("-");return r&&t&&l?`${l}.${t}.${r}`:e}function S(e){return`${Number(e||0).toLocaleString("tr-TR",{minimumFractionDigits:2,maximumFractionDigits:2})} %`}function v(e){const r=Number(e||0);return r<=50?"pack-rate-danger":r<100?"pack-rate-warn":"pack-rate-ok"}function C(e){return Number(e||0).toLocaleString("tr-TR",{minimumFractionDigits:2,maximumFractionDigits:2})}function N(){t.selectedCount&&o.A.create({title:"Toplu Kapatma",message:`${t.selectedCount} sipariş kapatılacak. Onaylıyor musunuz?`,cancel:!0,persistent:!0,ok:{color:"negative",label:"Kapat"}}).onOk(async()=>{try{const{affected:e}=await t.closeSelectedOrders();r.notify({type:"positive",message:`${e} sipariş başarıyla kapatıldı.`,position:"top-right"}),await t.fetchOrders()}catch{r.notify({type:"negative",message:t.error||"Toplu kapatma başarısız",position:"top-right"})}})}return(0,l.wB)(()=>t.search,()=>{clearTimeout(f),f=setTimeout(()=>{c.value&&t.fetchOrders()},350)}),(0,l.sV)(()=>{c.value&&t.fetchOrders()}),(e,r)=>{const o=(0,l.g2)("q-icon"),i=(0,l.g2)("q-input"),n=(0,l.g2)("q-btn"),d=(0,l.g2)("q-checkbox"),u=(0,l.g2)("q-th"),f=(0,l.g2)("q-td"),w=(0,l.g2)("q-table"),A=(0,l.g2)("q-banner"),R=(0,l.g2)("q-page");return(0,a.R1)(c)?((0,l.uX)(),(0,l.Wv)(R,{key:0,class:"bulk-close-page"},{default:(0,l.k6)(()=>[(0,l.Lk)("div",b,[(0,l.Lk)("div",m,[(0,l.bF)(i,{modelValue:(0,a.R1)(t).search,"onUpdate:modelValue":r[0]||(r[0]=e=>(0,a.R1)(t).search=e),dense:"",filled:"",clearable:"",class:"bulk-search",label:"Arama (Sipariş No / Cari / Açıklama)"},{append:(0,l.k6)(()=>[(0,l.bF)(o,{name:"search"})]),_:1},8,["modelValue"]),(0,l.Lk)("div",g,[(0,l.bF)(n,{label:"Yenile",icon:"refresh",color:"primary",loading:(0,a.R1)(t).loading,onClick:(0,a.R1)(t).fetchOrders},null,8,["loading","onClick"]),(0,l.bF)(n,{label:"Seçimi Temizle",icon:"clear",flat:"",color:"grey-7",disable:(0,a.R1)(t).closing||!(0,a.R1)(t).selectedCount,onClick:(0,a.R1)(t).clearSelection},null,8,["disable","onClick"]),(0,l.bF)(n,{label:"Seçilenleri Toplu Kapat",icon:"task_alt",color:"negative",loading:(0,a.R1)(t).closing,disable:(0,a.R1)(t).loading||(0,a.R1)(t).closing||!(0,a.R1)(t).selectedCount,onClick:N},null,8,["loading","disable"])]),(0,l.Lk)("div",p,[(0,l.Lk)("div",null,[r[1]||(r[1]=(0,l.eW)("Toplam: ",-1)),(0,l.Lk)("strong",null,(0,s.v_)((0,a.R1)(t).totalCount),1)]),(0,l.Lk)("div",null,[r[2]||(r[2]=(0,l.eW)("Seçilen: ",-1)),(0,l.Lk)("strong",null,(0,s.v_)((0,a.R1)(t).selectedCount),1)])])])]),(0,l.bF)(w,{class:"bulk-table",flat:"",bordered:"",dense:"","row-key":"OrderNumber",rows:(0,a.R1)(t).orders,columns:h,loading:(0,a.R1)(t).loading,"no-data-label":"Kapatmaya uygun sipariş bulunamadı","rows-per-page-options":[0],"hide-bottom":""},{"header-cell-select":(0,l.k6)(e=>[(0,l.bF)(u,{props:e,class:"text-center"},{default:(0,l.k6)(()=>[(0,l.bF)(d,{"model-value":k.value,disable:!(0,a.R1)(t).totalCount||(0,a.R1)(t).closing,"onUpdate:modelValue":y},null,8,["model-value","disable"])]),_:2},1032,["props"])]),"body-cell-select":(0,l.k6)(e=>[(0,l.bF)(f,{props:e,class:"text-center"},{default:(0,l.k6)(()=>[(0,l.bF)(d,{"model-value":(0,a.R1)(t).isSelected(e.row.OrderNumber),disable:(0,a.R1)(t).closing,"onUpdate:modelValue":r=>(0,a.R1)(t).setSelected(e.row.OrderNumber,r)},null,8,["model-value","disable","onUpdate:modelValue"])]),_:2},1032,["props"])]),"body-cell-OrderDate":(0,l.k6)(e=>[(0,l.bF)(f,{props:e},{default:(0,l.k6)(()=>[(0,l.eW)((0,s.v_)(O(e.row.OrderDate)),1)]),_:2},1032,["props"])]),"body-cell-PackedRatePct":(0,l.k6)(e=>[(0,l.bF)(f,{props:e,class:(0,s.C4)(["text-right text-weight-bold",v(e.row.PackedRatePct)])},{default:(0,l.k6)(()=>[(0,l.eW)((0,s.v_)(S(e.row.PackedRatePct)),1)]),_:2},1032,["props","class"])]),"body-cell-TotalAmountUSD":(0,l.k6)(e=>[(0,l.bF)(f,{props:e,class:"text-right"},{default:(0,l.k6)(()=>[(0,l.eW)((0,s.v_)(C(e.row.TotalAmountUSD)),1)]),_:2},1032,["props"])]),"body-cell-PackedUSD":(0,l.k6)(e=>[(0,l.bF)(f,{props:e,class:"text-right"},{default:(0,l.k6)(()=>[(0,l.eW)((0,s.v_)(C(e.row.PackedUSD)),1)]),_:2},1032,["props"])]),_:1},8,["rows","loading"]),(0,a.R1)(t).error?((0,l.uX)(),(0,l.Wv)(A,{key:0,class:"bg-red text-white q-mt-sm"},{default:(0,l.k6)(()=>[(0,l.eW)((0,s.v_)((0,a.R1)(t).error),1)]),_:1})):(0,l.Q3)("",!0)]),_:1})):((0,l.uX)(),(0,l.Wv)(R,{key:1,class:"q-pa-md flex flex-center"},{default:(0,l.k6)(()=>[...r[3]||(r[3]=[(0,l.Lk)("div",{class:"text-negative text-subtitle1"}," Bu module erisim yetkiniz yok. ",-1)])]),_:1}))}}};var k=t(2968),f=t(5013),y=t(6067),O=t(3933),S=t(2677),v=t(6087),C=t(2517),N=t(8349),w=t(8785),A=t(7453),R=t(272),D=t.n(R);const _=(0,k.A)(h,[["__scopeId","data-v-734820af"]]),T=_;D()(h,"components",{QPage:f.A,QInput:y.A,QIcon:O.A,QBtn:S.A,QTable:v.A,QTh:C.A,QCheckbox:N.A,QTd:w.A,QBanner:A.A})}}]);

ui/dist/spa/js/432.939f1ebd.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[432],{8432:(e,l,a)=>{a.r(l),a.d(l,{default:()=>F});a(939),a(6461),a(7049);var s=a(1347),r=a(4187),t=a(7763),o=a(455),n=a(705),i=a(2986);const c=(0,n.nY)("userlist",{state:()=>({users:[],loading:!1,error:null,filters:{search:"",onlyActive:!1}}),getters:{filteredUsers(e){let l=e.users;const a=e.filters.search?.toLowerCase()||"";return a&&(l=l.filter(e=>e.code?.toLowerCase().includes(a)||e.nebim_username?.toLowerCase().includes(a)||e.role_names?.toLowerCase().includes(a)||e.department_names?.toLowerCase().includes(a)||e.piyasa_names?.toLowerCase().includes(a))),e.filters.onlyActive&&(l=l.filter(e=>e.is_active)),l}},actions:{async fetchUsers(){this.loading=!0,this.error=null;try{const e={};this.filters.search&&(e.search=this.filters.search);const{data:l}=await i.Ay.get("/users/list",{params:e});this.users=Array.isArray(l)?l:[],console.log("✅ User listesi alındı:",this.users.length)}catch(e){console.error("❌ User listesi alınamadı:",e),this.users=[],this.error=e?.message||"Kullanıcı listesi alınamadı"}finally{this.loading=!1}}}});var u=a(588);const d={class:"ol-filter-bar"},m={class:"ol-filter-row"},p={class:"ol-filter-actions"},b={class:"piyasa-wrap"},f={__name:"UserList",setup(e){const{canRead:l,canWrite:a,canUpdate:n}=(0,u.J)(),i=l("user"),f=a("user"),_=n("user"),g=(0,o.rd)(),k=c(),y=[{name:"open",label:"",align:"center"},{name:"id",label:"No",field:e=>e.id,sortable:!0},{name:"code",label:"Kullanıcı",field:e=>e.code||"",sortable:!0,sort:(e,l)=>e.localeCompare(l,"tr",{sensitivity:"base"})},{name:"nebim_username",label:"Nebim",field:e=>e.nebim_username||"",sortable:!0,sort:(e,l)=>e.localeCompare(l,"tr")},{name:"user_group_code",label:"Grup",field:e=>e.user_group_code||"",sortable:!0,sort:(e,l)=>e.localeCompare(l,"tr")},{name:"is_active",label:"Durum",field:e=>e.is_active,align:"center",sortable:!0,sort:(e,l)=>Number(l)-Number(e)},{name:"role_names",label:"Roller",field:e=>e.role_names||"",sortable:!0,sort:(e,l)=>e.localeCompare(l,"tr")},{name:"department_names",label:"Departmanlar",field:e=>e.department_names||"",sortable:!0,sort:(e,l)=>e.localeCompare(l,"tr")},{name:"piyasa_names",label:"Piyasalar",field:e=>e.piyasa_names||"",sortable:!0,sort:(e,l)=>e.localeCompare(l,"tr")}];function h(e){return e?e.split(",").map(e=>e.trim()):[]}function v(e){const l=_.value?"user-edit":"user-view";g.push({name:l,params:{id:String(e)}})}function w(){f.value&&g.push({name:"user-new"})}function C(e){return e?e.split(",").map(e=>e.trim()).filter(Boolean).slice(0,24):[]}return(0,s.sV)(()=>{i.value&&k.fetchUsers()}),(e,l)=>{const a=(0,s.g2)("q-icon"),o=(0,s.g2)("q-input"),n=(0,s.g2)("q-toggle"),c=(0,s.g2)("q-btn"),u=(0,s.g2)("q-td"),_=(0,s.g2)("q-chip"),g=(0,s.g2)("q-table"),R=(0,s.g2)("q-banner"),A=(0,s.g2)("q-page");return(0,r.R1)(i)?((0,s.uX)(),(0,s.Wv)(A,{key:0,class:"ol-page with-bg"},{default:(0,s.k6)(()=>[(0,s.Lk)("div",d,[(0,s.Lk)("div",m,[(0,s.bF)(o,{class:"ol-filter-input ol-search",dense:"",filled:"",clearable:"",modelValue:(0,r.R1)(k).filters.search,"onUpdate:modelValue":[l[0]||(l[0]=e=>(0,r.R1)(k).filters.search=e),(0,r.R1)(k).fetchUsers],label:"Arama (Kullanıcı / Rol / Piyasa)",debounce:"300"},{append:(0,s.k6)(()=>[(0,s.bF)(a,{name:"search"})]),_:1},8,["modelValue","onUpdate:modelValue"]),(0,s.bF)(n,{modelValue:(0,r.R1)(k).filters.onlyActive,"onUpdate:modelValue":l[1]||(l[1]=e=>(0,r.R1)(k).filters.onlyActive=e),label:"Sadece Aktifler"},null,8,["modelValue"]),(0,s.Lk)("div",p,[(0,r.R1)(i)?