liderra/portal
1
0
Fork 0
Code Issues Pull Requests Actions 74 Packages Projects Releases Wiki Activity

Compare commits

merge into: liderra/portal:worktree-sprint5b-layout-views
Branches Tags
liderra/portal:main liderra/portal:feat/db-path-a-audit-guc-bypass-policies liderra/portal:feat/source-edit-snapshot-routing liderra/portal:worktree-brainrepo liderra/portal:feat/gate-allow-worktree-cd liderra/portal:worktree-prod-imitation-clients liderra/portal:fix/from-scratch-migrate-a11y-full liderra/portal:worktree-perplexity-pack liderra/portal:worktree-scratch-idle-session liderra/portal:a11y-public-revert liderra/portal:feat/a11y-ci-postgres liderra/portal:fix/rossvyaz-osetia liderra/portal:feat/rossvyaz-mapping-tail liderra/portal:fix/phone-ranges-staging-id liderra/portal:chore/lead-region-ops-force liderra/portal:feat/rossvyaz-region-mapping liderra/portal:feat/deals-city-region liderra/portal:feat/gate-dev-prod-rescope liderra/portal:worktree-lead-region-tails liderra/portal:worktree-discipline-guard liderra/portal:worktree-feat+lead-region-resolution liderra/portal:worktree-fix+api-400 liderra/portal:worktree-router-gate-v4-stream-h-close liderra/portal:worktree-brain-factor-completeness liderra/portal:backup-pre-v4-cleanup liderra/portal:feat/v4-stream-A liderra/portal:feat/v4-stream-D liderra/portal:feat/v4-stream-B liderra/portal:feat/v4-stream-E liderra/portal:feat/v4-stream-C liderra/portal:worktree-audit-rebuild-per-tenant-fix liderra/portal:feat/router-gate-hard-wall liderra/portal:feat/slepok-stage-4 liderra/portal:feat/slepok-stage-3 liderra/portal:deploy/stage-2-prod-2026-05-28 liderra/portal:feat/slepok-stage-2 liderra/portal:spike/graphify-2026-05-27 liderra/portal:feat/slepok-stage-1 liderra/portal:feat/a10-bi-tooling liderra/portal:rebase/spec-c-on-main liderra/portal:fix/supplier-platform-prefix liderra/portal:worktree-supplier-snapshot-guard liderra/portal:fix/enforce-9-holes liderra/portal:feat/brain-retro-2026-05-26 liderra/portal:fix/self-assessment-prompt-source liderra/portal:feat/untie-l-chains-normative liderra/portal:feat/billing-v2-spec-c liderra/portal:feat/enforce-hard-rules liderra/portal:feat/supplier-webhook-fixes liderra/portal:feat/llm-first-router liderra/portal:feat/legacy-webhook-removal liderra/portal:hotfix/pilot-incident-24-05 liderra/portal:feat/billing-v2-spec-b liderra/portal:fix/partition-rls-supplier-conn liderra/portal:feat/admin-tenant-balance-edit liderra/portal:feat/supplier-group-sync-fix liderra/portal:feat/billing-v2-spec-a liderra/portal:worktree-audit-p2-operational liderra/portal:worktree-c1-marketing-tooling liderra/portal:worktree-audit-p1-auth liderra/portal:worktree-audit-p0-pd liderra/portal:feat/root-domain-auto-link liderra/portal:worktree-fix-supplier-lead-limit-split liderra/portal:feat/registration-email-phone liderra/portal:feat/test-deploy liderra/portal:worktree-a8-infosec-tooling liderra/portal:worktree-observer-missed-activations liderra/portal:feat/project-migration-redesign liderra/portal:feat/observer-chain-attribution liderra/portal:worktree-a1-backend-tooling liderra/portal:feat/observer-v2-expansion liderra/portal:feat/automation-map-iter9 liderra/portal:feat/supplier-migration-followup liderra/portal:feat/brain-dashboard liderra/portal:feat/parallel-sessions-coordination liderra/portal:feat/supplier-project-failover liderra/portal:feat/anthropic-dev-tooling liderra/portal:feat/a4-design-tooling liderra/portal:worktree-discovery-interview liderra/portal:worktree-c10-business-process-tooling liderra/portal:worktree-adr006-icon-path-boundary liderra/portal:worktree-a11-ml-ai-tooling liderra/portal:feat/a3-integration-tooling liderra/portal:worktree-c9-project-management-tooling liderra/portal:worktree-sprint6-p3-polish liderra/portal:feat/a11-ml-ai-tooling liderra/portal:worktree-sprint5d-cleanup liderra/portal:feat/d3-audit-risk-tooling liderra/portal:worktree-sprint5c-billing-admin liderra/portal:feat/a6-architecture-tooling liderra/portal:worktree-sprint5b-layout-views liderra/portal:worktree-sprint5a-auth-polish liderra/portal:worktree-sprint4-historical-import liderra/portal:feat/sprint3f-api-middleware liderra/portal:feat/sprint3e-settings-tabs liderra/portal:feat/sprint3d-admin-actions liderra/portal:worktree-ruflo-recollage liderra/portal:feat/sprint3c-reports liderra/portal:feat/sprint3b-dashboard liderra/portal:feat/rls-tooling-boundary liderra/portal:feat/sprint3a-layout-nav liderra/portal:plan-6-regions liderra/portal:plan5-frontend-projects liderra/portal:worktree-agent-acf7791b6c7b304a9 liderra/portal:worktree-agent-aba2f178c9542f2cc liderra/portal:supplier-sync-plan3
liderra/portal:brain-llm-first-live liderra/portal:brain-pre-llm-bootstrap
..
pull from: liderra/portal:plan-6-regions
Branches Tags
liderra/portal:main liderra/portal:feat/db-path-a-audit-guc-bypass-policies liderra/portal:feat/source-edit-snapshot-routing liderra/portal:worktree-brainrepo liderra/portal:feat/gate-allow-worktree-cd liderra/portal:worktree-prod-imitation-clients liderra/portal:fix/from-scratch-migrate-a11y-full liderra/portal:worktree-perplexity-pack liderra/portal:worktree-scratch-idle-session liderra/portal:a11y-public-revert liderra/portal:feat/a11y-ci-postgres liderra/portal:fix/rossvyaz-osetia liderra/portal:feat/rossvyaz-mapping-tail liderra/portal:fix/phone-ranges-staging-id liderra/portal:chore/lead-region-ops-force liderra/portal:feat/rossvyaz-region-mapping liderra/portal:feat/deals-city-region liderra/portal:feat/gate-dev-prod-rescope liderra/portal:worktree-lead-region-tails liderra/portal:worktree-discipline-guard liderra/portal:worktree-feat+lead-region-resolution liderra/portal:worktree-fix+api-400 liderra/portal:worktree-router-gate-v4-stream-h-close liderra/portal:worktree-brain-factor-completeness liderra/portal:backup-pre-v4-cleanup liderra/portal:feat/v4-stream-A liderra/portal:feat/v4-stream-D liderra/portal:feat/v4-stream-B liderra/portal:feat/v4-stream-E liderra/portal:feat/v4-stream-C liderra/portal:worktree-audit-rebuild-per-tenant-fix liderra/portal:feat/router-gate-hard-wall liderra/portal:feat/slepok-stage-4 liderra/portal:feat/slepok-stage-3 liderra/portal:deploy/stage-2-prod-2026-05-28 liderra/portal:feat/slepok-stage-2 liderra/portal:spike/graphify-2026-05-27 liderra/portal:feat/slepok-stage-1 liderra/portal:feat/a10-bi-tooling liderra/portal:rebase/spec-c-on-main liderra/portal:fix/supplier-platform-prefix liderra/portal:worktree-supplier-snapshot-guard liderra/portal:fix/enforce-9-holes liderra/portal:feat/brain-retro-2026-05-26 liderra/portal:fix/self-assessment-prompt-source liderra/portal:feat/untie-l-chains-normative liderra/portal:feat/billing-v2-spec-c liderra/portal:feat/enforce-hard-rules liderra/portal:feat/supplier-webhook-fixes liderra/portal:feat/llm-first-router liderra/portal:feat/legacy-webhook-removal liderra/portal:hotfix/pilot-incident-24-05 liderra/portal:feat/billing-v2-spec-b liderra/portal:fix/partition-rls-supplier-conn liderra/portal:feat/admin-tenant-balance-edit liderra/portal:feat/supplier-group-sync-fix liderra/portal:feat/billing-v2-spec-a liderra/portal:worktree-audit-p2-operational liderra/portal:worktree-c1-marketing-tooling liderra/portal:worktree-audit-p1-auth liderra/portal:worktree-audit-p0-pd liderra/portal:feat/root-domain-auto-link liderra/portal:worktree-fix-supplier-lead-limit-split liderra/portal:feat/registration-email-phone liderra/portal:feat/test-deploy liderra/portal:worktree-a8-infosec-tooling liderra/portal:worktree-observer-missed-activations liderra/portal:feat/project-migration-redesign liderra/portal:feat/observer-chain-attribution liderra/portal:worktree-a1-backend-tooling liderra/portal:feat/observer-v2-expansion liderra/portal:feat/automation-map-iter9 liderra/portal:feat/supplier-migration-followup liderra/portal:feat/brain-dashboard liderra/portal:feat/parallel-sessions-coordination liderra/portal:feat/supplier-project-failover liderra/portal:feat/anthropic-dev-tooling liderra/portal:feat/a4-design-tooling liderra/portal:worktree-discovery-interview liderra/portal:worktree-c10-business-process-tooling liderra/portal:worktree-adr006-icon-path-boundary liderra/portal:worktree-a11-ml-ai-tooling liderra/portal:feat/a3-integration-tooling liderra/portal:worktree-c9-project-management-tooling liderra/portal:worktree-sprint6-p3-polish liderra/portal:feat/a11-ml-ai-tooling liderra/portal:worktree-sprint5d-cleanup liderra/portal:feat/d3-audit-risk-tooling liderra/portal:worktree-sprint5c-billing-admin liderra/portal:feat/a6-architecture-tooling liderra/portal:worktree-sprint5b-layout-views liderra/portal:worktree-sprint5a-auth-polish liderra/portal:worktree-sprint4-historical-import liderra/portal:feat/sprint3f-api-middleware liderra/portal:feat/sprint3e-settings-tabs liderra/portal:feat/sprint3d-admin-actions liderra/portal:worktree-ruflo-recollage liderra/portal:feat/sprint3c-reports liderra/portal:feat/sprint3b-dashboard liderra/portal:feat/rls-tooling-boundary liderra/portal:feat/sprint3a-layout-nav liderra/portal:plan-6-regions liderra/portal:plan5-frontend-projects liderra/portal:worktree-agent-acf7791b6c7b304a9 liderra/portal:worktree-agent-aba2f178c9542f2cc liderra/portal:supplier-sync-plan3
liderra/portal:brain-llm-first-live liderra/portal:brain-pre-llm-bootstrap

5 Commits
worktree-sprint5b-layout-views .. plan-6-regions

Author SHA1 Message Date
Дмитрий 4bdb996c6c feat(ui): subject-level regions autocomplete in NewProjectDialog + PDD (Plan 6 Task 5) 
- projectsStore: Project.regions?: number[] interface field
- NewProjectDialog: replace interim placeholder с v-autocomplete (89
  subjects + federal district subtitle); form drops region_mask/region_mode
  (backend dual-writes)
- ProjectDetailsDrawer: replace maskToCodes/encode-watch с direct
  form.regions binding; same v-autocomplete component
- Vitest: +2 NewProjectDialog tests (count=89, POST payload includes regions[]);
  refactor 3 existing PDD region tests на regions[] model

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 05:54:05 +03:00
Дмитрий 830e7fc3d7 feat(supplier): outbound adapter direct-copy regions[] (Plan 6 Task 4) 
SyncSupplierProjectsJob::adaptProjectsForAllocator no longer converts
8-bit region_mask via bitmaskToList. Instead direct-copies projects.regions[]
(89-code subject array) into supplier_projects.current_regions / DTO.

region_mask still dual-written for PhonePrefixService backward-compat (Plan 6.5
cleanup will switch readers and drop dual-write).

+2 Pest tests verifying direct copy + empty-array semantics.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 05:43:49 +03:00
Дмитрий c1ecefafc0 feat(projects): backend support for subject-level regions array (Plan 6 Task 3) 
- Project model: +regions in fillable + cast via PostgresIntArray
  (custom Eloquent cast for PG INT[] — Laravel stock 'array' uses JSON
  which Postgres rejects on native INT[] columns)
- StoreProjectRequest / UpdateProjectRequest: drop region_mask/mode rules,
  add regions array validation (1..89 each, present/sometimes)
- ProjectService::create: dual-write — regions источник истины + legacy
  region_mask=255 + region_mode='include' для PhonePrefixService/LeadRouter
  compatibility (Plan 6.5 cleanup will remove dual-write)
- +5 Pest tests covering create/update/dual-write/validation rejection
- Drive-by: SchemaDeltaTest indexes pin 117 → 118 (Plan 6 v8.20 carryover
  from Task 1; should ideally have landed in Task 1 commit c487641)
- phpstan-baseline: +3 entries for Project::$regions until next ide-helper
  regen; existing Pest actingAs counts bumped 9→12 / 6→8 for new tests

Verified: Pest --parallel 747/744/3sk/0/0 (5 new tests pass +
SchemaDeltaTest now green), phpstan 0 errors, pint clean, gitleaks 0.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 05:39:43 +03:00
Дмитрий f467409baf chore(regions): expand REGIONS constant 31 → 89 + add federal district mapping 
89 субъектов РФ по конституционному порядку (ст. 65, ред. 2022).
Adds federalDistrict field for UI group-by + FEDERAL_DISTRICT_NAMES map.
Sentinel code:0 "Вся РФ" сохранён для UI hint; в БД = regions=[].
Plan 6 (см. docs/superpowers/specs/2026-05-14-plan-6-regions-subject-level-design.md).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 05:01:12 +03:00
Дмитрий c4876410ea db(schema): v8.20 — add projects.regions INT[] for subject-level filtering 
Adds INT[] column + GIN index to support 89-code regions (Plan 6).
region_mask/region_mode kept for backward-compat (DEPRECATED, removal in Plan 6.5).
Empty array semantically equivalent to legacy region_mask=255 (all of Russia).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 04:52:19 +03:00
261 changed files with 1941 additions and 42224 deletions
Expand all files Collapse all files
.claude/agents/rls-reviewer.md
-20
View File
@@ -7,7 +7,6 @@ description: |
(crm_app_user, crm_app_admin, crm_supplier_worker BYPASSRLS,
crm_readonly, crm_migrator). Reports orphan policies, missing tenant_id
columns, inconsistent GRANTs, missing CHANGELOG entries.
For manually checking a single named table before commit - use the /rls-check skill.
tools: Read, Grep, Glob, Bash
---
@@ -36,23 +35,6 @@ SaaS-level таблицы (e.g., `supplier_csv_reconcile_log`, `system_settings`
Каждое schema change требует записи в `db/CHANGELOG_schema.md` (CLAUDE.md §5 п.8).
## Граница со скилом /rls-check
`rls-reviewer` (этот агент) и скил `/rls-check`
(`.claude/skills/rls-check/SKILL.md`) оба проверяют RLS. Правило выбора:
- Есть diff / ветка / PR с изменениями БД, набор таблиц заранее не известен →
**этот агент**.
- Знаешь имя одной конкретной таблицы, проверка вручную перед коммитом →
**скил `/rls-check <table>`**.
Этот агент прогоняет **7 статических пунктов** чеклиста. Живой дымовой тест
(`pest --filter RlsSmokeTest`) намеренно **не входит** в агентский чеклист:
запуск Pest в ревью-субагенте медленный и задевает гонки `--parallel`
(квирки 72/77, см. `.claude/agents/pest-parallel-debugger.md`). Живой дымовой
тест — 8-я строка скила `/rls-check`. 7 пунктов агента === первые 7 строк
вывода скила (общее статическое ядро).
## Workflow
1. Read target migration файл OR `db/schema.sql` diff (use `git diff HEAD~1 -- db/schema.sql` или указанные изменения).
@@ -95,8 +77,6 @@ Pass: <N>/7
- General SQL style (squawk handles).
- Business logic review (other agents).
- Performance review (separate concern).
- Проверка одной названной таблицы вручную перед коммитом + живой дымовой
тест — сценарий скила `/rls-check`, не агента.
## Verification protocol
.claude/settings.json
-18
View File
@@ -37,24 +37,6 @@
]
},
"hooks": {
"UserPromptSubmit": [
{
"hooks": [
{
"type": "command",
"command": "node \"C:/моя/проекты/портал crm/Документация/tools/ruflo-recall-hook.mjs\""
}
]
},
{
"hooks": [
{
"type": "command",
"command": "node \"C:/моя/проекты/портал crm/Документация/tools/ruflo-queen-hook.mjs\""
}
]
}
],
"PreToolUse": [
{
"matcher": "Edit|Write",
.claude/skills/regression/SKILL.md
-75
View File
@@ -1,75 +0,0 @@
---
name: regression
description: |
Run the project regression sweep and report a canonical status line + GREEN/RED/RED-INCOMPLETE verdict.
Two tiers: `quick` (lint/format/type-check — seconds) and `full` (everything incl.
Pest --parallel, Larastan, Vitest, Vite build, lychee, gitleaks — minutes).
Claude auto-runs only `quick` (e.g. during verification-before-completion);
`full` runs only on explicit `/regression full` or with user confirmation.
---
# Regression — канонический регрессионный свод
## Когда использовать
Перед закрытием задачи/спринта (`full`) или для быстрого фидбэка по ходу работы
(`quick`). Скилл инкапсулирует ~12 команд свода, разбросанных по `package.json`,
`app/package.json`, `app/composer.json` и `lefthook.yml`, в один вызов с
детерминированной канонической строкой и машинным вердиктом.
Invoke via `/regression [quick|full]` (без аргумента → `full`).
## Workflow
1. Определить уровень из аргумента: `quick`, `full`, либо `full` по умолчанию.
2. Запустить через Bash из корня репозитория:
```bash
node .claude/skills/regression/run.mjs <tier>
```
3. Показать пользователю полный вывод скрипта (таблица + каноническая строка +
вердикт + вывод упавших проверок).
4. Интерпретировать вердикт:
- `GREEN` — свод чист, exit-код 0.
- `RED` — перечислены упавшие проверки, exit-код 1; полный вывод каждой —
после вердикта.
- `RED-INCOMPLETE` — проверка не прогналась (нет бинаря), exit-код 1; свод
неполон, зелёным признать нельзя. Если одновременно есть упавшие проверки,
они тоже перечислены в строке вердикта.
## Уровни
- **`quick`** (6 проверок, секунды): Pint, ESLint, Prettier, vue-tsc,
markdownlint, cspell.
- **`full`** (12 проверок, минуты): всё из `quick` + Larastan, Pest `--parallel`,
Vitest, Vite build, lychee, gitleaks.
## Правила инвокации (self-restraint)
- Claude **авто-запускает только `quick`** — в том числе в рамках
`superpowers:verification-before-completion` перед claim «готово» / «passed» /
«closed».
- `full` Claude **сам не запускает** — только по явному `/regression full` от
пользователя ИЛИ запросив подтверждение («запускаю полный свод, ~5–10 мин — ок?»).
- Скилл **не правит `CLAUDE.md`** — он только печатает каноническую строку в
stdout; вставка строки в `CLAUDE.md` — отдельно, через канал
`claude-md-management` (`CLAUDE.md` §5 п.10).
## Caveats
- **Pest `--parallel` flake (квирки 72/73/77).** Если Pest показал 1–3 ошибки,
похожие на Redis-race / cumulative-state / unique-key-collision, — перепрогнать
`full` один раз ИЛИ свериться с агентом `pest-parallel-debugger` до объявления
реального RED.
- **ruflo daemon (квирк 93).** Перед baseline-критичным `full` рассмотреть
`pm2 stop ruflo-daemon` — worker-jitter усиливает Pest-flake.
- gitleaks и lychee: на Windows берутся из `bin\*.exe`, на Linux/Mac CI — из
`PATH`. Отсутствие бинаря → `[⚠] SKIPPED` + вердикт `RED-INCOMPLETE`.
## Не использовать когда
- Нужна одна конкретная проверка — запусти её npm/composer-скрипт напрямую
(быстрее, чем весь свод).
- Pa11y и Semgrep SAST — это CI-tier, в свод намеренно не входят (см. дизайн-спек
`docs/superpowers/specs/2026-05-16-regression-skill-design.md` §5).
.claude/skills/regression/run.mjs
-258
View File
@@ -1,258 +0,0 @@
#!/usr/bin/env node
// .claude/skills/regression/run.mjs
// Regression sweep orchestrator for the /regression skill.
// Design: docs/superpowers/specs/2026-05-16-regression-skill-design.md
import { spawnSync } from 'node:child_process';
import { existsSync } from 'node:fs';
import path from 'node:path';
import { fileURLToPath, pathToFileURL } from 'node:url';
import process from 'node:process';
// ── pure: platform binary resolution ───────────────────────────────
export function resolveBinary(name, platform = process.platform) {
return platform === 'win32' ? `bin\\${name}.exe` : name;
}
// ── pure: output header line ───────────────────────────────────────
export function buildHeader(tier) {
const head = `─ /regression ${tier} `;
return head + '─'.repeat(Math.max(3, 48 - head.length));
}
// ── pure: exit-code token ──────────────────────────────────────────
export function parseExit(label, code) {
return `${label} ${code}`;
}
// ── pure: test-count parsers ───────────────────────────────────────
export function parsePest(stdout) {
// pest --parallel emits a single JSON line: {"tool":"pest","result":...,"tests":N,"passed":N,"skipped":N,...}
const jsonMatch = stdout.match(/\{"tool"\s*:\s*"pest"[^}]+\}/);
if (jsonMatch) {
try {
const j = JSON.parse(jsonMatch[0]);
const passed = Number(j.passed ?? 0);
const skipped = Number(j.skipped ?? 0);
const total = Number(j.tests ?? passed + skipped);
const failed = total - passed - skipped;
return `Pest ${total}/${passed}/${skipped}sk/${Math.max(0, failed)}`;
} catch { /* fall through to regex */ }
}
const passed = Number(stdout.match(/(\d+)\s+passed/)?.[1] ?? 0);
const skipped = Number(stdout.match(/(\d+)\s+skipped/)?.[1] ?? 0);
const failed = Number(stdout.match(/(\d+)\s+failed/)?.[1] ?? 0);
return `Pest ${passed + skipped + failed}/${passed}/${skipped}sk/${failed}`;
}
export function parseVitest(stdout) {
const filesLine = stdout.match(/^.*Test Files.+$/m)?.[0] ?? '';
const files = Number(filesLine.match(/(\d+)\s+passed/)?.[1] ?? 0);
const line = stdout.match(/^\s*Tests\s+.+$/m)?.[0] ?? '';
const passed = Number(line.match(/(\d+)\s+passed/)?.[1] ?? 0);
const skipped = Number(line.match(/(\d+)\s+skipped/)?.[1] ?? 0);
const failed = Number(line.match(/(\d+)\s+failed/)?.[1] ?? 0);
return `Vitest ${files}f/${passed}/${skipped}sk/${failed}`;
}
// ── pure: content parsers ──────────────────────────────────────────
export function parseViteBuild(stdout) {
const m = stdout.match(/built in ([\d.]+)\s*s/i);
return `Vite build ${m ? m[1] : '?'}s`;
}
export function parseLarastan(stdout) {
const m = stdout.match(/Found (\d+) error/i);
return `Larastan ${m ? m[1] : 0}`;
}
export function parseGitleaks(stdout, code) {
const commits = stdout.match(/(\d+)\s+commits?\s+scanned/i)?.[1] ?? '?';
const leaks = code === 0
? '0'
: (stdout.match(/(\d+)\s+leaks?\s+found/i)?.[1]
?? stdout.match(/leaks?\s+found:?\s*(\d+)/i)?.[1]
?? '≥1');
return `gitleaks ${leaks}/${commits}`;
}
export function parseLychee(stdout) {
const ok = stdout.match(/(\d+)\s+OK/)?.[1] ?? '?';
const errors = stdout.match(/(\d+)\s+Errors?/i)?.[1] ?? '0';
return `lychee ${ok}/${errors}`;
}
// ── pure: verdict ──────────────────────────────────────────────────
export function computeVerdict(results) {
const skipped = results.filter((r) => r.skipped).map((r) => r.label);
const failed = results
.filter((r) => !r.skipped && r.code !== 0)
.map((r) => r.label);
if (skipped.length) return { verdict: 'RED-INCOMPLETE', exitCode: 1, failed, skipped };
if (failed.length) return { verdict: 'RED', exitCode: 1, failed, skipped };
return { verdict: 'GREEN', exitCode: 0, failed, skipped };
}
// ── pure: output formatting ────────────────────────────────────────
export function buildCanonicalLine(results) {
return results.map((r) => r.token).join(' / ');
}
export function formatRow(r) {
const mark = r.skipped ? '⚠' : r.code === 0 ? '✅' : '❌';
const label = r.label.padEnd(14);
const status = r.skipped
? 'SKIPPED — binary not found'
: `${r.code} ${(r.ms / 1000).toFixed(1)}s`;
return `[${mark}] ${label}${status}`;
}
export function verdictLine(v, total) {
if (v.verdict === 'GREEN') {
return `🟢 GREEN — все ${total} проверок passed`;
}
if (v.verdict === 'RED-INCOMPLETE') {
const tail = v.failed.length ? `; провал: ${v.failed.join(', ')}` : '';
return `🟠 RED-INCOMPLETE — не прогналось: ${v.skipped.join(', ')}${tail}`;
}
return `🔴 RED — ${v.failed.length}/${total} failed: ${v.failed.join(', ')}`;
}
// ── data: checks registry ──────────────────────────────────────────
// Script-based checks carry `cmd`; binary-based checks carry `bin` + `argv`.
// `parse(combinedOutput, exitCode)` → canonical token. `cwd`: '.' = repo root,
// 'app' = the Laravel app. Execution order: quick checks first, then heavy.
export const CHECKS = [
{
id: 'pint', label: 'Pint', tiers: ['quick', 'full'], cwd: 'app',
cmd: 'composer pint:test', parse: (_o, c) => parseExit('Pint', c),
},
{
id: 'eslint', label: 'ESLint', tiers: ['quick', 'full'], cwd: 'app',
cmd: 'npm run lint:vue', parse: (_o, c) => parseExit('ESLint', c),
},
{
id: 'prettier', label: 'Prettier', tiers: ['quick', 'full'], cwd: 'app',
cmd: 'npm run format:check', parse: (_o, c) => parseExit('Prettier', c),
},
{
id: 'vue-tsc', label: 'vue-tsc', tiers: ['quick', 'full'], cwd: 'app',
cmd: 'npm run type-check', parse: (_o, c) => parseExit('vue-tsc', c),
},
{
id: 'markdownlint', label: 'markdownlint', tiers: ['quick', 'full'], cwd: '.',
cmd: 'npm run lint:md', parse: (_o, c) => parseExit('markdownlint', c),
},
{
id: 'cspell', label: 'cspell', tiers: ['quick', 'full'], cwd: '.',
cmd: 'npm run spell', parse: (_o, c) => parseExit('cspell', c),
},
{
id: 'larastan', label: 'Larastan', tiers: ['full'], cwd: 'app',
cmd: 'composer stan', parse: (o) => parseLarastan(o),
},
{
id: 'pest', label: 'Pest', tiers: ['full'], cwd: 'app',
cmd: 'composer test:parallel', parse: (o) => parsePest(o),
},
{
id: 'vitest', label: 'Vitest', tiers: ['full'], cwd: 'app',
cmd: 'npm run test:vue', parse: (o) => parseVitest(o),
},
{
id: 'vite-build', label: 'Vite build', tiers: ['full'], cwd: 'app',
cmd: 'npm run build', parse: (o) => parseViteBuild(o),
},
{
id: 'lychee', label: 'lychee', tiers: ['full'], cwd: '.',
bin: 'lychee',
argv: ['--config', '.lychee.toml', 'docs/**/*.md', 'db/**/*.md', '*.md'],
parse: (o) => parseLychee(o),
},
{
id: 'gitleaks', label: 'gitleaks', tiers: ['full'], cwd: '.',
bin: 'gitleaks',
argv: ['detect', '--source', '.', '--no-banner', '--config', '.gitleaks.toml', '--redact'],
parse: (o, c) => parseGitleaks(o, c),
},
];
// ── I/O: run one check ─────────────────────────────────────────────
function runCheck(check, repoRoot) {
const cwd = check.cwd === '.' ? repoRoot : path.join(repoRoot, check.cwd);
const start = Date.now();
const skippedResult = (reason) => ({
id: check.id, label: check.label, skipped: true, code: null,
ms: Date.now() - start, token: `${check.label} SKIPPED`, stdout: '', stderr: reason,
});
let command;
if (check.bin) {
const bin = resolveBinary(check.bin);
// bin/ executables: existsSync pre-check on Windows (the project ships
// bin\gitleaks.exe / bin\lychee.exe; on POSIX they come from PATH).
if (process.platform === 'win32' && !existsSync(path.join(repoRoot, bin))) {
return skippedResult(`${bin} not found`);
}
command = [bin, ...check.argv].join(' ');
} else {
command = check.cmd;
}
const res = spawnSync(command, {
cwd, shell: true, encoding: 'utf8', maxBuffer: 64 * 1024 * 1024,
});
const ms = Date.now() - start;
// ENOENT (POSIX missing binary), POSIX shell exit 127 ("command not found"),
// or the Windows cmd.exe "is not recognized" message → SKIPPED.
const notFound = (res.error && res.error.code === 'ENOENT')
|| res.status === 127
|| /is not recognized as an internal or external command/i.test(res.stderr ?? '');
if (notFound) {
return skippedResult(`command not found: ${command}`);
}
const stdout = res.stdout ?? '';
const stderr = res.stderr ?? '';
const code = res.status ?? 1;
const token = check.parse(`${stdout}\n${stderr}`, code);
return { id: check.id, label: check.label, skipped: false, code, ms, token, stdout, stderr };
}
// ── orchestrator ───────────────────────────────────────────────────
export function main(argv) {
const tier = argv[0] ?? 'full';
if (tier !== 'quick' && tier !== 'full') {
process.stderr.write(
`regression: unknown argument "${tier}". Usage: run.mjs [quick|full]\n`,
);
process.exitCode = 2;
return;
}
const repoRoot = fileURLToPath(new URL('../../../', import.meta.url));
const checks = CHECKS.filter((c) => c.tiers.includes(tier));
process.stdout.write(`${buildHeader(tier)}\n`);
const results = [];
for (const check of checks) {
const r = runCheck(check, repoRoot);
results.push(r);
process.stdout.write(`${formatRow(r)}\n`);
}
process.stdout.write(`${'─'.repeat(48)}\n`);
process.stdout.write(`Canonical: ${buildCanonicalLine(results)}\n`);
const v = computeVerdict(results);
process.stdout.write(`VERDICT: ${verdictLine(v, results.length)}\n`);
// Full output of failed checks, so failures are visible with file:line.
for (const r of results) {
if (!r.skipped && r.code !== 0) {
process.stdout.write(`\n── ${r.label} output ──\n${r.stdout}\n${r.stderr}\n`);
}
}
process.exitCode = v.exitCode;
}
// Run main only when executed directly (not when imported by run.test.mjs).
