diff --git a/app/Http/Controllers/CharacteristicApprovalController.php b/app/Http/Controllers/CharacteristicApprovalController.php index 1aff78b..dfdeb8d 100644 --- a/app/Http/Controllers/CharacteristicApprovalController.php +++ b/app/Http/Controllers/CharacteristicApprovalController.php @@ -16,17 +16,6 @@ class CharacteristicApprovalController extends Controller return $this->updateStatus($request, 'Approved'); } - /** - * HOLD - */ - // public function hold(Request $request) - // { - // return $this->updateStatus($request, 'Hold'); - // } - - /** - * REJECT - */ public function reject(Request $request) { return $this->updateStatus($request, 'Rejected'); @@ -35,7 +24,6 @@ class CharacteristicApprovalController extends Controller public function holdForm(Request $request) { $id = $request->query('id'); - // $level = $request->query('level'); $level = (int) $request->query('level'); @@ -48,14 +36,38 @@ class CharacteristicApprovalController extends Controller default => abort(403, 'Invalid approver level'), }; + $levels = [ + 1 => 'approver_status1', + 2 => 'approver_status2', + 3 => 'approver_status3', + ]; + $currentStatus = $record->$statusColumn; + $currentStatusColumn = $levels[$level]; + if (in_array($currentStatus, ['Approved', 'Rejected'])) { return view('approval.already-processed', [ 'status' => $currentStatus, ]); } + foreach ($levels as $lvl => $column) { + if ($lvl != $level && in_array($record->$column, ['Approved', 'Rejected'])) { + return view('approval.already-processed', [ + 'status' => 'Already processed by another approver', + ]); + } + } + + $expectedMailStatus = $allowedMailStatusByLevel[$level] ?? null; + + if ($record->mail_status != $expectedMailStatus) { + return view('approval.already-processed', [ + 'status' => 'You are not authorized to act at this level', + ]); + } + return view('approval.hold-form', compact('id', 'level')); } @@ -74,6 +86,14 @@ class CharacteristicApprovalController extends Controller default => abort(403, 'Invalid approver level'), }; + $levels = [ + 1 => 'approver_status1', + 2 => 'approver_status2', + 3 => 'approver_status3', + ]; + + $currentStatusColumn = $levels[$level]; + $currentStatus = $record->$statusColumn; if (in_array($currentStatus, ['Approved', 'Rejected'])) { @@ -82,6 +102,22 @@ class CharacteristicApprovalController extends Controller ]); } + foreach ($levels as $lvl => $column) { + if ($lvl != $level && in_array($record->$column, ['Approved', 'Rejected'])) { + return view('approval.already-processed', [ + 'status' => 'Already processed by another approver', + ]); + } + } + + $expectedMailStatus = $allowedMailStatusByLevel[$level] ?? null; + + if ($record->mail_status != $expectedMailStatus) { + return view('approval.already-processed', [ + 'status' => 'You are not authorized to act at this level', + ]); + } + return view('approval.reject-form', compact('id', 'level')); } @@ -107,109 +143,6 @@ class CharacteristicApprovalController extends Controller return $this->updateStatus($request, 'Rejected', false); } - // protected function updateStatus(Request $request, string $status) - // { - // $requestId = $request->query('id'); - // $level = (int) $request->query('level'); - - // $record = RequestCharacteristic::findOrFail($requestId); - - // $column = match ($level) { - // 1 => 'approver_status1', - // 2 => 'approver_status2', - // 3 => 'approver_status3', - // default => abort(403, 'Invalid approver level'), - // }; - - // $pendingRecords = RequestCharacteristic::where('plant_id', $record->plant_id) - // ->where('machine_id', $record->machine_id) - // ->where('aufnr', $record->aufnr) - // ->whereNull('approver_status1') - // ->whereNull('approver_status2') - // ->whereNull('approver_status3') - // ->get(); - - // if ($pendingRecords->isEmpty()) { - // return view('approval.already-processed', [ - // 'status' => 'No pending records for this group' - // ]); - // } - - // if ($pendingRecords->first()->$column != null) { - // return view('approval.already-processed', [ - // 'status' => $pendingRecords->first()->$column - // ]); - // } - - // // Update all records in the group for this approver level - // foreach ($pendingRecords as $rec) { - // $rec->update([$column => $status]); - // } - - // return match ($status) { - // 'Approved' => view('approval.success'), - // 'Hold' => view('approval.hold-success'), - // 'Rejected' => view('approval.reject-success'), - // default => abort(500), - // }; - // } - - // protected function updateStatus(Request $request, string $status) - // { - // $requestId = $request->query('id'); - // $level = (int) $request->query('level'); - - // $record = RequestCharacteristic::findOrFail($requestId); - - // [$statusColumn, $approvedAtColumn, $remarkColumn] = match ($level) { - // 1 => ['approver_status1', 'approved1_at', 'approver_remark1'], - // 2 => ['approver_status2', 'approved2_at', 'approver_remark2'], - // 3 => ['approver_status3', 'approved3_at', 'approver_remark3'], - // default => abort(403, 'Invalid approver level'), - // }; - - // $pendingRecords = RequestCharacteristic::where('plant_id', $record->plant_id) - // ->where('machine_id', $record->machine_id) - // ->where('aufnr', $record->aufnr) - // ->where('work_flow_id', $record->work_flow_id) - // ->whereNull('approver_status1') - // ->whereNull('approver_status2') - // ->whereNull('approver_status3') - // ->get(); - - // if ($pendingRecords->isEmpty()) { - // return view('approval.already-processed', [ - // 'status' => 'No pending records for this group', - // ]); - // } - - // if ($pendingRecords->first()->$statusColumn !== null) { - // return view('approval.already-processed', [ - // 'status' => $pendingRecords->first()->$statusColumn, - // ]); - // } - - // $updateData = [ - // $statusColumn => $status, - // $remarkColumn => $request->input('remark') - // ]; - - // if ($status == 'Approved') { - // $updateData[$approvedAtColumn] = Carbon::now(); - // } - - // foreach ($pendingRecords as $rec) { - // $rec->update($updateData); - // } - - // return match ($status) { - // 'Approved' => view('approval.success'), - // 'Hold' => view('approval.hold-success'), - // 'Rejected' => view('approval.reject-success'), - // default => abort(500), - // }; - // } - protected function updateStatus(Request $request, string $status, bool $returnView = true) { $requestId = $request->input('id'); @@ -259,14 +192,36 @@ class CharacteristicApprovalController extends Controller ], 404); } + $allowedMailStatusByLevel = [ + 1 => 'Sent', + 2 => 'Sent-Mail2', + 3 => 'Sent-Mail3', + ]; + + $expectedMailStatus = $allowedMailStatusByLevel[$level] ?? null; + + if ($record->mail_status != $expectedMailStatus) { + if ($returnView) { + return view('approval.already-processed', [ + 'status' => 'You are not authorized to act at this level', + ]); + } + + return response()->json([ + 'status' => false, + 'message' => 'Invalid approval level for current mail status', + ], 403); + } + $updateData = [ $statusColumn => $status, $remarkColumn => $request->input('remark'), + $approvedAtColumn => Carbon::now(), ]; - if ($status == 'Approved') { - $updateData[$approvedAtColumn] = Carbon::now(); - } + // if ($status == 'Approved') { + // $updateData[$approvedAtColumn] = Carbon::now(); + // } foreach ($pendingRecords as $rec) { $rec->update($updateData);