((0,s.uX)(),(0,s.Wv)(c,{key:0,label:"Yenile",icon:"refresh",color:"primary",loading:(0,r.R1)(k).loading,disable:!(0,r.R1)(i),onClick:(0,r.R1)(k).fetchUsers},null,8,["loading","disable","onClick"])):(0,s.Q3)("",!0),(0,r.R1)(f)?((0,s.uX)(),(0,s.Wv)(c,{key:1,label:"Yeni Kullanıcı",icon:"person_add",color:"primary",outline:"",onClick:w})):(0,s.Q3)("",!0)])])]),(0,s.bF)(g,{title:"Mevcut Kullanıcılar",class:"ol-table",flat:"",bordered:"",dense:"",separator:"cell","row-key":"id",rows:(0,r.R1)(k).filteredUsers,columns:y,loading:(0,r.R1)(k).loading,"no-data-label":"Kullanıcı bulunamadı","rows-per-page-options":[0],"hide-bottom":""},{"body-cell-open":(0,s.k6)(e=>[(0,s.bF)(u,{class:"text-center"},{default:(0,s.k6)(()=>[(0,r.R1)(i)?((0,s.uX)(),(0,s.Wv)(c,{key:0,icon:"open_in_new",color:"primary",flat:"",round:"",dense:"",onClick:l=>v(e.row.id)},null,8,["onClick"])):(0,s.Q3)("",!0)]),_:2},1024)]),"body-cell-is_active":(0,s.k6)(e=>[(0,s.bF)(u,{class:"text-center"},{default:(0,s.k6)(()=>[(0,s.bF)(a,{name:e.row.is_active?"check_circle":"cancel",color:e.row.is_active?"green":"red",size:"18px"},null,8,["name","color"])]),_:2},1024)]),"body-cell-role_names":(0,s.k6)(e=>[(0,s.bF)(u,null,{default:(0,s.k6)(()=>[((0,s.uX)(!0),(0,s.CE)(s.FK,null,(0,s.pI)(h(e.row.role_names),e=>((0,s.uX)(),(0,s.Wv)(_,{key:e,dense:"",color:"primary","text-color":"white",class:"q-mr-xs"},{default:(0,s.k6)(()=>[(0,s.eW)((0,t.v_)(e),1)]),_:2},1024))),128))]),_:2},1024)]),"body-cell-department_names":(0,s.k6)(e=>[(0,s.bF)(u,null,{default:(0,s.k6)(()=>[((0,s.uX)(!0),(0,s.CE)(s.FK,null,(0,s.pI)(h(e.row.department_names),e=>((0,s.uX)(),(0,s.Wv)(_,{key:e,dense:"",color:"grey-7","text-color":"white",class:"q-mr-xs"},{default:(0,s.k6)(()=>[(0,s.eW)((0,t.v_)(e),1)]),_:2},1024))),128))]),_:2},1024)]),"body-cell-piyasa_names":(0,s.k6)(e=>[(0,s.bF)(u,{class:"ol-col-piyasa"},{default:(0,s.k6)(()=>[(0,s.Lk)("div",b,[((0,s.uX)(!0),(0,s.CE)(s.FK,null,(0,s.pI)(C(e.row.piyasa_names),e=>((0,s.uX)(),(0,s.Wv)(_,{key:e,dense:"",outline:"",color:"indigo",class:"piyasa-chip",title:e},{default:(0,s.k6)(()=>[(0,s.eW)((0,t.v_)(e),1)]),_:2},1032,["title"]))),128))])]),_:2},1024)]),_:1},8,["rows","loading"]),(0,r.R1)(k).error?((0,s.uX)(),(0,s.Wv)(R,{key:0,class:"bg-red text-white q-mt-sm"},{default:(0,s.k6)(()=>[(0,s.eW)(" ❌ "+(0,t.v_)((0,r.R1)(k).error),1)]),_:1})):(0,s.Q3)("",!0)]),_:1})):((0,s.uX)(),(0,s.Wv)(A,{key:1,class:"q-pa-md flex flex-center"},{default:(0,s.k6)(()=>[...l[2]||(l[2]=[(0,s.Lk)("div",{class:"text-negative text-subtitle1"}," Bu module erisim yetkiniz yok. ",-1)])]),_:1}))}}};var _=a(5013),g=a(6067),k=a(3933),y=a(5725),h=a(2677),v=a(6087),w=a(8785),C=a(1529),R=a(7453),A=a(272),W=a.n(A);const q=f,F=q;W()(f,"components",{QPage:_.A,QInput:g.A,QIcon:k.A,QToggle:y.A,QBtn:h.A,QTable:v.A,QTd:w.A,QChip:C.A,QBanner:R.A})}}]);

ui/dist/spa/js/465.9a2899f5.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[465],{4465:(e,l,a)=>{a.r(l),a.d(l,{default:()=>_});a(939),a(3872),a(7008),a(4520),a(7049);var o=a(1347),t=a(4187),s=a(7763),n=a(144),u=a(2986),r=a(588);const i={key:0,class:"q-pa-xl flex flex-center"},c={class:"sticky-stack"},d={key:0,class:"filter-bar row q-col-gutter-md"},m={class:"col-4"},v={class:"save-toolbar"},p={key:0,class:"permissions-table-scroll"},k={key:0},y={key:1,class:"column items-center"},b={class:"text-caption"},g={key:0},f={__name:"UserPermissionPage",setup(e){const{canUpdate:l}=(0,r.J)(),a=l("user"),f=(0,t.KR)([]),w=(0,t.KR)(null),h=(0,t.KR)([]),A=(0,t.KR)([]),E=(0,t.KR)(!1),x=(0,t.KR)(!1),C=(0,t.KR)(!1),R=[{key:"write",label:"Ekleme"},{key:"read",label:"Görüntüleme"},{key:"delete",label:"Silme"},{key:"update",label:"Güncelleme"},{key:"export",label:"Çıktı"}],K=[{name:"module",label:"Modül",field:"label",align:"left"},...R.map(e=>({name:e.key,label:e.label,align:"center"}))];async function Q(){const[e,l]=await Promise.all([u.Ay.get("/lookups/users-perm"),u.Ay.get("/lookups/modules")]);f.value=e.data||[],h.value=l.data||[],C.value=!0}function q(){A.value=h.value.map(e=>{const l={module:String(e.value).toLowerCase().trim(),label:e.label};return R.forEach(e=>{l[e.key]=!1}),l})}async function X(){if(w.value){E.value=!0;try{q();const e=await u.Ay.get(`/users/${w.value}/permissions`),l=Array.isArray(e.data)?e.data:[],a={insert:"write",view:"read",delete:"delete",update:"update",export:"export"};l.forEach(e=>{const l=String(e.module_code||e.module).toLowerCase().trim(),o=String(e.action).toLowerCase().trim(),t=a[o]||o,s=A.value.find(e=>e.module===l);s&&s.hasOwnProperty(t)&&(s[t]=Boolean(e.allowed))}),x.value=!1}catch(e){console.error("PERM LOAD ERROR:",e),n.A.create({type:"negative",message:"Yükleme hatası"})}finally{E.value=!1}}}async function _(){try{E.value=!0;const e=[];A.value.forEach(l=>{R.forEach(a=>{e.push({module:l.module,action:a.key,allowed:l[a.key]})})}),await u.Ay.post(`/users/${w.value}/permissions`,e),n.A.create({type:"positive",message:"Kaydedildi"}),x.value=!1}catch{n.A.create({type:"negative",message:"Kayıt hatası"})}finally{E.value=!1}}function L(e){return!!A.value.length&&A.value.every(l=>!0===l[e])}function V(e,l){A.value.forEach(a=>{a[e]=l}),x.value=!0}return(0,o.sV)(()=>{Q()}),(e,l)=>{const n=(0,o.g2)("q-spinner"),u=(0,o.g2)("q-select"),r=(0,o.g2)("q-btn"),h=(0,o.g2)("q-checkbox"),R=(0,o.g2)("q-th"),Q=(0,o.g2)("q-td"),q=(0,o.g2)("q-table"),P=(0,o.g2)("q-page");return(0,o.uX)(),(0,o.CE)(o.FK,null,[(0,t.R1)(a)&&!C.value?((0,o.uX)(),(0,o.CE)("div",i,[(0,o.bF)(n,{color:"primary",size:"48px"})])):(0,o.Q3)("",!0),(0,t.R1)(a)?((0,o.uX)(),(0,o.Wv)(P,{key:1,class:"permissions-page"},{default:(0,o.k6)(()=>[(0,o.Lk)("div",c,[C.value?((0,o.uX)(),(0,o.CE)("div",d,[(0,o.Lk)("div",m,[(0,o.bF)(u,{modelValue:w.value,"onUpdate:modelValue":[l[0]||(l[0]=e=>w.value=e),X],options:f.value,"option-value":"id","option-label":"title","emit-value":"","map-options":"",label:"Kullanıcı",dense:"",outlined:""},null,8,["modelValue","options"])])])):(0,o.Q3)("",!0),(0,o.Lk)("div",v,[l[2]||(l[2]=(0,o.Lk)("div",{class:"label"}," Kullanıcı Override Yetkileri ",-1)),(0,t.R1)(a)?((0,o.uX)(),(0,o.Wv)(r,{key:0,color:"primary",icon:"save",label:"Kaydet",disable:!x.value,onClick:_},null,8,["disable"])):(0,o.Q3)("",!0)])]),C.value?((0,o.uX)(),(0,o.CE)("div",p,[(0,o.bF)(q,{rows:A.value,columns:K,"row-key":"module",dense:"",bordered:"",flat:"",loading:E.value,pagination:{rowsPerPage:0}},{"header-cell":(0,o.k6)(e=>[(0,o.bF)(R,{props:e},{default:(0,o.k6)(()=>["module"===e.col.name?((0,o.uX)(),(0,o.CE)("span",k,(0,s.v_)(e.col.label),1)):((0,o.uX)(),(0,o.CE)("div",y,[(0,o.Lk)("span",b,(0,s.v_)(e.col.label),1),(0,o.bF)(h,{dense:"","model-value":L(e.col.name),"onUpdate:modelValue":l=>V(e.col.name,l)},null,8,["model-value","onUpdate:modelValue"])]))]),_:2},1032,["props"])]),"body-cell":(0,o.k6)(e=>[(0,o.bF)(Q,{props:e},{default:(0,o.k6)(()=>["module"===e.col.name?((0,o.uX)(),(0,o.CE)("span",g,(0,s.v_)(e.row.label),1)):((0,o.uX)(),(0,o.Wv)(h,{key:1,modelValue:e.row[e.col.name],"onUpdate:modelValue":[l=>e.row[e.col.name]=l,l[1]||(l[1]=e=>x.value=!0)],dense:""},null,8,["modelValue","onUpdate:modelValue"]))]),_:2},1032,["props"])]),_:1},8,["rows","loading"])])):(0,o.Q3)("",!0)]),_:1})):((0,o.uX)(),(0,o.Wv)(P,{key:2,class:"q-pa-md flex flex-center"},{default:(0,o.k6)(()=>[...l[3]||(l[3]=[(0,o.Lk)("div",{class:"text-negative text-subtitle1"}," Bu module erisim yetkiniz yok. ",-1)])]),_:1}))],64)}}};var w=a(6356),h=a(5013),A=a(6941),E=a(2677),x=a(6087),C=a(2517),R=a(8349),K=a(8785),Q=a(272),q=a.n(Q);const X=f,_=X;q()(f,"components",{QSpinner:w.A,QPage:h.A,QSelect:A.A,QBtn:E.A,QTable:x.A,QTh:C.A,QCheckbox:R.A,QTd:K.A})}}]);