if (import.meta.url === pathToFileURL(process.argv[1] ?? '').href) {
main(process.argv.slice(2));
}
.claude/skills/regression/run.test.mjs
-213
View File
@@ -1,213 +0,0 @@
import test from 'node:test';
import assert from 'node:assert/strict';
import { execFileSync } from 'node:child_process';
import { fileURLToPath } from 'node:url';
import process from 'node:process';
import {
resolveBinary, buildHeader, parseExit,
parsePest, parseVitest,
parseViteBuild, parseLarastan, parseGitleaks, parseLychee,
computeVerdict,
buildCanonicalLine, formatRow, verdictLine,
CHECKS,
} from './run.mjs';
test('resolveBinary: win32 → bin\\<name>.exe', () => {
assert.equal(resolveBinary('gitleaks', 'win32'), 'bin\\gitleaks.exe');
});
test('resolveBinary: non-win32 → bare name on PATH', () => {
assert.equal(resolveBinary('lychee', 'linux'), 'lychee');
assert.equal(resolveBinary('lychee', 'darwin'), 'lychee');
});
test('buildHeader: starts with the tier banner', () => {
assert.ok(buildHeader('quick').startsWith('─ /regression quick '));
assert.ok(buildHeader('full').startsWith('─ /regression full '));
});
test('buildHeader: is padded with dashes', () => {
assert.ok(buildHeader('full').length >= 30);
});
test('parseExit: builds "<label> <code>" token', () => {
assert.equal(parseExit('Pint', 0), 'Pint 0');
assert.equal(parseExit('ESLint', 1), 'ESLint 1');
});
test('parsePest: passed + skipped, no failures → total derived', () => {
const out = ' Tests: 3 skipped, 739 passed (2104 assertions)\n Duration: 71.23s';
assert.equal(parsePest(out), 'Pest 742/739/3sk/0');
});
test('parsePest: with failures', () => {
const out = ' Tests: 2 failed, 1 skipped, 736 passed (2090 assertions)';
assert.equal(parsePest(out), 'Pest 739/736/1sk/2');
});
test('parsePest: passed only → zeros for skipped/failed', () => {
assert.equal(parsePest(' Tests: 19 passed (44 assertions)'), 'Pest 19/19/0sk/0');
});
test('parsePest: JSON format (pest --parallel) passed + skipped', () => {
const out = '{"tool":"pest","result":"passed","tests":793,"passed":790,"assertions":2391,"duration_ms":32200,"skipped":3}';
assert.equal(parsePest(out), 'Pest 793/790/3sk/0');
});
test('parsePest: JSON format with failures', () => {
const out = '{"tool":"pest","result":"failed","tests":793,"passed":788,"assertions":2380,"duration_ms":31000,"skipped":3}';
assert.equal(parsePest(out), 'Pest 793/788/3sk/2');
});
test('parsePest: JSON format no skipped', () => {
const out = '{"tool":"pest","result":"passed","tests":19,"passed":19,"assertions":44,"duration_ms":1711}';
assert.equal(parsePest(out), 'Pest 19/19/0sk/0');
});
test('parseVitest: files + passed + skipped', () => {
const out = ' Test Files 92 passed (92)\n Tests 774 passed | 3 skipped (777)\n Duration 12.6s';
assert.equal(parseVitest(out), 'Vitest 92f/774/3sk/0');
});
test('parseVitest: with failures, does not confuse "Test Files" with "Tests"', () => {
const out = ' Test Files 2 failed | 90 passed (92)\n Tests 5 failed | 769 passed (774)';
assert.equal(parseVitest(out), 'Vitest 90f/769/0sk/5');
});
test('parseViteBuild: extracts build time', () => {
assert.equal(parseViteBuild('✓ 312 modules transformed.\n✓ built in 2.03s'), 'Vite build 2.03s');
});
test('parseViteBuild: no match → "?"', () => {
assert.equal(parseViteBuild('build crashed'), 'Vite build ?s');
});
test('parseLarastan: clean → 0', () => {
assert.equal(parseLarastan(' [OK] No errors'), 'Larastan 0');
});
test('parseLarastan: counts errors', () => {
assert.equal(parseLarastan(' [ERROR] Found 2 errors'), 'Larastan 2');
});
test('parseGitleaks: clean → 0 leaks', () => {
const out = 'INF 442 commits scanned.\nINF no leaks found';
assert.equal(parseGitleaks(out, 0), 'gitleaks 0/442');
});
test('parseGitleaks: leaks found (non-zero exit)', () => {
const out = 'INF 442 commits scanned.\nWRN 3 leaks found';
assert.equal(parseGitleaks(out, 1), 'gitleaks 3/442');
});
test('parseLychee: OK + errors', () => {
const out = '🔍 325 Total (in 9s)\n✅ 325 OK\n🚫 0 Errors';
assert.equal(parseLychee(out), 'lychee 325/0');
});
test('parseLychee: with broken links', () => {
const out = '🔍 327 Total\n✅ 325 OK\n🚫 2 Errors';
assert.equal(parseLychee(out), 'lychee 325/2');
});
test('computeVerdict: all exit 0 → GREEN, exit code 0', () => {
const v = computeVerdict([
{ label: 'Pint', code: 0, skipped: false },
{ label: 'ESLint', code: 0, skipped: false },
]);
assert.equal(v.verdict, 'GREEN');
assert.equal(v.exitCode, 0);
assert.deepEqual(v.failed, []);
});
test('computeVerdict: one non-zero exit → RED, exit code 1', () => {
const v = computeVerdict([
{ label: 'Pint', code: 0, skipped: false },
{ label: 'Larastan', code: 1, skipped: false },
]);
assert.equal(v.verdict, 'RED');
assert.equal(v.exitCode, 1);
assert.deepEqual(v.failed, ['Larastan']);
});
test('computeVerdict: a skipped check → RED-INCOMPLETE', () => {
const v = computeVerdict([
{ label: 'Pint', code: 0, skipped: false },
{ label: 'gitleaks', code: null, skipped: true },
]);
assert.equal(v.verdict, 'RED-INCOMPLETE');
assert.equal(v.exitCode, 1);
assert.deepEqual(v.skipped, ['gitleaks']);
});
test('computeVerdict: skipped takes precedence over a failure', () => {
const v = computeVerdict([
{ label: 'Larastan', code: 1, skipped: false },
{ label: 'lychee', code: null, skipped: true },
]);
assert.equal(v.verdict, 'RED-INCOMPLETE');
assert.deepEqual(v.failed, ['Larastan']);
assert.deepEqual(v.skipped, ['lychee']);
});
test('buildCanonicalLine: joins tokens in result order with " / "', () => {
const results = [
{ token: 'Pint 0' }, { token: 'ESLint 0' }, { token: 'Pest 742/739/3sk/0' },
];
assert.equal(buildCanonicalLine(results), 'Pint 0 / ESLint 0 / Pest 742/739/3sk/0');
});
test('formatRow: passed check → ✅ mark, label, code, time', () => {
const row = formatRow({ label: 'Pint', code: 0, ms: 1800, skipped: false });
assert.ok(row.startsWith('[✅] Pint'));
assert.ok(row.includes('1.8s'));
});
test('formatRow: failed check → ❌ mark', () => {
assert.ok(formatRow({ label: 'Larastan', code: 1, ms: 8400, skipped: false }).startsWith('[❌] Larastan'));
});
test('formatRow: skipped check → ⚠ mark + SKIPPED', () => {
const row = formatRow({ label: 'gitleaks', code: null, ms: 0, skipped: true });
assert.ok(row.startsWith('[⚠] gitleaks'));
assert.ok(row.includes('SKIPPED'));
});
test('verdictLine: GREEN', () => {
const line = verdictLine({ verdict: 'GREEN', failed: [], skipped: [] }, 12);
assert.ok(line.includes('🟢 GREEN'));
assert.ok(line.includes('12'));
});
test('verdictLine: RED lists failed checks', () => {
const line = verdictLine({ verdict: 'RED', failed: ['Larastan'], skipped: [] }, 12);
assert.ok(line.includes('🔴 RED'));
assert.ok(line.includes('Larastan'));
});
test('verdictLine: RED-INCOMPLETE lists skipped checks', () => {
const line = verdictLine({ verdict: 'RED-INCOMPLETE', failed: [], skipped: ['gitleaks'] }, 12);
assert.ok(line.includes('🟠 RED-INCOMPLETE'));
assert.ok(line.includes('gitleaks'));
});
test('CHECKS: quick tier has exactly 6 checks', () => {
assert.equal(CHECKS.filter((c) => c.tiers.includes('quick')).length, 6);
});
test('CHECKS: full tier has exactly 12 checks', () => {
assert.equal(CHECKS.filter((c) => c.tiers.includes('full')).length, 12);
});
test('CHECKS: quick is a strict subset of full', () => {
const full = new Set(CHECKS.filter((c) => c.tiers.includes('full')).map((c) => c.id));
for (const c of CHECKS.filter((c) => c.tiers.includes('quick'))) {
assert.ok(full.has(c.id), `${c.id} in quick must also be in full`);
}
});
test('CHECKS: every check has id, label, cwd, parse, and a command source', () => {
for (const c of CHECKS) {
assert.ok(c.id && c.label && c.cwd, `${c.id}: id/label/cwd`);
assert.equal(typeof c.parse, 'function', `${c.id}: parse is a function`);
assert.ok(c.cmd || (c.bin && Array.isArray(c.argv)), `${c.id}: has cmd or bin+argv`);
}
});
test('CHECKS: ids are unique', () => {
assert.equal(new Set(CHECKS.map((c) => c.id)).size, CHECKS.length);
});
const RUN = fileURLToPath(new URL('./run.mjs', import.meta.url));
test('main: unknown argument → exit code 2 + error on stderr', () => {
try {
execFileSync(process.execPath, [RUN, 'bogus'], { encoding: 'utf8', stdio: 'pipe' });
assert.fail('expected non-zero exit');
} catch (err) {
assert.equal(err.status, 2);
assert.match(String(err.stderr), /unknown argument/i);
}
});
test('main: importing run.mjs does not auto-run the sweep', () => {
// If the import.meta guard were broken, importing run.mjs at the top of this
// file would have spawned a full sweep. Reaching this assertion proves it did not.
assert.ok(true);
});
.claude/skills/rls-check/SKILL.md
-25
View File
@@ -5,7 +5,6 @@ description: |
Use when adding a new table, adding/removing tenant_id column, or modifying
RLS policies. Walks through 7-step checklist (tenant_id, ENABLE RLS, 2+ policies,
5-role GRANTs, db/CHANGELOG_schema.md entry, squawk, smoke test).
For reviewing a diff, branch, or PR with DB changes - use the rls-reviewer agent.
disable-model-invocation: true
---
@@ -17,28 +16,6 @@ disable-model-invocation: true
Invoke via `/rls-check <table_name>`.
## Граница с агентом rls-reviewer
`rls-check` (этот скил) и `rls-reviewer` (агент, `.claude/agents/rls-reviewer.md`)
оба проверяют RLS, но в разных ситуациях. Правило выбора:
- Знаешь имя одной конкретной таблицы, проверка вручную перед коммитом →
**`/rls-check <table>`** (этот скил).
- Есть diff / ветка / PR с изменениями БД, набор таблиц заранее не известен →
**агент `rls-reviewer`**.
Скил работает в основном контексте по одной названной таблице и прогоняет
**8 строк вывода** — 7 статических пунктов + живой дымовой тест
(`pest --filter RlsSmokeTest`, шаг 7). Агент работает в отдельном контексте
субагента, разбирает diff/миграцию/PR и прогоняет только **7 статических**
строк — дымовой тест намеренно не запускает.
Первые 7 строк вывода у обоих — общее статическое ядро (tenant_id, ENABLE RLS,
SELECT/ALL политики, GRANT'ы 5 ролей, CHANGELOG, squawk). Это не дублирование:
ядро проверок одно, сценарии вызова разные. Дымовой тест — только в скиле:
запуск Pest в ревью-субагенте медленный и задевает гонки `--parallel`
(квирки 72/77, см. `.claude/agents/pest-parallel-debugger.md`).
## Checklist
1. **tenant_id column.** Grep `db/schema.sql` для `CREATE TABLE <name>`. Verify:
@@ -117,5 +94,3 @@ Or failure listing: `[❌] tenant_id column missing — db/schema.sql:NNNN`.
- Modifying existing well-RLS'd table без новых columns — overhead.
- Tables explicitly outside RLS (e.g., Laravel `migrations`, `cache` — internal).
- Проверяешь не одну названную таблицу, а diff/ветку/PR с изменениями БД —
это сценарий агента `rls-reviewer`, не скила.
.gitignore
-42
View File
@@ -145,45 +145,3 @@ app/playwright/node_modules/
# Vitest coverage output (app/coverage/) — генерируется npm run test:coverage
/app/coverage/
# ── Ruflo big-bang integration (2026-05-15) ──────────────────────────────────
# ruflo runtime scaffolding и local-only routing config
.claude-flow/
CLAUDE.local.md
# ruflo runtime state (created on activation 2026-05-15: memory DB + RuVector bridge)
.swarm/
ruvector.db
# CLAUDE.md / .claude/ backups перед npx ruflo init --force (плановые artifacts Task 2.1)
CLAUDE.md.pre-ruflo.bak
.claude.pre-ruflo.bak/
# ruflo install/dry-run logs (transient)
ruflo-init.log
ruflo-init-dryrun.log
ruflo-mcp-stdout.log
ruflo-mcp-stderr.log
# ruflo init --force regen'ит 23 subdirs из upstream IPFS-registry — auto-regenerable, не tracking
.claude/agents/analysis/
.claude/agents/architecture/
.claude/agents/browser/
.claude/agents/consensus/
.claude/agents/core/
.claude/agents/custom/
.claude/agents/data/
.claude/agents/development/
.claude/agents/devops/
.claude/agents/documentation/
.claude/agents/flow-nexus/
.claude/agents/github/
.claude/agents/goal/
.claude/agents/optimization/
.claude/agents/payments/
.claude/agents/sona/
.claude/agents/sparc/
.claude/agents/specialized/
.claude/agents/sublinear/
.claude/agents/swarm/
.claude/agents/templates/
.claude/agents/testing/
.claude/agents/v3/
.claude/commands/
.claude/helpers/
.mcp.json
-5
View File
@@ -37,11 +37,6 @@
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-redis", "redis://localhost:6379"],
"comment": "Off-phase tool — Redis MCP для Memurai (Windows service, Redis 7-совместимый, localhost:6379). Pending формализация в Tooling §3.3 #35 — sync нормативки отдельным планом. Package: @modelcontextprotocol/server-redis@2025.4.25 — DEPRECATED по статусу npm («Package no longer supported»), но Anthropic source, простой протокол, рабочий. Post-MVP migration на community alternative (e.g., @easy-mcps/redis-mcp-server@1.0.8 или @wenit/redis-mcp-server@1.0.3) когда подтвердим trust. READ-ONLY use — отладка очередей, кэша, Pest --parallel race (memory quirk 72). НЕ для prod (нет prod). Если в будущем prod Redis с auth — отдельный entry redis-prod с url через env var."
},
"ruflo": {
"command": "npx",
"args": ["-y", "ruflo@latest", "mcp", "start"],
"comment": "Off-phase orchestration MCP — exposes ~210 ruflo tools (Core/Intelligence/Agents/Memory/DevTools). Package: ruflo v3.7.0-alpha.38+ MIT (npm `ruflo`, repo ruvnet/claude-flow legacy after rename Jan-2026; plugin namespace @claude-flow/*). Plugin discovery via IPFS (CID QmeXmAdbWVvT84GfDXPD2Vg1HWhiTW2VdZfRLhkS96KkX2) — Pinata+Cloudflare gateways flaky 2026-05-15, only ipfs.io reliable. stdio mode (no port-conflict). Big-bang integration per spec/plan 2026-05-15-ruflo-integration-design.md (commit a68a0a0+). Pending формализация в Tooling §4.10 — Phase 3 Task 3.4."
}
}
}
CLAUDE.md
+7 -31
View File
File diff suppressed because one or more lines are too long
app/README.md
-26
View File
@@ -56,29 +56,3 @@ If you discover a security vulnerability within Laravel, please send an e-mail t
## License
The Laravel framework is open-sourced software licensed under the [MIT license](https://opensource.org/licenses/MIT).
## Демо-данные (dev)
Демо-tenant создаётся `DemoSeeder` автоматически при `composer setup` /
`php artisan migrate --seed` в окружениях `local` и `testing`
(см. `DatabaseSeeder` — в `production` DemoSeeder не запускается).
**Учётные данные демо-входа:**
- URL: `/login`
- Email: `admin@demo.local`
- Пароль: `password`
Что создаётся: demo-tenant (`subdomain=demo`, баланс 1000 ₽ / 100 лидов),
admin-пользователь, 3 проекта (сайт/звонок/СМС) и ~14 демо-сделок.
**Пере-сидировать демо-данные** (идемпотентно — повторный запуск не создаёт дублей):
```bash
composer demo:seed
```
Эквивалент: `php artisan db:seed --class=DemoSeeder --force`.
Если при логине демо-аккаунта возвращается 422 — демо-данные не засеяны
на текущей dev-БД (например, после `migrate:fresh`); запустите `composer demo:seed`.
app/app/Casts/PostgresIntArray.php
+82
View File
@@ -0,0 +1,82 @@
<?php
declare(strict_types=1);
namespace App\Casts;
use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
use Illuminate\Database\Eloquent\Model;
/**
* Eloquent cast for PostgreSQL native INT[] columns.
*
* Laravel stock 'array' cast uses json_encode/json_decode and sends `[1,2,3]`
* (JSON), which Postgres rejects on INT[] columns (expects `{1,2,3}` array
* literal). This cast:
*
* - get(): parses Postgres array literal `{1,2,3}` (or empty `{}`) into PHP
* int array.
* - set(): serializes PHP array `[1,2,3]` into Postgres literal `{1,2,3}`.
*
* Used for projects.regions INT[] (Plan 6).
*
* @implements CastsAttributes<list<int>, list<int>|null>
*/
class PostgresIntArray implements CastsAttributes
{
/**
* @param array<string, mixed> $attributes
* @return list<int>
*/
public function get(Model $model, string $key, mixed $value, array $attributes): array
{
if ($value === null || $value === '' || $value === '{}') {
return [];
}
// PG returns literal like "{1,2,3}".
if (is_string($value)) {
$trimmed = trim($value, '{}');
if ($trimmed === '') {
return [];
}
return array_map('intval', explode(',', $trimmed));
}
// Defensive: if driver already gave array.
if (is_array($value)) {
return array_values(array_map('intval', $value));
}
return [];
}
/**
* @param array<string, mixed> $attributes
*/
public function set(Model $model, string $key, mixed $value, array $attributes): ?string
{
if ($value === null) {
return null;
}
// Defensive: interface phpdoc says list<int>|null, but $value is mixed at PHP level;
// protect against runtime misuse (e.g., string passed mistakenly).
// @phpstan-ignore function.alreadyNarrowedType
if (! is_array($value)) {
throw new \InvalidArgumentException(
"PostgresIntArray cast expects array for key '{$key}', got ".gettype($value)
);
}
if ($value === []) {
return '{}';
}
$ints = array_map('intval', $value);
return '{'.implode(',', $ints).'}';
}
}
app/app/Console/Commands/PartitionsCreateMonths.php
+37 -7
View File
@@ -4,9 +4,9 @@ declare(strict_types=1);
namespace App\Console\Commands;
use App\Services\MonthlyPartitionManager;
use Illuminate\Console\Command;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
/**
* Создаёт ежемесячные партиции для `deals` и `supplier_lead_costs`
@@ -30,7 +30,14 @@ class PartitionsCreateMonths extends Command
/** @var string */
protected $description = 'Создаёт ежемесячные партиции deals и supplier_lead_costs на N месяцев вперёд (idempotent)';
public function handle(MonthlyPartitionManager $manager): int
/**
* Список таблиц, которые партиционируются по received_at помесячно.
*
* @var array<int, string>
*/
private const PARTITIONED_TABLES = ['deals', 'supplier_lead_costs'];
public function handle(): int
{
$ahead = max(1, (int) $this->option('ahead'));
$now = Carbon::now()->startOfMonth();
@@ -40,17 +47,27 @@ class PartitionsCreateMonths extends Command
for ($i = 0; $i <= $ahead; $i++) {
$monthStart = $now->copy()->addMonths($i);
$monthEnd = $monthStart->copy()->addMonth();
foreach (MonthlyPartitionManager::PARTITIONED_TABLES as $table) {
foreach (self::PARTITIONED_TABLES as $table) {
$partitionName = sprintf('%s_%s', $table, $monthStart->format('Y_m'));
if ($manager->ensureMonth($table, $monthStart)) {
$created++;
$this->info(" create <fg=green>{$partitionName}</>");
} else {
if ($this->partitionExists($partitionName)) {
$skipped++;
$this->line(" skip <fg=gray>{$partitionName}</> (already exists)");
continue;
}
DB::statement(sprintf(
"CREATE TABLE %s PARTITION OF %s FOR VALUES FROM ('%s') TO ('%s')",
$partitionName,
$table,
$monthStart->format('Y-m-d'),
$monthEnd->format('Y-m-d'),
));
$created++;
$this->info(" create <fg=green>{$partitionName}</> [{$monthStart->format('Y-m-d')}{$monthEnd->format('Y-m-d')})");
}
}
@@ -59,4 +76,17 @@ class PartitionsCreateMonths extends Command
return self::SUCCESS;
}
/**
* Проверка существования партиции через pg_class (быстрее information_schema).
*/
private function partitionExists(string $name): bool
{
$row = DB::selectOne(
"SELECT 1 AS exists FROM pg_class WHERE relname = ? AND relkind = 'r'",
[$name],
);
return $row !== null;
}
}
app/app/Http/Controllers/Api/AdminBillingController.php
-180
View File
@@ -4,10 +4,7 @@ declare(strict_types=1);
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Concerns\ResolvesAdminUserId;
use App\Http\Controllers\Controller;
use App\Models\BalanceTransaction;
use App\Models\SaasAdminAuditLog;
use Carbon\CarbonImmutable;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
@@ -22,183 +19,6 @@ use Illuminate\Support\Facades\DB;
*/
class AdminBillingController extends Controller
{
use ResolvesAdminUserId;
/** GET /api/admin/billing/tariff-plans — список планов для диалога смены тарифа. */
public function tariffPlans(): JsonResponse
{
$plans = DB::table('tariff_plans')
->select(['id', 'name', 'price_monthly'])
->orderBy('price_monthly')
->get()
->map(fn ($p) => [
'id' => (int) $p->id,
'name' => $p->name,
'price_monthly' => (string) $p->price_monthly,
]);
return response()->json(['plans' => $plans]);
}
/** PATCH /api/admin/billing/tenants/{id}/status — приостановить/разблокировать тенанта. */
public function updateStatus(Request $request, int $id): JsonResponse
{
$validated = $request->validate([
'status' => ['required', 'in:active,suspended'],
'reason' => ['required', 'string', 'min:10', 'max:1000'],
]);
$tenant = $this->findActiveTenant($id);
$adminUserId = $this->resolveAdminUserId($request, 'system-billing@liderra.local', 'System Billing Bot');
DB::transaction(function () use ($tenant, $validated, $adminUserId, $request): void {
// tenants / saas_admin_audit_log не под RLS — SET LOCAL не нужен (ср. refund()).
DB::table('tenants')->where('id', $tenant->id)->update([
'status' => $validated['status'],
'updated_at' => now(),
]);
SaasAdminAuditLog::create([
'admin_user_id' => $adminUserId,
'action' => $validated['status'] === 'suspended' ? 'tenant.suspend' : 'tenant.activate',
'target_type' => 'tenant',
'target_id' => $tenant->id,
'target_tenant_id' => $tenant->id,
'payload_before' => ['status' => $tenant->status],
'payload_after' => ['status' => $validated['status']],
'reason' => $validated['reason'],
'ip_address' => $request->ip() ?? '127.0.0.1',
'user_agent' => $request->userAgent(),
]);
});
return response()->json(['id' => $tenant->id, 'status' => $validated['status']]);
}
/** POST /api/admin/billing/tenants/{id}/refund — возврат средств: списание с баланса + ledger-запись. */
public function refund(Request $request, int $id): JsonResponse
{
$validated = $request->validate([
'amount_rub' => ['required', 'numeric', 'gt:0'],
'reason' => ['required', 'string', 'min:10', 'max:1000'],
]);
$this->findActiveTenant($id); // ранний 404; авторитетный баланс перечитывается под локом ниже
$amount = number_format((float) $validated['amount_rub'], 2, '.', '');
$adminUserId = $this->resolveAdminUserId($request, 'system-billing@liderra.local', 'System Billing Bot');
/** @var array{transaction_id:int, balance_rub:string} $result */
$result = DB::transaction(function () use ($id, $amount, $validated, $adminUserId, $request): array {
DB::statement('SET LOCAL app.current_tenant_id = '.$id);
// Баланс — money-колонка: перечитываем под row-lock внутри транзакции,
// защита от lost-update (конвенция LedgerService — lockForUpdate на tenants).
$tenant = DB::table('tenants')->where('id', $id)->whereNull('deleted_at')
->lockForUpdate()->first();
if ($tenant === null) {
abort(404, 'tenant not found');
}
$balance = (string) $tenant->balance_rub;
if (bccomp($amount, $balance, 2) === 1) {
abort(422, 'refund amount exceeds tenant balance');
}
$newBalance = bcsub($balance, $amount, 2);
DB::table('tenants')->where('id', $id)->update([
'balance_rub' => $newBalance,
'updated_at' => now(),
]);
$tx = BalanceTransaction::create([
'tenant_id' => $id,
'type' => BalanceTransaction::TYPE_REFUND,
'amount_rub' => '-'.$amount,
'amount_leads' => 0,
'balance_rub_after' => $newBalance,
'description' => $validated['reason'],
'admin_user_id' => $adminUserId,
'created_at' => now(),
]);
SaasAdminAuditLog::create([
'admin_user_id' => $adminUserId,
'action' => 'tenant.refund',
'target_type' => 'tenant',
'target_id' => $id,
'target_tenant_id' => $id,
'payload_before' => ['balance_rub' => $balance],
'payload_after' => ['balance_rub' => $newBalance, 'amount_rub' => $amount, 'transaction_id' => $tx->id],
'reason' => $validated['reason'],
'ip_address' => $request->ip() ?? '127.0.0.1',
'user_agent' => $request->userAgent(),
]);
return ['transaction_id' => (int) $tx->id, 'balance_rub' => $newBalance];
});
return response()->json([
'id' => $id,
'balance_rub' => $result['balance_rub'],
'transaction_id' => $result['transaction_id'],
]);
}
/** PATCH /api/admin/billing/tenants/{id}/tariff — сменить тарифный план тенанта. */
public function changeTariff(Request $request, int $id): JsonResponse
{
$validated = $request->validate([
'tariff_id' => ['required', 'integer', 'exists:tariff_plans,id'],
'reason' => ['required', 'string', 'min:10', 'max:1000'],
]);
$tenant = $this->findActiveTenant($id);
$tariff = DB::table('tariff_plans')->where('id', $validated['tariff_id'])->first();
$adminUserId = $this->resolveAdminUserId($request, 'system-billing@liderra.local', 'System Billing Bot');
DB::transaction(function () use ($tenant, $tariff, $validated, $adminUserId, $request): void {
// tenants / saas_admin_audit_log не под RLS — SET LOCAL не нужен (ср. refund()).
DB::table('tenants')->where('id', $tenant->id)->update([
'current_tariff_id' => $tariff->id,
'updated_at' => now(),
]);
SaasAdminAuditLog::create([
'admin_user_id' => $adminUserId,
'action' => 'tenant.change_tariff',
'target_type' => 'tenant',
'target_id' => $tenant->id,
'target_tenant_id' => $tenant->id,
'payload_before' => ['current_tariff_id' => $tenant->current_tariff_id],
'payload_after' => ['current_tariff_id' => (int) $tariff->id],
'reason' => $validated['reason'],
'ip_address' => $request->ip() ?? '127.0.0.1',
'user_agent' => $request->userAgent(),
]);
});
return response()->json([
'id' => $tenant->id,
'tariff_id' => (int) $tariff->id,
'tariff_name' => $tariff->name,
]);
}
/**
* Возвращает не-удалённого тенанта либо abort(404).
*
* @return object{id:int,status:string,balance_rub:string,current_tariff_id:int|null}
*/
private function findActiveTenant(int $id): object
{
$tenant = DB::table('tenants')->where('id', $id)->whereNull('deleted_at')->first();
if ($tenant === null) {
abort(404, 'tenant not found');
}
return $tenant;
}
/** GET /api/admin/billing?search= */
public function index(Request $request): JsonResponse
{
app/app/Http/Controllers/Api/AdminIncidentsController.php
-114
View File
@@ -4,9 +4,7 @@ declare(strict_types=1);
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Concerns\ResolvesAdminUserId;
use App\Http\Controllers\Controller;
use App\Models\SaasAdminAuditLog;
use Carbon\CarbonImmutable;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
@@ -23,8 +21,6 @@ use Illuminate\Support\Facades\DB;
*/
class AdminIncidentsController extends Controller
{
use ResolvesAdminUserId;
/** GET /api/admin/incidents?type=&severity=&unresolved_only=&limit=&offset= */
public function index(Request $request): JsonResponse
{
@@ -87,116 +83,6 @@ class AdminIncidentsController extends Controller
]);
}
/** POST /api/admin/incidents/{id}/rkn-notify — зафиксировать уведомление РКН (G6, 152-ФЗ). */
public function notifyRkn(Request $request, int $id): JsonResponse
{
$row = DB::table('incidents_log')->where('id', $id)->first();
if ($row === null) {
abort(404, 'incident not found');
}
if ($row->type !== 'data_breach') {
abort(422, 'РКН-уведомление применимо только к инцидентам типа data_breach');
}
if ($row->rkn_notified_at !== null) {
abort(409, 'РКН уже уведомлён по этому инциденту');
}
$adminUserId = $this->resolveAdminUserId($request, 'system-incidents@liderra.local', 'System Incidents Bot');
DB::transaction(function () use ($row, $adminUserId, $request): void {
DB::table('incidents_log')->where('id', $row->id)->update([
'rkn_notified_at' => now(),
'updated_at' => now(),
]);
SaasAdminAuditLog::create([
'admin_user_id' => $adminUserId,
'action' => 'incident.rkn_notify',
'target_type' => 'incident',
'target_id' => $row->id,
'payload_before' => ['rkn_notified_at' => null],
'payload_after' => ['rkn_notified_at' => now()->toIso8601String()],
'reason' => 'Роскомнадзор уведомлён об утечке ПДн через админ-интерфейс (152-ФЗ).',
'ip_address' => $request->ip() ?? '127.0.0.1',
'user_agent' => $request->userAgent(),
]);
});
return $this->show($id);
}
/** GET /api/admin/incidents/{id} — полная карточка инцидента (drill-down G5). */
public function show(int $id): JsonResponse
{
$row = DB::table('incidents_log')->where('id', $id)->first();
if ($row === null) {
abort(404, 'incident not found');
}
$tenantIds = is_array($row->affected_tenant_ids)
? $row->affected_tenant_ids
: ($row->affected_tenant_ids !== null ? $this->parsePgArrayValues((string) $row->affected_tenant_ids) : []);
$tenants = $tenantIds === []
? collect()
: DB::table('tenants')->whereIn('id', $tenantIds)
->select(['id', 'organization_name'])->get();
$admins = DB::table('saas_admin_users')
->whereIn('id', array_filter([$row->created_by_admin_id, $row->closed_by_admin_id]))
->pluck('full_name', 'id');
return response()->json([
'incident' => [
'id' => (int) $row->id,
'incident_id' => $this->formatIncidentId($row),
'type' => $row->type,
'severity' => $row->severity,
'summary' => $row->summary,
'root_cause' => $row->root_cause,
'postmortem_url' => $row->postmortem_url,
'started_at' => CarbonImmutable::parse($row->started_at)->toIso8601String(),
'detected_at' => CarbonImmutable::parse($row->detected_at)->toIso8601String(),
'resolved_at' => $row->resolved_at !== null
? CarbonImmutable::parse($row->resolved_at)->toIso8601String() : null,
'status' => $this->deriveStatus($row),
'affected_tenants' => $tenants->map(fn ($t) => [
'id' => (int) $t->id,
'organization_name' => $t->organization_name,
])->values(),
'affected_users_count' => $row->affected_users_count !== null ? (int) $row->affected_users_count : null,
'notification_sent_at' => $row->notification_sent_at !== null
? CarbonImmutable::parse($row->notification_sent_at)->toIso8601String() : null,
'rkn_notified' => $row->rkn_notified_at !== null,
'rkn_notified_at' => $row->rkn_notified_at !== null
? CarbonImmutable::parse($row->rkn_notified_at)->toIso8601String() : null,
'rkn_deadline_at' => $row->type === 'data_breach' && $row->rkn_notified_at === null
? CarbonImmutable::parse($row->detected_at)->addHours(24)->toIso8601String() : null,
'created_by_admin' => $admins->get($row->created_by_admin_id),
'closed_by_admin' => $row->closed_by_admin_id !== null ? $admins->get($row->closed_by_admin_id) : null,
'created_at' => $row->created_at !== null
? CarbonImmutable::parse($row->created_at)->toIso8601String() : null,
'updated_at' => $row->updated_at !== null
? CarbonImmutable::parse($row->updated_at)->toIso8601String() : null,
],
]);
}
/**
* PG-array literal '{1,2,3}' массив int.