ui/dist/spa/js/486.a263e6f6.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[486],{1486:(e,l,a)=>{a.r(l),a.d(l,{default:()=>x});var t=a(1347),s=a(4187),u=a(7763),n=a(3022),i=a(2986),d=a(5767),r=a(588);const o={__name:"ChangePassword",setup(e){const{canUpdate:l}=(0,r.J)(),a=l("system"),o=(0,n.A)(),v=((0,d.n)(),(0,s.KR)("")),c=(0,s.KR)(""),g=(0,s.KR)(""),p=(0,s.KR)(!1),f=(0,s.KR)(null),m=(0,t.EW)(()=>v.value&&c.value.length>=8&&c.value===g.value&&!p.value);async function b(){f.value=null,p.value=!0;try{await i.Ay.post("/password/change",{current_password:v.value,new_password:c.value}),o.notify({type:"positive",message:"Şifre güncellendi"}),v.value="",c.value="",g.value=""}catch(e){f.value=e?.message||"Şifre değiştirilemedi"}finally{p.value=!1}}return(e,l)=>{const n=(0,t.g2)("q-card-section"),i=(0,t.g2)("q-separator"),d=(0,t.g2)("q-input"),r=(0,t.g2)("q-banner"),o=(0,t.g2)("q-btn"),k=(0,t.g2)("q-card-actions"),y=(0,t.g2)("q-card"),w=(0,t.g2)("q-page");return(0,s.R1)(a)?((0,t.uX)(),(0,t.Wv)(w,{key:0,class:"flex flex-center"},{default:(0,t.k6)(()=>[(0,t.bF)(y,{style:{width:"420px","max-width":"90vw"}},{default:(0,t.k6)(()=>[(0,t.bF)(n,null,{default:(0,t.k6)(()=>[...l[3]||(l[3]=[(0,t.Lk)("div",{class:"text-h6 text-weight-bold"},"🔐 Şifre Değiştir",-1),(0,t.Lk)("div",{class:"text-caption text-grey-7"}," Mevcut şifrenizi girerek yeni şifre belirleyin ",-1)])]),_:1}),(0,t.bF)(i),(0,t.bF)(n,null,{default:(0,t.k6)(()=>[(0,t.bF)(d,{modelValue:v.value,"onUpdate:modelValue":l[0]||(l[0]=e=>v.value=e),type:"password",label:"Mevcut Şifre",dense:"",filled:""},null,8,["modelValue"]),(0,t.bF)(d,{modelValue:c.value,"onUpdate:modelValue":l[1]||(l[1]=e=>c.value=e),type:"password",label:"Yeni Şifre",dense:"",filled:"",class:"q-mt-sm"},null,8,["modelValue"]),(0,t.bF)(d,{modelValue:g.value,"onUpdate:modelValue":l[2]||(l[2]=e=>g.value=e),type:"password",label:"Yeni Şifre (Tekrar)",dense:"",filled:"",class:"q-mt-sm"},null,8,["modelValue"]),f.value?((0,t.uX)(),(0,t.Wv)(r,{key:0,class:"bg-red-1 text-red q-mt-md"},{default:(0,t.k6)(()=>[(0,t.eW)((0,u.v_)(f.value),1)]),_:1})):(0,t.Q3)("",!0)]),_:1}),(0,t.bF)(k,{align:"right"},{default:(0,t.k6)(()=>[(0,s.R1)(a)?((0,t.uX)(),(0,t.Wv)(o,{key:0,label:"GÜNCELLE",color:"primary",loading:p.value,disable:!m.value,onClick:b},null,8,["loading","disable"])):(0,t.Q3)("",!0)]),_:1})]),_:1})]),_:1})):((0,t.uX)(),(0,t.Wv)(w,{key:1,class:"q-pa-md flex flex-center"},{default:(0,t.k6)(()=>[...l[4]||(l[4]=[(0,t.Lk)("div",{class:"text-negative text-subtitle1"}," Bu module erisim yetkiniz yok. ",-1)])]),_:1}))}}};var v=a(5013),c=a(3341),g=a(222),p=a(6915),f=a(6067),m=a(7453),b=a(5034),k=a(2677),y=a(272),w=a.n(y);const h=o,x=h;w()(o,"components",{QPage:v.A,QCard:c.A,QCardSection:g.A,QSeparator:p.A,QInput:f.A,QBanner:m.A,QCardActions:b.A,QBtn:k.A})}}]);

ui/dist/spa/js/493.e8a952e1.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[493],{8493:(e,l,a)=>{a.r(l),a.d(l,{default:()=>le});a(939),a(6461),a(7049);var t=a(1347),o=a(4187),n=a(8633),i=a(7763),s=a(3022),r=a(742),u=a(4887),c=a(5599),d=a(5390),p=a(991),v=a.n(p),m=a(588),g=a(8338);const b={class:"filter-sticky"},k={class:"filter-collapsible"},f={class:"row items-center justify-between q-pa-sm bg-grey-2"},y={class:"q-pa-md bg-grey-1"},w={class:"row q-col-gutter-sm q-mb-md"},_={class:"col-12 col-sm-6"},h={class:"col-12 col-sm-6"},D={class:"row q-col-gutter-md items-center"},F={class:"col-auto"},C={class:"col-auto"},L={class:"table-scroll"},R={class:"sticky-bar row justify-between items-center q-pa-sm bg-grey-1"},q={class:"row items-center q-gutter-sm"},x={class:"row items-center justify-between"},A={class:"row items-center"},T={class:"row items-center q-gutter-md text-right"},Y={key:0},V={key:1,class:"resizable-cell-content"},B={key:2},Q={__name:"statementofaccount",setup(e){const{canRead:l,canExport:a}=(0,m.J)(),p=l("finance"),Q=a("finance"),E=(0,s.A)(),W=(0,r.E)(),z=(0,u.x)(),K=(0,c.l)(),O=(0,d.w)(),U=(0,o.KR)(null),X=(0,o.KR)([]);function P(e,l){const a=ae(e);l(()=>{X.value=a?W.accountOptions.filter(e=>{const l=ae(e.label),t=ae(e.value);return l.includes(a)||t.includes(a)}):W.accountOptions})}(0,t.sV)(async()=>{await W.fetchAccounts(),console.log("ACCOUNTS LEN:",W.accounts?.length),console.log("OPTIONS LEN:",W.accountOptions?.length),console.log("FIRST 5:",W.accountOptions?.slice(0,5)),X.value=W.accountOptions,window.toggleAllDetails=le});const S=(0,o.KR)(v()().startOf("year").format("YYYY-MM-DD")),G=(0,o.KR)(v()().format("YYYY-MM-DD")),N=[{label:"1-2 hesap",value:["1","2"]},{label:"1-3 r hesap",value:["1","3"]}],I=(0,o.KR)(N[0].value),M=(0,o.KR)({}),j=(0,o.KR)(!1);function H(e){return e&&0!==e.length?Object.keys(e[0]).map(l=>({name:l,label:l.replace(/_/g," ").replace(/\b\w/g,e=>e.toUpperCase()),field:l,align:"number"===typeof e[0][l]?"right":"left",sortable:!0})):[]}const J=(0,t.EW)(()=>H(z.headers));function Z(e){const l=K.getDetailsByBelge(e);return H(l)}async function $(){U.value&&S.value&&G.value?(await z.loadStatements({startdate:S.value,enddate:G.value,accountcode:U.value,langcode:"TR",parislemler:I.value}),await K.loadDetails({accountCode:U.value,startDate:S.value,endDate:G.value})):E.notify({type:"warning",message:"⚠️ Lütfen cari ve tarih aralığını seçiniz.",position:"top-right"})}function ee(e){"group"!==e._type&&(M.value[e.belge_no]=!M.value[e.belge_no])}function le(){if(j.value=!j.value,j.value)for(const e of z.headers)e.belge_no&&(M.value[e.belge_no]=!0);else M.value={}}function ae(e){return(e||"").toString().toLocaleLowerCase("tr-TR").normalize("NFD").replace(/[\u0300-\u036f]/g,"").trim()}function te(){U.value=null,S.value="",G.value="",I.value=N[0].value,z.headers=[],K.reset()}function oe(e){return null==e||isNaN(e)?"0,00":new Intl.NumberFormat("tr-TR",{minimumFractionDigits:2,maximumFractionDigits:2}).format(e)}const ne=(0,o.KR)(!0),ie=(0,o.KR)([]),se=(0,o.KR)(!0);function re(){se.value?ie.value=J.value.map((e,l)=>l<3?null:e.name).filter(Boolean):ie.value=J.value.map(e=>e.name),se.value=!se.value}async function ue(){if(!Q.value)return void E.notify({type:"negative",message:"PDF export yetkiniz yok",position:"top-right"});if(console.log("▶️ [DEBUG] handleDownload:",U.value,S.value,G.value),!U.value||!S.value||!G.value)return void E.notify({type:"warning",message:"⚠️ Cari ve tarih aralığını seçmeden PDF alınamaz!",position:"top-right"});const e=await O.downloadPDF(U.value,S.value,G.value,I.value);console.log("📤 [DEBUG] Store’dan gelen result:",e),E.notify({type:e.ok?"positive":"negative",message:e.message,position:"top-right"})}(0,t.wB)(J,e=>{e.length>0&&0===ie.value.length&&(ie.value=e.map(e=>e.name))});const ce=(0,g.i)();async function de(){if(!Q.value)return void E.notify({type:"negative",message:"PDF export yetkiniz yok",position:"top-right"});if(console.log("▶️ [DEBUG] CurrheadDownload:",U.value,S.value,G.value),!U.value||!S.value||!G.value)return void E.notify({type:"warning",message:"⚠️ Cari ve tarih aralığını seçmeden PDF alınamaz!",position:"top-right"});const e=await ce.handlestHeadDownload(U.value,S.value,G.value,I.value);console.log("📤 [DEBUG] CurrheadDownloadresult:",e),E.notify({type:e.ok?"positive":"negative",message:e.message,position:"top-right"})}return(e,l)=>{const a=(0,t.g2)("q-select"),s=(0,t.g2)("q-btn"),r=(0,t.g2)("q-date"),u=(0,t.g2)("q-popup-proxy"),c=(0,t.g2)("q-icon"),d=(0,t.g2)("q-input"),v=(0,t.g2)("q-slide-transition"),m=(0,t.g2)("q-item-section"),g=(0,t.g2)("q-item"),E=(0,t.g2)("q-list"),O=(0,t.g2)("q-btn-dropdown"),H=(0,t.g2)("q-td"),ae=(0,t.g2)("q-tr"),ce=(0,t.g2)("q-table"),pe=(0,t.g2)("q-page"),ve=(0,t.gN)("close-popup");return(0,o.R1)(p)?((0,t.uX)(),(0,t.Wv)(pe,{key:0,class:"q-pa-md page-col"},{default:(0,t.k6)(()=>[(0,t.Lk)("div",b,[(0,t.bF)(a,{modelValue:U.value,"onUpdate:modelValue":l[0]||(l[0]=e=>U.value=e),options:X.value,label:"Cari kod / isim",filled:"",clearable:"","use-input":"","input-debounce":"300",onFilter:P,"emit-value":"","map-options":"",loading:(0,o.R1)(W).loading,"option-value":"value","option-label":"label",behavior:"menu","keep-selected":!0},null,8,["modelValue","options","loading"])]),(0,t.Lk)("div",k,[(0,t.Lk)("div",f,[l[7]||(l[7]=(0,t.Lk)("div",{class:"text-subtitle1"},"Filtreler",-1)),(0,t.bF)(s,{dense:"",flat:"",round:"",icon:ne.value?"expand_less":"expand_more",onClick:l[1]||(l[1]=e=>ne.value=!ne.value)},null,8,["icon"])]),(0,t.bF)(v,null,{default:(0,t.k6)(()=>[(0,t.bo)((0,t.Lk)("div",y,[(0,t.Lk)("div",w,[(0,t.Lk)("div",_,[(0,t.bF)(d,{modelValue:S.value,"onUpdate:modelValue":l[3]||(l[3]=e=>S.value=e),label:"Tarih aralığı - başlangıç",filled:"",clearable:"",readonly:""},{append:(0,t.k6)(()=>[(0,t.bF)(c,{name:"event",class:"cursor-pointer"},{default:(0,t.k6)(()=>[(0,t.bF)(u,{cover:"","transition-show":"scale","transition-hide":"scale"},{default:(0,t.k6)(()=>[(0,t.bF)(r,{modelValue:S.value,"onUpdate:modelValue":l[2]||(l[2]=e=>S.value=e),mask:"YYYY-MM-DD",locale:"tr-TR"},null,8,["modelValue"])]),_:1})]),_:1})]),_:1},8,["modelValue"])]),(0,t.Lk)("div",h,[(0,t.bF)(d,{modelValue:G.value,"onUpdate:modelValue":l[5]||(l[5]=e=>G.value=e),label:"Tarih aralığı - bitiş",filled:"",clearable:"",readonly:""},{append:(0,t.k6)(()=>[(0,t.bF)(c,{name:"event",class:"cursor-pointer"},{default:(0,t.k6)(()=>[(0,t.bF)(u,{cover:"","transition-show":"scale","transition-hide":"scale"},{default:(0,t.k6)(()=>[(0,t.bF)(r,{modelValue:G.value,"onUpdate:modelValue":l[4]||(l[4]=e=>G.value=e),mask:"YYYY-MM-DD",locale:"tr-TR"},null,8,["modelValue"])]),_:1})]),_:1})]),_:1},8,["modelValue"])])]),(0,t.bF)(a,{modelValue:I.value,"onUpdate:modelValue":l[6]||(l[6]=e=>I.value=e),options:N,label:"Parasal İşlem Tipi","emit-value":"","map-options":"",filled:"",class:"q-mb-md"},null,8,["modelValue"]),(0,t.Lk)("div",D,[(0,t.Lk)("div",F,[(0,t.bF)(s,{color:"primary",icon:"filter_alt",label:"Filtrele",onClick:$})]),(0,t.Lk)("div",C,[(0,t.bF)(s,{flat:"",color:"grey-8",icon:"restart_alt",label:"Sıfırla",onClick:te})])])],512),[[n.aG,ne.value]])]),_:1})]),(0,t.Lk)("div",L,[(0,t.Lk)("div",R,[(0,t.bF)(s,{flat:"",color:"primary",icon:"view_column",label:se.value?"CARİ BİLGİ DETAY Gizle":"CARİ BİLGİ DETAY Sütunu Göster",onClick:re},null,8,["label"]),(0,t.Lk)("div",q,[(0,t.bF)(s,{flat:"",color:"secondary",icon:"list",label:j.value?"Tüm Detayları Kapat":"Tüm Detayları Aç",onClick:le},null,8,["label"]),(0,o.R1)(Q)?((0,t.uX)(),(0,t.Wv)(O,{key:0,flat:"",color:"red",icon:"picture_as_pdf",label:"Yazdır"},{default:(0,t.k6)(()=>[(0,t.bF)(E,{style:{"min-width":"200px"}},{default:(0,t.k6)(()=>[(0,t.bo)(((0,t.uX)(),(0,t.Wv)(g,{clickable:"",onClick:ue},{default:(0,t.k6)(()=>[(0,t.bF)(m,{class:"text-primary"},{default:(0,t.k6)(()=>[...l[8]||(l[8]=[(0,t.eW)(" Detaylı Cari Ekstre Yazdır ",-1)])]),_:1})]),_:1})),[[ve]]),(0,t.bo)(((0,t.uX)(),(0,t.Wv)(g,{clickable:"",onClick:de},{default:(0,t.k6)(()=>[(0,t.bF)(m,{class:"text-secondary"},{default:(0,t.k6)(()=>[...l[9]||(l[9]=[(0,t.eW)(" Cari Hesap Ekstresi Yazdır ",-1)])]),_:1})]),_:1})),[[ve]])]),_:1})]),_:1})):(0,t.Q3)("",!0)])]),(0,t.bF)(ce,{class:"sticky-table",title:"Hareketler",rows:(0,o.R1)(z).groupedRows,columns:J.value,"visible-columns":ie.value,"row-key":e=>e.OrderHeaderID+"_"+e.OrderNumber,flat:"",bordered:"",dense:"","rows-per-page-options":[0],loading:(0,o.R1)(z).loading,"table-style":{tableLayout:"auto",minWidth:"1600px"}},{body:(0,t.k6)(e=>["group"===e.row._type?((0,t.uX)(),(0,t.Wv)(ae,{key:0,class:"group-row bg-grey-3 text-weight-bold"},{default:(0,t.k6)(()=>[(0,t.bF)(H,{colspan:"100%",class:"q-pa-sm"},{default:(0,t.k6)(()=>[(0,t.Lk)("div",x,[(0,t.Lk)("div",A,[(0,t.bF)(s,{dense:"",flat:"",round:"",icon:(0,o.R1)(z).groupOpen[e.row.para_birimi]?"expand_less":"expand_more",class:"q-mr-sm",onClick:l=>(0,o.R1)(z).toggleGroup(e.row.para_birimi)},null,8,["icon","onClick"]),(0,t.Lk)("span",null,"Para Birimi: "+(0,i.v_)(e.row.para_birimi),1)]),(0,t.Lk)("div",T,[(0,t.Lk)("div",null,"Bakiye: "+(0,i.v_)(oe(e.row.sonBakiye)),1)])])]),_:2},1024)]),_:2},1024)):"data"===e.row._type?((0,t.uX)(),(0,t.Wv)(ae,{key:1,props:e,class:"main-row"},{default:(0,t.k6)(()=>[((0,t.uX)(!0),(0,t.CE)(t.FK,null,(0,t.pI)(e.cols,l=>((0,t.uX)(),(0,t.Wv)(H,{key:l.name,props:e,onClick:a=>"belge_no"===l.name?ee(e.row):null,class:(0,i.C4)(["cursor-pointer","aciklama"===l.name?"resizable-cell":"","belge_no"===l.name?"text-primary text-bold":""])},{default:(0,t.k6)(()=>[["borc","alacak","bakiye"].includes(l.name)?((0,t.uX)(),(0,t.CE)("span",Y,(0,i.v_)(oe(e.row[l.field])),1)):"aciklama"===l.name?((0,t.uX)(),(0,t.CE)("div",V,(0,i.v_)(e.row[l.field]??""),1)):((0,t.uX)(),(0,t.CE)("span",B,(0,i.v_)(e.row[l.field]??""),1))]),_:2},1032,["props","onClick","class"]))),128))]),_:2},1032,["props"])):(0,t.Q3)("",!0),"data"===e.row._type&&M.value[e.row.belge_no]?((0,t.uX)(),(0,t.Wv)(ae,{key:2,class:"sub-row"},{default:(0,t.k6)(()=>[(0,t.bF)(H,{colspan:"100%"},{default:(0,t.k6)(()=>[(0,t.bF)(ce,{rows:(0,o.R1)(K).getDetailsByBelge(e.row.belge_no),columns:Z(e.row.belge_no),"row-key":"Urun_Kodu",flat:"",dense:"",bordered:"","hide-bottom":"","no-data-label":"Detay bulunamadı",class:"custom-subtable",loading:(0,o.R1)(K).loading,"table-style":{minWidth:"1200px"}},null,8,["rows","columns","loading"])]),_:2},1024)]),_:2},1024)):(0,t.Q3)("",!0)]),_:1},8,["rows","columns","visible-columns","row-key","loading"])])]),_:1})):((0,t.uX)(),(0,t.Wv)(pe,{key:1,class:"q-pa-md flex flex-center"},{default:(0,t.k6)(()=>[...l[10]||(l[10]=[(0,t.Lk)("div",{class:"text-negative text-subtitle1"}," Bu module erisim yetkiniz yok. ",-1)])]),_:1}))}}};var E=a(5013),W=a(6941),z=a(2677),K=a(6510),O=a(6067),U=a(3933),X=a(8360),P=a(5626),S=a(5303),G=a(3766),N=a(2589),I=a(4958),M=a(6087),j=a(7339),H=a(8785),J=a(8657),Z=a(272),$=a.n(Z);const ee=Q,le=ee;$()(Q,"components",{QPage:E.A,QSelect:W.A,QBtn:z.A,QSlideTransition:K.A,QInput:O.A,QIcon:U.A,QPopupProxy:X.A,QDate:P.A,QBtnDropdown:S.A,QList:G.A,QItem:N.A,QItemSection:I.A,QTable:M.A,QTr:j.A,QTd:H.A}),$()(Q,"directives",{ClosePopup:J.A})}}]);

ui/dist/spa/js/54.92abb86e.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[54],{54:(e,l,a)=>{a.r(l),a.d(l,{default:()=>D});a(939),a(6461),a(4520),a(7049),a(3142),a(8832),a(8825),a(2528),a(4207),a(9188),a(1118);var t=a(1347),o=a(4187),n=a(8633),i=a(7763),r=a(455),s=a(3022),d=a(588),u=a(705),c=a(2986);let m=0;const p=(0,u.nY)("roleDeptPermissionList",{state:()=>({modules:[],moduleActions:[],rows:[],loading:!1,error:null,filters:{search:""}}),getters:{totalCount(e){return e.rows.length}},actions:{async fetchRows(){const e=++m;this.loading=!0,this.error=null;try{const l=String(this.filters.search||"").trim(),a={};l&&(a.search=l);const t=await c.Ay.get("/role-dept-permissions/list",{params:a});if(e!==m)return;const o=t?.data||{};this.modules=Array.isArray(o?.modules)?o.modules.map(e=>({value:String(e.value||"").toLowerCase().trim(),label:String(e.label||"")})).filter(e=>e.value):[],this.moduleActions=Array.isArray(o?.module_actions)?o.module_actions.map(e=>({module_code:String(e.module_code||"").toLowerCase().trim(),action:String(e.action||"").toLowerCase().trim()})).filter(e=>e.module_code&&e.action):[];const n=Array.isArray(o?.rows)?o.rows:Array.isArray(t?.data)?t.data:[];this.rows=n.map(e=>{const l=e?.module_flags&&"object"===typeof e.module_flags?e.module_flags:{},a={};return Object.keys(l).forEach(e=>{a[String(e).toLowerCase().trim()]=Boolean(l[e])}),{role_id:Number(e.role_id||0),role_title:e.role_title||"",department_code:e.department_code||"",department_title:e.department_title||"",module_flags:a}})}catch(l){if(e!