*
* @return list<int>
*/
private function parsePgArrayValues(string $literal): array
{
$trimmed = trim($literal, '{}');
if ($trimmed === '') {
return [];
}
return array_map('intval', explode(',', $trimmed));
}
/** Уникальный человеко-читаемый ID: INC-YYYY-MMDD-NNNN, NNNN = id padded. */
private function formatIncidentId(object $row): string
{
app/app/Http/Controllers/Api/ApiKeyController.php
-73
View File
@@ -1,73 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\ApiKey;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use Symfony\Component\HttpFoundation\Response;
/**
* API-ключи тенанта (audit D2/D3/J5). Endpoints под auth:sanctum + tenant.
*
* Полный ключ показывается ОДИН раз в ответе regenerate(). В БД хранится
* только bcrypt key_hash + key_prefix (первые 10 символов для UI). У тенанта
* поддерживается один активный ключ: regenerate деактивирует прежние.
*/
class ApiKeyController extends Controller
{
private const KEY_PREFIX = 'lpkapi_';
public function index(Request $request): JsonResponse
{
$tenantId = (int) $request->user()->tenant_id;
// Defense-in-depth: явный where даже при RLS — в тестах PG superuser BYPASSRLS.
$keys = ApiKey::query()
->where('tenant_id', $tenantId)
->where('is_active', true)
->where('expires_at', '>', now())
->orderByDesc('created_at')
->get(['id', 'name', 'key_prefix', 'last_used_at', 'expires_at', 'created_at']);
return response()->json(['data' => $keys]);
}
public function regenerate(Request $request): JsonResponse
{
$tenantId = (int) $request->user()->tenant_id;
$userId = (int) $request->user()->id;
// Один активный ключ на тенанта — прежние деактивируются.
ApiKey::query()
->where('tenant_id', $tenantId)
->where('is_active', true)
->update(['is_active' => false]);
$plainKey = self::KEY_PREFIX.Str::random(48);
$key = ApiKey::query()->create([
'tenant_id' => $tenantId,
'user_id' => $userId,
'name' => 'API-ключ',
'key_hash' => Hash::make($plainKey),
'key_prefix' => substr($plainKey, 0, 10),
'scopes' => ['read'],
'expires_at' => now()->addYear(),
'is_active' => true,
'created_at' => now(),
]);
return response()->json([
'id' => $key->id,
'name' => $key->name,
'key' => $plainKey,
'key_prefix' => $key->key_prefix,
], Response::HTTP_CREATED);
}
}
app/app/Http/Controllers/Api/AuthController.php
-27
View File
@@ -228,31 +228,6 @@ class AuthController extends Controller
]);
}
/**
* PATCH /api/auth/me обновление профиля текущего пользователя
* (имя, фамилия, телефон, тайм-зона). Email менять нельзя (через support).
*
* Audit J6/D1 (ProfileTab). Зеркалит updateNotificationPreferences:
* та же группа auth:sanctum, тот же inline-validate, тот же userResource.
*/
public function updateProfile(Request $request): JsonResponse
{
$validated = $request->validate([
'first_name' => ['required', 'string', 'max:255'],
'last_name' => ['required', 'string', 'max:255'],
'phone' => ['nullable', 'string', 'max:20'],
'timezone' => ['required', 'timezone'],
]);
/** @var User $user */
$user = $request->user();
$user->update($validated);
return response()->json([
'user' => $this->userResource($user->fresh()),
]);
}
/**
* Ключ throttle для login: email|ip защищает email от брутфорса даже
* за NAT'ом, и IP от перебора емейлов с одного источника.
@@ -358,8 +333,6 @@ class AuthController extends Controller
'email' => $user->email,
'first_name' => $user->first_name,
'last_name' => $user->last_name,
'phone' => $user->phone,
'timezone' => $user->timezone,
'tenant_id' => $user->tenant_id,
'totp_enabled' => $user->totp_enabled,
'last_login_at' => $user->last_login_at,
app/app/Http/Controllers/Api/BillingController.php
-186
View File
@@ -1,186 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\BalanceTransaction;
use App\Models\Tenant;
use App\Models\User;
use App\Services\Billing\BillingTopupService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
/**
* Биллинг тенанта кошелёк, транзакции, счета, пополнение (audit E1/E3).
*
* Все эндпоинты под middleware [auth:sanctum, tenant] (RLS-контекст).
* Отдельно от TenantChargesController (lead_charges ledger) и
* AdminBillingController (SaaS-уровневые агрегаты).
*
* E1: POST /api/billing/topup MVP-stub пополнения (без платёжного шлюза).
* E3: GET wallet/transactions/invoices данные для BillingView Overview.
*/
class BillingController extends Controller
{
public function __construct(
private readonly BillingTopupService $topupService,
) {}
/**
* POST /api/billing/topup пополнить рублёвый баланс.
*
* MVP-stub: кредитует баланс немедленно (без ЮKassa реальная оплата
* post-Б-1). Записывает append-only строку balance_transactions(topup).
*/
public function topup(Request $request): JsonResponse
{
$validated = $request->validate([
'amount_rub' => ['required', 'numeric', 'min:100', 'max:1000000', 'decimal:0,2'],
]);
/** @var User $user */
$user = $request->user();
// Нормализуем в DECIMAL-строку scale 2 для bcmath (НЕ float).
$amountRub = bcadd((string) $validated['amount_rub'], '0', 2);
$tx = $this->topupService->topup((int) $user->tenant_id, $amountRub, (int) $user->id);
return response()->json([
'transaction' => [
'id' => $tx->id,
'type' => $tx->type,
'amount_rub' => $tx->amount_rub,
'balance_rub_after' => $tx->balance_rub_after,
'created_at' => $tx->created_at,
],
'balance_rub' => $tx->balance_rub_after,
], 201);
}
/**
* GET /api/billing/wallet балансы тенанта + текущий тариф + runway.
*/
public function wallet(Request $request): JsonResponse
{
/** @var User $user */
$user = $request->user();
/** @var Tenant $tenant */
$tenant = Tenant::query()->with('tariff')->findOrFail((int) $user->tenant_id);
return response()->json([
'balance_rub' => $tenant->balance_rub,
'balance_leads' => $tenant->balance_leads,
'runway_days' => $this->runwayDays($tenant),
'tariff' => $tenant->tariff === null ? null : [
'code' => $tenant->tariff->code,
'name' => $tenant->tariff->name,
'price_monthly' => $tenant->tariff->price_monthly,
'billing_model' => $tenant->tariff->billing_model,
'features' => $tenant->tariff->features ?? [],
],
]);
}
/**
* GET /api/billing/transactions?type=topup|lead_charge|refund&page=N
* пагинированная история balance_transactions тенанта (20/страница).
*/
public function transactions(Request $request): JsonResponse
{
/** @var User $user */
$user = $request->user();
$tenantId = (int) $user->tenant_id;
// Явный tenant_id фильтр — defense-in-depth поверх RLS (тесты идут
// под superuser BYPASSRLS; паттерн TenantChargesController).
$query = BalanceTransaction::query()
->where('tenant_id', $tenantId)
->orderBy('created_at', 'desc')
->orderBy('id', 'desc');
$type = $request->query('type');
if (is_string($type) && in_array($type, ['topup', 'lead_charge', 'refund'], true)) {
$query->where('type', $type);
}
$page = $query->paginate(20);
return response()->json([
'data' => array_map(static fn (BalanceTransaction $tx): array => [
'id' => $tx->id,
'code' => 'TX-'.$tx->id,
'type' => $tx->type,
'description' => $tx->description,
'amount_rub' => $tx->amount_rub,
'amount_leads' => $tx->amount_leads,
'balance_rub_after' => $tx->balance_rub_after,
'created_at' => $tx->created_at,
], $page->items()),
'meta' => [
'current_page' => $page->currentPage(),
'last_page' => $page->lastPage(),
'total' => $page->total(),
'per_page' => $page->perPage(),
],
]);
}
/**
* GET /api/billing/invoices счета тенанта (saas_invoices).
*
* Real-but-empty на MVP: saas_invoices.legal_entity_id NOT NULL требует
* зарегистрированного юр-лица (блокируется Б-1). Read-only выборка через
* DB::table без Eloquent-модели (паттерн AdminBillingController).
*/
public function invoices(Request $request): JsonResponse
{
/** @var User $user */
$user = $request->user();
$tenantId = (int) $user->tenant_id;
$rows = DB::table('saas_invoices')
->where('tenant_id', $tenantId)
->orderBy('issued_at', 'desc')
->get(['id', 'invoice_number', 'amount_total', 'status', 'issued_at', 'pdf_path']);
return response()->json([
'data' => $rows->map(static fn (\stdClass $r): array => [
'id' => $r->id,
'invoice_number' => $r->invoice_number,
'amount_total' => $r->amount_total,
'status' => $r->status,
'issued_at' => $r->issued_at,
'has_pdf' => $r->pdf_path !== null,
])->all(),
]);
}
/**
* Прогноз «на сколько дней хватит баланса» оценочный UX-показатель.
*
* = balance_rub / (рублёвые списания за 30 дней / 30). NULL, если списаний
* не было. Float здесь допустим: грубая оценка для шапки, НЕ мутация
* баланса (мутации баланса строго bcmath, см. BillingTopupService).
* Отрицательный баланс 0 (тенант уже в минусе, runway не может быть < 0).
*/
private function runwayDays(Tenant $tenant): ?int
{
$spent = abs((float) DB::table('balance_transactions')
->where('tenant_id', $tenant->id)
->where('type', BalanceTransaction::TYPE_LEAD_CHARGE)
->where('created_at', '>=', now()->subDays(30))
->sum('amount_rub'));
if ($spent <= 0.0) {
return null;
}
$perDay = $spent / 30.0;
return max(0, (int) floor((float) $tenant->balance_rub / $perDay));
}
}
app/app/Http/Controllers/Api/DashboardController.php
-147
View File
@@ -1,147 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\Tenant;
use Carbon\CarbonImmutable;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
/**
* Дашборд агрегат для DashboardView (audit C1/J3).
*
* GET /api/dashboard/summary?tenant_id={id}&range=today|7d|30d
*
* На MVP без auth-middleware (tenant_id параметром, как DealController).
* Production: middleware('auth:sanctum','tenant') tenant_id из user.
*
* Все агрегаты tenant-scoped, deleted_at IS NULL, is_test=false.
* RLS-обёртка SET LOCAL app.current_tenant_id (PgBouncer-safe), как DealController.
*/
class DashboardController extends Controller
{
private const RU_WEEKDAYS = ['вс', 'пн', 'вт', 'ср', 'чт', 'пт', 'сб'];
public function summary(Request $request): JsonResponse
{
$tenantId = (int) $request->query('tenant_id', '0');
if ($tenantId < 1) {
return response()->json(['message' => 'Параметр tenant_id обязателен.'], 422);
}
$tenant = Tenant::find($tenantId);
if ($tenant === null) {
return response()->json(['message' => 'Тенант не найден.'], 404);
}
$range = in_array($request->query('range'), ['today', '7d', '30d'], true)
? (string) $request->query('range')
: '7d';
// MSK: activity-бакеты и range-границы должны совпадать с SQL
// `AT TIME ZONE 'Europe/Moscow'`. config('app.timezone') = UTC.
$now = CarbonImmutable::now('Europe/Moscow');
[$windowStart, $prevStart] = match ($range) {
'today' => [$now->startOfDay(), $now->startOfDay()->subDay()],
'30d' => [$now->subDays(30), $now->subDays(60)],
default => [$now->subDays(7), $now->subDays(14)],
};
$data = DB::transaction(function () use ($tenantId, $tenant, $now, $range, $windowStart, $prevStart) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
$base = fn () => DB::table('deals')
->where('tenant_id', $tenantId)
->whereNull('deleted_at')
->where('is_test', false);
// --- leads received: текущее + предыдущее окно ---
$curLeads = (clone $base())->whereBetween('received_at', [$windowStart, $now])->count();
$prevLeads = (clone $base())->whereBetween('received_at', [$prevStart, $windowStart])->count();
// --- conversion: % статуса 'paid' в окне ---
$curPaid = (clone $base())->where('status', 'paid')
->whereBetween('received_at', [$windowStart, $now])->count();
$prevPaid = (clone $base())->where('status', 'paid')
->whereBetween('received_at', [$prevStart, $windowStart])->count();
$curConv = $curLeads > 0 ? round($curPaid / $curLeads * 100, 1) : 0.0;
$prevConv = $prevLeads > 0 ? round($prevPaid / $prevLeads * 100, 1) : 0.0;
// --- active projects ---
$activeProjects = DB::table('projects')
->where('tenant_id', $tenantId)
->whereNull('archived_at')
->where('is_active', true)
->count();
$maxProjects = (int) (($tenant->limits['max_projects'] ?? 0));
// --- activity: 7 daily-бакетов по received_at (MSK) ---
$activityStart = $now->subDays(6)->startOfDay();
$byDay = (clone $base())
->where('received_at', '>=', $activityStart)
->selectRaw("to_char((received_at AT TIME ZONE 'Europe/Moscow')::date, 'YYYY-MM-DD') AS d, COUNT(*) AS c")
->groupBy('d')
->pluck('c', 'd');
$points = [];
$labels = [];
for ($i = 6; $i >= 0; $i--) {
$day = $now->subDays($i);
$key = $day->format('Y-m-d');
$points[] = (int) ($byDay[$key] ?? 0);
$labels[] = $i === 0 ? 'сегодня' : self::RU_WEEKDAYS[(int) $day->format('w')];
}
$maxPoint = max(0, ...$points);
$axisMax = max(10, (int) (ceil($maxPoint / 10) * 10));
// --- funnel: текущий снимок по статусам ---
$funnel = (clone $base())
->selectRaw('status, COUNT(*) AS c')
->groupBy('status')
->pluck('c', 'status')
->map(fn ($c) => (int) $c)
->toArray();
// --- runway ---
// runway опирается на приток за фиксированное 7-дневное окно,
// независимо от выбранного range (для today/30d $curLeads — не 7-дневный).
$leads7d = (clone $base())->whereBetween('received_at', [$now->subDays(7), $now])->count();
$avgDaily = $leads7d / 7.0;
$balanceLeads = (int) ($tenant->balance_leads ?? 0);
$runwayDays = $avgDaily > 0 ? (int) floor($balanceLeads / $avgDaily) : 0;
return [
'range' => $range,
'leads_received' => self::deltaBlock($curLeads, $prevLeads, 'delta_pct', self::pctDelta($curLeads, $prevLeads)),
'conversion' => self::deltaBlock($curConv, $prevConv, 'delta_pp', round($curConv - $prevConv, 1)),
'active_projects' => ['active' => $activeProjects, 'limit' => $maxProjects],
'balance' => [
'amount_rub' => (string) $tenant->balance_rub,
'runway_days' => $runwayDays,
'runway_leads' => $balanceLeads,
],
'activity' => ['points' => $points, 'labels' => $labels, 'max' => $axisMax],
'funnel' => (object) $funnel,
];
});
return response()->json($data);
}
/** Процентная дельта current vs previous; 0.0 если previous=0. */
private static function pctDelta(float $cur, float $prev): float
{
return $prev > 0 ? round(($cur - $prev) / $prev * 100, 1) : 0.0;
}
/** Блок {value, <deltaKey>, delta_dir}. */
private static function deltaBlock(float $value, float $prev, string $deltaKey, float $delta): array
{
$dir = $value > $prev ? 'up' : ($value < $prev ? 'down' : 'neutral');
return ['value' => $value, $deltaKey => $delta, 'delta_dir' => $dir];
}
}
app/app/Http/Controllers/Api/DealBulkActionController.php
+34 -23
View File
@@ -7,6 +7,7 @@ namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\ActivityLog;
use App\Models\Deal;
use App\Models\Tenant;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
@@ -19,8 +20,6 @@ use Illuminate\Support\Facades\DB;
* bulk + export + helpers). Этот класс отвечает только за многоразовые
* массовые операции; single-resource действия остаются в DealController.
*
* J1 (Sprint 3F): auth:sanctum+tenant, tenant_id из auth()->user().
*
* O-perf-01: N+1 устранён.
*
* transition: сначала SELECT всех сделок tenant'а из ids, чтобы отфильтровать
@@ -42,19 +41,23 @@ class DealBulkActionController extends Controller
/**
* POST /api/deals/transition bulk status-update.
*
* Body: {ids: [int...], status: slug}.
* Body: {tenant_id, ids: [int...], status: slug}.
* Response: {updated, requested, status} (updated = реально изменённых,
* без NO-OP).
*/
public function transition(Request $request): JsonResponse
{
$validated = $request->validate([
'tenant_id' => 'required|integer|min:1',
'ids' => 'required|array|min:1|max:1000',
'ids.*' => 'integer|min:1',
'status' => 'required|string|max:50',
]);
$tenantId = (int) $request->user()->tenant_id;
$tenant = Tenant::find($validated['tenant_id']);
if ($tenant === null) {
return response()->json(['message' => 'Тенант не найден.'], 404);
}
$statusExists = DB::table('lead_statuses')->where('slug', $validated['status'])->exists();
if (! $statusExists) {
@@ -64,14 +67,14 @@ class DealBulkActionController extends Controller
], 422);
}
$updated = DB::transaction(function () use ($validated, $tenantId) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
$updated = DB::transaction(function () use ($validated, $tenant) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenant->id);
// Фаза 1: SELECT — нужны id и предыдущий status для каждой строки,
// чтобы (а) отфильтровать NO-OP и (б) сохранить prev в context.from.
// Defense-in-depth where(tenant_id) — защита от кросс-tenant id.
$rows = Deal::query()
->where('tenant_id', $tenantId)
->where('tenant_id', $tenant->id)
->whereIn('id', $validated['ids'])
->get(['id', 'status']);
@@ -85,7 +88,7 @@ class DealBulkActionController extends Controller
// Фаза 2: bulk-UPDATE 1 запросом вместо N.
Deal::query()
->where('tenant_id', $tenantId)
->where('tenant_id', $tenant->id)
->whereIn('id', $changedIds)
->update([
'status' => $validated['status'],
@@ -97,7 +100,7 @@ class DealBulkActionController extends Controller
// массив сериализуем в JSON руками, остальные scalar-поля передаём
// напрямую. Триггер audit_chain_hash() заполнит log_hash на уровне БД.
$logRows = $changed->map(fn (Deal $d) => [
'tenant_id' => $tenantId,
'tenant_id' => $tenant->id,
'user_id' => null,
'deal_id' => $d->id,
'event' => ActivityLog::EVENT_DEAL_STATUS_CHANGED,
@@ -124,7 +127,7 @@ class DealBulkActionController extends Controller
/**
* DELETE /api/deals bulk soft-delete.
*
* Body: {ids: [int...]}.
* Body: {tenant_id, ids: [int...]}.
* Response: {deleted, requested}.
*
* Soft-delete сохраняется (см. документацию в DealController.destroy на
@@ -134,19 +137,23 @@ class DealBulkActionController extends Controller
public function destroy(Request $request): JsonResponse
{
$validated = $request->validate([
'tenant_id' => 'required|integer|min:1',
'ids' => 'required|array|min:1|max:1000',
'ids.*' => 'integer|min:1',
]);
$tenantId = (int) $request->user()->tenant_id;
$tenant = Tenant::find($validated['tenant_id']);
if ($tenant === null) {
return response()->json(['message' => 'Тенант не найден.'], 404);
}
$deleted = DB::transaction(function () use ($validated, $tenantId) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
$deleted = DB::transaction(function () use ($validated, $tenant) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenant->id);
// SELECT id'шников живых сделок tenant'а из ids — для bulk-INSERT
// в activity_log по списку реально удаляемых (NO-OP idempotency).
$targetIds = Deal::query()
->where('tenant_id', $tenantId)
->where('tenant_id', $tenant->id)
->whereIn('id', $validated['ids'])
->whereNull('deleted_at')
->pluck('id')
@@ -159,7 +166,7 @@ class DealBulkActionController extends Controller
$now = now();
Deal::query()
->where('tenant_id', $tenantId)
->where('tenant_id', $tenant->id)
->whereIn('id', $targetIds)
->whereNull('deleted_at')
->update([
@@ -168,7 +175,7 @@ class DealBulkActionController extends Controller
]);
$logRows = array_map(fn (int $id) => [
'tenant_id' => $tenantId,
'tenant_id' => $tenant->id,
'user_id' => null,
'deal_id' => $id,
'event' => ActivityLog::EVENT_DEAL_DELETED,
@@ -190,26 +197,30 @@ class DealBulkActionController extends Controller
/**
* POST /api/deals/restore bulk restore soft-deleted.
*
* Body: {ids: [int...]}.
* Body: {tenant_id, ids: [int...]}.
* Response: {restored, requested}.
*/
public function restore(Request $request): JsonResponse
{
$validated = $request->validate([
'tenant_id' => 'required|integer|min:1',
'ids' => 'required|array|min:1|max:1000',
'ids.*' => 'integer|min:1',
]);
$tenantId = (int) $request->user()->tenant_id;
$tenant = Tenant::find($validated['tenant_id']);
if ($tenant === null) {
return response()->json(['message' => 'Тенант не найден.'], 404);
}
$restored = DB::transaction(function () use ($validated, $tenantId) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
$restored = DB::transaction(function () use ($validated, $tenant) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenant->id);
// withTrashed обходит SoftDeletes global scope; whereNotNull —
// NO-OP idempotency для уже живых.
$targetIds = Deal::query()
->withTrashed()
->where('tenant_id', $tenantId)
->where('tenant_id', $tenant->id)
->whereIn('id', $validated['ids'])
->whereNotNull('deleted_at')
->pluck('id')
@@ -223,7 +234,7 @@ class DealBulkActionController extends Controller
Deal::query()
->withTrashed()
->where('tenant_id', $tenantId)
->where('tenant_id', $tenant->id)
->whereIn('id', $targetIds)
->whereNotNull('deleted_at')
->update([
@@ -232,7 +243,7 @@ class DealBulkActionController extends Controller
]);
$logRows = array_map(fn (int $id) => [
'tenant_id' => $tenantId,
'tenant_id' => $tenant->id,
'user_id' => null,
'deal_id' => $id,
'event' => ActivityLog::EVENT_DEAL_RESTORED,
app/app/Http/Controllers/Api/DealController.php
+51 -33
View File
@@ -9,6 +9,7 @@ use App\Models\ActivityLog;
use App\Models\Deal;
use App\Models\Project;
use App\Models\SupplierLeadCost;
use App\Models\Tenant;
use App\Models\User;
use App\Services\SupplierResolver;
use Illuminate\Http\JsonResponse;
@@ -26,7 +27,9 @@ use Illuminate\Support\Facades\DB;
* `WebhookReceiveController` + `ProcessWebhookJob` (асинхронно через очередь
* с advisory lock + dedup). Этот controller для ручных action'ов из UI.
*
* J1 (Sprint 3F): auth:sanctum+tenant, tenant_id из auth()->user().
* На MVP без auth-middleware (multi-tenant контекст резолвится по
* `tenant_id` параметру). Production: middleware('auth:sanctum')+'tenant'
* tenant_id из request()->user()->tenant_id; user ID для manager/audit.
*
* Manual-create отличается от webhook'а:
* - source_crm_id = NULL (не из webhook).
@@ -39,7 +42,7 @@ use Illuminate\Support\Facades\DB;
class DealController extends Controller
{
/**
* GET /api/deals?status_in[]=...&project_id=...&manager_id=...&search=...&limit=...&offset=...
* GET /api/deals?tenant_id={id}&status_in[]=...&project_id=...&manager_id=...&search=...&limit=...&offset=...
*
* Список сделок tenant'а с relations (project.name, manager.first/last/email).
* Используется в `DealsView`/`KanbanView` вместо MOCK_DEALS.
@@ -50,10 +53,20 @@ class DealController extends Controller
* (received_at, id)).
*
* RLS: SET LOCAL app.current_tenant_id внутри транзакции (PgBouncer-safe).
* Чужие сделки отфильтрует политика, даже если клиент подсунет чужой
* tenant_id (без auth на MVP, на prod middleware).
*/
public function index(Request $request): JsonResponse
{
$tenantId = (int) $request->user()->tenant_id;
$tenantId = (int) $request->query('tenant_id', '0');
if ($tenantId < 1) {
return response()->json(['message' => 'Параметр tenant_id обязателен.'], 422);
}
$tenant = Tenant::find($tenantId);
if ($tenant === null) {
return response()->json(['message' => 'Тенант не найден.'], 404);
}
$statuses = (array) $request->query('status_in', []);
$projectId = $request->query('project_id') !== null ? (int) $request->query('project_id') : null;
@@ -62,7 +75,6 @@ class DealController extends Controller
$limit = max(1, min(500, (int) $request->query('limit', '100')));
$offset = max(0, (int) $request->query('offset', '0'));
$onlyDeleted = $request->boolean('only_deleted');
$countOnly = $request->boolean('count_only');
$cursorRaw = (string) $request->query('cursor', '');
// Sprint 4 Phase A (audit O-perf-04): keyset pagination через cursor.
@@ -81,7 +93,7 @@ class DealController extends Controller
$cursor = ['r' => (string) $parsed['r'], 'i' => (int) $parsed['i']];
}
[$deals, $total, $nextCursor] = DB::transaction(function () use ($tenantId, $statuses, $projectId, $managerId, $search, $limit, $offset, $onlyDeleted, $cursor, $countOnly) {
[$deals, $total, $nextCursor] = DB::transaction(function () use ($tenantId, $statuses, $projectId, $managerId, $search, $limit, $offset, $onlyDeleted, $cursor) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
// Defense-in-depth: явный where(tenant_id) поверх RLS — на тестах
@@ -116,12 +128,6 @@ class DealController extends Controller
});
}
// Audit B2: count_only — отдаём только COUNT(*), пропуская SELECT строк
// и cursor/offset-логику (лёгкий запрос для бейджа в сайдбаре).
if ($countOnly) {
return [collect(), $query->count(), null];
}
if ($cursor !== null) {
// Keyset: PG row constructor через индекс на (received_at DESC, id DESC).
// Не считаем total (дорого без COUNT(*); клиент при необходимости
@@ -166,10 +172,6 @@ class DealController extends Controller
return [$rows, $total, $next];
});
if ($countOnly) {
return response()->json(['total' => $total]);
}
$payload = [
'deals' => $deals->map(fn (Deal $d) => [
'id' => $d->id,
@@ -201,7 +203,7 @@ class DealController extends Controller
}
/**
* GET /api/deals/{id} детали сделки + recent activity events.
* GET /api/deals/{id}?tenant_id={id} детали сделки + recent activity events.
*
* Используется в DealDetailDrawer (правая панель). Возвращает deal с
* relations + до 50 последних activity_log событий по этой сделке.
@@ -211,7 +213,15 @@ class DealController extends Controller
*/
public function show(Request $request, int $id): JsonResponse
{
$tenantId = (int) $request->user()->tenant_id;
$tenantId = (int) $request->query('tenant_id', '0');
if ($tenantId < 1) {
return response()->json(['message' => 'Параметр tenant_id обязателен.'], 422);
}
$tenant = Tenant::find($tenantId);
if ($tenant === null) {
return response()->json(['message' => 'Тенант не найден.'], 404);
}
[$deal, $events] = DB::transaction(function () use ($tenantId, $id) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
@@ -281,7 +291,7 @@ class DealController extends Controller
/**
* PATCH /api/deals/{id} частичное редактирование сделки из DealDetailDrawer.
*
* Body (все поля optional, должно быть хотя бы одно): {comment?,
* Body (все поля optional, должно быть хотя бы одно): {tenant_id, comment?,
* manager_id?, status?}.
*
* Каждое изменение пишется в ActivityLog с правильным event-type:
@@ -299,12 +309,16 @@ class DealController extends Controller
public function update(Request $request, int $id): JsonResponse
{
$validated = $request->validate([
'tenant_id' => 'required|integer|min:1',
'comment' => 'nullable|string|max:5000',
'manager_id' => 'nullable|integer|min:1',
'status' => 'nullable|string|max:50',
]);
$tenantId = (int) $request->user()->tenant_id;
$tenant = Tenant::find($validated['tenant_id']);
if ($tenant === null) {
return response()->json(['message' => 'Тенант не найден.'], 404);
}
// Validate status slug если передан.
if (array_key_exists('status', $validated) && $validated['status'] !== null) {
@@ -321,7 +335,7 @@ class DealController extends Controller
if (array_key_exists('manager_id', $validated) && $validated['manager_id'] !== null) {
$managerExists = User::query()
->where('id', $validated['manager_id'])
->where('tenant_id', $tenantId)
->where('tenant_id', $tenant->id)
->whereNull('deleted_at')
->where('is_active', true)
->exists();
@@ -333,11 +347,11 @@ class DealController extends Controller
}
}
$deal = DB::transaction(function () use ($validated, $tenantId, $id) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
$deal = DB::transaction(function () use ($validated, $tenant, $id) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenant->id);
$deal = Deal::query()
->where('tenant_id', $tenantId)
->where('tenant_id', $tenant->id)
->where('id', $id)
->first();
@@ -349,7 +363,7 @@ class DealController extends Controller
if (array_key_exists('comment', $validated) && $deal->comment !== $validated['comment']) {
$deal->comment = $validated['comment'];
ActivityLog::create([
'tenant_id' => $tenantId,
'tenant_id' => $tenant->id,
'user_id' => null,
'deal_id' => $deal->id,
'event' => 'deal.commented',
@@ -362,7 +376,7 @@ class DealController extends Controller
$deal->manager_id = $validated['manager_id'];
$deal->assigned_at = $validated['manager_id'] !== null ? now() : null;
ActivityLog::create([
'tenant_id' => $tenantId,
'tenant_id' => $tenant->id,
'user_id' => null,
'deal_id' => $deal->id,
'event' => ActivityLog::EVENT_DEAL_ASSIGNED,
@@ -374,7 +388,7 @@ class DealController extends Controller
$previousStatus = $deal->status;
$deal->status = $validated['status'];
ActivityLog::create([
'tenant_id' => $tenantId,
'tenant_id' => $tenant->id,
'user_id' => null,
'deal_id' => $deal->id,
'event' => ActivityLog::EVENT_DEAL_STATUS_CHANGED,
@@ -411,6 +425,7 @@ class DealController extends Controller
public function store(Request $request): JsonResponse
{
$validated = $request->validate([
'tenant_id' => 'required|integer|min:1',
'project_name' => 'required|string|max:255',
'phone' => 'required|string|max:20',
'contact_name' => 'nullable|string|max:255',
@@ -419,14 +434,17 @@ class DealController extends Controller
'comment' => 'nullable|string|max:5000',
]);
$tenantId = (int) $request->user()->tenant_id;
$tenant = Tenant::find($validated['tenant_id']);
if ($tenant === null) {
return response()->json(['message' => 'Тенант не найден.'], 404);
}
// Manager FK guard: если manager_id передан, он должен принадлежать
// этому tenant'у. Иначе можно назначить чужого менеджера на свою сделку.
if (isset($validated['manager_id'])) {
$managerExists = User::query()
->where('id', $validated['manager_id'])
->where('tenant_id', $tenantId)
->where('tenant_id', $tenant->id)
->whereNull('deleted_at')
->where('is_active', true)
->exists();
@@ -441,16 +459,16 @@ class DealController extends Controller
$statusSlug = $validated['status'] ?? 'new';
// Транзакция + RLS: SET LOCAL внутри (PgBouncer-safe).
$deal = DB::transaction(function () use ($validated, $tenantId, $statusSlug) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
$deal = DB::transaction(function () use ($validated, $tenant, $statusSlug) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenant->id);
$project = Project::firstOrCreate(
['tenant_id' => $tenantId, 'name' => $validated['project_name']],
['tenant_id' => $tenant->id, 'name' => $validated['project_name']],
['type' => 'manual'],
);
$deal = Deal::create([
'tenant_id' => $tenantId,
'tenant_id' => $tenant->id,
'source_crm_id' => null, // manual
'project_id' => $project->id,
'phone' => $validated['phone'],
@@ -481,7 +499,7 @@ class DealController extends Controller
}
ActivityLog::create([
'tenant_id' => $tenantId,
'tenant_id' => $tenant->id,
'user_id' => null, // на prod — request()->user()->id
'deal_id' => $deal->id,
'event' => ActivityLog::EVENT_DEAL_CREATED,
app/app/Http/Controllers/Api/DealExportController.php
+11 -8
View File
@@ -6,6 +6,7 @@ namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\Deal;
use App\Models\Tenant;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use OpenSpout\Common\Entity\Row;
@@ -20,15 +21,13 @@ use Symfony\Component\HttpFoundation\StreamedResponse;
*
* Извлечено из DealController (Sprint 3 Phase A, audit O-refactor-01).