==m)return;this.modules=[],this.moduleActions=[],this.rows=[],this.error=l?.response?.data||l?.message||"Yetki listesi alınamadı"}finally{e===m&&(this.loading=!1)}}}}),f={class:"rdp-filter-bar"},v={class:"rdp-filter-row"},h={class:"rdp-filter-actions"},b={class:"rdp-config-menus"},k={class:"rdp-summary"},w={key:0,class:"text-center"},g={key:1,class:"text-center"},_={__name:"RoleDepartmentPermissionList",setup(e){const l=(0,r.rd)(),a=(0,s.A)(),u=p(),{canUpdate:c}=(0,d.J)(),m=c("user"),_=(0,o.KR)([]),y=(0,o.KR)({}),x=(0,o.KR)(""),A={update:"Güncelleme",view:"Görüntüleme",insert:"Ekleme",export:"Çıktı",write:"Yazma",read:"Okuma",delete:"Silme",login:"Giriş",refresh:"Yenileme","user.update":"Kullanıcı Güncelle"},C=[{name:"open",label:"",field:"open",align:"center",sortable:!1,classes:"freeze-col freeze-1",headerClasses:"freeze-col freeze-1",style:"width:56px; min-width:56px; max-width:56px",headerStyle:"width:56px; min-width:56px; max-width:56px"},{name:"role_title",label:"Rol",field:"role_title",align:"left",sortable:!0,classes:"freeze-col freeze-2",headerClasses:"freeze-col freeze-2",style:"width:220px; min-width:220px; max-width:220px",headerStyle:"width:220px; min-width:220px; max-width:220px"},{name:"department_title",label:"Departman",field:"department_title",align:"left",sortable:!0,classes:"freeze-col freeze-3",headerClasses:"freeze-col freeze-3",style:"width:220px; min-width:220px; max-width:220px",headerStyle:"width:220px; min-width:220px; max-width:220px"},{name:"department_code",label:"Departman Kodu",field:"department_code",align:"left",sortable:!0,style:"width:140px; min-width:140px; max-width:140px",headerStyle:"width:140px; min-width:140px; max-width:140px"}],F=(0,t.EW)(()=>{const e={};return(u.modules||[]).forEach(l=>{e[l.value]=l.label||l.value}),e}),S=(0,t.EW)(()=>{const e={};return(u.moduleActions||[]).forEach(l=>{e[l.module_code]||(e[l.module_code]=[]),e[l.module_code].includes(l.action)||e[l.module_code].push(l.action)}),Object.keys(e).forEach(l=>e[l].sort()),e}),R=(0,t.EW)(()=>x.value?F.value[x.value]||x.value:"Seçim"),W=(0,t.EW)(()=>x.value&&S.value[x.value]||[]);function E(e){const l=String(e||"").toLowerCase().trim();return A[l]||l}function q(){const e=(u.modules||[]).map(e=>e.value);if(!e.length)return _.value=[],y.value={},void(x.value="");const l=_.value.filter(l=>e.includes(l));_.value=l.length?l:[...e],_.value.includes(x.value)||(x.value=_.value[0]);const a={};_.value.forEach(e=>{const l=S.value[e]||[],t=y.value[e]||[],o=t.filter(e=>l.includes(e));a[e]=o.length?o:[...l]}),y.value=a}function z(e){return _.value.includes(e)}function L(e,l){const a=new Set(_.value);l?a.add(e):a.delete(e),_.value=[...a],_.value.length||(_.value=[e]),_.value.includes(x.value)||(x.value=_.value[0]),q()}function Q(e){x.value=e}function $(){_.value=(u.modules||[]).map(e=>e.value),q()}function K(e,l){return(y.value[e]||[]).includes(l)}function T(e,l,a){const t=new Set(y.value[e]||[]);a?t.add(l):t.delete(l),0===t.size&&t.add(l),y.value={...y.value,[e]:[...t]}}function X(){x.value&&(y.value={...y.value,[x.value]:[...W.value]})}(0,t.wB)(()=>[u.modules,u.moduleActions],()=>{q()},{deep:!0});const B=(0,t.EW)(()=>{const e=[];return _.value.forEach(l=>{const a=y.value[l]||[];a.forEach(a=>{const t=`${l}|${a}`;e.push({name:`perm_${t}`,label:`${F.value[l]||l}\n${E(a)}`,field:e=>Boolean(e.module_flags?.[t]),align:"center",sortable:!0,style:"width:150px; min-width:150px; max-width:150px",headerStyle:"width:150px; min-width:150px; max-width:150px; white-space:pre-line; line-height:1.15"})})}),e}),D=(0,t.EW)(()=>[...C,...B.value]),I=(0,t.EW)(()=>(u.rows||[]).map(e=>({...e,row_key:`${e.role_id}:${e.department_code}`})));function V(e){return String(e||"").startsWith("perm_")}let Y=null;function U(e){e?.role_id&&e?.department_code?l.push({name:"role-dept-permissions-editor",query:{mode:"edit",roleId:String(e.role_id),deptCode:String(e.department_code)}}):a.notify({type:"warning",message:"Kayıt bilgisi eksik"})}function G(){u.filters.search="",u.fetchRows()}return(0,t.wB)(()=>u.filters.search,()=>{clearTimeout(Y),Y=setTimeout(()=>{m.value&&u.fetchRows()},350)}),(0,t.sV)(async()=>{m.value&&(await u.fetchRows(),q())}),(e,l)=>{const a=(0,t.g2)("q-icon"),r=(0,t.g2)("q-input"),s=(0,t.g2)("q-btn"),d=(0,t.g2)("q-item-section"),c=(0,t.g2)("q-item"),p=(0,t.g2)("q-separator"),_=(0,t.g2)("q-checkbox"),y=(0,t.g2)("q-list"),A=(0,t.g2)("q-btn-dropdown"),C=(0,t.g2)("q-tooltip"),F=(0,t.g2)("q-td"),S=(0,t.g2)("q-table"),q=(0,t.g2)("q-banner"),B=(0,t.g2)("q-page");return(0,o.R1)(m)?((0,t.uX)(),(0,t.Wv)(B,{key:0,class:"rdp-list-page"},{default:(0,t.k6)(()=>[(0,t.Lk)("div",f,[(0,t.Lk)("div",v,[(0,t.bF)(r,{modelValue:(0,o.R1)(u).filters.search,"onUpdate:modelValue":l[0]||(l[0]=e=>(0,o.R1)(u).filters.search=e),class:"rdp-filter-input rdp-search",dense:"",filled:"",clearable:"",debounce:"300",label:"Arama (Rol / Departman)"},{append:(0,t.k6)(()=>[(0,t.bF)(a,{name:"search"})]),_:1},8,["modelValue"]),(0,t.Lk)("div",h,[(0,t.bF)(s,{label:"Temizle",icon:"clear",color:"grey-7",flat:"",disable:(0,o.R1)(u).loading,onClick:G},null,8,["disable"]),(0,t.bF)(s,{label:"Yenile",icon:"refresh",color:"primary",loading:(0,o.R1)(u).loading,onClick:(0,o.R1)(u).fetchRows},null,8,["loading","onClick"])]),(0,t.Lk)("div",b,[(0,t.bF)(A,{color:"secondary",outline:"",icon:"view_module",label:"Modüller","auto-close":!1},{default:(0,t.k6)(()=>[(0,t.bF)(y,{dense:"",class:"rdp-menu-list"},{default:(0,t.k6)(()=>[(0,t.bF)(c,{clickable:"",onClick:$},{default:(0,t.k6)(()=>[(0,t.bF)(d,null,{default:(0,t.k6)(()=>[...l[3]||(l[3]=[(0,t.eW)("Tümünü Seç",-1)])]),_:1})]),_:1}),(0,t.bF)(p),((0,t.uX)(!0),(0,t.CE)(t.FK,null,(0,t.pI)((0,o.R1)(u).modules,e=>((0,t.uX)(),(0,t.Wv)(c,{key:e.value,clickable:"",onClick:l=>Q(e.value)},{default:(0,t.k6)(()=>[(0,t.bF)(d,{avatar:""},{default:(0,t.k6)(()=>[(0,t.bF)(_,{"model-value":z(e.value),dense:"","onUpdate:modelValue":l=>L(e.value,l),onClick:l[1]||(l[1]=(0,n.D$)(()=>{},["stop"]))},null,8,["model-value","onUpdate:modelValue"])]),_:2},1024),(0,t.bF)(d,null,{default:(0,t.k6)(()=>[(0,t.eW)((0,i.v_)(e.label),1)]),_:2},1024)]),_:2},1032,["onClick"]))),128))]),_:1})]),_:1}),(0,t.bF)(A,{color:"secondary",outline:"",icon:"tune",label:`Aksiyonlar (${R.value})`,disable:!x.value,"auto-close":!1},{default:(0,t.k6)(()=>[(0,t.bF)(y,{dense:"",class:"rdp-menu-list"},{default:(0,t.k6)(()=>[(0,t.bF)(c,{clickable:"",onClick:X},{default:(0,t.k6)(()=>[(0,t.bF)(d,null,{default:(0,t.k6)(()=>[...l[4]||(l[4]=[(0,t.eW)("Tümünü Seç",-1)])]),_:1})]),_:1}),(0,t.bF)(p),((0,t.uX)(!0),(0,t.CE)(t.FK,null,(0,t.pI)(W.value,e=>((0,t.uX)(),(0,t.Wv)(c,{key:`${x.value}:${e}`,clickable:""},{default:(0,t.k6)(()=>[(0,t.bF)(d,{avatar:""},{default:(0,t.k6)(()=>[(0,t.bF)(_,{"model-value":K(x.value,e),dense:"","onUpdate:modelValue":l=>T(x.value,e,l),onClick:l[2]||(l[2]=(0,n.D$)(()=>{},["stop"]))},null,8,["model-value","onUpdate:modelValue"])]),_:2},1024),(0,t.bF)(d,null,{default:(0,t.k6)(()=>[(0,t.eW)((0,i.v_)(E(e)),1)]),_:2},1024)]),_:2},1024))),128))]),_:1})]),_:1},8,["label","disable"])]),(0,t.Lk)("div",k,[(0,t.Lk)("span",null,[l[5]||(l[5]=(0,t.eW)("Toplam Kayıt: ",-1)),(0,t.Lk)("strong",null,(0,i.v_)((0,o.R1)(u).totalCount),1)])])])]),(0,t.bF)(S,{title:"Rol + Departman Yetki Setleri",class:"rdp-table",flat:"",bordered:"",dense:"","row-key":"row_key",rows:I.value,columns:D.value,loading:(0,o.R1)(u).loading,"no-data-label":"Kayıt bulunamadı","rows-per-page-options":[0],"hide-bottom":""},{"body-cell":(0,t.k6)(e=>[(0,t.bF)(F,{props:e,class:(0,i.C4)(e.col.classes)},{default:(0,t.k6)(()=>["open"===e.col.name?((0,t.uX)(),(0,t.CE)("div",w,[(0,t.bF)(s,{icon:"open_in_new",color:"primary",flat:"",round:"",dense:"",onClick:l=>U(e.row)},{default:(0,t.k6)(()=>[(0,t.bF)(C,null,{default:(0,t.k6)(()=>[...l[6]||(l[6]=[(0,t.eW)("Yetki setini aç",-1)])]),_:1})]),_:2},1032,["onClick"])])):V(e.col.name)?((0,t.uX)(),(0,t.CE)("div",g,[(0,t.bF)(_,{"model-value":Boolean(e.value),disable:"",dense:""},null,8,["model-value"])])):((0,t.uX)(),(0,t.CE)(t.FK,{key:2},[(0,t.eW)((0,i.v_)(e.value),1)],64))]),_:2},1032,["props","class"])]),_:1},8,["rows","columns","loading"]),(0,o.R1)(u).error?((0,t.uX)(),(0,t.Wv)(q,{key:0,class:"bg-red text-white q-mt-sm"},{default:(0,t.k6)(()=>[(0,t.eW)(" Hata: "+(0,i.v_)((0,o.R1)(u).error),1)]),_:1})):(0,t.Q3)("",!0)]),_:1})):((0,t.uX)(),(0,t.Wv)(B,{key:1,class:"q-pa-md flex flex-center"},{default:(0,t.k6)(()=>[...l[7]||(l[7]=[(0,t.Lk)("div",{class:"text-negative text-subtitle1"}," Bu modüle erişim yetkiniz yok. ",-1)])]),_:1}))}}};var y=a(2968),x=a(5013),A=a(6067),C=a(3933),F=a(2677),S=a(5303),R=a(3766),W=a(2589),E=a(4958),q=a(6915),z=a(8349),L=a(6087),Q=a(8785),$=a(8387),K=a(7453),T=a(272),X=a.n(T);const B=(0,y.A)(_,[["__scopeId","data-v-a17e51d4"]]),D=B;X()(_,"components",{QPage:x.A,QInput:A.A,QIcon:C.A,QBtn:F.A,QBtnDropdown:S.A,QList:R.A,QItem:W.A,QItemSection:E.A,QSeparator:q.A,QCheckbox:z.A,QTable:L.A,QTd:Q.A,QTooltip:$.A,QBanner:K.A})}}]);

ui/dist/spa/js/548.61f02757.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[548],{4548:(e,l,a)=>{a.r(l),a.d(l,{default:()=>q});a(939),a(7008),a(4520),a(7049);var o=a(1347),t=a(4187),s=a(7763),n=a(144),u=a(2986),d=a(588);const i={class:"row q-col-gutter-md q-mb-md"},m={class:"col-4"},r={class:"col-4"},c={key:0},p={class:"q-mt-md"},v={__name:"PermissionMatrix",async setup(e){let l,a;const{canRead:v,canUpdate:k}=(0,d.J)(),y=v("system"),b=k("user"),g=(0,t.KR)([]),f=(0,t.KR)([]),w=(0,t.KR)(null),h=(0,t.KR)(null),A=(0,t.KR)([]),R=(0,t.KR)(!1),q=(0,t.KR)(!1),V=[{key:"write",label:"Ekleme"},{key:"read",label:"Görüntüleme"},{key:"delete",label:"Silme"},{key:"update",label:"Güncelleme"},{key:"export",label:"Çıktı"}],[K,x,_]=([l,a]=(0,o.E)(()=>Promise.all([u.Ay.get("/lookups/roles"),u.Ay.get("/lookups/departments"),u.Ay.get("/lookups/modules")])),l=await l,a(),l);modules.value=_.data||[];const E=[{name:"module",label:"Modül",field:"label",align:"left"},...V.map(e=>({name:e.key,label:e.label,align:"center"}))];async function L(){const[e,l]=await Promise.all([u.Ay.get("/lookups/roles"),u.Ay.get("/lookups/departments")]);g.value=e.data,f.value=l.data}function Q(){A.value=modules.map(e=>{const l={module:e.code,label:e.label};return V.forEach(e=>{l[e.key]=!1}),l})}async function C(){if(w.value&&h.value){R.value=!0;try{Q();await u.Ay.get(`/roles/${w.value}/departments/${h.value}/permissions`);list.forEach(e=>{const l=String(e.module_code||e.module).toLowerCase().trim(),a=A.value.find(e=>e.module===l);a&&(a[e.action]=e.allowed)}),q.value=!1}catch{n.A.create({type:"negative",message:"Yetkiler yüklenemedi"})}finally{R.value=!1}}}async function U(){try{R.value=!0;const e=[];A.value.forEach(l=>{V.forEach(a=>{e.push({module:l.module,action:a.key,allowed:l[a.key]})})}),await u.Ay.post(`/roles/${w.value}/departments/${h.value}/permissions`,e),n.A.create({type:"positive",message:"Kaydedildi"}),q.value=!1}catch{n.A.create({type:"negative",message:"Kayıt hatası"})}finally{R.value=!1}}return(0,o.sV)(()=>{L()}),(e,l)=>{const a=(0,o.g2)("q-select"),n=(0,o.g2)("q-checkbox"),u=(0,o.g2)("q-td"),d=(0,o.g2)("q-table"),v=(0,o.g2)("q-btn"),k=(0,o.g2)("q-page");return(0,t.R1)(y)?((0,o.uX)(),(0,o.Wv)(k,{key:0,padding:""},{default:(0,o.k6)(()=>[l[3]||(l[3]=(0,o.Lk)("div",{class:"text-h6 q-mb-md"}," Rol + Departman Yetkilendirme ",-1)),(0,o.Lk)("div",i,[(0,o.Lk)("div",m,[(0,o.bF)(a,{modelValue:w.value,"onUpdate:modelValue":[l[0]||(l[0]=e=>w.value=e),C],options:g.value,label:"Rol",dense:"",outlined:"","emit-value":"","map-options":""},null,8,["modelValue","options"])]),(0,o.Lk)("div",r,[(0,o.bF)(a,{modelValue:h.value,"onUpdate:modelValue":[l[1]||(l[1]=e=>h.value=e),C],options:f.value,label:"Departman",dense:"",outlined:"","emit-value":"","map-options":""},null,8,["modelValue","options"])])]),(0,o.bF)(d,{rows:A.value,columns:E,"row-key":"module",flat:"",bordered:"",dense:"",loading:R.value},{"body-cell":(0,o.k6)(e=>[(0,o.bF)(u,{props:e},{default:(0,o.k6)(()=>["module"===e.col.name?((0,o.uX)(),(0,o.CE)("span",c,(0,s.v_)(e.row.label),1)):((0,o.uX)(),(0,o.Wv)(n,{key:1,modelValue:e.row[e.col.name],"onUpdate:modelValue":[l=>e.row[e.col.name]=l,l[2]||(l[2]=e=>q.value=!0)],dense:""},null,8,["modelValue","onUpdate:modelValue"]))]),_:2},1032,["props"])]),_:1},8,["rows","loading"]),(0,o.Lk)("div",p,[(0,t.R1)(b)?((0,o.uX)(),(0,o.Wv)(v,{key:0,color:"primary",icon:"save",label:"Kaydet",disable:!q.value,onClick:U},null,8,["disable"])):(0,o.Q3)("",!0)])]),_:1})):((0,o.uX)(),(0,o.Wv)(k,{key:1,class:"q-pa-md flex flex-center"},{default:(0,o.k6)(()=>[...l[4]||(l[4]=[(0,o.Lk)("div",{class:"text-negative text-subtitle1"}," Bu module erisim yetkiniz yok. ",-1)])]),_:1}))}}};var k=a(5013),y=a(6941),b=a(6087),g=a(8785),f=a(8349),w=a(2677),h=a(272),A=a.n(h);const R=v,q=R;A()(v,"components",{QPage:k.A,QSelect:y.A,QTable:b.A,QTd:g.A,QCheckbox:f.A,QBtn:w.A})}}]);

ui/dist/spa/js/607.70ac7b00.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[607],{5607:(e,t,a)=>{a.r(t),a.d(t,{default:()=>b});var s=a(1347),n=a(4187),l=a(455),o=a(588);const r={class:"row q-gutter-lg q-mt-md"},i={__name:"RoleDepartmentPermissionGateway",setup(e){const t=(0,l.rd)(),{canUpdate:a}=(0,o.J)(),i=a("user");function c(){t.push({name:"role-dept-permissions-list"})}function d(){t.push({name:"role-dept-permissions-editor",query:{mode:"new"}})}return(e,t)=>{const a=(0,s.g2)("q-btn"),l=(0,s.g2)("q-page");return(0,n.R1)(i)?((0,s.uX)(),(0,s.Wv)(l,{key:0,class:"perm-gateway flex flex-center column"},{default:(0,s.k6)(()=>[t[0]||(t[0]=(0,s.Lk)("div",{class:"text-h5 text-primary q-mb-xl"}," Rol + Departman Yetkileri ",-1)),(0,s.Lk)("div",r,[(0,s.bF)(a,{color:"secondary",icon:"folder_open",label:"MEVCUT YETKİLERİ GÖSTER",onClick:c}),(0,s.bF)(a,{color:"primary",icon:"add_circle",label:"YETKİ EKLE / GÜNCELLE",onClick:d})])]),_:1})):((0,s.uX)(),(0,s.Wv)(l,{key:1,class:"q-pa-md flex flex-center"},{default:(0,s.k6)(()=>[...t[1]||(t[1]=[(0,s.Lk)("div",{class:"text-negative text-subtitle1"}," Bu modüle erişim yetkiniz yok. ",-1)])]),_:1}))}}};var c=a(2968),d=a(5013),m=a(2677),u=a(272),p=a.n(u);const k=(0,c.A)(i,[["__scopeId","data-v-57a9abef"]]),b=k;p()(i,"components",{QPage:d.A,QBtn:m.A})}}]);

ui/dist/spa/js/618.f36e56f9.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[618],{5618:(e,a,l)=>{l.r(a),l.d(a,{default:()=>K});l(939),l(6461);var t=l(1347),i=l(4187),n=l(7763),o=l(455),r=l(9765),s=l(5767),u=l(2584);const c={__name:"MainLayout",setup(e){const a=(0,o.rd)(),l=(0,s.n)(),c=(0,u.o)(),p=(0,i.KR)(!0);function d(){p.value=!p.value}function b(){r.A.create({title:"Çıkış Yap",message:"Oturumunuzu kapatmak istediğinize emin misiniz?",cancel:!0,persistent:!0}).onOk(()=>{l.clearSession(),c.clear(),a.push("/login")})}(0,t.sV)(async()=>{c.loaded||await c.fetchPermissions()});const m=[{label:"Ana Panel",icon:"dashboard",to:"/app",permission:"system:view"},{label:"Finans",icon:"account_balance",children:[{label:"Cari Ekstre",to:"/app/statementofaccount",permission:"finance:view"}]},{label:"Sipariş",icon:"shopping_cart",children:[{label:"Siparişler",to:"/app/order-gateway",permission:"order:view"},{label:"Tamamlanan Siparişleri Toplu Kapatma",to:"/app/order-bulk-close",permission:"order:update"}]},{label:"Sistem",icon:"settings",children:[{label:"Rol + Departman Yetkileri",to:"/app/role-dept-permissions",permission:"user:update"},{label:"Kullanıcı Yetkileri",to:"/app/user-permissions",permission:"user:update"},{label:"Loglar",to:"/app/activity-logs",permission:"user:view"},{label:"Test Mail",to:"/app/test-mail",permission:"user:insert"}]},{label:"Kullanıcı Yönetimi",icon:"people",children:[{label:"Kullanıcılar",to:"/app/users",permission:"user:view"}]}],g=(0,t.EW)(()=>c.loaded?m.map(e=>{if(e.children){const a=e.children.filter(e=>c.hasApiPermission(e.permission));return a.length?{...e,children:a}:null}return c.hasApiPermission(e.permission)?e:null}).filter(Boolean):[]);return(e,a)=>{const l=(0,t.g2)("q-btn"),o=(0,t.g2)("q-avatar"),r=(0,t.g2)("q-toolbar-title"),s=(0,t.g2)("q-toolbar"),u=(0,t.g2)("q-header"),m=(0,t.g2)("q-icon"),k=(0,t.g2)("q-item-section"),f=(0,t.g2)("q-item"),h=(0,t.g2)("q-expansion-item"),v=(0,t.g2)("q-separator"),F=(0,t.g2)("q-list"),_=(0,t.g2)("q-scroll-area"),w=(0,t.g2)("q-drawer"),y=(0,t.g2)("router-view"),A=(0,t.g2)("q-page-container"),q=(0,t.g2)("q-footer"),Q=(0,t.g2)("q-layout");return(0,t.uX)(),(0,t.Wv)(Q,{view:"hHh Lpr fFf"},{default:(0,t.k6)(()=>[(0,t.bF)(u,{elevated:"",class:"bg-primary text-white"},{default:(0,t.k6)(()=>[(0,t.bF)(s,null,{default:(0,t.k6)(()=>[(0,t.bF)(l,{dense:"",flat:"",round:"",icon:"menu",onClick:d}),(0,t.bF)(r,null,{default:(0,t.k6)(()=>[(0,t.bF)(o,{class:"bg-secondary q-mr-sm"},{default:(0,t.k6)(()=>[...a[1]||(a[1]=[(0,t.Lk)("img",{src:"/images/Baggi-tekstilas-logolu.jpg"},null,-1)])]),_:1}),a[2]||(a[2]=(0,t.eW)(" Baggi Software System ",-1))]),_:1}),(0,t.bF)(l,{flat:"",dense:"",round:"",icon:"logout",onClick:b})]),_:1})]),_:1}),(0,i.R1)(c).loaded?