*
* J1 (Sprint 3F): auth:sanctum+tenant, tenant_id из auth()->user().
*
* O-perf-05: streaming устраняет memory pressure. PhpSpreadsheet строил
* полный объект .xlsx в памяти (для 10K сделок 100+ MB). OpenSpout пишет
* в php://output постранично через Writer + Row::fromValues и chunkById(500)
* по сделкам пик памяти O(1) от размера экспорта.
*
* API контракт сохранён:
* POST /api/deals/export {ids[], format?: csv|xlsx}
* POST /api/deals/export {tenant_id, ids[], format?: csv|xlsx}
* Headers Content-Type / Content-Disposition без изменений.
* CSV: UTF-8 + BOM + ;-разделитель (Excel-friendly RU-локаль).
* XLSX: bold-header + auto-size columns.
@@ -44,12 +43,16 @@ class DealExportController extends Controller
public function export(Request $request): StreamedResponse
{
$validated = $request->validate([
'tenant_id' => 'required|integer|min:1',
'ids' => 'required|array|min:1|max:10000',
'ids.*' => 'integer|min:1',
'format' => 'nullable|string|in:csv,xlsx',
]);
$tenantId = (int) $request->user()->tenant_id;
$tenant = Tenant::find($validated['tenant_id']);
if ($tenant === null) {
abort(404, 'Тенант не найден.');
}
$format = $validated['format'] ?? 'csv';
$filename = 'deals_export_'.now()->format('Y-m-d').'.'.$format;
@@ -64,13 +67,13 @@ class DealExportController extends Controller
'Content-Disposition' => 'attachment; filename="'.$filename.'"',
];
return new StreamedResponse(function () use ($validated, $tenantId, $format) {
return new StreamedResponse(function () use ($validated, $tenant, $format) {
// RLS-контекст должен быть установлен внутри транзакции на момент
// фактического SELECT. StreamedResponse callback вызывается уже
// после Laravel-response pipeline'а, поэтому открываем транзакцию
// прямо здесь.
DB::transaction(function () use ($validated, $tenantId, $format) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
DB::transaction(function () use ($validated, $tenant, $format) {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenant->id);
$writer = $this->openWriter($format);
$writer->openToFile('php://output');
@@ -90,7 +93,7 @@ class DealExportController extends Controller
// chunkById(500) — keyset-friendly; в нашем DealsView это
// редкий тяжёлый action, экспортировать могут до 10K id.
Deal::query()
->where('tenant_id', $tenantId)
->where('tenant_id', $tenant->id)
->whereIn('id', $validated['ids'])
->orderBy('id')
->chunkById(500, function ($deals) use ($writer) {
app/app/Http/Controllers/Api/ImpersonationController.php
+6 -12
View File
@@ -123,21 +123,15 @@ class ImpersonationController extends Controller
]);
// TODO: отправить email на $tenant->contact_email с $plainCode.
$payload = [
// На MVP возвращаем code в response для тестов / dev (на prod НЕ должно
// возвращаться никогда — токен только в email клиента).
return response()->json([
'token_id' => $token->id,
'expires_at' => $token->expires_at->toIso8601String(),
'sent_to_email' => $token->sent_to_email,
];
// Audit-fix A2: plain-код возвращается в API-ответе ТОЛЬКО на dev/testing
// (для тестов и локальной разработки). На prod код уходит исключительно
// в email клиента — env-guard исключает захват impersonation-сессии
// через чтение ответа init.
if (app()->environment('local', 'testing')) {
$payload['_dev_plain_code'] = $plainCode;
}
return response()->json($payload);
// dev-only field — на prod исчезает после интеграции с MailService.
'_dev_plain_code' => $plainCode,
]);
}
/** POST /api/admin/impersonation/verify */
app/app/Http/Controllers/Api/ImportController.php
-158
View File
@@ -1,158 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Http\Requests\ResolveUnknownStatusesRequest;
use App\Http\Requests\StoreImportRequest;
use App\Jobs\ImportLeadsJob;
use App\Models\ImportLog;
use App\Models\ImportUnknownStatus;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Str;
/**
* CSV-импорт исторических лидов из crm.bp-gr.ru (ТЗ §6).
*
* Все маршруты под auth:sanctum + tenant (RLS-контекст задан middleware).
* tenant_id берётся из авторизованного пользователя, не из запроса.
*/
class ImportController extends Controller
{
/**
* POST /api/imports загрузка CSV, создание import_log, dispatch job'а.
*/
public function store(StoreImportRequest $request): JsonResponse
{
$tenantId = (int) $request->user()->tenant_id;
$file = $request->file('file');
$storedName = Str::uuid()->toString().'.csv';
$path = $file->storeAs("imports/{$tenantId}", $storedName, 'local');
$log = ImportLog::create([
'tenant_id' => $tenantId,
'user_id' => $request->user()->id,
'filename' => $file->getClientOriginalName(),
'file_path' => $path,
'status' => 'pending',
'entity_type' => 'leads',
'source_system' => 'crm.bp-gr.ru',
'dry_run' => $request->boolean('dry_run'),
]);
ImportLeadsJob::dispatch($log->id, $tenantId);
return response()->json(['data' => $this->toResource($log)], 201);
}
/**
* GET /api/imports история импортов тенанта (RLS отфильтрует по tenant).
*
* Defense-in-depth: явный where(tenant_id) поверх RLS на dev через
* `postgres` superuser RLS обходится BYPASSRLS, app-фильтр гарантирует
* изоляцию (паттерн из DealController).
*/
public function index(Request $request): JsonResponse
{
$tenantId = (int) $request->user()->tenant_id;
$logs = ImportLog::query()
->where('tenant_id', $tenantId)
->orderByDesc('id')
->limit(50)
->get()
->map(fn (ImportLog $log) => $this->toResource($log));
return response()->json(['data' => $logs]);
}
/**
* GET /api/imports/{importLog} прогресс одного импорта (для polling'а).
*
* Defense-in-depth: явная проверка tenant_id на принадлежность поверх RLS.
*/
public function show(Request $request, ImportLog $importLog): JsonResponse
{
$tenantId = (int) $request->user()->tenant_id;
abort_if($importLog->tenant_id !== $tenantId, 403, 'Доступ к импорту другого тенанта запрещён.');
return response()->json(['data' => $this->toResource($importLog)]);
}
/**
* GET /api/imports/unknown-statuses незамапленные статусы (вход wizard'а §6.6).
*
* Defense-in-depth: явный where(tenant_id) поверх RLS.
*/
public function unknownStatuses(Request $request): JsonResponse
{
$tenantId = (int) $request->user()->tenant_id;
$rows = ImportUnknownStatus::query()
->where('tenant_id', $tenantId)
->unresolved()
->orderByDesc('occurrences')
->get()
->map(fn (ImportUnknownStatus $s) => [
'id' => $s->id,
'status_ru' => $s->status_ru,
'occurrences' => $s->occurrences,
]);
return response()->json(['data' => $rows]);
}
/**
* POST /api/imports/unknown-statuses/resolve ручной маппинг статусов.
*
* Defense-in-depth: явный where(tenant_id) поверх RLS.
*/
public function resolveUnknownStatuses(ResolveUnknownStatusesRequest $request): JsonResponse
{
$tenantId = (int) $request->user()->tenant_id;
$userId = (int) $request->user()->id;
DB::transaction(function () use ($request, $tenantId, $userId): void {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
foreach ($request->validated()['mappings'] as $mapping) {
ImportUnknownStatus::query()
->where('tenant_id', $tenantId)
->where('status_ru', $mapping['status_ru'])
->update([
'mapped_to_slug' => $mapping['slug'],
'resolved_at' => now(),
'resolved_by' => $userId,
]);
}
});
return response()->json(['data' => ['resolved' => count($request->validated()['mappings'])]]);
}
/**
* @return array<string, mixed>
*/
private function toResource(ImportLog $log): array
{
return [
'id' => $log->id,
'filename' => $log->filename,
'status' => $log->status,
'rows_total' => $log->rows_total,
'rows_added' => $log->rows_added,
'rows_updated' => $log->rows_updated,
'rows_skipped' => $log->rows_skipped,
'unknown_statuses_count' => $log->unknown_statuses_count,
'dry_run' => $log->dry_run,
'error_message' => $log->error_message,
'started_at' => $log->started_at?->toIso8601String(),
'finished_at' => $log->finished_at?->toIso8601String(),
];
}
}
app/app/Http/Controllers/Api/ReportJobController.php
-65
View File
@@ -13,9 +13,7 @@ use Illuminate\Http\Request;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Facades\URL;
use Illuminate\Validation\Rule;
use Symfony\Component\HttpFoundation\Response;
/**
* Reports API (schema §13.5). Все endpoint'ы под `auth:sanctum`.
@@ -342,68 +340,6 @@ class ReportJobController extends Controller
});
}
/**
* GET /api/reports/jobs/{id}/file?tenant=&expires=&signature= скачать
* готовый файл отчёта (F2, OPEN-И-20).
*
* Под `signed`-middleware (не auth:sanctum): подпись URL = capability-token.
* `tenant` в подписи нужен для RLS-контекста (нет авторизованного user'а).
* Подпись покрывает все query-параметры `tenant`/`id` подделать нельзя.
*/
public function download(Request $request, int $id): Response
{
$tenantId = (int) $request->query('tenant', '0');
return DB::transaction(function () use ($id, $tenantId): Response {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
$job = ReportJob::query()
->where('id', $id)
->where('tenant_id', $tenantId)
->first();
if ($job === null) {
return response()->json(['message' => 'Отчёт не найден.'], 404);
}
if ($job->status !== ReportJob::STATUS_DONE
|| $job->file_path === null
|| ($job->expires_at !== null && $job->expires_at->isPast())) {
return response()->json(['message' => 'Файл отчёта недоступен или истёк.'], 410);
}
if (! Storage::disk('local')->exists($job->file_path)) {
return response()->json(['message' => 'Файл отчёта не найден в хранилище.'], 404);
}
$extension = pathinfo($job->file_path, PATHINFO_EXTENSION);
return Storage::disk('local')->download(
$job->file_path,
sprintf('report-%d.%s', $job->id, $extension)
);
});
}
/**
* Signed URL (24 ч) на скачивание файла. NULL для не-готовых job'ов или
* после истечения retention (file_path обнулён cron'ом reports:cleanup-expired).
*/
private function downloadUrl(ReportJob $job): ?string
{
if ($job->status !== ReportJob::STATUS_DONE
|| $job->file_path === null
|| ($job->expires_at !== null && $job->expires_at->isPast())) {
return null;
}
return URL::temporarySignedRoute(
'reports.download',
Carbon::now()->addHours(24),
['id' => $job->id, 'tenant' => $job->tenant_id],
);
}
/** @return array<string, mixed> */
private function toResource(ReportJob $job): array
{
@@ -422,7 +358,6 @@ class ReportJobController extends Controller
'is_expired' => $job->expires_at !== null && $job->expires_at->isPast(),
'retry_count' => (int) ($job->parameters['retry_count'] ?? 0),
'retry_max' => self::RETRY_MAX_ATTEMPTS,
'download_url' => $this->downloadUrl($job),
];
}
}
app/app/Http/Controllers/Api/SupplierWebhookController.php
-18
View File
@@ -10,7 +10,6 @@ use App\Models\SupplierLead;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\RateLimiter;
use Symfony\Component\HttpFoundation\IpUtils;
/**
@@ -41,9 +40,6 @@ use Symfony\Component\HttpFoundation\IpUtils;
*/
class SupplierWebhookController extends Controller
{
/** Audit-fix C2: per-IP rate-limit (DoS-guard), запросов в минуту. */
private const RATE_LIMIT_PER_MINUTE = 600;
public function receive(Request $request, string $secret): JsonResponse
{
if (! $this->verifySecret($secret)) {
@@ -54,20 +50,6 @@ class SupplierWebhookController extends Controller
return response()->json(['message' => 'Not found.'], 404);
}
// Audit-fix C2: per-IP rate-limit. Endpoint secret-gated, но защищаем
// от flood даже с валидным secret (DoS-guard). Лимит с запасом для
// легитимного stream'а лидов от crm.bp-gr.ru.
$rateKey = 'supplier-webhook:'.($request->ip() ?? 'unknown');
if (RateLimiter::tooManyAttempts($rateKey, self::RATE_LIMIT_PER_MINUTE)) {
$retryAfter = RateLimiter::availableIn($rateKey);
return response()->json([
'message' => 'Превышен лимит запросов.',
'retry_after' => $retryAfter,
], 429)->header('Retry-After', (string) $retryAfter);
}
RateLimiter::hit($rateKey, 60);
// Plan 2.6 fix #iii: timestamp partition guard. Партиции deals месячные
// (deals_2026_MM); time за пределами текущего месяца → INSERT CRASH
// "no partition of relation deals found for row" в RouteSupplierLeadJob.
app/app/Http/Controllers/Api/WebhookReceiveController.php
+4 -6
View File
@@ -117,19 +117,17 @@ class WebhookReceiveController extends Controller
}
/**
* HMAC-обязательность. Audit-fix B3: если ключ отсутствует в БД default
* TRUE (HMAC обязателен по умолчанию). Отключить можно только явной
* установкой webhook_hmac_required=false. Неизвестное значение fail-secure
* (HMAC требуется).
* HMAC-обязательность. Если ключ отсутствует в БД default false
* (backward-compat для существующих интеграций).
*/
private function isHmacRequired(): bool
{
$setting = SystemSetting::find('webhook_hmac_required');
if ($setting === null) {
return true;
return false;
}
return ! in_array($setting->value, ['false', '0'], true);
return in_array($setting->value, ['true', '1'], true);
}
/**
app/app/Http/Controllers/Api/WebhookSettingsController.php
-137
View File
@@ -1,137 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\OutboundWebhookSubscription;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Str;
use Symfony\Component\HttpFoundation\Response;
/**
* Настройки исходящего webhook'а тенанта (audit D4/D5/J5).
* Endpoints под auth:sanctum + tenant.
*
* Одна подписка-ряд на тенанта. Секрет генерируется при создании и
* показывается ОДИН раз (в БД bcrypt secret_hash + secret_prefix).
*
* test(): MVP делает unsigned connectivity-проверку (реальный POST на
* target_url, отчёт по HTTP-статусу). HMAC-подписанная доставка событий
* отдельный пост-MVP эпик (outbound-pipeline пока не построен).
*/
class WebhookSettingsController extends Controller
{
private const SECRET_PREFIX = 'whsec_';
/** @var list<string> События по умолчанию для новой подписки. */
private const DEFAULT_EVENTS = ['deal.created', 'deal.status_changed'];
public function show(Request $request): JsonResponse
{
$sub = $this->currentSubscription($request);
if ($sub === null) {
return response()->json(['data' => null]);
}
return response()->json(['data' => [
'target_url' => $sub->target_url,
'secret_prefix' => $sub->secret_prefix,
'events' => $sub->events,
'is_active' => $sub->is_active,
]]);
}
public function update(Request $request): JsonResponse
{
$validated = $request->validate([
'target_url' => ['required', 'string', 'url', 'max:2048', 'starts_with:https://'],
]);
$sub = $this->currentSubscription($request);
$plainSecret = null;
if ($sub === null) {
$plainSecret = self::SECRET_PREFIX.Str::random(40);
$sub = OutboundWebhookSubscription::query()->create([
'tenant_id' => (int) $request->user()->tenant_id,
'user_id' => (int) $request->user()->id,
'name' => 'Webhook',
'target_url' => $validated['target_url'],
'secret_hash' => Hash::make($plainSecret),
'secret_prefix' => substr($plainSecret, 0, 10),
'events' => self::DEFAULT_EVENTS,
'is_active' => true,
]);
} else {
$sub->update(['target_url' => $validated['target_url']]);
}
$payload = [
'target_url' => $sub->target_url,
'secret_prefix' => $sub->secret_prefix,
'events' => $sub->events,
'is_active' => $sub->is_active,
];
if ($plainSecret !== null) {
$payload['secret'] = $plainSecret;
}
return response()->json(['data' => $payload]);
}
public function test(Request $request): JsonResponse
{
$sub = $this->currentSubscription($request);
if ($sub === null) {
return response()->json([
'message' => 'Сначала сохраните URL webhook.',
], Response::HTTP_UNPROCESSABLE_ENTITY);
}
$testPayload = [
'event' => 'webhook.test',
'sent_at' => now()->toIso8601String(),
'message' => 'Тестовая доставка webhook от Лидерра.',
];
// MVP: unsigned connectivity-проверка. SSRF-харднинг (блок приватных
// IP) — пост-MVP security-review; URL уже ограничен https:// валидацией.
try {
$response = Http::timeout(10)
->withHeaders(['X-Webhook-Event' => 'webhook.test'])
->post($sub->target_url, $testPayload);
return response()->json([
'ok' => $response->successful(),
'status' => $response->status(),
'message' => $response->successful()
? "Тестовый запрос доставлен (HTTP {$response->status()})."
: "Endpoint ответил HTTP {$response->status()}.",
]);
} catch (\Throwable $e) {
return response()->json([
'ok' => false,
'status' => null,
'message' => 'Не удалось доставить тестовый запрос: '.$e->getMessage(),
]);
}
}
private function currentSubscription(Request $request): ?OutboundWebhookSubscription
{
$tenantId = (int) $request->user()->tenant_id;
// Defense-in-depth: явный where даже при RLS — в тестах PG superuser BYPASSRLS.
return OutboundWebhookSubscription::query()
->where('tenant_id', $tenantId)
->orderByDesc('id')
->first();
}
}
app/app/Http/Controllers/Concerns/ResolvesAdminUserId.php
-47
View File
@@ -1,47 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Concerns;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
/**
* Резолв saas_admin_users.id для audit-trail на MVP (saas-admin SSO Б-1).
*
* Берёт admin_user_id из request-параметра; при отсутствии валидного
* создаёт/переиспользует системный стаб-аккаунт (не loginable, is_active=false),
* чтобы соблюсти NOT NULL + FK на saas_admin_users в saas_admin_audit_log.
*
* Паттерн ранее дублировался в AdminPricingTiersController /
* AdminSystemSettingsController; новый код использует этот трейт.
*/
trait ResolvesAdminUserId
{
protected function resolveAdminUserId(Request $request, string $stubEmail, string $stubName): int
{
$requested = $request->input('admin_user_id');
if (is_int($requested) || (is_string($requested) && ctype_digit($requested))) {
$existing = DB::table('saas_admin_users')->where('id', (int) $requested)->value('id');
if ($existing !== null) {
return (int) $existing;
}
}
$existingId = DB::table('saas_admin_users')->where('email', $stubEmail)->value('id');
if ($existingId !== null) {
return (int) $existingId;
}
return (int) DB::table('saas_admin_users')->insertGetId([
'email' => $stubEmail,
'full_name' => $stubName,
'password_hash' => '$2y$04$system-stub-not-loginable',
'role' => 'super_admin',
'is_active' => false,
'sso_provider' => 'local',
'is_break_glass' => false,
]);
}
}
app/app/Http/Middleware/EnsureSaasAdmin.php
-38
View File
@@ -1,38 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
/**
* Гейт SaaS-admin зоны (/api/admin/*) audit-находка J2.
*
* СТАБ (Sprint 3F): полноценная авторизация saas-admin требует Yandex 360
* SSO-входа, который гейтится Б-1 (регистрация ООО) + DO-4. До их закрытия
* реального механизма аутентификации нет.
*
* Поведение стаба:
* - dev / testing (local, testing) пропускаем. Admin-панель работает на
* dev; admin_user_id передаётся параметром (трейт ResolvesAdminUserId).
* - прочие окружения (production / staging) fail-closed 503: зона
* закрыта до подключения реального SSO. Явный 503 лучше, чем тихо
* открытый /api/admin/* в проде.
*
* TODO (после Б-1 + DO-4): заменить на проверку Yandex 360 SSO-сессии
* saas-admin (отдельный guard) + роль (compliance и т.п. где требуется).
*/
class EnsureSaasAdmin
{
public function handle(Request $request, Closure $next): Response
{
if (! app()->environment('local', 'testing')) {
abort(503, 'SaaS-admin авторизация не настроена (ожидает Б-1 + DO-4).');
}
return $next($request);
}
}
app/app/Http/Middleware/SetTenantContext.php
+1 -4
View File
@@ -66,10 +66,7 @@ class SetTenantContext
}
}
// Audit-fix A3: X-Tenant-Id принимается ТОЛЬКО на dev/testing. На prod
// заголовок игнорируется — иначе на любом роуте с `tenant`, но без
// auth-middleware возможен спуфинг тенанта произвольным значением.
if (app()->environment('local', 'testing') && $request->hasHeader('X-Tenant-Id')) {
if ($request->hasHeader('X-Tenant-Id')) {
$headerValue = $request->header('X-Tenant-Id');
if (is_string($headerValue) && ctype_digit($headerValue)) {
return (int) $headerValue;
app/app/Http/Requests/ResolveUnknownStatusesRequest.php
-31
View File
@@ -1,31 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
/**
* Валидация ручного маппинга неизвестных статусов воронки (§6.4 wizard).
*/
class ResolveUnknownStatusesRequest extends FormRequest
{
public function authorize(): bool
{
return $this->user() !== null;
}
/**
* @return array<string, mixed>
*/
public function rules(): array
{
return [
'mappings' => ['required', 'array', 'min:1'],
'mappings.*.status_ru' => ['required', 'string', 'max:100'],
'mappings.*.slug' => ['required', 'string', Rule::exists('lead_statuses', 'slug')],
];
}
}
app/app/Http/Requests/StoreImportRequest.php
-30
View File
@@ -1,30 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
/**
* Валидация загрузки CSV-файла импорта (ТЗ §6.2).
*/
class StoreImportRequest extends FormRequest
{
public function authorize(): bool
{
return $this->user() !== null;
}
/**
* @return array<string, mixed>
*/
public function rules(): array
{
return [
// mimes csv,txt — экспорт crm.bp-gr.ru отдаётся как text/csv или text/plain.
'file' => ['required', 'file', 'mimes:csv,txt', 'max:10240'],
'dry_run' => ['sometimes', 'boolean'],
];
}
}
app/app/Http/Requests/StoreProjectRequest.php
+5 -2
View File
@@ -22,8 +22,11 @@ class StoreProjectRequest extends FormRequest
'name' => ['required', 'string', 'max:255'],
'signal_type' => ['required', Rule::in(['site', 'call', 'sms'])],
'daily_limit_target' => ['required', 'integer', 'min:1', 'max:10000'],
'region_mask' => ['required', 'integer', 'min:0'],
'region_mode' => ['required', Rule::in(['include', 'exclude'])],
// Plan 6: subject-level regions[] заменил region_mask/region_mode на API-уровне.
// Empty array = "вся РФ" (паритет с legacy region_mask=255 + region_mode='include').
// present = поле должно быть в payload (даже если []), enforces explicit choice.
'regions' => ['present', 'array'],
'regions.*' => ['integer', 'between:1,89'],
'delivery_days_mask' => ['required', 'integer', 'min:1', 'max:127'],
];
app/app/Http/Requests/UpdateProjectRequest.php
+4 -3
View File
@@ -5,7 +5,6 @@ declare(strict_types=1);
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
class UpdateProjectRequest extends FormRequest
{
@@ -20,8 +19,10 @@ class UpdateProjectRequest extends FormRequest
return [
'name' => ['sometimes', 'string', 'max:255'],
'daily_limit_target' => ['sometimes', 'integer', 'min:1', 'max:10000'],
'region_mask' => ['sometimes', 'integer', 'min:0'],
'region_mode' => ['sometimes', Rule::in(['include', 'exclude'])],
// Plan 6: subject-level regions[] заменил region_mask/region_mode на API-уровне.
// sometimes = поле omit-able (preserves prior DB value), массив + each 1..89.
'regions' => ['sometimes', 'array'],
'regions.*' => ['integer', 'between:1,89'],
'delivery_days_mask' => ['sometimes', 'integer', 'min:1', 'max:127'],
'sms_senders' => ['sometimes', 'array', 'min:1'],
'sms_senders.*' => ['string', 'max:11'],
app/app/Jobs/ImportLeadsJob.php
-147
View File
@@ -1,147 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Jobs;
use App\Mail\ImportCompletedNotification;
use App\Models\ImportLog;
use App\Models\User;
use App\Services\Import\CsvLeadsParser;
use App\Services\Import\HistoricalImportService;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Foundation\Bus\Dispatchable;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Queue\SerializesModels;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Storage;
use RuntimeException;
use Throwable;
/**
* Асинхронная обработка CSV-импорта исторических лидов (ТЗ §6.6).
*
* Жизненный цикл import_log: pending processing done | failed.
* RLS: каждый доступ к БД задаёт SET LOCAL app.current_tenant_id (воркер
* вне middleware-контекста паритет с ProcessWebhookJob).
*/
class ImportLeadsJob implements ShouldQueue
{
use Dispatchable;
use InteractsWithQueue;
use Queueable;
use SerializesModels;
public int $tries = 1;
public int $timeout = 600;
public function __construct(
public int $importLogId,
public int $tenantId,
) {}
public function handle(HistoricalImportService $service, CsvLeadsParser $parser): void
{
$log = $this->loadLog();
if ($log === null) {
Log::error('import.log_not_found', ['import_log_id' => $this->importLogId]);
return;
}
$this->updateLog($log->id, ['status' => 'processing', 'started_at' => now()]);
try {
if (! Storage::disk('local')->exists($log->file_path)) {
throw new RuntimeException("Файл импорта не найден: {$log->file_path}");
}
$content = (string) Storage::disk('local')->get($log->file_path);
$parsed = $parser->parse($content);
$result = $service->import($this->tenantId, $log->user_id, $log, $parsed->rows);
$this->updateLog($log->id, [
'status' => 'done',
'rows_total' => count($parsed->rows) + count($parsed->errors),
'rows_added' => $result->added,
'rows_updated' => $result->updated,
'rows_skipped' => count($parsed->errors) + $result->skipped,
'unknown_statuses_count' => count($result->unknownStatuses),
'finished_at' => now(),
]);
$this->notify($log->user_id, 'done');
} catch (Throwable $e) {
Log::error('import.job_failed', ['import_log_id' => $log->id, 'error' => $e->getMessage()]);
$this->updateLog($log->id, [
'status' => 'failed',
'error_message' => $e->getMessage(),
'finished_at' => now(),
]);
$this->notify($log->user_id, 'failed');
}
}
private function loadLog(): ?ImportLog
{
return DB::transaction(function (): ?ImportLog {
DB::statement('SET LOCAL app.current_tenant_id = '.$this->tenantId);
return ImportLog::query()->find($this->importLogId);
});
}
/**
* @param array<string, mixed> $attributes
*/
private function updateLog(int $logId, array $attributes): void
{
DB::transaction(function () use ($logId, $attributes): void {
DB::statement('SET LOCAL app.current_tenant_id = '.$this->tenantId);
ImportLog::query()->whereKey($logId)->update($attributes);
});
}
private function notify(int $userId, string $outcome): void
{
$log = $this->loadLog();
$user = DB::transaction(function () use ($userId): ?User {
DB::statement('SET LOCAL app.current_tenant_id = '.$this->tenantId);
return User::query()->find($userId);
});
if ($log === null || $user === null || $user->email === '') {
return;
}
try {
Mail::to($user->email)->send(new ImportCompletedNotification($log, $outcome));
} catch (Throwable $e) {
// Отказ почтового канала не должен валить успешный импорт.
Log::warning('import.mail_failed', ['import_log_id' => $log->id, 'error' => $e->getMessage()]);
}
}
/**
* Финальный callback после исчерпания ретраев ($tries=1).
*/
public function failed(Throwable $e): void
{
$this->updateLog($this->importLogId, [
'status' => 'failed',
'error_message' => $e->getMessage(),
'finished_at' => now(),
]);
Log::error('import.job_failed_permanently', [
'import_log_id' => $this->importLogId,
'exception' => $e->getMessage(),
]);
}
}
app/app/Jobs/Supplier/SyncSupplierProjectsJob.php
+6 -7
View File
@@ -207,7 +207,7 @@ class SyncSupplierProjectsJob implements ShouldQueue
* Маппинг:
* daily_limit daily_limit_target
* workdays биты delivery_days_mask (bit 0=Пн, , bit 6=Вс) ISO 1..7
* regions биты region_mask (bit 0=Центральный, , bit 7=Дальневосточный) 1..8
* regions projects.regions INT[] (subject codes 1..89) direct copy
*
* @param EloquentCollection<int, Project> $projects
* @return Collection<int, stdClass>
@@ -219,12 +219,11 @@ class SyncSupplierProjectsJob implements ShouldQueue
$obj->daily_limit = (int) $p->daily_limit_target;
$obj->workdays = $this->bitmaskToList((int) $p->delivery_days_mask, 7);
// region_mask=255 (все 8 ФО, default) — catch-all семантика → пустой массив
// у supplier ("без региональных ограничений"). Иначе — список выставленных битов.
$regionMask = (int) $p->region_mask;
$obj->regions = $regionMask === 255
? []
: $this->bitmaskToList($regionMask, 8);
// Plan 6: projects.regions[] напрямую копируется в supplier_projects.current_regions.
// Empty array = "вся РФ" (паритет с supplier API semantics).
// Legacy region_mask/region_mode игнорируются — они dual-write для PhonePrefixService,
// outbound к supplier использует только regions[]. Cleanup в Plan 6.5.
$obj->regions = array_values((array) $p->regions);
return $obj;
})->values();
app/app/Mail/ImportCompletedNotification.php
-49
View File
@@ -1,49 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Mail;
use App\Models\ImportLog;
use Illuminate\Bus\Queueable;
use Illuminate\Mail\Mailable;
use Illuminate\Mail\Mailables\Content;
use Illuminate\Mail\Mailables\Envelope;
use Illuminate\Queue\SerializesModels;
/**
* Уведомление о завершении CSV-импорта исторических лидов (ТЗ §6.6).
*/
class ImportCompletedNotification extends Mailable
{
use Queueable;
use SerializesModels;
/**
* @param string $outcome 'done' | 'failed'
*/
public function __construct(
public ImportLog $log,
public string $outcome,
) {}
public function envelope(): Envelope
{
$subject = $this->outcome === 'done'
? 'Импорт данных завершён — Лидерра'
: 'Импорт данных не удался — Лидерра';
return new Envelope(subject: $subject);
}
public function content(): Content
{
return new Content(
markdown: 'mail.import-completed',
with: [
'log' => $this->log,
'outcome' => $this->outcome,
],
);
}
}
app/app/Models/ApiKey.php
-66
View File
@@ -1,66 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Database\Factories\ApiKeyFactory;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
/**
* API-ключ тенанта (таблица api_keys). Tenant-aware, RLS на уровне БД.
*
* key_hash bcrypt-хэш; оригинал ключа показывается ОДИН раз при генерации
* (ApiKeyController::regenerate). key_prefix (10 символов) для отображения
* в UI. Таблица имеет только created_at (без updated_at).
*
* @mixin IdeHelperApiKey
*/
class ApiKey extends Model
{
/** @use HasFactory<ApiKeyFactory> */
use HasFactory;
public $timestamps = false;
protected $fillable = [
'tenant_id',
'user_id',
'name',
'key_hash',
'key_prefix',
'scopes',
'last_used_at',
'last_used_ip',
'expires_at',
'is_active',
'created_at',
];
protected $hidden = ['key_hash'];
protected function casts(): array
{
return [
'scopes' => 'array',
'is_active' => 'boolean',
'last_used_at' => 'datetime',
'expires_at' => 'datetime',
'created_at' => 'datetime',
];
}
/** @return BelongsTo<Tenant, $this> */
public function tenant(): BelongsTo
{
return $this->belongsTo(Tenant::class);
}
/** @return BelongsTo<User, $this> */
public function user(): BelongsTo
{
return $this->belongsTo(User::class);
}
}
app/app/Models/BalanceTransaction.php
-5
View File
@@ -4,8 +4,6 @@ declare(strict_types=1);
namespace App\Models;
use Database\Factories\BalanceTransactionFactory;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
@@ -21,9 +19,6 @@ use Illuminate\Database\Eloquent\Relations\BelongsTo;
*/
class BalanceTransaction extends Model
{
/** @use HasFactory<BalanceTransactionFactory> */
use HasFactory;
public const TYPE_TRIAL_BONUS = 'trial_bonus';
public const TYPE_TOPUP = 'topup';
app/app/Models/ImportLog.php
-92
View File
@@ -1,92 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Database\Factories\ImportLogFactory;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
/**
* Журнал CSV-импорта (schema §6.7, Sprint 4).
*
* Tenant-aware модель с RLS: tenant_isolation по current_setting('app.current_tenant_id').
* Sprint 4 enrichment: entity_type / source_system / mapping_config / unknown_statuses_count / dry_run.
*
* @mixin IdeHelperImportLog
*/
class ImportLog extends Model
{
/** @use HasFactory<ImportLogFactory> */
use HasFactory;
public const UPDATED_AT = null;
public const CREATED_AT = null;
protected $table = 'import_log';
/** Зеркало DB DEFAULT'ов: Laravel не читает их из БД после INSERT без refresh(). */
protected $attributes = [
'status' => 'pending',
'entity_type' => 'leads',
'source_system' => 'crm.bp-gr.ru',
'dry_run' => false,
'unknown_statuses_count' => 0,
'rows_total' => 0,
'rows_added' => 0,
'rows_updated' => 0,
'rows_skipped' => 0,
];
protected $fillable = [
'tenant_id',
'user_id',
'filename',
'file_path',
'rows_total',
'rows_added',
'rows_updated',
'rows_skipped',
'status',
'error_message',
'started_at',
'finished_at',
'entity_type',
'source_system',
'mapping_config',
'unknown_statuses_count',
'dry_run',
];
protected function casts(): array
{
return [
'tenant_id' => 'integer',
'user_id' => 'integer',
'rows_total' => 'integer',
'rows_added' => 'integer',
'rows_updated' => 'integer',
'rows_skipped' => 'integer',
'unknown_statuses_count' => 'integer',
'dry_run' => 'boolean',
'mapping_config' => 'array',
'started_at' => 'datetime',
'finished_at' => 'datetime',
];
}
/** @return BelongsTo<Tenant, $this> */
public function tenant(): BelongsTo
{
return $this->belongsTo(Tenant::class);
}
/** @return BelongsTo<User, $this> */
public function user(): BelongsTo
{
return $this->belongsTo(User::class);
}
}
app/app/Models/ImportUnknownStatus.php
-65
View File
@@ -1,65 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Database\Factories\ImportUnknownStatusFactory;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
/**
* Неизвестный статус воронки из CSV-импорта (schema §6.4, Sprint 4 H1).
*
* Tenant-aware модель с RLS. UNIQUE (tenant_id, status_ru): повторный импорт
* инкрементит occurrences и переиспользует ранее проставленный mapped_to_slug.
*
* @mixin IdeHelperImportUnknownStatus
*/
class ImportUnknownStatus extends Model
{
/** @use HasFactory<ImportUnknownStatusFactory> */
use HasFactory;
protected $fillable = [
'tenant_id',
'import_log_id',
'status_ru',
'occurrences',
'mapped_to_slug',
'resolved_at',
'resolved_by',
];
protected function casts(): array
{
return [
'tenant_id' => 'integer',
'import_log_id' => 'integer',
'occurrences' => 'integer',
'resolved_by' => 'integer',
'resolved_at' => 'datetime',
'created_at' => 'datetime',
'updated_at' => 'datetime',
];
}
/**
* Незамапленные статусы (mapped_to_slug IS NULL) вход для wizard'а §6.6.
*
* @param Builder<ImportUnknownStatus> $query
* @return Builder<ImportUnknownStatus>
*/
public function scopeUnresolved(Builder $query): Builder
{
return $query->whereNull('mapped_to_slug');
}
/** @return BelongsTo<Tenant, $this> */
public function tenant(): BelongsTo
{
return $this->belongsTo(Tenant::class);
}
}
app/app/Models/OutboundWebhookSubscription.php
-72
View File
@@ -1,72 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Database\Factories\OutboundWebhookSubscriptionFactory;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
/**
* Исходящая webhook-подписка тенанта (таблица outbound_webhook_subscriptions).
*
* Tenant-aware, RLS на уровне БД.
*
* secret_hash bcrypt-хэш; оригинал секрета показывается ОДИН раз при
* создании. events JSONB-массив, CHECK требует ≥1 элемента.
*
* NB: outbound-доставка событий (подписанные webhook'и) пост-MVP; пока
* подписка хранит URL + секрет, а WebhookSettingsController::test делает
* unsigned connectivity-проверку.
*
* @mixin IdeHelperOutboundWebhookSubscription
*/
class OutboundWebhookSubscription extends Model
{
/** @use HasFactory<OutboundWebhookSubscriptionFactory> */
use HasFactory;
protected $fillable = [
'tenant_id',
'user_id',
'name',
'target_url',
'secret_hash',
'secret_prefix',
'events',
'custom_headers',
'is_active',
'paused_at',
];
protected $hidden = ['secret_hash'];
protected function casts(): array
{
return [
'events' => 'array',
'custom_headers' => 'array',
'is_active' => 'boolean',
'consecutive_failures' => 'integer',
'paused_at' => 'datetime',
'last_delivery_at' => 'datetime',
'last_failure_at' => 'datetime',
'created_at' => 'datetime',
'updated_at' => 'datetime',
];
}
/** @return BelongsTo<Tenant, $this> */
public function tenant(): BelongsTo
{
return $this->belongsTo(Tenant::class);
}
/** @return BelongsTo<User, $this> */
public function user(): BelongsTo
{
return $this->belongsTo(User::class);
}
}
app/app/Models/Project.php
+8
View File
@@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Models;
use App\Casts\PostgresIntArray;
use Carbon\CarbonInterface;
use Database\Factories\ProjectFactory;
use Illuminate\Database\Eloquent\Builder;
@@ -45,6 +46,9 @@ class Project extends Model
'effective_limit_calculated_at',
'region_mask',
'region_mode',
// Plan 6 (schema v8.20): Subject-level regions array (89 codes из resources/js/constants/regions.ts).
// Источник истины с Plan 6+; region_mask/region_mode — DEPRECATED (Plan 6.5 cleanup).
'regions',
'delivery_days_mask',
'assignment_strategy',
'ttfr_target_minutes',
@@ -69,6 +73,10 @@ class Project extends Model
'daily_limit_target' => 'integer',
'effective_daily_limit_today' => 'integer',
'region_mask' => 'integer',
// Plan 6: Subject-level regions array (89 codes). Используется кастомный
// PostgresIntArray cast — Laravel stock 'array' посылает JSON `[1,2,3]`,
// что Postgres отвергает на INT[] (ожидает literal `{1,2,3}`).
'regions' => PostgresIntArray::class,
'delivery_days_mask' => 'integer',
'ttfr_target_minutes' => 'integer',
'effective_limit_calculated_at' => 'datetime',
app/app/Models/TariffPlan.php
-54
View File
@@ -1,54 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
/**
* Тарифный план SaaS-портала (каталог tariff_plans).
*
* Сидится из db/schema.sql (4 стартовых плана: start/basic/pro/enterprise).
* Read-mostly: редактируется только админкой SaaS. Tenant ссылается через
* tenants.current_tariff_id (см. Tenant::tariff()).
*
* Источник: db/schema.sql §20.2.1, table `tariff_plans`.
*
* @mixin IdeHelperTariffPlan
*/
class TariffPlan extends Model
{
protected $fillable = [
'code',
'name',
'description',
'billing_model',
'price_per_lead',
'price_monthly',
'included_leads',
'limits',
'features',
'trial_bonus_leads',
'is_active',
'is_public',
'sort_order',
];
protected function casts(): array
{
return [
'price_per_lead' => 'decimal:2',
'price_monthly' => 'decimal:2',
'included_leads' => 'integer',
'limits' => 'array',
'features' => 'array',
'trial_bonus_leads' => 'integer',
'is_active' => 'boolean',
'is_public' => 'boolean',
'sort_order' => 'integer',
'created_at' => 'datetime',
'updated_at' => 'datetime',
];
}
}
app/app/Models/Tenant.php
-7
View File
@@ -7,7 +7,6 @@ namespace App\Models;
use Database\Factories\TenantFactory;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
@@ -81,10 +80,4 @@ class Tenant extends Model
{
return $this->hasMany(Project::class);
}
/** @return BelongsTo<TariffPlan, $this> */
public function tariff(): BelongsTo
{
return $this->belongsTo(TariffPlan::class, 'current_tariff_id');
}
}
app/app/Services/Billing/BillingTopupService.php
-63
View File
@@ -1,63 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Billing;
use App\Models\BalanceTransaction;
use App\Models\Tenant;
/**
* Сервис пополнения рублёвого баланса тенанта (audit E1).
*
* MVP-stub: кредитует tenants.balance_rub немедленно и пишет строку
* balance_transactions(type='topup'). Реальная оплата через платёжный
* шлюз post-Б-1 (требует реквизитов ООО), здесь НЕ интегрирована.
*
* Контракт: вызывается ВНУТРИ транзакции (middleware `tenant` оборачивает
* HTTP-запрос в DB-транзакцию). lockForUpdate на строке tenant защищает от
* lost-update при конкурентных topup/charge.
*
* balance_transactions защищена hash-chain триггером (BEFORE INSERT
* audit_chain_hash) log_hash заполняется автоматически. UPDATE/DELETE
* на таблице запрещены триггером audit_block_mutation, поэтому каждое
* пополнение отдельная append-only строка; существующие не меняются.
*/
final class BillingTopupService
{
/**
* Пополнить рублёвый баланс тенанта.
*
* @param int $tenantId ID тенанта.
* @param string $amountRub Сумма пополнения, DECIMAL-строка («100.00»).
* @param int|null $userId Кто инициировал (NULL системное).
* @return BalanceTransaction Созданная append-only строка ledger'а.
*/
public function topup(int $tenantId, string $amountRub, ?int $userId): BalanceTransaction
{
/** @var Tenant $tenant */
$tenant = Tenant::query()->lockForUpdate()->findOrFail($tenantId);
// bcadd — DECIMAL-точность, НЕ PHP float (паттерн LedgerService).
$newBalanceRub = bcadd((string) $tenant->balance_rub, $amountRub, 2);
// Eloquent decimal:2 cast сохраняет bcmath-строку без потери точности
// при save() (в отличие от decrement(), который требует float|int —
// именно поэтому LedgerService использует raw DB::table()->update();
// здесь же присваивание уже посчитанной строки через модель безопасно).
$tenant->balance_rub = $newBalanceRub;
$tenant->save();
return BalanceTransaction::create([
'tenant_id' => $tenant->id,
'type' => BalanceTransaction::TYPE_TOPUP,
'amount_rub' => $amountRub,
'amount_leads' => 0,
'balance_rub_after' => $newBalanceRub,
'balance_leads_after' => (int) $tenant->balance_leads,
'description' => 'Пополнение баланса',
'user_id' => $userId,
'created_at' => now(),
]);
}
}
app/app/Services/Import/CsvLeadsParser.php
-130
View File
@@ -1,130 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Import;
use Carbon\CarbonImmutable;
use Throwable;
/**
* Парсер CSV-выгрузки лидов из crm.bp-gr.ru (ТЗ §6.2/§6.3).
*
* Формат: UTF-8 с BOM, разделитель запятая, дата `Y/m/d H:i:s`,
* телефон `7XXXXXXXXXX`. Заголовок:
* id,Проект,Тег проекта,Телефон,Создано,Напоминание,Комментарий,Состояние,Имя
*
* Невалидные строки не роняют парсинг собираются в errors[].
* Файл целиком загружается в память (MVP: ожидаемый объём единицы тысяч строк).
*/
final class CsvLeadsParser
{
private const EXPECTED_COLUMNS = 9;
private const DATE_FORMAT = 'Y/m/d H:i:s';
public function parse(string $content): CsvParseResult
{
// Срезаем UTF-8 BOM.
if (str_starts_with($content, "\xEF\xBB\xBF")) {
$content = substr($content, 3);
}
$lines = preg_split('/\r\n|\r|\n/', trim($content)) ?: [];
$rows = [];
$errors = [];
// Строка 1 — заголовок, пропускаем. dataLine — абсолютный номер строки файла (заголовок = 1).
foreach (array_slice($lines, 1) as $index => $rawLine) {
$dataLine = $index + 2; // +2: пропущен заголовок (index 0 → строка 2)
if (trim($rawLine) === '') {
continue;
}
$cells = str_getcsv($rawLine);
if (count($cells) < self::EXPECTED_COLUMNS) {
$errors[] = ['line' => $dataLine, 'message' => 'Ожидалось '.self::EXPECTED_COLUMNS.' колонок, получено '.count($cells)];
continue;
}
$parsed = $this->parseRow($cells, $dataLine, $errors);
if ($parsed !== null) {
$rows[] = $parsed;
}
}
return new CsvParseResult($rows, $errors);
}
/**
* @param array<int, string> $cells
* @param array<int, array{line: int, message: string}> $errors
*/
private function parseRow(array $cells, int $dataLine, array &$errors): ?ParsedLeadRow
{
[$id, $project, $tag, $phone, $createdAt, $reminder, $comment, $status, $name] = $cells;
$phone = trim($phone);
if (preg_match('/^7\d{10}$/', $phone) !== 1) {
$errors[] = ['line' => $dataLine, 'message' => "Невалидный телефон: '{$phone}'"];
return null;
}
$receivedAt = $this->parseDate($createdAt);
if ($receivedAt === null) {
$errors[] = ['line' => $dataLine, 'message' => "Невалидная дата 'Создано': '{$createdAt}'"];
return null;
}
$reminderAt = trim($reminder) === '' ? null : $this->parseDate($reminder);
if (trim($reminder) !== '' && $reminderAt === null) {
$errors[] = ['line' => $dataLine, 'message' => "Невалидная дата 'Напоминание': '{$reminder}'"];
return null;
}
$status = trim($status);
if ($status === '') {
$errors[] = ['line' => $dataLine, 'message' => 'Пустое поле «Состояние»'];
return null;
}
// Префикс B[123]_ из названия проекта срезается (паритет с ProcessWebhookJob).
$projectName = (string) preg_replace('/^B[123]_/', '', trim($project));
if ($projectName === '') {
$errors[] = ['line' => $dataLine, 'message' => 'Пустое название проекта'];
return null;
}
return new ParsedLeadRow(
sourceCrmId: (int) trim($id),
projectName: $projectName,
projectTag: trim($tag) === '' ? null : trim($tag),
phone: $phone,
receivedAt: $receivedAt,
reminderAt: $reminderAt,
comment: trim($comment) === '' ? null : trim($comment),
statusRu: $status,
contactName: trim($name) === '' ? null : trim($name),
);
}
private function parseDate(string $value): ?CarbonImmutable
{
try {
$date = CarbonImmutable::createFromFormat(self::DATE_FORMAT, trim($value));
} catch (Throwable) {
return null;
}
// createFromFormat возвращает false при несовпадении формата.
return $date instanceof CarbonImmutable ? $date : null;
}
}
app/app/Services/Import/CsvParseResult.php
-20
View File
@@ -1,20 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Import;
/**
* Результат парсинга CSV: валидные строки + ошибки по номеру строки.
*/
final readonly class CsvParseResult
{
/**
* @param array<int, ParsedLeadRow> $rows
* @param array<int, array{line: int, message: string}> $errors
*/
public function __construct(
public array $rows,
public array $errors,
) {}
}
app/app/Services/Import/HistoricalImportService.php
-285
View File
@@ -1,285 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Import;
use App\Models\Deal;
use App\Models\ImportLog;
use App\Models\ImportUnknownStatus;
use App\Models\Project;
use App\Models\Reminder;
use App\Services\MonthlyPartitionManager;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Log;
use Throwable;
/**
* Оркестрация исторической миграции лидов из CSV crm.bp-gr.ru (ТЗ §6).
*
* Идемпотентность через webhook_dedup_keys (та же advisory-lock логика, что
* ProcessWebhookJob). Баланс НЕ списывается: исторические данные не являются
* новыми лидами (ТЗ §6.5) фиксируется одна транзакция типа historical_import.
*/
final class HistoricalImportService
{
public function __construct(
private readonly MonthlyPartitionManager $partitions,
private readonly StatusRuToSlugMapper $statusMapper,
) {}
/**
* @param array<int, ParsedLeadRow> $rows
*/
public function import(int $tenantId, int $userId, ImportLog $log, array $rows): ImportResult
{
$dryRun = $log->dry_run;
if ($rows === []) {
return new ImportResult(0, 0, 0, [], []);
}
// Партиции deals под исторический диапазон дат CSV (один раз заранее).
if (! $dryRun) {
$dates = array_map(fn (ParsedLeadRow $r) => $r->receivedAt, $rows);
$this->partitions->ensureRange(
'deals',
min($dates),
max($dates),
);
}
// Tenant-резолвленные переопределения неизвестных статусов.
$overrides = $this->loadStatusOverrides($tenantId);
$added = 0;
$updated = 0;
$skipped = 0;
$unknown = [];
$errors = [];
foreach ($rows as $row) {
$slug = $this->resolveStatus($row->statusRu, $overrides, $unknown);
if ($dryRun) {
$added++; // проекция: для dry-run не различаем add/update
continue;
}
try {
$wasCreated = $this->upsertRow($tenantId, $userId, $row, $slug);
$wasCreated ? $added++ : $updated++;
} catch (Throwable $e) {
$skipped++;
$errors[] = ['source_crm_id' => $row->sourceCrmId, 'message' => $e->getMessage()];
Log::warning('import.row_failed', ['source_crm_id' => $row->sourceCrmId, 'error' => $e->getMessage()]);
}
}
if (! $dryRun) {
$this->persistUnknownStatuses($tenantId, $log->id, $unknown);
$this->recordHistoricalTransaction($tenantId, $added + $updated);
}
return new ImportResult($added, $updated, $skipped, $unknown, $errors);
}
/**
* @return array<string, string> status_ru => slug (только resolved)
*/
private function loadStatusOverrides(int $tenantId): array
{
return DB::transaction(function () use ($tenantId): array {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
// Явный where(tenant_id) — defense-in-depth: queue worker на prod
// (crm_supplier_worker) — BYPASSRLS, SET LOCAL не фильтрует
// (00_create_roles.sql §5). Без фильтра — cross-tenant утечка маппинга.
return ImportUnknownStatus::query()
->where('tenant_id', $tenantId)
->whereNotNull('mapped_to_slug')
->pluck('mapped_to_slug', 'status_ru')
->all();
});
}
/**
* Маппит статус: каноническая таблица §6.4 tenant-override fallback 'new'.
* Неизвестный статус инкрементит счётчик в $unknown по ссылке.
*
* @param array<string, string> $overrides
* @param array<string, int> $unknown
*/
private function resolveStatus(string $statusRu, array $overrides, array &$unknown): string
{
$slug = $this->statusMapper->toSlug($statusRu);
if ($slug !== null) {
return $slug;
}
$key = trim($statusRu);
if (isset($overrides[$key])) {
return $overrides[$key];
}
$unknown[$key] = ($unknown[$key] ?? 0) + 1;
return 'new';
}
/**
* Идемпотентный upsert одной строки в собственной транзакции.
* Возвращает true создана новая сделка, false обновлена существующая.
*/
private function upsertRow(int $tenantId, int $userId, ParsedLeadRow $row, string $slug): bool
{
return DB::transaction(function () use ($tenantId, $userId, $row, $slug): bool {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
$project = Project::firstOrCreate(
['tenant_id' => $tenantId, 'name' => $row->projectName],
['tag' => $row->projectTag, 'type' => 'import'],
);
// advisory lock (tenant_id, source_crm_id) — сериализует upsert (§6.5).
$lockKey = (($tenantId & 0xFFFFFFFF) << 32) | ($row->sourceCrmId & 0xFFFFFFFF);
DB::statement('SELECT pg_advisory_xact_lock(?)', [$lockKey]);
$existing = DB::selectOne(
'SELECT deal_id, deal_received_at FROM webhook_dedup_keys WHERE tenant_id = ? AND source_crm_id = ?',
[$tenantId, $row->sourceCrmId],
);
if ($existing !== null) {
$deal = Deal::query()
->where('id', $existing->deal_id)
->where('received_at', $existing->deal_received_at)
->firstOrFail();
// §6.5 стадия 3a: для исторической миграции status перезаписывается.
$deal->update([
'status' => $slug,
'contact_name' => $row->contactName,
'comment' => $row->comment,
]);
$this->syncReminder($tenantId, $userId, $deal, $row);
return false;
}
$deal = Deal::create([
'tenant_id' => $tenantId,
'source_crm_id' => $row->sourceCrmId,
'project_id' => $project->id,
'phone' => $row->phone,
'status' => $slug,
'contact_name' => $row->contactName,
'comment' => $row->comment,
'received_at' => $row->receivedAt,
]);
DB::table('webhook_dedup_keys')->insert([
'tenant_id' => $tenantId,
'source_crm_id' => $row->sourceCrmId,
'deal_id' => $deal->id,
'deal_received_at' => $deal->received_at,
'created_at' => now(),
]);
$this->syncReminder($tenantId, $userId, $deal, $row);
return true;
});
}
/**
* Создаёт reminders-строку для непустого «Напоминание» (ТЗ §6.3 поле
* deals.reminder_at удалено в v8.3, заменено таблицей reminders).
* Идемпотентно: не дублирует напоминание при повторном импорте.
*/
private function syncReminder(int $tenantId, int $userId, Deal $deal, ParsedLeadRow $row): void
{
if ($row->reminderAt === null) {
return;
}
$exists = Reminder::query()
->where('deal_id', $deal->id)
->where('remind_at', $row->reminderAt)
->exists();
if ($exists) {
return;
}
Reminder::create([
'tenant_id' => $tenantId,
'deal_id' => $deal->id,
'text' => 'Импортировано из crm.bp-gr.ru',
'remind_at' => $row->reminderAt,
'created_by' => $userId,
]);
}
/**
* upsert import_unknown_statuses: инкремент occurrences, маппинг не трогаем.
*
* @param array<string, int> $unknown
*/
private function persistUnknownStatuses(int $tenantId, int $importLogId, array $unknown): void
{
if ($unknown === []) {
return;
}
DB::transaction(function () use ($tenantId, $importLogId, $unknown): void {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
foreach ($unknown as $statusRu => $count) {
// Явный where(tenant_id) — defense-in-depth под BYPASSRLS queue worker
// (00_create_roles.sql §5): иначе increment мог бы попасть в строку
// чужого тенанта с тем же status_ru.
$existing = ImportUnknownStatus::query()
->where('tenant_id', $tenantId)
->where('status_ru', $statusRu)
->first();
if ($existing !== null) {
$existing->increment('occurrences', $count);
continue;
}
ImportUnknownStatus::create([
'tenant_id' => $tenantId,
'import_log_id' => $importLogId,
'status_ru' => $statusRu,
'occurrences' => $count,
]);
}
});
}
/**
* Одна информационная транзакция historical_import (баланс не меняется, ТЗ §6.5).
*/
private function recordHistoricalTransaction(int $tenantId, int $count): void
{
if ($count === 0) {
return;
}
DB::transaction(function () use ($tenantId, $count): void {
DB::statement('SET LOCAL app.current_tenant_id = '.$tenantId);
DB::table('balance_transactions')->insert([
'tenant_id' => $tenantId,
'type' => 'historical_import',
'amount_rub' => 0,
'amount_leads' => 0,
'description' => "Импортировано {$count} исторических сделок (баланс не списан)",
'created_at' => now(),
]);
});
}
}
app/app/Services/Import/ImportResult.php
-23
View File
@@ -1,23 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Import;
/**
* Итог импорта одного файла.
*/
final readonly class ImportResult
{
/**
* @param array<string, int> $unknownStatuses статус_ru => количество вхождений
* @param array<int, array{source_crm_id: int, message: string}> $errors ошибки upsert'а по строке (идентификатор source_crm_id)
*/
public function __construct(
public int $added,
public int $updated,
public int $skipped,
public array $unknownStatuses,
public array $errors,
) {}
}
app/app/Services/Import/ParsedLeadRow.php
-25
View File
@@ -1,25 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Import;
use Carbon\CarbonImmutable;
/**
* Одна валидная строка CSV-импорта лидов (ТЗ §6.3).
*/
final readonly class ParsedLeadRow
{
public function __construct(
public int $sourceCrmId,
public string $projectName,
public ?string $projectTag,
public string $phone,
public CarbonImmutable $receivedAt,
public ?CarbonImmutable $reminderAt,
public ?string $comment,
public string $statusRu,
public ?string $contactName,
) {}
}
app/app/Services/Import/StatusRuToSlugMapper.php
-50
View File
@@ -1,50 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Import;
/**
* Маппинг русских названий статусов воронки в slug (ТЗ §6.4).
*
* Чистый сервис без зависимостей. Tenant-специфичные переопределения
* неизвестных статусов накладываются вызывающим кодом (HistoricalImportService).
*/
class StatusRuToSlugMapper
{
/** @var array<string, string> Канонический маппинг ТЗ §6.4 (14 статусов воронки). */
private const STATUS_RU_TO_SLUG = [
'Новые' => 'new',
'Просмотрено' => 'viewed',
'Проработан' => 'worked',
'База' => 'base',
'Недозвон' => 'missed',
'Переговоры' => 'negotiations',
'Ожидаем оплаты' => 'waiting_payment',
'Партнерка' => 'partnership',
'Оплачено' => 'paid',
'Закрыто и не реализовано' => 'closed',
'Тест драйв' => 'test_drive',
'Горячий' => 'hot',
'На замену' => 'replacement',
'Конечный недозвон' => 'final_missed',
];
/**
* Возвращает slug или null, если статус не входит в каноническую таблицу.
*/
public function toSlug(string $statusRu): ?string
{
return self::STATUS_RU_TO_SLUG[trim($statusRu)] ?? null;
}
/**
* Полная каноническая таблица для UI wizard'а (показать варианты).
*
* @return array<string, string>
*/
public function map(): array
{
return self::STATUS_RU_TO_SLUG;
}
}
app/app/Services/MonthlyPartitionManager.php
-83
View File
@@ -1,83 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services;
use Carbon\CarbonInterface;
use Illuminate\Support\Facades\DB;
use InvalidArgumentException;
/**
* Создаёт месячные RANGE-партиции для таблиц, партиционированных по received_at.
*
* Native-замена pg_partman (расширение недоступно на Windows-стеке без сборки
* из исходников). Идемпотентна: партиция, которая уже есть, пропускается.
*
* Используется:
* - cron `partitions:create-months` N месяцев вперёд;
* - HistoricalImportService под исторический диапазон дат CSV.
*/
class MonthlyPartitionManager
{
/** @var array<int, string> Таблицы, партиционированные по received_at помесячно. */
public const PARTITIONED_TABLES = ['deals', 'supplier_lead_costs'];
/**
* Гарантирует наличие месячных партиций таблицы для всех месяцев,
* пересекающих [$from, $to] включительно.
*
* @return int Сколько партиций реально создано (0 все уже были).
*/
public function ensureRange(string $table, CarbonInterface $from, CarbonInterface $to): int
{
if (! in_array($table, self::PARTITIONED_TABLES, true)) {
throw new InvalidArgumentException("Таблица '{$table}' не партиционирована помесячно");
}
$month = $from->copy()->startOfMonth();
$last = $to->copy()->startOfMonth();
$created = 0;
while ($month->lessThanOrEqualTo($last)) {
$created += $this->ensureMonth($table, $month) ? 1 : 0;
$month = $month->addMonth();
}
return $created;
}
/**
* Создаёт одну месячную партицию. Возвращает true, если партиция создана,
* false если уже существовала.
*/
public function ensureMonth(string $table, CarbonInterface $monthStart): bool
{
if (! in_array($table, self::PARTITIONED_TABLES, true)) {
throw new InvalidArgumentException("Таблица '{$table}' не партиционирована помесячно");
}
$start = $monthStart->copy()->startOfMonth();
$end = $start->copy()->addMonth();
$partition = sprintf('%s_%s', $table, $start->format('Y_m'));
$exists = DB::selectOne(
"SELECT 1 AS ok FROM pg_class WHERE relname = ? AND relkind = 'r'",
[$partition],
);
if ($exists !== null) {
return false;
}
DB::statement(sprintf(
"CREATE TABLE %s PARTITION OF %s FOR VALUES FROM ('%s') TO ('%s')",
$partition,
$table,
$start->format('Y-m-d'),
$end->format('Y-m-d'),
));
return true;
}
}
app/app/Services/Project/ProjectService.php
+5
View File
@@ -191,6 +191,11 @@ class ProjectService
$data['tenant_id'] = $tenant->id;
$data['is_active'] = true;
$data['regions'] = $data['regions'] ?? [];
// Plan 6 dual-write: regions[] источник истины; region_mask/mode — legacy для
// PhonePrefixService / LeadRouter, удаляются в Plan 6.5 после переключения читателей.
$data['region_mask'] = 255;
$data['region_mode'] = 'include';
$project = Project::create($data);
SyncSupplierProjectJob::dispatch($project->id);
app/app/Services/Reports/Providers/BillingSummaryProvider.php
-69
View File
@@ -1,69 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Reports\Providers;
use App\Models\ReportJob;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
/**
* billing_summary агрегат balance_transactions по типу операции (audit F1).
*
* Группировка по balance_transactions.type; count + SUM(amount_rub). Тип
* операции переводится в человекочитаемую метку. parameters: date_from,
* date_to (Y-m-d) фильтр по created_at.
*
* RLS-обёртка SET LOCAL app.current_tenant_id (balance_transactions имеет RLS
* tenant_isolation) + явный where('tenant_id') паттерн BillingController.
*/
class BillingSummaryProvider implements ReportDataProvider
{
/** Канон-типы balance_transactions.type → RU-метка (schema §7.6 CHECK). */
private const TYPE_LABELS = [
'trial_bonus' => 'Стартовый бонус',
'topup' => 'Пополнение',
'lead_charge' => 'Списание за лиды',
'refund' => 'Возврат',
'manual_adjustment' => 'Ручная корректировка',
'historical_import' => 'Импорт истории',
'chargeback_writedown' => 'Chargeback — списание в долг',
'chargeback_repayment' => 'Chargeback — погашение долга',
];
public function headers(): array
{
return ['Тип операции', 'Количество', 'Сумма (₽)'];
}
public function rows(ReportJob $job): array
{
$params = $job->parameters ?? [];
$dateFrom = Carbon::parse($params['date_from'])->startOfDay();
$dateTo = Carbon::parse($params['date_to'])->endOfDay();
return DB::transaction(function () use ($job, $dateFrom, $dateTo): array {
DB::statement('SET LOCAL app.current_tenant_id = '.(int) $job->tenant_id);
$rows = DB::table('balance_transactions')
->where('tenant_id', $job->tenant_id)
->whereBetween('created_at', [$dateFrom, $dateTo])
->groupBy('type')
->orderBy('type')
->selectRaw('type, COUNT(*) AS cnt, COALESCE(SUM(amount_rub), 0) AS sum_rub')
->get();
return $rows->map(function ($row): array {
$label = self::TYPE_LABELS[$row->type] ?? (string) $row->type;
return [$label, (int) $row->cnt, (string) $row->sum_rub];
})->all();
});
}
public function slug(): string
{
return 'billing';
}
}
app/app/Services/Reports/Providers/ManagersSummaryProvider.php
-76
View File
@@ -1,76 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Reports\Providers;
use App\Models\ReportJob;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
/**
* managers_summary агрегат сделок по менеджерам за период (audit F1).
*
* Группировка по deals.manager_id; неназначенные (manager_id IS NULL) сводятся
* в строку «Не назначен». «Оплачено» = status='paid' (won-статус воронки, как
* в DashboardController). Конверсия = paid / total * 100, округление до 0.1.
*
* parameters: date_from, date_to (Y-m-d). Исключаются soft-deleted
* (deleted_at IS NULL) и тестовые (is_test=false) сделки. RLS-обёртка
* SET LOCAL app.current_tenant_id паттерн DealsExportProvider.