((0,t.uX)(),(0,t.Wv)(w,{key:0,modelValue:p.value,"onUpdate:modelValue":a[0]||(a[0]=e=>p.value=e),"show-if-above":"",bordered:"",class:"bg-secondary text-white"},{default:(0,t.k6)(()=>[(0,t.bF)(_,{style:{height:"100%"}},{default:(0,t.k6)(()=>[(0,t.bF)(F,{padding:""},{default:(0,t.k6)(()=>[((0,t.uX)(!0),(0,t.CE)(t.FK,null,(0,t.pI)(g.value,(e,a)=>((0,t.uX)(),(0,t.CE)(t.FK,{key:a},[e.children?((0,t.uX)(),(0,t.Wv)(h,{key:0,icon:e.icon,label:e.label,"expand-separator":""},{default:(0,t.k6)(()=>[((0,t.uX)(!0),(0,t.CE)(t.FK,null,(0,t.pI)(e.children,(e,a)=>((0,t.uX)(),(0,t.Wv)(f,{key:a,clickable:"",to:e.to},{default:(0,t.k6)(()=>[(0,t.bF)(k,{avatar:""},{default:(0,t.k6)(()=>[(0,t.bF)(m,{name:"chevron_right"})]),_:1}),(0,t.bF)(k,null,{default:(0,t.k6)(()=>[(0,t.eW)((0,n.v_)(e.label),1)]),_:2},1024)]),_:2},1032,["to"]))),128))]),_:2},1032,["icon","label"])):((0,t.uX)(),(0,t.Wv)(f,{key:1,clickable:"",to:e.to},{default:(0,t.k6)(()=>[(0,t.bF)(k,{avatar:""},{default:(0,t.k6)(()=>[(0,t.bF)(m,{name:e.icon},null,8,["name"])]),_:2},1024),(0,t.bF)(k,null,{default:(0,t.k6)(()=>[(0,t.eW)((0,n.v_)(e.label),1)]),_:2},1024)]),_:2},1032,["to"])),(0,t.bF)(v,{spaced:""})],64))),128)),(0,t.bF)(f,{clickable:"",to:"/app/change-password"},{default:(0,t.k6)(()=>[(0,t.bF)(k,{avatar:""},{default:(0,t.k6)(()=>[(0,t.bF)(m,{name:"vpn_key"})]),_:1}),(0,t.bF)(k,null,{default:(0,t.k6)(()=>[...a[3]||(a[3]=[(0,t.eW)(" Şifre Değiştir ",-1)])]),_:1})]),_:1})]),_:1})]),_:1})]),_:1},8,["modelValue"])):(0,t.Q3)("",!0),(0,t.bF)(A,{class:"with-bg"},{default:(0,t.k6)(()=>[(0,t.bF)(y)]),_:1}),(0,t.bF)(q,{class:"bg-grey-8 text-white"},{default:(0,t.k6)(()=>[(0,t.bF)(s,{class:"bg-secondary"},{default:(0,t.k6)(()=>[(0,t.bF)(r,null,{default:(0,t.k6)(()=>[...a[4]||(a[4]=[(0,t.eW)(" Baggi Software System ",-1)])]),_:1})]),_:1})]),_:1})]),_:1})}}};var p=l(4001),d=l(6865),b=l(6739),m=l(2677),g=l(4629),k=l(5305),f=l(3961),h=l(5460),v=l(3766),F=l(2262),_=l(2589),w=l(4958),y=l(3933),A=l(6915),q=l(970),Q=l(5797),S=l(272),W=l.n(S);const C=c,K=C;W()(c,"components",{QLayout:p.A,QHeader:d.A,QToolbar:b.A,QBtn:m.A,QToolbarTitle:g.A,QAvatar:k.A,QDrawer:f.A,QScrollArea:h.A,QList:v.A,QExpansionItem:F.A,QItem:_.A,QItemSection:w.A,QIcon:y.A,QSeparator:A.A,QPageContainer:q.A,QFooter:Q.A})}}]);

ui/dist/spa/js/621.2108b55f.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[621],{2621:(e,s,t)=>{t.r(s),t.d(s,{default:()=>k});var a=t(1347),l=t(4187),n=t(588);const u={__name:"Dashboard",setup(e){const{canRead:s}=(0,n.J)(),t=s("system");return(e,s)=>{const n=(0,a.g2)("q-page");return(0,l.R1)(t)?((0,a.uX)(),(0,a.Wv)(n,{key:0,class:"flex flex-center"},{default:(0,a.k6)(()=>[...s[0]||(s[0]=[(0,a.Lk)("p",null,"DashBoard",-1)])]),_:1})):((0,a.uX)(),(0,a.Wv)(n,{key:1,class:"q-pa-md flex flex-center"},{default:(0,a.k6)(()=>[...s[1]||(s[1]=[(0,a.Lk)("div",{class:"text-negative text-subtitle1"}," Bu module erisim yetkiniz yok. ",-1)])]),_:1}))}}};var r=t(5013),c=t(272),o=t.n(c);const i=u,k=i;o()(u,"components",{QPage:r.A})}}]);

ui/dist/spa/js/629.2c27a0a3.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[629],{629:(e,a,t)=>{t.r(a),t.d(a,{default:()=>h});var l=t(1347),s=t(4187),i=t(3022),n=t(705),o=t(2986);const d=(0,n.nY)("mailTest",{state:()=>({loading:!1,lastResult:null}),actions:{async sendTestMail(e){this.loading=!0;try{const a=await(0,o.bE)("/test-mail",{to:e});return this.lastResult=a,!0}catch(e){throw this.lastResult=e,e}finally{this.loading=!1}}}});var u=t(588);const c={__name:"TestMail",setup(e){const{canWrite:a}=(0,u.J)(),t=a("user"),n=(0,l.EW)(()=>t.value),o=(0,i.A)(),c=d(),r=(0,s.KR)("mehmet.kececi@baggi.com.tr");async function g(){if(n.value)try{await c.sendTestMail(r.value),o.notify({type:"positive",message:"Test mail gonderildi"})}catch(e){o.notify({type:"negative",message:e?.message||"Mail gonderilemedi"})}else o.notify({type:"negative",message:"Test mail gonderme yetkiniz yok"})}return(e,a)=>{const t=(0,l.g2)("q-card-section"),i=(0,l.g2)("q-input"),o=(0,l.g2)("q-btn"),d=(0,l.g2)("q-card-actions"),u=(0,l.g2)("q-card"),m=(0,l.g2)("q-page");return n.value?((0,l.uX)(),(0,l.Wv)(m,{key:0,class:"q-pa-md"},{default:(0,l.k6)(()=>[(0,l.bF)(u,{flat:"",bordered:"",class:"q-pa-md",style:{"max-width":"500px"}},{default:(0,l.k6)(()=>[(0,l.bF)(t,null,{default:(0,l.k6)(()=>[...a[1]||(a[1]=[(0,l.Lk)("div",{class:"text-h6"},"SMTP Test Mail",-1)])]),_:1}),(0,l.bF)(t,null,{default:(0,l.k6)(()=>[(0,l.bF)(i,{modelValue:r.value,"onUpdate:modelValue":a[0]||(a[0]=e=>r.value=e),label:"Gonderilecek mail",filled:"",dense:""},null,8,["modelValue"])]),_:1}),(0,l.bF)(d,{align:"right"},{default:(0,l.k6)(()=>[n.value?((0,l.uX)(),(0,l.Wv)(o,{key:0,color:"primary",label:"Test Mail Gonder",loading:(0,s.R1)(c).loading,disable:!n.value,onClick:g},null,8,["loading","disable"])):(0,l.Q3)("",!0)]),_:1})]),_:1})]),_:1})):((0,l.uX)(),(0,l.Wv)(m,{key:1,class:"q-pa-md flex flex-center"},{default:(0,l.k6)(()=>[...a[2]||(a[2]=[(0,l.Lk)("div",{class:"text-negative text-subtitle1"}," Bu module erisim yetkiniz yok. ",-1)])]),_:1}))}}};var r=t(5013),g=t(3341),m=t(222),k=t(6067),y=t(5034),b=t(2677),v=t(272),f=t.n(v);const p=c,h=p;f()(c,"components",{QPage:r.A,QCard:g.A,QCardSection:m.A,QInput:k.A,QCardActions:y.A,QBtn:b.A})}}]);

ui/dist/spa/js/673.8f68da58.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[673],{7673:(e,l,a)=>{a.r(l),a.d(l,{default:()=>X});a(939),a(3872),a(7008),a(4520),a(7049);var o=a(1347),t=a(4187),s=a(7763),n=a(455),u=a(144),i=a(2986),r=a(588);const d={key:0,class:"q-pa-xl flex flex-center"},c={class:"sticky-stack"},m={key:0,class:"filter-bar row q-col-gutter-md"},p={class:"col-4"},v={class:"col-4"},y={class:"save-toolbar"},k={key:0,class:"permissions-table-scroll"},b={key:0},g={key:1,class:"column items-center"},f={class:"text-caption"},w={key:0},h={__name:"RoleDepartmentPermissionPage",setup(e){const{canUpdate:l}=(0,r.J)(),a=l("user"),h=(0,n.lq)(),R=(0,n.rd)(),A=(0,t.KR)([]),C=(0,t.KR)([]),E=(0,t.KR)(null),q=(0,t.KR)(null),x=(0,t.KR)([]),L=(0,t.KR)(!1),K=(0,t.KR)(!1),V=(0,t.KR)(!1),Q=[{key:"write",label:"Ekleme"},{key:"read",label:"Görüntüleme"},{key:"delete",label:"Silme"},{key:"update",label:"Güncelleme"},{key:"export",label:"Çıktı"}],_=(0,t.KR)([]),X=[{name:"module",label:"Modül",field:"label",align:"left"},...Q.map(e=>({name:e.key,label:e.label,align:"center"}))];let P=!1;function F(){R.push({name:"role-dept-permissions-list"})}function S(){const e=String(h.query.roleId||"").trim(),l=String(h.query.deptCode||"").trim();/^\d+$/.test(e)&&Number(e)>0&&(E.value=e),l&&(q.value=l),E.value&&q.value&&B()}async function T(){const[e,l,a]=await Promise.all([i.Ay.get("/lookups/roles-perm"),i.Ay.get("/lookups/departments-perm"),i.Ay.get("/lookups/modules")]);A.value=e.data||[],C.value=l.data||[],_.value=a.data||[],V.value=!0}function U(){x.value=_.value.map(e=>{const l={module:String(e.value).toLowerCase().trim(),label:e.label};return Q.forEach(e=>{l[e.key]=!1}),l})}async function B(){if(E.value&&q.value&&!P){P=!0,L.value=!0;try{_.value.length||await T(),U();const e=await i.Ay.get(`/roles/${E.value}/departments/${q.value}/permissions`),l=Array.isArray(e.data)?e.data:[];console.log("PERM LIST:",l.slice(0,10));const a={insert:"write",view:"read",delete:"delete",update:"update",export:"export"};l.forEach(e=>{const l=String(e.module_code||e.module).toLowerCase().trim(),o=String(e.action).toLowerCase().trim(),t=a[o]||o,s=x.value.find(e=>e.module===l);s&&s.hasOwnProperty(t)&&(s[t]=Boolean(e.allowed))}),K.value=!1}catch(e){console.error("PERM LOAD ERROR:",e),u.A.create({type:"negative",message:"Yetkiler yüklenemedi"})}finally{L.value=!1,P=!1}}}async function D(){try{L.value=!0;const e=[];x.value.forEach(l=>{Q.forEach(a=>{e.push({module:l.module,action:a.key,allowed:l[a.key]})})}),await i.Ay.post(`/roles/${E.value}/departments/${q.value}/permissions`,e),u.A.create({type:"positive",message:"Kaydedildi"}),K.value=!1}catch{u.A.create({type:"negative",message:"Kayıt hatası"})}finally{L.value=!1}}function $(e){return!!x.value.length&&x.value.every(l=>!0===l[e])}function I(e,l){x.value.forEach(a=>{a[e]=l}),K.value=!0}return(0,o.sV)(async()=>{await T(),S()}),(0,o.wB)(E,e=>console.log("ROLE_ID >>>",e)),(0,o.wB)(q,e=>console.log("DEPT >>>",e)),(0,o.wB)(()=>[h.query.roleId,h.query.deptCode],()=>{V.value&&S()}),(e,l)=>{const n=(0,o.g2)("q-spinner"),u=(0,o.g2)("q-select"),i=(0,o.g2)("q-btn"),r=(0,o.g2)("q-checkbox"),h=(0,o.g2)("q-th"),R=(0,o.g2)("q-td"),Q=(0,o.g2)("q-table"),_=(0,o.g2)("q-page");return(0,o.uX)(),(0,o.CE)(o.FK,null,[(0,t.R1)(a)&&!V.value?((0,o.uX)(),(0,o.CE)("div",d,[(0,o.bF)(n,{color:"primary",size:"48px"})])):(0,o.Q3)("",!0),(0,t.R1)(a)?((0,o.uX)(),(0,o.Wv)(_,{key:1,class:"permissions-page"},{default:(0,o.k6)(()=>[(0,o.Lk)("div",c,[V.value?((0,o.uX)(),(0,o.CE)("div",m,[(0,o.Lk)("div",p,[(0,o.bF)(u,{modelValue:E.value,"onUpdate:modelValue":[l[0]||(l[0]=e=>E.value=e),B],options:A.value,"option-value":"id","option-label":"title","emit-value":"","map-options":"",label:"Rol",dense:"",outlined:""},null,8,["modelValue","options"])]),(0,o.Lk)("div",v,[(0,o.bF)(u,{modelValue:q.value,"onUpdate:modelValue":[l[1]||(l[1]=e=>q.value=e),B],options:C.value,"option-value":"id","option-label":"title","emit-value":"","map-options":"",label:"Departman",dense:"",outlined:""},null,8,["modelValue","options"])])])):(0,o.Q3)("",!0),(0,o.Lk)("div",y,[l[3]||(l[3]=(0,o.Lk)("div",{class:"label"}," Rol + Departman Yetkilendirme ",-1)),(0,o.bF)(i,{flat:"",icon:"list",label:"Liste",onClick:F}),(0,t.R1)(a)?((0,o.uX)(),(0,o.Wv)(i,{key:0,color:"primary",icon:"save",label:"Kaydet",disable:!K.value,onClick:D},null,8,["disable"])):(0,o.Q3)("",!0)])]),V.value?((0,o.uX)(),(0,o.CE)("div",k,[(0,o.bF)(Q,{class:"permissions-table",rows:x.value,columns:X,"row-key":"module",flat:"",bordered:"",dense:"",loading:L.value,"rows-per-page-options":[0],pagination:{rowsPerPage:0}},{"header-cell":(0,o.k6)(e=>[(0,o.bF)(h,{props:e},{default:(0,o.k6)(()=>["module"===e.col.name?((0,o.uX)(),(0,o.CE)("span",b,(0,s.v_)(e.col.label),1)):((0,o.uX)(),(0,o.CE)("div",g,[(0,o.Lk)("span",f,(0,s.v_)(e.col.label),1),(0,o.bF)(r,{dense:"","model-value":$(e.col.name),"onUpdate:modelValue":l=>I(e.col.name,l)},null,8,["model-value","onUpdate:modelValue"])]))]),_:2},1032,["props"])]),"body-cell":(0,o.k6)(e=>[(0,o.bF)(R,{props:e,class:(0,s.C4)("module"===e.col.name?"permissions-sticky-col":"")},{default:(0,o.k6)(()=>["module"===e.col.name?((0,o.uX)(),(0,o.CE)("span",w,(0,s.v_)(e.row.label),1)):((0,o.uX)(),(0,o.Wv)(r,{key:1,modelValue:e.row[e.col.name],"onUpdate:modelValue":[l=>e.row[e.col.name]=l,l[2]||(l[2]=e=>K.value=!0)],dense:""},null,8,["modelValue","onUpdate:modelValue"]))]),_:2},1032,["props","class"])]),_:1},8,["rows","loading"])])):(0,o.Q3)("",!0)]),_:1})):((0,o.uX)(),(0,o.Wv)(_,{key:2,class:"q-pa-md flex flex-center"},{default:(0,o.k6)(()=>[...l[4]||(l[4]=[(0,o.Lk)("div",{class:"text-negative text-subtitle1"}," Bu module erisim yetkiniz yok. ",-1)])]),_:1}))],64)}}};var R=a(6356),A=a(5013),C=a(6941),E=a(2677),q=a(6087),x=a(2517),L=a(8349),K=a(8785),V=a(272),Q=a.n(V);const _=h,X=_;Q()(h,"components",{QSpinner:R.A,QPage:A.A,QSelect:C.A,QBtn:E.A,QTable:q.A,QTh:x.A,QCheckbox:L.A,QTd:K.A})}}]);

ui/dist/spa/js/713.5838996c.js

@@ -1 +0,0 @@
-"use strict";(globalThis["webpackChunkbaggisowtfaresystem"]=globalThis["webpackChunkbaggisowtfaresystem"]||[]).push([[713],{713:(e,a,l)=>{l.r(a),l.d(a,{default:()=>I});var t=l(1347),o=l(7763),s=l(4187),u=l(455),r=l(5767),n=l(3022),d=l(2986);const i={class:"q-mt-md row items-center justify-between"},c={__name:"MainPage",setup(e){const a=(0,u.rd)(),l=(0,r.n)(),c=(0,n.A)(),m=(0,s.KR)(""),g=(0,s.KR)(""),v=(0,s.KR)(!1),b=(0,s.KR)(!1),p=(0,s.KR)(!1),f=(0,s.KR)(!1),k=(0,s.KR)(""),y=(0,s.KR)(!1),h=(0,s.KR)(""),w=(0,s.KR)(!1);async function F(){p.value=!0;try{await l.login(m.value,g.value),v.value?localStorage.setItem("username",m.value):localStorage.removeItem("username"),b.value?localStorage.setItem("password",g.value):localStorage.removeItem("password"),localStorage.setItem("remember_user",v.value?"true":"false"),localStorage.setItem("remember_pass",b.value?"true":"false"),l.mustChangePassword?a.replace("/first-password-change"):a.replace("/app")}catch(e){console.error("❌ Login error:",e),c.notify({type:"negative",message:"Kullanıcı adı veya şifre hatalı",position:"top-right"}),l.clearSession()}finally{p.value=!1}}async function _(){if(k.value){y.value=!0,h.value="";try{await d.Ay.post("/password/forgot",{email:k.value}),w.value=!0,h.value="Eğer hesabınız aktif ise parola sıfırlama bağlantısı e-posta adresinize gönderilmiştir."}catch{w.value=!0,h.value="Eğer hesabınız aktif ise parola sıfırlama bağlantısı e-posta adresinize gönderilmiştir."}finally{y.value=!1}}}return(0,t.sV)(()=>{"true"===localStorage.getItem("remember_user")&&(m.value=localStorage.getItem("username")||"",v.value=!0),"true"===localStorage.getItem("remember_pass")&&(g.value=localStorage.getItem("password")||"",b.value=!0)}),(e,a)=>{const l=(0,t.g2)("q-icon"),s=(0,t.g2)("q-avatar"),u=(0,t.g2)("q-card-section"),r=(0,t.g2)("q-input"),n=(0,t.g2)("q-checkbox"),d=(0,t.g2)("q-btn"),c=(0,t.g2)("q-card-actions"),A=(0,t.g2)("q-card"),V=(0,t.g2)("q-banner"),q=(0,t.g2)("q-dialog"),K=(0,t.g2)("q-page"),x=(0,t.gN)("close-popup");return(0,t.uX)(),(0,t.Wv)(K,{class:"flex flex-center login-bg"},{default:(0,t.k6)(()=>[(0,t.bF)(A,{class:"q-pa-lg shadow-4 login-card"},{default:(0,t.k6)(()=>[(0,t.bF)(u,{class:"text-center"},{default:(0,t.k6)(()=>[(0,t.bF)(s,{size:"80px",class:"bg-white text-secondary shadow-2"},{default:(0,t.k6)(()=>[(0,t.bF)(l,{name:"lock",size:"40px"})]),_:1}),a[7]||(a[7]=(0,t.Lk)("div",{class:"login-title q-mt-sm"},"Kullanıcı Girişi",-1))]),_:1}),(0,t.bF)(u,null,{default:(0,t.k6)(()=>[(0,t.bF)(r,{modelValue:m.value,"onUpdate:modelValue":a[0]||(a[0]=e=>m.value=e),label:"Kullanıcı Adı",dense:"",standout:"bg-white",class:"q-mb-md custom-input",autocomplete:"username"},null,8,["modelValue"]),(0,t.bF)(r,{modelValue:g.value,"onUpdate:modelValue":a[1]||(a[1]=e=>g.value=e),type:"password",label:"Şifre",dense:"",standout:"bg-white",class:"custom-input",autocomplete:"current-password"},null,8,["modelValue"]),(0,t.Lk)("div",i,[(0,t.Lk)("div",null,[(0,t.bF)(n,{modelValue:v.value,"onUpdate:modelValue":a[2]||(a[2]=e=>v.value=e),label:"Kullanıcıyı hatırla",color:"secondary",dense:""},null,8,["modelValue"]),(0,t.bF)(n,{modelValue:b.value,"onUpdate:modelValue":a[3]||(a[3]=e=>b.value=e),label:"Parolayı kaydet",color:"secondary",dense:""},null,8,["modelValue"])]),(0,t.bF)(d,{flat:"",dense:"",color:"primary",label:"Şifremi Unuttum",onClick:a[4]||(a[4]=e=>f.value=!0)})])]),_:1}),(0,t.bF)(c,{align:"center"},{default:(0,t.k6)(()=>[(0,t.bF)(d,{label:"Giriş Yap",color:"primary",glossy:"",unelevated:"",icon:"login",class:"full-width",loading:p.value,onClick:F},null,8,["loading"])]),_:1})]),_:1}),(0,t.bF)(q,{modelValue:f.value,"onUpdate:modelValue":a[6]||(a[6]=e=>f.value=e),persistent:""},{default:(0,t.k6)(()=>[(0,t.bF)(A,{style:{width:"420px","max-width":"90vw"}},{default:(0,t.k6)(()=>[(0,t.bF)(u,{class:"text-h6"},{default:(0,t.k6)(()=>[...a[8]||(a[8]=[(0,t.eW)(" Parola Sıfırlama ",-1)])]),_:1}),(0,t.bF)(u,null,{default:(0,t.k6)(()=>[a[9]||(a[9]=(0,t.Lk)("div",{class:"text-caption text-grey-7 q-mb-sm"}," Kullanıcı adınızı girin. ",-1)),(0,t.bF)(r,{modelValue:k.value,"onUpdate:modelValue":a[5]||(a[5]=e=>k.value=e),label:"Kullanıcı Adı",dense:"",outlined:"",disable:y.value},null,8,["modelValue","disable"]),h.value?((0,t.uX)(),(0,t.Wv)(V,{key:0,class:(0,o.C4)(["q-mt-md",w.value?"bg-green-1 text-green":"bg-red-1 text-red"]),rounded:""},{default:(0,t.k6)(()=>[(0,t.eW)((0,o.v_)(h.value),1)]),_:1},8,["class"])):(0,t.Q3)("",!0)]),_:1}),(0,t.bF)(c,{align:"right"},{default:(0,t.k6)(()=>[(0,t.bo)((0,t.bF)(d,{flat:"",label:"Vazgeç"},null,512),[[x]]),(0,t.bF)(d,{color:"primary",label:"Gönder",loading:y.value,onClick:_},null,8,["loading"])]),_:1})]),_:1})]),_:1},8,["modelValue"])]),_:1})}}};var m=l(2968),g=l(5013),v=l(3341),b=l(222),p=l(5305),f=l(3933),k=l(6067),y=l(8349),h=l(2677),w=l(5034),F=l(45),_=l(7453),A=l(7861),V=l(8657),q=l(272),K=l.n(q);const x=(0,m.A)(c,[["__scopeId","data-v-2ea21061"]]),I=x;K()(c,"components",{QPage:g.A,QCard:v.A,QCardSection:b.A,QAvatar:p.A,QIcon:f.A,QInput:k.A,QCheckbox:y.A,QBtn:h.A,QCardActions:w.A,QDialog:F.A,QBanner:_.A,QField:A.A}),K()(c,"directives",{ClosePopup:V.A})}}]);