*/
class ManagersSummaryProvider implements ReportDataProvider
{
public function headers(): array
{
return ['Менеджер', 'Всего сделок', 'Оплачено', 'Конверсия (%)'];
}
public function rows(ReportJob $job): array
{
$params = $job->parameters ?? [];
$dateFrom = Carbon::parse($params['date_from'])->startOfDay();
$dateTo = Carbon::parse($params['date_to'])->endOfDay();
return DB::transaction(function () use ($job, $dateFrom, $dateTo): array {
DB::statement('SET LOCAL app.current_tenant_id = '.(int) $job->tenant_id);
$rows = DB::table('deals')
->leftJoin('users', 'deals.manager_id', '=', 'users.id')
->where('deals.tenant_id', $job->tenant_id)
->whereNull('deals.deleted_at')
->where('deals.is_test', false)
->whereBetween('deals.received_at', [$dateFrom, $dateTo])
->groupBy('deals.manager_id', 'users.first_name', 'users.last_name', 'users.email')
->orderByRaw('COUNT(*) DESC')
->orderBy('deals.manager_id')
->selectRaw(
"deals.manager_id,
users.first_name, users.last_name, users.email,
COUNT(*) AS total,
COUNT(*) FILTER (WHERE deals.status = 'paid') AS paid"
)
->get();
return $rows->map(function ($row): array {
$name = trim(($row->first_name ?? '').' '.($row->last_name ?? ''));
if ($name === '') {
$name = (string) ($row->email ?? '');
}
if ($name === '') {
$name = 'Не назначен';
}
$total = (int) $row->total;
$paid = (int) $row->paid;
$conversion = $total > 0 ? round($paid / $total * 100, 1) : 0.0;
return [$name, $total, $paid, $conversion];
})->all();
});
}
public function slug(): string
{
return 'managers';
}
}
app/app/Services/Reports/Providers/SourcesSummaryProvider.php
-69
View File
@@ -1,69 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Reports\Providers;
use App\Models\ReportJob;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
/**
* sources_summary агрегат сделок по источнику (utm_source) за период (audit F1).
*
* Группировка по deals.utm_source; сделки без метки (NULL/пусто) сводятся в
* строку «Прямые / без метки». «Оплачено» = status='paid'. Конверсия =
* paid / total * 100, округление до 0.1.
*
* parameters: date_from, date_to (Y-m-d). Исключаются soft-deleted и тестовые
* сделки. RLS-обёртка SET LOCAL app.current_tenant_id паттерн DealsExportProvider.
*/
class SourcesSummaryProvider implements ReportDataProvider
{
public function headers(): array
{
return ['Источник', 'Всего сделок', 'Оплачено', 'Конверсия (%)'];
}
public function rows(ReportJob $job): array
{
$params = $job->parameters ?? [];
$dateFrom = Carbon::parse($params['date_from'])->startOfDay();
$dateTo = Carbon::parse($params['date_to'])->endOfDay();
return DB::transaction(function () use ($job, $dateFrom, $dateTo): array {
DB::statement('SET LOCAL app.current_tenant_id = '.(int) $job->tenant_id);
$rows = DB::table('deals')
->where('tenant_id', $job->tenant_id)
->whereNull('deleted_at')
->where('is_test', false)
->whereBetween('received_at', [$dateFrom, $dateTo])
->groupBy('utm_source')
->orderByRaw('COUNT(*) DESC')
->orderBy('utm_source')
->selectRaw(
"utm_source,
COUNT(*) AS total,
COUNT(*) FILTER (WHERE status = 'paid') AS paid"
)
->get();
return $rows->map(function ($row): array {
$source = $row->utm_source !== null && trim((string) $row->utm_source) !== ''
? (string) $row->utm_source
: 'Прямые / без метки';
$total = (int) $row->total;
$paid = (int) $row->paid;
$conversion = $total > 0 ? round($paid / $total * 100, 1) : 0.0;
return [$source, $total, $paid, $conversion];
})->all();
});
}
public function slug(): string
{
return 'sources';
}
}
app/app/Services/Reports/ReportGeneratorRegistry.php
+18 -18
View File
@@ -10,28 +10,23 @@ use App\Services\Reports\Formatters\JsonFormatter;
use App\Services\Reports\Formatters\PdfStubFormatter;
use App\Services\Reports\Formatters\ReportFormatter;
use App\Services\Reports\Formatters\XlsxFormatter;
use App\Services\Reports\Providers\BillingSummaryProvider;
use App\Services\Reports\Providers\DealsExportProvider;
use App\Services\Reports\Providers\ManagersSummaryProvider;
use App\Services\Reports\Providers\ReportDataProvider;
use App\Services\Reports\Providers\SourcesSummaryProvider;
use InvalidArgumentException;
/**
* Резолвит ReportDataProvider по `type` и ReportFormatter по `format`.
*
* 4 provider'а (deals_export, managers_summary, sources_summary,
* billing_summary) × 4 formatter'а (csv, xlsx, json, pdf). PDF на MVP
* stub: PdfStubFormatter кидает RuntimeException GenerateReportJob
* ловит failed-job (intended, Post-MVP).
* Этап 2 (текущий): 1 provider × 4 formatter = 4 комбинации
* (deals_export × csv|xlsx|json|pdf-stub).
*
* Этап 2b расширит до 4 × 4 = 16 (managers_summary, sources_summary,
* billing_summary). Для PDF на MVP stub, fallback'ит в RuntimeException.
*/
class ReportGeneratorRegistry
{
public function __construct(
private readonly DealsExportProvider $dealsExport,
private readonly ManagersSummaryProvider $managersSummary,
private readonly SourcesSummaryProvider $sourcesSummary,
private readonly BillingSummaryProvider $billingSummary,
private readonly CsvFormatter $csv,
private readonly XlsxFormatter $xlsx,
private readonly JsonFormatter $json,
@@ -42,9 +37,6 @@ class ReportGeneratorRegistry
{
return match ($type) {
'deals_export' => $this->dealsExport,
'managers_summary' => $this->managersSummary,
'sources_summary' => $this->sourcesSummary,
'billing_summary' => $this->billingSummary,
default => throw new InvalidArgumentException("Тип отчёта не реализован: {$type}"),
};
}
@@ -62,10 +54,18 @@ class ReportGeneratorRegistry
public function isSupported(string $type, string $format): bool
{
// Все 4 типа ReportJob::TYPES реализованы (F1, 2026-05-16).
// PDF валидируется, но PdfStubFormatter кидает RuntimeException →
// GenerateReportJob ловит → failed-job (intended, Post-MVP).
return in_array($type, ReportJob::TYPES, true)
&& in_array($format, ReportJob::FORMATS, true);
if (! in_array($type, ReportJob::TYPES, true) || ! in_array($format, ReportJob::FORMATS, true)) {
return false;
}
// Этап 2: только deals_export (этап 2b добавит остальные).
$supportedTypes = ['deals_export'];
if (! in_array($type, $supportedTypes, true)) {
return false;
}
// PDF — stub: validates, но генерация даёт failed-job (intended).
// Считаем «поддерживается» — пусть GenerateReportJob сам catch'ит RuntimeException.
return true;
}
}
app/bootstrap/app.php
-2
View File
@@ -1,6 +1,5 @@
<?php
use App\Http\Middleware\EnsureSaasAdmin;
use App\Http\Middleware\SetTenantContext;
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
@@ -19,7 +18,6 @@ return Application::configure(basePath: dirname(__DIR__))
$middleware->alias([
'tenant' => SetTenantContext::class,
'saas-admin' => EnsureSaasAdmin::class,
]);
// Webhook receive endpoint (POST /api/webhook/{token}) не должен требовать
app/composer.json
-1
View File
@@ -65,7 +65,6 @@
"stan": "@php vendor/bin/phpstan analyse --memory-limit=512M",
"mutation": "@php vendor/bin/infection --threads=2 --min-msi=50",
"audit-offline": "@composer audit --locked",
"demo:seed": "@php artisan db:seed --class=DemoSeeder --force",
"ide-helper": [
"@php artisan ide-helper:generate",
"@php artisan ide-helper:meta"
app/database/factories/ApiKeyFactory.php
-36
View File
@@ -1,36 +0,0 @@
<?php
declare(strict_types=1);
namespace Database\Factories;
use App\Models\ApiKey;
use App\Models\Tenant;
use App\Models\User;
use Illuminate\Database\Eloquent\Factories\Factory;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
/**
* @extends Factory<ApiKey>
*/
class ApiKeyFactory extends Factory
{
protected $model = ApiKey::class;
public function definition(): array
{
return [
'tenant_id' => Tenant::factory(),
'user_id' => User::factory(),
'name' => 'API-ключ',
'key_hash' => Hash::make(Str::random(48)),
'key_prefix' => 'lpkapi_'.Str::lower(Str::random(3)),
'scopes' => ['read'],
'last_used_at' => null,
'expires_at' => now()->addYear(),
'is_active' => true,
'created_at' => now(),
];
}
}
app/database/factories/BalanceTransactionFactory.php
-34
View File
@@ -1,34 +0,0 @@
<?php
declare(strict_types=1);
namespace Database\Factories;
use App\Models\BalanceTransaction;
use App\Models\Tenant;
use Illuminate\Database\Eloquent\Factories\Factory;
/**
* @extends Factory<BalanceTransaction>
*/
class BalanceTransactionFactory extends Factory
{
protected $model = BalanceTransaction::class;
/**
* @return array<string, mixed>
*/
public function definition(): array
{
return [
'tenant_id' => Tenant::factory(),
'type' => BalanceTransaction::TYPE_TOPUP,
'amount_rub' => '100.00',
'amount_leads' => 0,
'balance_rub_after' => '100.00',
'balance_leads_after' => 0,
'description' => 'Тестовая транзакция',
'created_at' => now(),
];
}
}
app/database/factories/ImportLogFactory.php
-30
View File
@@ -1,30 +0,0 @@
<?php
declare(strict_types=1);
namespace Database\Factories;
use App\Models\ImportLog;
use App\Models\Tenant;
use App\Models\User;
use Illuminate\Database\Eloquent\Factories\Factory;
/** @extends Factory<ImportLog> */
class ImportLogFactory extends Factory
{
protected $model = ImportLog::class;
public function definition(): array
{
return [
'tenant_id' => Tenant::factory(),
'user_id' => User::factory(),
'filename' => 'leads-export.csv',
'file_path' => 'imports/1/'.$this->faker->uuid().'.csv',
'status' => 'pending',
'entity_type' => 'leads',
'source_system' => 'crm.bp-gr.ru',
'dry_run' => false,
];
}
}
app/database/factories/ImportUnknownStatusFactory.php
-25
View File
@@ -1,25 +0,0 @@
<?php
declare(strict_types=1);
namespace Database\Factories;
use App\Models\ImportUnknownStatus;
use App\Models\Tenant;
use Illuminate\Database\Eloquent\Factories\Factory;
/** @extends Factory<ImportUnknownStatus> */
class ImportUnknownStatusFactory extends Factory
{
protected $model = ImportUnknownStatus::class;
public function definition(): array
{
return [
'tenant_id' => Tenant::factory(),
'status_ru' => $this->faker->unique()->word(),
'occurrences' => $this->faker->numberBetween(1, 20),
'mapped_to_slug' => null,
];
}
}
app/database/factories/OutboundWebhookSubscriptionFactory.php
-34
View File
@@ -1,34 +0,0 @@
<?php
declare(strict_types=1);
namespace Database\Factories;
use App\Models\OutboundWebhookSubscription;
use App\Models\Tenant;
use App\Models\User;
use Illuminate\Database\Eloquent\Factories\Factory;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
/**
* @extends Factory<OutboundWebhookSubscription>
*/
class OutboundWebhookSubscriptionFactory extends Factory
{
protected $model = OutboundWebhookSubscription::class;
public function definition(): array
{
return [
'tenant_id' => Tenant::factory(),
'user_id' => User::factory(),
'name' => 'Webhook',
'target_url' => 'https://'.fake()->domainName().'/webhook',
'secret_hash' => Hash::make('whsec_'.Str::random(40)),
'secret_prefix' => 'whsec_'.Str::lower(Str::random(4)),
'events' => ['deal.created', 'deal.status_changed'],
'is_active' => true,
];
}
}
app/database/migrations/2026_05_16_120000_sprint4_historical_import_schema.php
-77
View File
@@ -1,77 +0,0 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Schema;
/**
* Sprint 4 (H1+H2) историческая миграция лидов §6.
*
* H1: новая таблица import_unknown_statuses (tenant-level resolved mappings).
* H2: enrichment import_log +5 колонок.
*
* Guard'ы: migrate:fresh грузит schema.sql v8.21+ (где delta уже есть) до миграций,
* поэтому каждый кусок применяется только при отсутствии.
*/
return new class extends Migration
{
public function up(): void
{
foreach ([
'entity_type' => "ALTER TABLE import_log ADD COLUMN entity_type VARCHAR(20) NOT NULL DEFAULT 'leads' CHECK (entity_type IN ('leads','projects'))",
'source_system' => "ALTER TABLE import_log ADD COLUMN source_system VARCHAR(50) NOT NULL DEFAULT 'crm.bp-gr.ru'",
'mapping_config' => 'ALTER TABLE import_log ADD COLUMN mapping_config JSONB',
'unknown_statuses_count' => 'ALTER TABLE import_log ADD COLUMN unknown_statuses_count INT NOT NULL DEFAULT 0',
'dry_run' => 'ALTER TABLE import_log ADD COLUMN dry_run BOOLEAN NOT NULL DEFAULT FALSE',
] as $column => $ddl) {
if (! Schema::hasColumn('import_log', $column)) {
DB::statement($ddl);
}
}
if (! Schema::hasTable('import_unknown_statuses')) {
DB::statement(<<<'SQL'
CREATE TABLE import_unknown_statuses (
id BIGSERIAL PRIMARY KEY,
tenant_id BIGINT NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
import_log_id BIGINT REFERENCES import_log(id) ON DELETE SET NULL,
status_ru VARCHAR(100) NOT NULL,
occurrences INT NOT NULL DEFAULT 0,
mapped_to_slug VARCHAR(50) REFERENCES lead_statuses(slug),
resolved_at TIMESTAMPTZ,
resolved_by BIGINT REFERENCES users(id),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ,
UNIQUE (tenant_id, status_ru)
)
SQL);
DB::statement(
'CREATE INDEX idx_import_unknown_statuses_unresolved
ON import_unknown_statuses (tenant_id) WHERE mapped_to_slug IS NULL'
);
DB::statement('ALTER TABLE import_unknown_statuses ENABLE ROW LEVEL SECURITY');
DB::statement(
"CREATE POLICY tenant_isolation ON import_unknown_statuses
USING (tenant_id = current_setting('app.current_tenant_id')::bigint)"
);
}
}
public function down(): void
{
// down() не симметричен: на проекте rollback применяется только после
// migrate:fresh (см. add_archived_at_to_projects). Для отката v8.21 —
// отдельный schema-bump, не эта миграция.
DB::statement('DROP TABLE IF EXISTS import_unknown_statuses');
foreach (['entity_type', 'source_system', 'mapping_config', 'unknown_statuses_count', 'dry_run'] as $column) {
if (Schema::hasColumn('import_log', $column)) {
Schema::table('import_log', fn ($table) => $table->dropColumn($column));
}
}
}
};
app/database/seeders/DemoSeeder.php
-10
View File
@@ -14,16 +14,6 @@ class DemoSeeder extends Seeder
{
public function run(): void
{
// DemoSeeder создаёт демо-данные и НЕ должен исполняться в production.
// DatabaseSeeder вызывает его только в local/testing — этот guard
// дополнительно защищает прямой вызов `db:seed --class=DemoSeeder`
// (в т.ч. через `composer demo:seed`).
if (app()->isProduction()) {
$this->command->warn('DemoSeeder пропущен: запрещён в production.');
return;
}
$tenant = Tenant::query()->where('subdomain', 'demo')->first()
?? Tenant::factory()->create([
'subdomain' => 'demo',
app/phpstan-baseline.neon
+77 -459
View File
@@ -1,5 +1,25 @@
parameters:
ignoreErrors:
# Plan 6 (v8.20): Project::$regions INT[] cast via PostgresIntArray; ide-helper
# regen pending (will resolve after next `php artisan ide-helper:models -W`).
-
message: '#^Access to an undefined property App\\Models\\Project\:\:\$regions\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/Plan5/Projects/ProjectsStoreTest.php
-
message: '#^Access to an undefined property App\\Models\\Project\:\:\$regions\.$#'
identifier: property.notFound
count: 2
path: tests/Feature/Plan5/Projects/ProjectsUpdateTest.php
-
message: '#^Access to an undefined property App\\Models\\Project\:\:\$regions\.$#'
identifier: property.notFound
count: 1
path: app/Jobs/Supplier/SyncSupplierProjectsJob.php
-
message: '#^Expression on left side of \?\? is not nullable\.$#'
identifier: nullCoalesce.expr
@@ -78,6 +98,12 @@ parameters:
count: 1
path: app/Http/Middleware/SetTenantContext.php
-
message: '#^Access to an undefined property App\\Models\\Project\:\:\$archived_at\.$#'
identifier: property.notFound
count: 1
path: app/Http/Resources/ProjectResource.php
-
message: '#^Using nullsafe property access "\?\-\>name" on left side of \?\? is unnecessary\. Use \-\> instead\.$#'
identifier: nullsafe.neverNull
@@ -97,16 +123,16 @@ parameters:
path: app/Services/NotificationService.php
-
message: '#^Match expression does not handle remaining value\: string$#'
identifier: match.unhandled
message: '#^Access to an undefined property App\\Models\\Project\:\:\$archived_at\.$#'
identifier: property.notFound
count: 1
path: app/Services/Project/ProjectService.php
-
message: '#^Return type \(array\<string, mixed\>\) of method Database\\Factories\\BalanceTransactionFactory\:\:definition\(\) should be compatible with return type \(array\<model property of App\\Models\\BalanceTransaction, mixed\>\) of method Illuminate\\Database\\Eloquent\\Factories\\Factory\<App\\Models\\BalanceTransaction\>\:\:definition\(\)$#'
identifier: method.childReturnType
message: '#^Match expression does not handle remaining value\: string$#'
identifier: match.unhandled
count: 1
path: database/factories/BalanceTransactionFactory.php
path: app/Services/Project/ProjectService.php
-
message: '#^Return type \(array\<string, mixed\>\) of method Database\\Factories\\ProjectFactory\:\:definition\(\) should be compatible with return type \(array\<model property of App\\Models\\Project, mixed\>\) of method Illuminate\\Database\\Eloquent\\Factories\\Factory\<App\\Models\\Project\>\:\:definition\(\)$#'
@@ -180,54 +206,12 @@ parameters:
count: 3
path: tests/Feature/Admin/AdminSuppliersControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/AdminBillingActionsTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:patchJson\(\)\.$#'
identifier: method.notFound
count: 7
path: tests/Feature/AdminBillingActionsTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
count: 3
path: tests/Feature/AdminBillingActionsTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 10
path: tests/Feature/AdminBillingIndexTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$adminId\.$#'
identifier: property.notFound
count: 4
path: tests/Feature/AdminIncidentRknNotifyTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
count: 4
path: tests/Feature/AdminIncidentRknNotifyTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$adminId\.$#'
identifier: property.notFound
count: 5
path: tests/Feature/AdminIncidentShowTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 5
path: tests/Feature/AdminIncidentShowTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$adminId\.$#'
identifier: property.notFound
@@ -288,36 +272,6 @@ parameters:
count: 14
path: tests/Feature/Api/ProjectBulkActionsTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 7
path: tests/Feature/ApiKeyControllerTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 5
path: tests/Feature/ApiKeyControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/ApiKeyControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 4
path: tests/Feature/ApiKeyControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
count: 3
path: tests/Feature/ApiKeyControllerTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
@@ -529,58 +483,16 @@ parameters:
path: tests/Feature/Auth/TwoFactorTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
message: '#^Access to an undefined property App\\Models\\LeadCharge\:\:\$charge_source\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/Auth/UpdateProfileTest.php
count: 2
path: tests/Feature/Billing/LedgerServiceTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
message: '#^Access to an undefined property App\\Models\\Tenant\:\:\$delivered_in_month\.$#'
identifier: property.notFound
count: 4
path: tests/Feature/Auth/UpdateProfileTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Auth/UpdateProfileTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Auth/UpdateProfileTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:patchJson\(\)\.$#'
identifier: method.notFound
count: 6
path: tests/Feature/Auth/UpdateProfileTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 12
path: tests/Feature/Billing/BillingOverviewControllerTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/Billing/BillingOverviewControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Billing/BillingOverviewControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 18
path: tests/Feature/Billing/BillingOverviewControllerTest.php
count: 3
path: tests/Feature/Billing/LedgerServiceTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$ledger\.$#'
@@ -636,36 +548,6 @@ parameters:
count: 1
path: tests/Feature/Billing/TenantChargesControllerTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 5
path: tests/Feature/Billing/TopupControllerTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 2
path: tests/Feature/Billing/TopupControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Billing/TopupControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:assertDatabaseHas\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Billing/TopupControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
count: 8
path: tests/Feature/Billing/TopupControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:artisan\(\)\.$#'
identifier: method.notFound
@@ -678,34 +560,22 @@ parameters:
count: 2
path: tests/Feature/Console/ResetDeliveredTodayCommandTest.php
-
message: '#^Access to an undefined property App\\Models\\Tenant\:\:\$delivered_in_month\.$#'
identifier: property.notFound
count: 3
path: tests/Feature/Console/ResetMonthlyCountersCommandTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:artisan\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Console/ResetMonthlyCountersCommandTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 9
path: tests/Feature/DashboardSummaryTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 15
path: tests/Feature/DealCreateTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/DealCreateTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
count: 37
path: tests/Feature/DealCreateTest.php
-
@@ -729,19 +599,7 @@ parameters:
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 11
path: tests/Feature/DealDestroyTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/DealDestroyTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
count: 20
path: tests/Feature/DealDestroyTest.php
-
@@ -783,25 +641,13 @@ parameters:
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 30
path: tests/Feature/DealIndexTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/DealIndexTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
count: 50
path: tests/Feature/DealIndexTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 21
count: 22
path: tests/Feature/DealIndexTest.php
-
@@ -819,19 +665,7 @@ parameters:
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 9
path: tests/Feature/DealRestoreTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/DealRestoreTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
count: 18
path: tests/Feature/DealRestoreTest.php
-
@@ -867,31 +701,19 @@ parameters:
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$project\.$#'
identifier: property.notFound
count: 6
count: 7
path: tests/Feature/DealShowTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 13
path: tests/Feature/DealShowTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/DealShowTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
count: 20
path: tests/Feature/DealShowTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 7
count: 8
path: tests/Feature/DealShowTest.php
-
@@ -909,19 +731,7 @@ parameters:
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 7
path: tests/Feature/DealTransitionTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/DealTransitionTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
count: 12
path: tests/Feature/DealTransitionTest.php
-
@@ -945,31 +755,19 @@ parameters:
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$project\.$#'
identifier: property.notFound
count: 9
count: 10
path: tests/Feature/DealUpdateTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 15
path: tests/Feature/DealUpdateTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/DealUpdateTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
count: 24
path: tests/Feature/DealUpdateTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:patchJson\(\)\.$#'
identifier: method.notFound
count: 9
count: 10
path: tests/Feature/DealUpdateTest.php
-
@@ -1008,90 +806,6 @@ parameters:
count: 17
path: tests/Feature/ImpersonationTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$service\.$#'
identifier: property.notFound
count: 10
path: tests/Feature/Import/HistoricalImportServiceTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 23
path: tests/Feature/Import/HistoricalImportServiceTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 20
path: tests/Feature/Import/HistoricalImportServiceTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 3
path: tests/Feature/Import/ImportCompletedNotificationTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 3
path: tests/Feature/Import/ImportCompletedNotificationTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 12
path: tests/Feature/Import/ImportControllerTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 3
path: tests/Feature/Import/ImportControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Import/ImportControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 4
path: tests/Feature/Import/ImportControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
count: 5
path: tests/Feature/Import/ImportControllerTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 9
path: tests/Feature/Import/ImportLeadsJobTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 4
path: tests/Feature/Import/ImportLeadsJobTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 4
path: tests/Feature/Import/ImportModelsTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 2
path: tests/Feature/Import/ImportModelsTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
@@ -1122,12 +836,6 @@ parameters:
count: 16
path: tests/Feature/LookupsTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 3
path: tests/Feature/LookupsTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
@@ -1194,6 +902,12 @@ parameters:
count: 6
path: tests/Feature/Plan5/Jobs/SyncSupplierProjectJobTest.php
-
message: '#^Access to an undefined property App\\Models\\Project\:\:\$archived_at\.$#'
identifier: property.notFound
count: 2
path: tests/Feature/Plan5/Projects/ProjectsActionsTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
@@ -1209,13 +923,13 @@ parameters:
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 9
count: 12
path: tests/Feature/Plan5/Projects/ProjectsStoreTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 6
count: 8
path: tests/Feature/Plan5/Projects/ProjectsUpdateTest.php
-
@@ -1269,49 +983,7 @@ parameters:
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 9
path: tests/Feature/Reports/BillingSummaryProviderTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$project\.$#'
identifier: property.notFound
count: 8
path: tests/Feature/Reports/ManagersSummaryProviderTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 14
path: tests/Feature/Reports/ManagersSummaryProviderTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 20
path: tests/Feature/Reports/ReportDownloadTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 14
path: tests/Feature/Reports/ReportDownloadTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 3
path: tests/Feature/Reports/ReportDownloadTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:get\(\)\.$#'
identifier: method.notFound
count: 8
path: tests/Feature/Reports/ReportDownloadTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 31
count: 25
path: tests/Feature/Reports/ReportJobControllerTest.php
-
@@ -1335,7 +1007,7 @@ parameters:
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
count: 14
count: 12
path: tests/Feature/Reports/ReportJobControllerTest.php
-
@@ -1380,18 +1052,6 @@ parameters:
count: 12
path: tests/Feature/Reports/ReportLifecycleTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$project\.$#'
identifier: property.notFound
count: 8
path: tests/Feature/Reports/SourcesSummaryProviderTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 12
path: tests/Feature/Reports/SourcesSummaryProviderTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$project1Id\.$#'
identifier: property.notFound
@@ -1416,18 +1076,6 @@ parameters:
count: 5
path: tests/Feature/RlsSmokeTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$app\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/SaasAdminMiddlewareTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 2
path: tests/Feature/SaasAdminMiddlewareTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$project\.$#'
identifier: property.notFound
@@ -1488,6 +1136,18 @@ parameters:
count: 7
path: tests/Feature/Supplier/RetryFailedSupplierJobsCommandTest.php
-
message: '#^Access to an undefined property App\\Models\\LeadCharge\:\:\$charge_source\.$#'
identifier: property.notFound
count: 2
path: tests/Feature/Supplier/RouteSupplierLeadJobBillingTest.php
-
message: '#^Access to an undefined property App\\Models\\Tenant\:\:\$delivered_in_month\.$#'
identifier: property.notFound
count: 2
path: tests/Feature/Supplier/RouteSupplierLeadJobBillingTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:seed\(\)\.$#'
identifier: method.notFound
@@ -1518,48 +1178,6 @@ parameters:
count: 14
path: tests/Feature/WebhookReceiveTest.php
-
message: '#^Access to an undefined property Pest\\Mixins\\Expectation\<mixed\>\:\:\$not\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/WebhookSettingsControllerTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 7
path: tests/Feature/WebhookSettingsControllerTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 5
path: tests/Feature/WebhookSettingsControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/WebhookSettingsControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 4
path: tests/Feature/WebhookSettingsControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
count: 3
path: tests/Feature/WebhookSettingsControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:putJson\(\)\.$#'
identifier: method.notFound
count: 3
path: tests/Feature/WebhookSettingsControllerTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$resolver\.$#'
identifier: property.notFound
app/resources/js/api/admin.ts
-97
View File
@@ -331,100 +331,3 @@ export async function updateSystemSetting(
);
return data;
}
// === SaaS-admin → Биллинг: row-actions (Sprint 3D G4) ===
export interface AdminTariffPlan {
id: number;
name: string;
price_monthly: string;
}
export async function listAdminTariffPlans(): Promise<AdminTariffPlan[]> {
const { data } = await apiClient.get<{ plans: AdminTariffPlan[] }>('/api/admin/billing/tariff-plans');
return data.plans;
}
export async function updateTenantStatus(
id: number,
status: 'active' | 'suspended',
reason: string,
): Promise<{ id: number; status: string }> {
await ensureCsrfCookie();
const { data } = await apiClient.patch<{ id: number; status: string }>(
`/api/admin/billing/tenants/${id}/status`,
{ status, reason },
);
return data;
}
export async function refundTenant(
id: number,
amountRub: number,
reason: string,
): Promise<{ id: number; balance_rub: string; transaction_id: number }> {
await ensureCsrfCookie();
const { data } = await apiClient.post<{ id: number; balance_rub: string; transaction_id: number }>(
`/api/admin/billing/tenants/${id}/refund`,
{ amount_rub: amountRub, reason },
);
return data;
}
export async function changeTenantTariff(
id: number,
tariffId: number,
reason: string,
): Promise<{ id: number; tariff_id: number; tariff_name: string }> {
await ensureCsrfCookie();
const { data } = await apiClient.patch<{ id: number; tariff_id: number; tariff_name: string }>(
`/api/admin/billing/tenants/${id}/tariff`,
{ tariff_id: tariffId, reason },
);
return data;
}
// === SaaS-admin → Инциденты: detail-view + РКН-notify (Sprint 3D G5/G6) ===
export interface ApiIncidentAffectedTenant {
id: number;
organization_name: string;
}
export interface ApiAdminIncidentDetail {
id: number;
incident_id: string;
type: string;
severity: 'low' | 'medium' | 'high' | 'critical';
summary: string;
root_cause: string | null;
postmortem_url: string | null;
started_at: string;
detected_at: string;
resolved_at: string | null;
status: 'open' | 'investigating' | 'resolved';
affected_tenants: ApiIncidentAffectedTenant[];
affected_users_count: number | null;
notification_sent_at: string | null;
rkn_notified: boolean;
rkn_notified_at: string | null;
rkn_deadline_at: string | null;
created_by_admin: string | null;
closed_by_admin: string | null;
created_at: string | null;
updated_at: string | null;
}
export async function getAdminIncidentDetail(id: number): Promise<ApiAdminIncidentDetail> {
const { data } = await apiClient.get<{ incident: ApiAdminIncidentDetail }>(`/api/admin/incidents/${id}`);
return data.incident;
}
export async function notifyIncidentRkn(id: number): Promise<ApiAdminIncidentDetail> {
await ensureCsrfCookie();
const { data } = await apiClient.post<{ incident: ApiAdminIncidentDetail }>(
`/api/admin/incidents/${id}/rkn-notify`,
{},
);
return data.incident;
}
app/resources/js/api/apiKeys.ts
-32
View File
@@ -1,32 +0,0 @@
import { apiClient, ensureCsrfCookie } from './client';
/**
* API-ключи тенанта (audit D2/D3). Backend: ApiKeyController.
* Полный ключ доступен только в ответе regenerateApiKey().
*/
export interface ApiKeyInfo {
id: number;
name: string;
key_prefix: string;
last_used_at: string | null;
expires_at: string | null;
created_at: string | null;
}
export interface RegeneratedApiKey {
id: number;
name: string;
key: string;
key_prefix: string;
}
export async function listApiKeys(): Promise<ApiKeyInfo[]> {
const { data } = await apiClient.get<{ data: ApiKeyInfo[] }>('/api/api-keys');
return data.data;
}
export async function regenerateApiKey(): Promise<RegeneratedApiKey> {
await ensureCsrfCookie();
const { data } = await apiClient.post<RegeneratedApiKey>('/api/api-keys/regenerate');
return data;
}
app/resources/js/api/auth.ts
-15
View File
@@ -25,8 +25,6 @@ export interface AuthUser {
email: string;
first_name: string | null;
last_name: string | null;
phone?: string | null;
timezone?: string | null;
tenant_id: number;
totp_enabled: boolean;
last_login_at: string | null;
@@ -153,16 +151,3 @@ export async function updateNotificationPreferences(payload: UpdateNotificationP
const { data } = await apiClient.patch<{ user: AuthUser }>('/api/auth/me/notification-preferences', payload);
return data.user;
}
export interface UpdateProfilePayload {
first_name: string;
last_name: string;
phone: string | null;
timezone: string;
}
export async function updateProfile(payload: UpdateProfilePayload): Promise<AuthUser> {
await ensureCsrfCookie();
const { data } = await apiClient.patch<{ user: AuthUser }>('/api/auth/me', payload);
return data.user;
}
app/resources/js/api/billing.ts
-90
View File
@@ -1,90 +0,0 @@
import { apiClient, ensureCsrfCookie } from './client';
/**
* API-модуль биллинга (Sprint 2 Plan C).
*
* Эндпоинты под [auth:sanctum, tenant]: GET wallet/transactions/invoices
* (E3), POST topup (E1 добавляется в Task 5). GET'ы не требуют CSRF-cookie.
*/
/** Тариф в составе ответа GET /api/billing/wallet. */
export interface WalletTariff {
code: string;
name: string;
price_monthly: string | null;
billing_model: string;
features: string[];
}
/** Ответ GET /api/billing/wallet — кошелёк тенанта. */
export interface Wallet {
balance_rub: string;
balance_leads: number;
runway_days: number | null;
tariff: WalletTariff | null;
}
/** GET /api/billing/wallet — балансы + текущий тариф + runway. */
export async function getWallet(): Promise<Wallet> {
const { data } = await apiClient.get<Wallet>('/api/billing/wallet');
return data;
}
/** Строка истории транзакций (GET /api/billing/transactions). */
export interface BillingTransaction {
id: number;
code: string;
type: string;
description: string | null;
amount_rub: string;
amount_leads: number;
balance_rub_after: string | null;
created_at: string;
}
/** Пагинированный ответ GET /api/billing/transactions. */
export interface TransactionsPage {
data: BillingTransaction[];
meta: { current_page: number; last_page: number; total: number; per_page: number };
}
/** Счёт тенанта (GET /api/billing/invoices). */
export interface BillingInvoice {
id: number;
invoice_number: string;
amount_total: string;
status: string;
issued_at: string;
has_pdf: boolean;
}
/** GET /api/billing/transactions — пагинированная история транзакций. */
export async function getTransactions(params: { page?: number; type?: string }): Promise<TransactionsPage> {
const { data } = await apiClient.get<TransactionsPage>('/api/billing/transactions', { params });
return data;
}
/** GET /api/billing/invoices — счета тенанта (real-but-empty до Б-1). */
export async function getInvoices(): Promise<{ data: BillingInvoice[] }> {
const { data } = await apiClient.get<{ data: BillingInvoice[] }>('/api/billing/invoices');
return data;
}
/** Результат POST /api/billing/topup. */
export interface TopupResult {
transaction: {
id: number;
type: string;
amount_rub: string;
balance_rub_after: string | null;
created_at: string;
};
balance_rub: string;
}
/** POST /api/billing/topup — пополнить рублёвый баланс (MVP-stub). */
export async function topup(amountRub: number): Promise<TopupResult> {
await ensureCsrfCookie();
const { data } = await apiClient.post<TopupResult>('/api/billing/topup', { amount_rub: amountRub });
return data;
}
app/resources/js/api/dashboard.ts
-26
View File
@@ -1,26 +0,0 @@
import { apiClient } from './client';
/**
* API-клиент дашборда (audit C1/J3). Эндпоинт GET /api/dashboard/summary.
* На MVP без auth tenant_id параметром (на prod возьмётся из middleware).
*/
export type DeltaDir = 'up' | 'down' | 'neutral';
export type DashboardRange = 'today' | '7d' | '30d';
export interface DashboardSummary {
range: string;
leads_received: { value: number; delta_pct: number; delta_dir: DeltaDir };
conversion: { value: number; delta_pp: number; delta_dir: DeltaDir };
active_projects: { active: number; limit: number };
balance: { amount_rub: string; runway_days: number; runway_leads: number };
activity: { points: number[]; labels: string[]; max: number };
funnel: Record<string, number>;
}
export async function getDashboardSummary(tenantId: number, range: DashboardRange): Promise<DashboardSummary> {
const { data } = await apiClient.get<DashboardSummary>('/api/dashboard/summary', {
params: { tenant_id: tenantId, range },
});
return data;
}
app/resources/js/api/deals.ts
-11
View File
@@ -233,14 +233,3 @@ export async function listProjects(tenantId: number): Promise<ApiProject[]> {
});
return data.projects;
}
/**
* Лёгкий count-only запрос для бейджа «Сделки» в AppSidebar (audit B2).
* Backend пропускает SELECT строк отдаёт только COUNT(*).
*/
export async function fetchDealsCount(tenantId: number): Promise<number> {
const { data } = await apiClient.get<{ total: number }>('/api/deals', {
params: { tenant_id: tenantId, count_only: 1 },
});
return data.total;
}
app/resources/js/api/imports.ts
-66
View File
@@ -1,66 +0,0 @@
import { apiClient } from './client';
/**
* API-клиент исторической миграции лидов (ТЗ §6).
* Эндпоинты: POST/GET /api/imports, /api/imports/unknown-statuses, /api/imports/unknown-statuses/resolve.
*/
export interface ImportLogResource {
id: number;
filename: string;
status: 'pending' | 'processing' | 'done' | 'failed';
rows_total: number;
rows_added: number;
rows_updated: number;
rows_skipped: number;
unknown_statuses_count: number;
dry_run: boolean;
error_message: string | null;
started_at: string | null;
finished_at: string | null;
}
export interface UnknownStatus {
id: number;
status_ru: string;
occurrences: number;
}
export interface StatusMapping {
status_ru: string;
slug: string;
}
/** POST /api/imports — загрузить CSV. */
export async function uploadImport(file: File, dryRun = false): Promise<ImportLogResource> {
const form = new FormData();
form.append('file', file);
if (dryRun) {
form.append('dry_run', '1');
}
const { data } = await apiClient.post<{ data: ImportLogResource }>('/api/imports', form);
return data.data;
}
/** GET /api/imports — история импортов. */
export async function listImports(): Promise<ImportLogResource[]> {
const { data } = await apiClient.get<{ data: ImportLogResource[] }>('/api/imports');
return data.data;
}
/** GET /api/imports/{id} — прогресс одного импорта. */
export async function getImport(id: number): Promise<ImportLogResource> {
const { data } = await apiClient.get<{ data: ImportLogResource }>(`/api/imports/${id}`);
return data.data;
}
/** GET /api/imports/unknown-statuses — незамапленные статусы. */
export async function getUnknownStatuses(): Promise<UnknownStatus[]> {
const { data } = await apiClient.get<{ data: UnknownStatus[] }>('/api/imports/unknown-statuses');
return data.data;
}
/** POST /api/imports/unknown-statuses/resolve — сохранить маппинг. */
export async function resolveUnknownStatuses(mappings: StatusMapping[]): Promise<void> {
await apiClient.post('/api/imports/unknown-statuses/resolve', { mappings });
}
app/resources/js/api/reports.ts
-1
View File
@@ -32,7 +32,6 @@ export interface ApiReportJob {
parameters: ApiReportParameters;
status: ApiReportStatus;
file_path: string | null;
download_url: string | null;
file_size: number | null;
generation_seconds: number | null;
error_message: string | null;
app/resources/js/api/webhooks.ts
-40
View File
@@ -1,40 +0,0 @@
import { apiClient, ensureCsrfCookie } from './client';
/**
* Настройки исходящего webhook'а тенанта (audit D4/D5). Backend:
* WebhookSettingsController. Полный secret доступен только в ответе
* saveWebhookSettings() при первом создании подписки.
*/
export interface WebhookSettings {
target_url: string;
secret_prefix: string;
events: string[];
is_active: boolean;
}
export interface SavedWebhookSettings extends WebhookSettings {
secret?: string;
}
export interface WebhookTestResult {
ok: boolean;
status: number | null;
message: string;
}
export async function getWebhookSettings(): Promise<WebhookSettings | null> {
const { data } = await apiClient.get<{ data: WebhookSettings | null }>('/api/tenants/me/webhook-settings');
return data.data;
}
export async function saveWebhookSettings(payload: { target_url: string }): Promise<SavedWebhookSettings> {
await ensureCsrfCookie();
const { data } = await apiClient.put<{ data: SavedWebhookSettings }>('/api/tenants/me/webhook-settings', payload);
return data.data;
}
export async function testWebhook(): Promise<WebhookTestResult> {
await ensureCsrfCookie();
const { data } = await apiClient.post<WebhookTestResult>('/api/webhooks/test');
return data;
}
app/resources/js/components/AppShell.vue
+1 -1
View File
@@ -2,7 +2,7 @@
/**
* Корневой shell приложения. Мапит meta.layout текущего route'а на layout-компонент.
*
* meta.layout = 'auth' AuthLayout (двухпанельный для login/register/2fa/forgot/recovery-use).
* meta.layout = 'auth' AuthLayout (двухпанельный для login/register/2fa/forgot/recovery).
* meta.layout = 'error' RouterView напрямую (ErrorView сам предоставляет v-app + теало-нуар bg).
* meta.layout не задан или 'app' AppLayout (sidebar + topbar для авторизованных страниц).
*
app/resources/js/components/admin/ImpersonationBanner.vue
-84
View File
@@ -1,84 +0,0 @@
<script setup lang="ts">
/**
* Глобальный индикатор активных impersonation-сессий (audit B5 / Ю-1).
*
* Размещён в AdminLayout над <RouterView> виден на всех /admin/* страницах.
* На MVP saas-admin auth нет и реального переключения сессии нет, поэтому
* показываем счётчик ВСЕХ активных сессий (impersonationActive() =
* used_at != null AND session_ended_at == null). Polling 30 c сессия может
* стартовать/завершиться, пока админ остаётся в админке (AdminLayout
* persistent, перемонтируется только <RouterView>).
*
* Если активных сессий 0 компонент не рендерит ничего.
*/
import { computed, onMounted, ref } from 'vue';
import { impersonationActive, type ImpersonationActiveSession } from '../../api/admin';
import { usePolling } from '../../composables/usePolling';
const sessions = ref<ImpersonationActiveSession[]>([]);
async function load(): Promise<void> {
try {
sessions.value = await impersonationActive();
} catch {
// Баннер не критичен ошибку детально покажет AdminImpersonationView.
// Сохраняем прежнее значение sessions, не падаем.
}
}
const count = computed(() => sessions.value.length);
const label = computed(() => {
if (count.value === 1) {
const s = sessions.value[0];
return `Активна impersonation-сессия: ${s.tenant_name ?? `тенант #${s.tenant_id}`}`;
}
return `Активны impersonation-сессии: ${count.value}`;
});
onMounted(load);
usePolling(load, { intervalMs: 30_000 });
defineExpose({ sessions, load });
</script>
<template>
<div v-if="count > 0" class="impersonation-banner" role="status" data-testid="impersonation-banner">
<v-icon size="16" class="impersonation-banner__icon">mdi-account-switch</v-icon>
<span class="impersonation-banner__label">{{ label }}</span>
<RouterLink
to="/admin/impersonation"
class="impersonation-banner__link"
data-testid="impersonation-banner-link"
>
Открыть
</RouterLink>
</div>
</template>
<style scoped>
.impersonation-banner {
display: flex;
align-items: center;
gap: 8px;
background: #fff4e0;
border-bottom: 1px solid #f0d8a8;
color: #8a5a00;
font-size: 13px;
padding: 8px 24px;
}
.impersonation-banner__icon {
color: #b87400;
}
.impersonation-banner__label {
flex: 1;
}
.impersonation-banner__link {
color: #0f6e56;
font-weight: 600;
text-decoration: none;
}
.impersonation-banner__link:hover {
text-decoration: underline;
}
</style>
app/resources/js/components/billing/BalanceCard.vue
+17 -42
View File
@@ -1,27 +1,15 @@
<script setup lang="ts">
/**
* BalanceCard 3 wallet-cards в одной строке: Кошелёк (dark) +
* Баланс лидов + Тариф. Данные из GET /api/billing/wallet (E3).
* tariff* допускают null (тенант без назначенного тарифа trial).
* BalanceCard 3 wallet-cards в одной строке: Кошелёк (primary, dark) +
* Баланс лидов + Тариф. Sprint 4 Phase B/2 split BillingView (audit O-refactor-04 хвост).
*/
import { computed } from 'vue';
const props = defineProps<{
defineProps<{
walletRub: number;
leadsBalance: number;
tariffName: string | null;
tariffPrice: string | null;
tariffName: string;
tariffPrice: number;
tariffFeatures: string[];
}>();
defineEmits<{ topup: [] }>();
const walletText = computed(() => new Intl.NumberFormat('ru-RU').format(props.walletRub));
const tariffPriceText = computed(() => {
if (props.tariffPrice === null) return 'по запросу';
return new Intl.NumberFormat('ru-RU').format(Number(props.tariffPrice)) + ' ₽/мес';
});
</script>
<template>
@@ -33,19 +21,12 @@ const tariffPriceText = computed(() => {
<v-chip size="x-small" color="primary" variant="elevated">LIVE</v-chip>
</div>
<div class="wallet-amount mt-2">
<span class="num">{{ walletText }}</span>
<span class="num">{{ new Intl.NumberFormat('ru-RU').format(walletRub) }}</span>
<span class="ru">&nbsp;</span>
</div>
<div class="wallet-foot mt-3">мин. пополнение <strong>100 </strong> · округление вниз лиды</div>
<div class="wallet-actions mt-3">
<v-btn
color="primary"
variant="flat"
prepend-icon="mdi-plus"
size="small"
@click="$emit('topup')"
>Пополнить</v-btn
>
<v-btn color="primary" variant="flat" prepend-icon="mdi-plus" size="small">Пополнить</v-btn>
<v-btn variant="outlined" prepend-icon="mdi-autorenew" size="small"> Автопополнение </v-btn>
</div>
</v-card>
@@ -60,24 +41,22 @@ const tariffPriceText = computed(() => {
<span class="num">{{ leadsBalance }}</span>
<span class="ru-text">&nbsp;лидов</span>
</div>
<div class="wallet-foot mt-3">средняя цена <strong>50 /лид</strong> · потрачено за месяц 412</div>
</v-card>
</v-col>
<v-col cols="12" md="4">
<v-card variant="outlined" class="wallet-card pa-4 d-flex flex-column">
<span class="wallet-label">Тариф</span>
<template v-if="tariffName">
<div class="tariff-name mt-1">
{{ tariffName }}
<span class="tariff-price">· {{ tariffPriceText }}</span>
</div>
<ul v-if="tariffFeatures.length" class="tariff-feats mt-3">
<li v-for="f in tariffFeatures" :key="f">
<v-icon size="14" color="success" class="mr-1">mdi-check</v-icon>{{ f }}
</li>
</ul>
</template>
<div v-else class="tariff-empty mt-2">Тариф не выбран</div>
<div class="tariff-name mt-1">
{{ tariffName }}
<span class="tariff-price">· {{ tariffPrice }} /мес</span>
</div>
<ul class="tariff-feats mt-3">
<li v-for="f in tariffFeatures" :key="f">
<v-icon size="14" color="success" class="mr-1">mdi-check</v-icon>{{ f }}
</li>
</ul>
<v-btn variant="outlined" size="small" class="mt-auto">Сменить тариф </v-btn>
</v-card>
</v-col>
@@ -158,10 +137,6 @@ const tariffPriceText = computed(() => {
font-weight: 500;
margin-left: 4px;
}
.tariff-empty {
color: #66635c;
font-size: 14px;
}
.tariff-feats {
list-style: none;
padding: 0;
app/resources/js/components/billing/InvoicesTable.vue
+14 -73
View File
@@ -1,84 +1,29 @@
<script setup lang="ts">
/**
* InvoicesTable список счетов тенанта. Данные GET /api/billing/invoices
* (E3). Real-but-empty до Б-1: на MVP saas_invoices пуста (нужно
* зарегистрированное юр-лицо), компонент показывает empty-state.
* InvoicesTable список счетов и УПД (PDF / 1С 8.3 XML).
* Sprint 4 Phase B/2 split BillingView.
*/
import { ref, onMounted } from 'vue';
import { getInvoices, type BillingInvoice } from '../../api/billing';
import { formatPlain } from '../../composables/billingFormatters';
const invoices = ref<BillingInvoice[]>([]);
const loading = ref(true);
const loadError = ref<string | null>(null);
const STATUS_LABELS: Record<string, string> = {
draft: 'Черновик',
issued: 'Выставлен',
paid: 'Оплачен',
overdue: 'Просрочен',
cancelled: 'Отменён',
};
function statusLabel(status: string): string {
return STATUS_LABELS[status] ?? status;
}
function formatDate(iso: string): string {
return new Date(iso).toLocaleDateString('ru-RU', { timeZone: 'Europe/Moscow' });
}
async function load(): Promise<void> {
loading.value = true;
loadError.value = null;
try {
invoices.value = (await getInvoices()).data;
} catch {
loadError.value = 'Не удалось загрузить счета.';
} finally {
loading.value = false;
}
}
onMounted(load);
defineExpose({ load, invoices });
import { MOCK_INVOICES } from '../../composables/mockBilling';
import { formatIcon, formatLabel, formatPlain } from '../../composables/billingFormatters';
</script>
<template>
<v-card variant="outlined" class="mt-4 panel">
<div class="panel-h pa-4">
<h2 class="text-h6 panel-title ma-0">Счета</h2>
<h2 class="text-h6 panel-title ma-0">Счета и УПД</h2>
<v-btn variant="outlined" size="small" prepend-icon="mdi-download">Реестр XLSX</v-btn>
</div>
<v-divider />
<div v-if="loading" class="py-8 d-flex justify-center">
<v-progress-circular indeterminate color="primary" size="28" />
</div>
<v-alert v-else-if="loadError" type="error" variant="tonal" density="compact" class="ma-4" role="alert">
{{ loadError }}
</v-alert>
<div v-else-if="invoices.length === 0" class="empty pa-8 text-center text-medium-emphasis">
Счета появятся после первой оплаты.
</div>
<ul v-else class="invoices-list pa-2 ma-0">
<li v-for="inv in invoices" :key="inv.id" class="inv-row">
<span class="inv-when num">{{ formatDate(inv.issued_at) }}</span>
<ul class="invoices-list pa-2 ma-0">
<li v-for="inv in MOCK_INVOICES" :key="inv.id" class="inv-row">
<span class="inv-when num">{{ inv.when }}</span>
<span class="inv-name">
{{ inv.invoice_number }}
<span class="sub">{{ statusLabel(inv.status) }}</span>
{{ inv.title }}
<span class="sub">{{ inv.sub }}</span>
</span>
<span class="inv-amount num">{{ formatPlain(Number(inv.amount_total)) }}</span>
<v-btn
variant="text"
size="small"
prepend-icon="mdi-file-pdf-box"
:disabled="!inv.has_pdf"
>
PDF
<span class="inv-amount num">{{ formatPlain(inv.amountRub) }}</span>
<v-btn variant="text" size="small" :prepend-icon="formatIcon(inv.format)">
{{ formatLabel(inv.format) }}
</v-btn>
</li>
</ul>
@@ -107,10 +52,6 @@ defineExpose({ load, invoices });
letter-spacing: -0.01em;
}
.empty {
font-size: 14px;
}
.invoices-list {
list-style: none;
padding: 0;
app/resources/js/components/billing/TopupDialog.vue
-125
View File
@@ -1,125 +0,0 @@
<script setup lang="ts">
/**
* TopupDialog диалог пополнения рублёвого баланса (audit E1).
*
* MVP-stub: POST /api/billing/topup кредитует баланс немедленно (без
* платёжного шлюза реальная оплата post-Б-1). При успехе эмитит
* `success` с новым балансом и закрывается.
*/
import { ref, computed, watch } from 'vue';
import { topup } from '../../api/billing';
import { extractErrorMessage, extractValidationErrors } from '../../api/client';
const model = defineModel<boolean>({ required: true });
const emit = defineEmits<{ success: [balanceRub: string] }>();
const PRESETS = [1000, 5000, 10000, 25000];
const amount = ref<number | null>(null);
const submitting = ref(false);
const errorMsg = ref<string | null>(null);
const amountError = computed<string | null>(() => {
if (amount.value === null || !Number.isFinite(amount.value)) return null;
if (amount.value < 100) return 'Минимум 100 ₽';
if (amount.value > 1000000) return 'Максимум 1 000 000 ₽';
return null;
});
const canSubmit = computed(
() => Number.isFinite(amount.value) && amountError.value === null && !submitting.value,
);
// Сброс состояния при каждом открытии диалога (паттерн ReminderDialog/
// NewDealDialog) нет префилла прошлой суммы и нет всплытия устаревшей ошибки.
watch(model, (open) => {
if (open) {
amount.value = null;
errorMsg.value = null;
}
});
function setPreset(value: number): void {
amount.value = value;
}
async function submit(): Promise<void> {
if (!canSubmit.value || amount.value === null) return;
submitting.value = true;
errorMsg.value = null;
try {
const res = await topup(amount.value);
emit('success', res.balance_rub);
model.value = false;
amount.value = null;
} catch (e) {
const validation = extractValidationErrors(e);
errorMsg.value = validation?.amount_rub?.[0] ?? extractErrorMessage(e);
} finally {
submitting.value = false;
}
}
function close(): void {
if (submitting.value) return;
model.value = false;
errorMsg.value = null;
}
defineExpose({ amount, submit, canSubmit, errorMsg });
</script>
<template>
<v-dialog v-model="model" max-width="460">
<v-card>
<v-card-title class="text-h6">Пополнить баланс</v-card-title>
<v-card-text>
<v-text-field
v-model.number="amount"
type="number"
label="Сумма пополнения"
suffix="₽"
density="comfortable"
:error-messages="amountError ?? undefined"
autofocus
/>
<div class="presets mb-2">
<v-chip
v-for="p in PRESETS"
:key="p"
size="small"
variant="outlined"
@click="setPreset(p)"
>
{{ new Intl.NumberFormat('ru-RU').format(p) }}
</v-chip>
</div>
<v-alert type="info" variant="tonal" density="compact" class="mt-2">
Платёжный шлюз подключается после регистрации юр. лица на текущем этапе баланс
пополняется сразу.
</v-alert>
<v-alert v-if="errorMsg" type="error" variant="tonal" density="compact" class="mt-3" role="alert">
{{ errorMsg }}
</v-alert>
</v-card-text>
<v-card-actions>
<v-spacer />
<v-btn variant="text" :disabled="submitting" @click="close">Отмена</v-btn>
<v-btn color="primary" variant="flat" :loading="submitting" :disabled="!canSubmit" @click="submit">
Пополнить
</v-btn>
</v-card-actions>
</v-card>
</v-dialog>
</template>
<style scoped>
.presets {
display: flex;
flex-wrap: wrap;
gap: 8px;
}
</style>
app/resources/js/components/billing/TransactionsTable.vue
+36 -128
View File
@@ -1,155 +1,63 @@
<script setup lang="ts">
/**
* TransactionsTable server-driven история транзакций с табами
* (Все / Пополнения / Списания / Возвраты). Данные GET
* /api/billing/transactions (E3). Паттерн self-fetching из ChargesTab.
* TransactionsTable VDataTable истории транзакций с табами фильтрации
* (Все / Пополнения / Списания / Возвраты). Sprint 4 Phase B/2 split BillingView.
*/
import { ref, onMounted } from 'vue';
import { getTransactions, type BillingTransaction } from '../../api/billing';
import { formatCost, txAmountClass } from '../../composables/billingFormatters';
import { computed, ref } from 'vue';
import { BILLING_TABS, MOCK_TRANSACTIONS, type BillingTransaction } from '../../composables/mockBilling';
import { formatCost, statusChipColor, statusLabel, txAmountClass } from '../../composables/billingFormatters';
interface Tab {
id: string;
label: string;
type: string | null;
}
const activeTab = ref<(typeof BILLING_TABS)[number]['id']>('all');
const TABS: Tab[] = [
{ id: 'all', label: 'Все', type: null },
{ id: 'topup', label: 'Пополнения', type: 'topup' },
{ id: 'lead_charge', label: 'Списания', type: 'lead_charge' },
{ id: 'refund', label: 'Возвраты', type: 'refund' },
];
const activeTab = ref<string>('all');
const rows = ref<BillingTransaction[]>([]);
const total = ref(0);
const loading = ref(false);
const loadError = ref<string | null>(null);
const page = ref(1);
const headers = [
{ title: 'Дата', key: 'created_at', sortable: false },
{ title: 'Операция', key: 'description', sortable: false },
{ title: 'ID', key: 'code', sortable: false, width: 120 },
{ title: 'Сумма', key: 'amount_rub', align: 'end' as const, sortable: false, width: 140 },
];
function formatWhen(iso: string): string {
return new Date(iso).toLocaleString('ru-RU', {
timeZone: 'Europe/Moscow',
day: '2-digit',
month: '2-digit',
hour: '2-digit',
minute: '2-digit',
});
}
/** Числовое значение движения: рубли приоритетно, иначе лиды. */
function txAmountValue(tx: BillingTransaction): number {
const rub = Number(tx.amount_rub);
return rub !== 0 ? rub : tx.amount_leads;
}
/** Текст суммы: «+ 5 000 ₽» / «− 1 лид.» / «0 ₽». */
function txAmountText(tx: BillingTransaction): string {
const rub = Number(tx.amount_rub);
if (rub !== 0) return formatCost(rub);
if (tx.amount_leads !== 0) {
const sign = tx.amount_leads > 0 ? '+ ' : ' ';
return sign + Math.abs(tx.amount_leads) + ' лид.';
}
return '0 ₽';
}
async function load(): Promise<void> {
loading.value = true;
loadError.value = null;
try {
const tab = TABS.find((t) => t.id === activeTab.value);
const params: { page: number; type?: string } = { page: page.value };
if (tab?.type) params.type = tab.type;
const res = await getTransactions(params);
rows.value = res.data;
total.value = res.meta.total;
} catch {
loadError.value = 'Не удалось загрузить транзакции.';
rows.value = [];
total.value = 0;
} finally {
loading.value = false;
}
}
async function changeTab(id: string): Promise<void> {
activeTab.value = id;
page.value = 1;
await load();
}
async function loadOptions(opts: { page: number }): Promise<void> {
page.value = opts.page;
await load();
}
async function refresh(): Promise<void> {
page.value = 1;
await load();
}
onMounted(load);
defineExpose({ load, refresh, changeTab, activeTab, total, rows });
const filteredTransactions = computed<BillingTransaction[]>(() => {
const tab = BILLING_TABS.find((t) => t.id === activeTab.value);
const types = tab?.types;
if (!types) return MOCK_TRANSACTIONS;
return MOCK_TRANSACTIONS.filter((tx) => types.includes(tx.type));
});
</script>
<template>
<v-card variant="outlined" class="mt-4 panel">
<div class="panel-h pa-4">
<h2 class="text-h6 panel-title ma-0">История транзакций</h2>
<v-btn-toggle
:model-value="activeTab"
mandatory
color="primary"
density="comfortable"
variant="text"
>
<v-btn
v-for="tab in TABS"
:key="tab.id"
:value="tab.id"
size="small"
@click="changeTab(tab.id)"
>
<v-btn-toggle v-model="activeTab" mandatory color="primary" density="comfortable" variant="text">
<v-btn v-for="tab in BILLING_TABS" :key="tab.id" :value="tab.id" size="small">
{{ tab.label }}
</v-btn>
</v-btn-toggle>
</div>
<v-alert v-if="loadError" type="error" variant="tonal" density="compact" class="mx-4 mb-4" role="alert">
{{ loadError }}
</v-alert>
<v-data-table-server
:headers="headers"
:items="rows"
:items-length="total"
:loading="loading"
:items-per-page="20"
<v-data-table
:items="filteredTransactions"
:headers="[
{ title: 'Дата', key: 'when', sortable: false },
{ title: 'Операция', key: 'description', sortable: false },
{ title: 'ID', key: 'code', sortable: false },
{ title: 'Статус', key: 'status', sortable: false },
{ title: 'Сумма', key: 'amount', align: 'end', sortable: false },
]"
items-per-page="-1"
hide-default-footer
density="comfortable"
@update:options="loadOptions"
>
<template #[`item.created_at`]="{ item }">
<span class="tx-when num">{{ formatWhen(item.created_at) }}</span>
<template #[`item.when`]="{ item }">
<span class="tx-when num">{{ item.when }}</span>
</template>
<template #[`item.code`]="{ item }">
<span class="tx-id">#{{ item.code }}</span>
</template>
<template #[`item.amount_rub`]="{ item }">
<span class="num" :class="txAmountClass(txAmountValue(item))">
{{ txAmountText(item) }}
<template #[`item.status`]="{ item }">
<v-chip size="small" variant="tonal" :color="statusChipColor(item.status)">
{{ statusLabel(item.status) }}
</v-chip>
</template>
<template #[`item.amount`]="{ item }">
<span class="num" :class="txAmountClass(item)">
{{ item.status === 'rejected' ? '— 0 ₽' : formatCost(item.amount) }}
</span>
</template>
</v-data-table-server>
</v-data-table>
</v-card>
</template>
app/resources/js/components/deals/NewDealDialog.vue
+1 -19
View File
@@ -42,8 +42,7 @@ async function loadLookups(tenantId: number) {
managerIdByName.value = map;
}
} catch {
// Audit C6: фиксируем провал UI покажет degradation-alert.
lookupsFailed.value = true;
// Молчаливый fallback на mock UI пользователь всё равно увидит.
}
}
@@ -77,9 +76,6 @@ const errors = ref<Record<string, string>>({});
const submitError = ref<string | null>(null);
const busy = ref(false);
// Audit C6: loadLookups упал показываем degradation-alert (списки = mock).
const lookupsFailed = ref(false);
// Регенерируем ID на каждое создание для local-mode. На API backend SERIAL.
function nextId(): number {
return Math.floor(Date.now() / 1000) + Math.floor(Math.random() * 1000);
@@ -95,7 +91,6 @@ function reset() {
errors.value = {};
submitError.value = null;
busy.value = false;
lookupsFailed.value = false;
}
watch(
@@ -175,8 +170,6 @@ async function submit() {
}
}
defineExpose({ lookupsFailed });
function close() {
dialogOpen.value = false;
}
@@ -197,17 +190,6 @@ function close() {
>
{{ submitError }}
</v-alert>
<v-alert
v-if="lookupsFailed"
type="warning"
variant="tonal"
density="compact"
class="mb-3"
data-testid="lookups-error-alert"
>
Не удалось загрузить списки проектов и менеджеров показаны примерные значения. Проверьте выбор
перед сохранением.
</v-alert>
<v-row dense>
<v-col cols="12" md="6">
<v-text-field
app/resources/js/components/import/UnknownStatusesDialog.vue
-125
View File
@@ -1,125 +0,0 @@
<script setup lang="ts">
/**
* Wizard маппинга неизвестных статусов воронки из CSV-импорта (ТЗ §6.4/§6.6).
*
* Для каждого незамапленного русского статуса пользователь выбирает один из
* 14 канонических slug'ов. Сохранение POST /api/imports/unknown-statuses/resolve.
*/
import { computed, reactive, ref } from 'vue';
import { resolveUnknownStatuses, type StatusMapping, type UnknownStatus } from '../../api/imports';
const props = defineProps<{
modelValue: boolean;
statuses: UnknownStatus[];
}>();
const emit = defineEmits<{
'update:modelValue': [value: boolean];
resolved: [];
}>();
/** 14 канонических статусов воронки (ТЗ §6.4). */
const STATUS_OPTIONS: { value: string; title: string }[] = [
{ value: 'new', title: 'Новые' },
{ value: 'viewed', title: 'Просмотрено' },
{ value: 'worked', title: 'Проработан' },
{ value: 'base', title: 'База' },
{ value: 'missed', title: 'Недозвон' },
{ value: 'negotiations', title: 'Переговоры' },
{ value: 'waiting_payment', title: 'Ожидаем оплаты' },
{ value: 'partnership', title: 'Партнерка' },
{ value: 'paid', title: 'Оплачено' },
{ value: 'closed', title: 'Закрыто и не реализовано' },
{ value: 'test_drive', title: 'Тест драйв' },
{ value: 'hot', title: 'Горячий' },
{ value: 'replacement', title: 'На замену' },
{ value: 'final_missed', title: 'Конечный недозвон' },
];
const selection = reactive<Record<string, string | null>>({});
const saving = ref(false);
const error = ref<string | null>(null);
const dialogOpen = computed({
get: () => props.modelValue,
set: (v: boolean) => emit('update:modelValue', v),
});
const allMapped = computed(
() => props.statuses.length > 0 && props.statuses.every((s) => !!selection[s.status_ru]),
);
async function save(): Promise<void> {
if (!allMapped.value) {
return;
}
saving.value = true;
error.value = null;
try {
const mappings: StatusMapping[] = props.statuses.map((s) => ({
status_ru: s.status_ru,
slug: selection[s.status_ru] as string,
}));
await resolveUnknownStatuses(mappings);
emit('resolved');
} catch {
error.value = 'Не удалось сохранить маппинг. Повторите попытку.';
} finally {
saving.value = false;
}
}
defineExpose({ selection, save });
</script>
<template>
<v-dialog v-model="dialogOpen" max-width="640">
<v-card>
<v-card-title class="text-h6">Маппинг неизвестных статусов</v-card-title>
<v-card-text>
<p class="text-body-2 text-medium-emphasis mb-4">
Эти статусы из CSV не входят в стандартную воронку. Выберите
соответствие повторный импорт применит маппинг автоматически.
</p>
<div
v-for="status in statuses"
:key="status.id"
class="d-flex align-center ga-3 mb-3"
>
<div class="flex-grow-1">
<strong>{{ status.status_ru }}</strong>
<span class="text-caption text-medium-emphasis ml-2">
({{ status.occurrences }} шт.)
</span>
</div>
<v-select
v-model="selection[status.status_ru]"
:items="STATUS_OPTIONS"
label="Статус воронки"
density="compact"
variant="outlined"
hide-details
style="max-width: 280px"
/>
</div>
<v-alert v-if="error" type="error" variant="tonal" class="mt-2">
{{ error }}
</v-alert>
</v-card-text>
<v-card-actions>
<v-spacer />
<v-btn variant="text" @click="dialogOpen = false">Отмена</v-btn>
<v-btn
data-test="save-mappings"
color="primary"
variant="flat"
:loading="saving"
:disabled="!allMapped"
@click="save"
>
Сохранить
</v-btn>
</v-card-actions>
</v-card>
</v-dialog>
</template>
app/resources/js/components/layout/AppSidebar.vue
+4 -31
View File
@@ -5,14 +5,11 @@
* + active-marker pseudo-element + JetBrains Mono badges.
*
* Brand mark + nav-tree (3 группы: Работа, Финансы, Команда).
* Count для «Сделки» live из API (dealsCount-store, audit B2).
* Counts для «Сделки» mock.
*/
import { computed, onMounted } from 'vue';
import { computed } from 'vue';
import { useRoute } from 'vue-router';
import Kbd from '../ui/Kbd.vue';
import { useAuthStore } from '../../stores/auth';
import { useDealsCountStore } from '../../stores/dealsCount';
import { useCommandPalette } from '../../composables/useCommandPalette';
interface NavItem {
title: string;
@@ -29,31 +26,15 @@ interface NavGroup {
const drawerOpen = defineModel<boolean>('drawerOpen', { default: true });
const route = useRoute();
const auth = useAuthStore();
const dealsCount = useDealsCountStore();
const { openPalette } = useCommandPalette();
onMounted(() => {
if (auth.user?.tenant_id) void dealsCount.load(auth.user.tenant_id);
});
const navGroups = computed<NavGroup[]>(() => [
{
eyebrow: 'Работа',
items: [
{ title: 'Проекты', icon: 'mdi-folder-multiple-outline', to: '/projects' },
// B2: count из dealsCount-store; null undefined (NavItem.count number|undefined),
// resolveCount затем 0 и v-if скрывает бейдж пока счётчик не загружен.
{
title: 'Сделки',
icon: 'mdi-format-list-bulleted',
to: '/deals',
count: dealsCount.count ?? undefined,
countKey: 'deals',
},
{ title: 'Сделки', icon: 'mdi-format-list-bulleted', to: '/deals', count: 247 },
{ title: 'Канбан', icon: 'mdi-view-column-outline', to: '/kanban' },
{ title: 'Дашборд', icon: 'mdi-view-dashboard-outline', to: '/dashboard' },
{ title: 'Импорт данных', icon: 'mdi-database-import-outline', to: '/import' },
],
},
{
@@ -82,15 +63,7 @@ defineExpose({ navGroups });
<span class="ld-sidebar__brand-name">Лидерра<span class="ld-sidebar__brand-dot">.</span></span>
</div>
<div
class="ld-cmdk-stub"
role="button"
tabindex="0"
data-testid="cmdk-stub"
@click="openPalette"
@keydown.enter="openPalette"
@keydown.space.prevent="openPalette"
>
<div class="ld-cmdk-stub" role="button" tabindex="0">
<span class="ld-cmdk-stub__placeholder">Поиск, команды</span>
<Kbd dark>K</Kbd>
</div>
app/resources/js/components/layout/AppTopbar.vue
+8 -13
View File
@@ -8,7 +8,6 @@ import { computed } from 'vue';
import { useRouter } from 'vue-router';
import { useAuthStore } from '../../stores/auth';
import { useNotificationsStore } from '../../stores/notifications';
import { useCommandPalette } from '../../composables/useCommandPalette';
defineProps<{
pageTitle: string;
@@ -21,7 +20,6 @@ const emit = defineEmits<{
const auth = useAuthStore();
const notifications = useNotificationsStore();
const router = useRouter();
const { openPalette } = useCommandPalette();
const unreadDisplay = computed(() => {
if (notifications.unreadCount === 0) return '';
@@ -58,8 +56,8 @@ function formatRelative(iso: string | null): string {
async function handleNotificationClick(id: number, dealId: number | null): Promise<void> {
await notifications.markRead(id);
if (dealId !== null) {
// Audit F3: deep-link на конкретный drawer через ?openId=.
await router.push({ path: '/deals', query: { openId: dealId } });
// На MVP push на DealsView (deep-link на конкретный drawer отдельный коммит).
await router.push('/deals');
}
}
@@ -89,7 +87,11 @@ async function handleLogout(): Promise<void> {
<template>
<v-app-bar :elevation="0" color="surface" class="app-topbar" :height="56">
<v-app-bar-nav-icon class="d-md-none" aria-label="Открыть меню навигации" @click="emit('toggle-drawer')" />
<v-app-bar-nav-icon
class="d-md-none"
aria-label="Открыть меню навигации"
@click="emit('toggle-drawer')"
/>
<div class="crumb">
<strong>{{ pageTitle }}</strong>
@@ -97,14 +99,7 @@ async function handleLogout(): Promise<void> {
<v-spacer />
<v-btn
variant="outlined"
size="small"
prepend-icon="mdi-magnify"
class="searchbar mr-2"
data-testid="topbar-search-btn"
@click="openPalette"
>
<v-btn variant="outlined" size="small" prepend-icon="mdi-magnify" class="searchbar mr-2" disabled>
Поиск
<template #append>
<kbd class="search-kbd">K</kbd>
app/resources/js/components/layout/CommandPalette.vue
-113
View File
@@ -1,113 +0,0 @@
<script setup lang="ts">
/**
* Минимальная command-palette (audit B3). Открывается по K / Ctrl+K, кликом
* на плашку в AppSidebar или кнопку «Поиск» в AppTopbar. Список навигация
* по 8 разделам портала; фильтр по подстроке; Enter первый результат.
* Монтируется один раз в AppLayout.
*/
import { computed, onMounted, onUnmounted, ref, watch } from 'vue';
import { useRouter } from 'vue-router';
import { useCommandPalette } from '../../composables/useCommandPalette';
interface PaletteItem {
title: string;
icon: string;
to: string;
}
const NAV_ITEMS: PaletteItem[] = [
{ title: 'Проекты', icon: 'mdi-folder-multiple-outline', to: '/projects' },
{ title: 'Сделки', icon: 'mdi-format-list-bulleted', to: '/deals' },
{ title: 'Канбан', icon: 'mdi-view-column-outline', to: '/kanban' },
{ title: 'Дашборд', icon: 'mdi-view-dashboard-outline', to: '/dashboard' },
{ title: 'Импорт данных', icon: 'mdi-database-import-outline', to: '/import' },
{ title: 'Биллинг', icon: 'mdi-credit-card-outline', to: '/billing' },
{ title: 'Отчёты', icon: 'mdi-chart-box-outline', to: '/reports' },
{ title: 'Настройки', icon: 'mdi-cog-outline', to: '/settings' },
];
const { open, closePalette } = useCommandPalette();
const router = useRouter();
const query = ref('');
const filteredItems = computed<PaletteItem[]>(() => {
const q = query.value.trim().toLowerCase();
if (q === '') return NAV_ITEMS;
return NAV_ITEMS.filter((i) => i.title.toLowerCase().includes(q));
});
// Сброс query при каждом открытии.
watch(open, (isOpen) => {
if (isOpen) query.value = '';
});
function selectItem(item: PaletteItem): void {
closePalette();
void router.push(item.to);
}
function onSubmit(): void {
const first = filteredItems.value[0];
if (first) selectItem(first);
}
function onGlobalKeydown(e: KeyboardEvent): void {
if ((e.metaKey || e.ctrlKey) && e.key.toLowerCase() === 'k') {
if (open.value) return;
e.preventDefault();
open.value = true;
}
}
onMounted(() => window.addEventListener('keydown', onGlobalKeydown));
onUnmounted(() => window.removeEventListener('keydown', onGlobalKeydown));
defineExpose({ query, filteredItems, selectItem, onSubmit });
</script>
<template>
<v-dialog v-model="open" :max-width="520" data-testid="command-palette">
<v-card class="cmdk-card">
<v-text-field
v-model="query"
autofocus
placeholder="Поиск разделов…"
variant="plain"
density="comfortable"
hide-details
prepend-inner-icon="mdi-magnify"
class="cmdk-input px-3 pt-2"
data-testid="command-palette-input"
@keydown.enter="onSubmit"
/>
<v-divider />
<v-list density="compact" class="cmdk-list" data-testid="command-palette-list">
<v-list-item
v-for="item in filteredItems"
:key="item.to"
:prepend-icon="item.icon"
:title="item.title"
data-testid="command-palette-item"
@click="selectItem(item)"
/>
<v-list-item
v-if="filteredItems.length === 0"
class="text-medium-emphasis"
title="Ничего не найдено"
data-testid="command-palette-empty"
/>
</v-list>
</v-card>
</v-dialog>
</template>
<style scoped>
.cmdk-card {
overflow: hidden;
}
.cmdk-list {
max-height: 320px;
overflow-y: auto;
}
</style>
app/resources/js/components/projects/BulkActionsBar.vue
+4 -20
View File
@@ -55,19 +55,6 @@
:count="store.selectedIds.size"
@apply="(p) => runBulk({ action: 'update_limit', ...p })"
/>
<v-snackbar
v-model="skipToastOpen"
:timeout="6000"
color="warning"
location="bottom right"
data-testid="bulk-skip-toast"
>
{{ skipToastText }}
<template #actions>
<v-btn variant="text" @click="skipToastOpen = false">Закрыть</v-btn>
</template>
</v-snackbar>
</v-card>
</template>
@@ -85,10 +72,6 @@ const regionsOpen = ref(false);
const daysOpen = ref(false);
const limitOpen = ref(false);
// Sprint 1 C5: window.alert v-snackbar (non-blocking, accessible, не breaks браузерный automation).
const skipToastOpen = ref(false);
const skipToastText = ref('');
const messages: Record<string, string> = {
pause: 'Приостановить выбранные проекты?',
resume: 'Возобновить выбранные проекты?',
@@ -104,12 +87,13 @@ async function confirmAndRun(action: 'pause' | 'resume' | 'archive') {
async function runBulk(payload: Parameters<typeof store.bulkUpdate>[0]) {
const result = await store.bulkUpdate(payload);
if (result.skipped.length > 0) {
skipToastText.value = `Применено: ${result.updated}. Пропущено: ${result.skipped.length} (конфликт с уже доставленными лидами).`;
skipToastOpen.value = true;
window.alert(
`Применено: ${result.updated}. Пропущено: ${result.skipped.length} (конфликт с уже доставленными лидами).`,
);
}
}
defineExpose({ regionsOpen, daysOpen, limitOpen, skipToastOpen, skipToastText, runBulk });
defineExpose({ regionsOpen, daysOpen, limitOpen });
</script>
<style scoped>
app/resources/js/components/projects/ProjectDetailsDrawer.vue
+142 -63
View File
@@ -3,7 +3,7 @@ import { ref, reactive, computed, onMounted, onBeforeUnmount, watch } from 'vue'
import axios from 'axios';
import type { Project } from '../../stores/projectsStore';
import { useProjectsStore } from '../../stores/projectsStore';
import { REGIONS } from '../../constants/regions';
import { REGIONS, FEDERAL_DISTRICT_NAMES } from '../../constants/regions';
const props = defineProps<{ project: Project | null }>();
const emit = defineEmits<{ close: []; saved: [] }>();
@@ -11,8 +11,7 @@ const emit = defineEmits<{ close: []; saved: [] }>();
interface FormState {
name: string;
daily_limit_target: number;
region_mask: number;
region_mode: 'include' | 'exclude';
regions: number[];
delivery_days_mask: number;
sms_senders: string[];
sms_keyword: string;
@@ -21,48 +20,31 @@ interface FormState {
const form = reactive<FormState>({
name: '',
daily_limit_target: 50,
region_mask: 0,
region_mode: 'include',
regions: [],
delivery_days_mask: 127,
sms_senders: [],
sms_keyword: '',
});
const selectedRegions = ref<number[]>([]);
const selectableRegions = REGIONS.filter((r) => r.code !== 0);
function maskToCodes(mask: number): number[] {
const codes: number[] = [];
for (let i = 1; i <= 31; i++) if (mask & (1 << i)) codes.push(i);
return codes;
}
function reseedFromProject(p: Project | null): void {
if (!p) return;
form.name = p.name;
form.daily_limit_target = p.daily_limit_target;
form.region_mask = p.region_mask ?? 0;
form.region_mode = (p.region_mode ?? 'include') as 'include' | 'exclude';
form.regions = Array.isArray(p.regions) ? [...p.regions] : [];
form.delivery_days_mask = p.delivery_days_mask ?? 127;
form.sms_senders = p.sms_senders ?? [];
form.sms_keyword = p.sms_keyword ?? '';
selectedRegions.value = maskToCodes(form.region_mask);
}
reseedFromProject(props.project);
watch(() => props.project?.id, () => {
reseedFromProject(props.project);
});
watch(selectedRegions, (codes) => {
if (codes.length === 0) {
form.region_mask = 0;
form.region_mode = 'include';
} else {
form.region_mask = codes.reduce((acc, c) => (c >= 1 && c <= 31 ? acc | (1 << c) : acc), 0);
form.region_mode = 'exclude';
}
});
watch(
() => props.project?.id,
() => {
reseedFromProject(props.project);
},
);
const saving = ref(false);
const errors = reactive<Record<string, string[]>>({});
@@ -76,7 +58,9 @@ async function onPause(): Promise<void> {
async function onDelete(): Promise<void> {
if (!props.project) return;
const ok = window.confirm('Архивировать проект? Действие необратимо в Plan 5 (восстановление потребует ручного запроса).');
const ok = window.confirm(
'Архивировать проект? Действие необратимо в Plan 5 (восстановление потребует ручного запроса).',
);
if (!ok) return;
await store.archive(props.project.id);
emit('close');
@@ -90,8 +74,7 @@ async function onSave(): Promise<void> {
const payload: Record<string, unknown> = {
name: form.name,
daily_limit_target: form.daily_limit_target,
region_mask: form.region_mask,
region_mode: form.region_mode,
regions: form.regions,
delivery_days_mask: form.delivery_days_mask,
};
if (props.project.signal_type === 'sms') {
@@ -122,7 +105,7 @@ const activeDays = computed<boolean[]>(() => {
});
function toggleDay(i: number): void {
form.delivery_days_mask ^= (1 << i);
form.delivery_days_mask ^= 1 << i;
}
const dayLabels = ['Пн', 'Вт', 'Ср', 'Чт', 'Пт', 'Сб', 'Вс'];
@@ -159,7 +142,7 @@ const dayLabels = ['Пн', 'Вт', 'Ср', 'Чт', 'Пт', 'Сб', 'Вс'];
<div class="pdd-field">
<span class="pdd-label">Регионы (пусто = вся РФ)</span>
<v-autocomplete
v-model="selectedRegions"
v-model="form.regions"
:items="selectableRegions"
item-title="name"
item-value="code"
@@ -169,7 +152,15 @@ const dayLabels = ['Пн', 'Вт', 'Ср', 'Чт', 'Пт', 'Сб', 'Вс'];
density="comfortable"
hide-details
data-testid="pdd-regions"
/>
>
<template #item="{ props: itemProps, item }">
<v-list-item v-bind="itemProps">
<template #subtitle>
{{ FEDERAL_DISTRICT_NAMES[item.raw.federalDistrict] || '' }}
</template>
</v-list-item>
</template>
</v-autocomplete>
</div>
<div class="pdd-field">
@@ -197,13 +188,12 @@ const dayLabels = ['Пн', 'Вт', 'Ср', 'Чт', 'Пт', 'Сб', 'Вс'];
<button class="pdd-btn pdd-btn-error" data-testid="pdd-delete" @click="onDelete">🗄 Удалить</button>
</div>
<div class="pdd-foot-right">
<button class="pdd-btn pdd-btn-text" data-testid="pdd-cancel" @click="$emit('close')">Отмена</button>
<button
class="pdd-btn pdd-btn-primary"
data-testid="pdd-save"
:disabled="saving"
@click="onSave"
>Сохранить</button>
<button class="pdd-btn pdd-btn-text" data-testid="pdd-cancel" @click="$emit('close')">
Отмена
</button>
<button class="pdd-btn pdd-btn-primary" data-testid="pdd-save" :disabled="saving" @click="onSave">
Сохранить
</button>
</div>
</footer>
</div>
@@ -212,34 +202,123 @@ const dayLabels = ['Пн', 'Вт', 'Ср', 'Чт', 'Пт', 'Сб', 'Вс'];
<style scoped>
.project-details-drawer {
position: fixed; top: 0; right: 0; bottom: 0;
position: fixed;
top: 0;
right: 0;
bottom: 0;
width: 480px;
background: var(--liderra-surface, #ffffff);
border-left: 1px solid var(--liderra-line, #e6e2d6);
box-shadow: -4px 0 16px rgba(0, 0, 0, 0.06);
transform: translateX(100%);
transition: transform 240ms cubic-bezier(0.16, 1, 0.3, 1);
display: flex; flex-direction: column;
display: flex;
flex-direction: column;
z-index: 5;
}
.project-details-drawer.open { transform: translateX(0); }
.pdd-content { display: flex; flex-direction: column; height: 100%; }
.pdd-head { display: flex; justify-content: space-between; align-items: center; padding: 16px 20px; border-bottom: 1px solid var(--liderra-line, #e6e2d6); }
.pdd-title { font-weight: 600; font-size: 16px; }
.pdd-close { background: none; border: 0; cursor: pointer; font-size: 18px; padding: 4px; }
.pdd-body { padding: 16px 20px; display: flex; flex-direction: column; gap: 14px; flex: 1; overflow-y: auto; }
.pdd-field { display: flex; flex-direction: column; gap: 4px; }
.pdd-label { font-size: 12px; color: #6b6f72; }
.pdd-input { padding: 8px 10px; border: 1px solid var(--liderra-line, #e6e2d6); border-radius: 6px; font: inherit; }
.pdd-days { display: flex; gap: 4px; }
.pdd-day { padding: 6px 10px; border: 1px solid var(--liderra-line, #e6e2d6); background: #ffffff; border-radius: 4px; cursor: pointer; font: inherit; }
.pdd-day.active { background: #0f6e56; color: #ffffff; border-color: #0f6e56; }
.pdd-foot { display: flex; justify-content: space-between; padding: 12px 20px; border-top: 1px solid var(--liderra-line, #e6e2d6); }
.pdd-foot-left, .pdd-foot-right { display: flex; gap: 8px; }
.pdd-btn { padding: 6px 14px; border: 0; border-radius: 6px; cursor: pointer; font: inherit; }
.pdd-btn-text { background: transparent; color: #081319; }
.pdd-btn-primary { background: #0f6e56; color: #ffffff; }
.pdd-btn-warning { background: #f59e0b; color: #ffffff; }
.pdd-btn-error { background: #dc2626; color: #ffffff; }
.pdd-error { color: #dc2626; font-size: 12px; margin-top: 4px; }
.project-details-drawer.open {
transform: translateX(0);
}
.pdd-content {
display: flex;
flex-direction: column;
height: 100%;
}
.pdd-head {
display: flex;
justify-content: space-between;
align-items: center;
padding: 16px 20px;
border-bottom: 1px solid var(--liderra-line, #e6e2d6);
}
.pdd-title {
font-weight: 600;
font-size: 16px;
}
.pdd-close {
background: none;
border: 0;
cursor: pointer;
font-size: 18px;
padding: 4px;
}
.pdd-body {
padding: 16px 20px;
display: flex;
flex-direction: column;
gap: 14px;
flex: 1;
overflow-y: auto;
}
.pdd-field {
display: flex;
flex-direction: column;
gap: 4px;
}
.pdd-label {
font-size: 12px;
color: #6b6f72;
}
.pdd-input {
padding: 8px 10px;
border: 1px solid var(--liderra-line, #e6e2d6);
border-radius: 6px;
font: inherit;
}
.pdd-days {
display: flex;
gap: 4px;
}
.pdd-day {
padding: 6px 10px;
border: 1px solid var(--liderra-line, #e6e2d6);
background: #ffffff;
border-radius: 4px;
cursor: pointer;
font: inherit;
}
.pdd-day.active {
background: #0f6e56;
color: #ffffff;
border-color: #0f6e56;
}
.pdd-foot {
display: flex;
justify-content: space-between;
padding: 12px 20px;
border-top: 1px solid var(--liderra-line, #e6e2d6);
}
.pdd-foot-left,
.pdd-foot-right {
display: flex;
gap: 8px;
}
.pdd-btn {
padding: 6px 14px;
border: 0;
border-radius: 6px;
cursor: pointer;
font: inherit;
}
.pdd-btn-text {
background: transparent;
color: #081319;
}
.pdd-btn-primary {
background: #0f6e56;
color: #ffffff;
}
.pdd-btn-warning {
background: #f59e0b;
color: #ffffff;
}
.pdd-btn-error {
background: #dc2626;
color: #ffffff;
}
.pdd-error {
color: #dc2626;
font-size: 12px;
margin-top: 4px;
}
</style>
app/resources/js/components/reports/ReportJobsList.vue
+1 -2
View File
@@ -98,8 +98,7 @@ function canRetry(job: ReportJob): boolean {
</v-chip>
<div class="job-actions">
<v-btn
v-if="job.status === 'done' && job.downloadUrl"
:href="job.downloadUrl"
v-if="job.status === 'done'"
icon="mdi-download"
variant="text"
size="small"
app/resources/js/composables/billingFormatters.ts
+33 -24
View File
@@ -1,11 +1,9 @@
/**
* Форматтеры биллинга BillingView + TransactionsTable + InvoicesTable.
*
* Sprint 2 Plan C: status/format-функции (statusChipColor/statusLabel/
* formatLabel/formatIcon) удалены real-API транзакции не имеют статуса
* (append-only ledger), счета отдельный формат. txAmountClass
* перетипизирован под знак суммы.
* Форматтеры для биллинга. Экспортируются для использования в нескольких
* sub-components BillingView (BalanceCard, TransactionsTable, InvoicesTable).
* Sprint 4 Phase B/2 split BillingView.
*/
import type { BillingTransaction, InvoiceFormat, TxStatus } from './mockBilling';
/** «5000» → «5 000 ₽» (без знака). */
export function formatPlain(cost: number): string {
@@ -18,25 +16,36 @@ export function formatCost(cost: number): string {
return sign + new Intl.NumberFormat('ru-RU').format(Math.abs(cost)) + ' ₽';
}
/** CSS-класс суммы транзакции по знаку. */
export function txAmountClass(amount: number): string {
if (amount > 0) return 'tx-amount-up';
if (amount < 0) return 'tx-amount-down';
/** CSS-класс для суммы транзакции по статусу/знаку. */
export function txAmountClass(tx: BillingTransaction): string {
if (tx.status === 'rejected') return 'tx-amount-neutral';
if (tx.amount > 0) return 'tx-amount-up';
if (tx.amount < 0) return 'tx-amount-down';
return 'tx-amount-neutral';
}
/** Человекочитаемые лейблы для feature-слагов tariff_plans.features. */
export const FEATURE_LABELS: Record<string, string> = {
webhook: 'Webhook',
kanban: 'Канбан',
basic_analytics: 'Базовая аналитика',
advanced_analytics: 'Расширенная аналитика',
api: 'API',
'2fa': 'Двухфакторная аутентификация',
custom_domain: 'Свой домен',
};
/** Лейбл feature-слага; неизвестный слаг возвращается как есть. */
export function featureLabel(slug: string): string {
return FEATURE_LABELS[slug] ?? slug;
/** Vuetify-цвет чипа статуса транзакции. */
export function statusChipColor(status: TxStatus): string {
if (status === 'pending') return 'warning';
if (status === 'completed') return 'success';
return 'error';
}
/** Локализованный лейбл статуса транзакции. */
export function statusLabel(status: TxStatus): string {
if (status === 'pending') return 'В обработке';
if (status === 'completed') return 'Проведён';
return 'Отклонено';
}
/** Лейбл формата файла счёта/УПД (PDF / 1С 8.3 XML). */
export function formatLabel(format: InvoiceFormat): string {
if (format === 'pdf') return 'PDF';
return '1С 8.3 XML';
}
/** Иконка формата файла счёта/УПД. */
export function formatIcon(format: InvoiceFormat): string {
if (format === 'pdf') return 'mdi-file-pdf-box';
return 'mdi-xml';
}
app/resources/js/composables/mockBilling.ts
+158 -7
View File
@@ -1,16 +1,167 @@
/**
* Мок платежа «в обработке» для pending-баннера BillingView.
* Mock-данные для BillingView. Заменятся на API-fetch:
* GET /api/billing/wallet баланс + леды + tariff.
* GET /api/billing/transactions?type={all|topup|charge|refund} `balance_transactions`.
* GET /api/billing/invoices `invoices` table (счета + УПД).
*
* Кошелёк / транзакции / счета подключены к real API (api/billing.ts) в
* Sprint 2 Plan C (E3). Pending-баннер отдельный эпик E4 (Sprint 5);
* до его реализации остаётся mock.
* Mock-структуры соответствуют схеме v8.7:
* - balance_transactions (§4.4): type {topup, lead_charge, refund, tariff_charge, manager_addon}.
* - invoices (§4.5): type {invoice, upd}, format {pdf, xml_1c83}.
*/
type TxType = 'topup' | 'lead_charge' | 'refund' | 'tariff_charge';
export type TxStatus = 'pending' | 'completed' | 'rejected';
export interface BillingTransaction {
id: number;
code: string; // 'TX-89421'
when: string; // '07.05 · 14:21'
type: TxType;
description: string;
status: TxStatus;
amount: number; // signed (+ topup/refund, charge)
}
export const MOCK_TRANSACTIONS: BillingTransaction[] = [
{
id: 89421,
code: 'TX-89421',
when: '07.05 · 14:21',
type: 'topup',
description: 'Пополнение через ЮKassa',
status: 'pending',
amount: 5000,
},
{
id: 89384,
code: 'TX-89384',
when: '07.05 · 11:14',
type: 'lead_charge',
description: 'Списание · 3 лида проект «Окна Москва»',
status: 'completed',
amount: -6600,
},
{
id: 89370,
code: 'TX-89370',
when: '07.05 · 09:48',
type: 'refund',
description: 'Возврат лида #1018 · дубликат',
status: 'completed',
amount: 2200,
},
{
id: 89312,
code: 'TX-89312',
when: '06.05 · 22:06',
type: 'topup',
description: 'Пополнение через ЮKassa',
status: 'completed',
amount: 10000,
},
{
id: 89286,
code: 'TX-89286',
when: '06.05 · 18:32',
type: 'lead_charge',
description: 'Списание · 5 лидов проект «Натяжные потолки»',
status: 'completed',
amount: -9250,
},
{
id: 89108,
code: 'TX-89108',
when: '05.05 · 12:00',
type: 'tariff_charge',
description: 'Списание абонентской платы тарифа «Команда»',
status: 'completed',
amount: -990,
},
{
id: 88937,
code: 'TX-88937',
when: '04.05 · 16:42',
type: 'topup',
description: 'Попытка пополнения через банковский перевод',
status: 'rejected',
amount: 0,
},
{
id: 88714,
code: 'TX-88714',
when: '03.05 · 09:18',
type: 'refund',
description: 'Возврат лида #998 · спам',
status: 'completed',
amount: 1850,
},
];
export interface BillingTab {
id: 'all' | 'topup' | 'lead_charge' | 'refund';
label: string;
types: TxType[] | null;
}
export const BILLING_TABS: BillingTab[] = [
{ id: 'all', label: 'Все', types: null },
{ id: 'topup', label: 'Пополнения', types: ['topup'] },
{ id: 'lead_charge', label: 'Списания', types: ['lead_charge', 'tariff_charge'] },
{ id: 'refund', label: 'Возвраты', types: ['refund'] },
];
export type InvoiceFormat = 'pdf' | 'xml_1c83';
export interface Invoice {
id: number;
when: string; // '07.05.2026'
title: string; // 'Счёт № 2026-0512'
sub: string; // 'Тариф «Команда» · май 2026'
amountRub: number;
format: InvoiceFormat;
}
export const MOCK_INVOICES: Invoice[] = [
{
id: 1,
when: '07.05.2026',
title: 'Счёт № 2026-0512',
sub: 'Тариф «Команда» · май 2026',
amountRub: 990,
format: 'pdf',
},
{
id: 2,
when: '06.05.2026',
title: 'УПД № УПД-2026-0492',
sub: 'Списания за апрель · 18 лидов',
amountRub: 29850,
format: 'xml_1c83',
},
{
id: 3,
when: '05.05.2026',
title: 'УПД № УПД-2026-0488',
sub: 'Списания за март · 24 лида',
amountRub: 38100,
format: 'xml_1c83',
},
{
id: 4,
when: '01.04.2026',
title: 'Счёт № 2026-0498',
sub: 'Тариф «Команда» · апрель 2026',
amountRub: 990,
format: 'pdf',
},
];
export interface PendingPayment {
code: string;
amount: number;
method: string;
startedAt: string;
autoCancelAt: string;
method: string; // 'ЮKassa'
startedAt: string; // '14:21'
autoCancelAt: string; // '14:51'
timeoutMinutes: number;
}
app/resources/js/composables/mockReports.ts
-1
View File
@@ -45,5 +45,4 @@ export interface ReportJob {
progress: number | null; // 0..100 для running
attempt: number; // 1..3
error: string | null;
downloadUrl: string | null; // signed URL (24ч) скачивания готового файла; null для не-готовых
}
app/resources/js/composables/reportsMapper.ts
-1
View File
@@ -43,7 +43,6 @@ export function mapApiReportJob(api: ApiReportJob, now: Date = new Date()): Repo
progress: api.status === 'processing' ? 50 : null,
attempt: api.retry_count + 1,
error: api.error_message,
downloadUrl: api.download_url,
};
}
app/resources/js/composables/useCommandPalette.ts
-20
View File
@@ -1,20 +0,0 @@
import { ref } from 'vue';
/**
* Глобальное состояние command-palette (K, audit B3). Module-level singleton
* ref AppSidebar/AppTopbar открывают палитру без prop-drilling, CommandPalette
* (смонтирована один раз в AppLayout) использует тот же ref как v-model.
*/
const open = ref(false);
export function useCommandPalette() {
return {
open,
openPalette: (): void => {
open.value = true;
},
closePalette: (): void => {
open.value = false;
},
};
}
app/resources/js/constants/regions.ts
+114 -37
View File
@@ -1,42 +1,119 @@
export interface Region {
code: number;
name: string;
code: number; // 1..89, sequential по конституционному порядку (Art. 65)
name: string; // официальное название субъекта
federalDistrict: number; // 1..8 (см. FEDERAL_DISTRICT_NAMES)
}
// MVP: 31 региона (коды 1..31) ограничены 32-bit region_mask из Plan 5 Task 9.
// Sentinel code:0 = «Вся РФ» (включает все регионы, эквивалент пустой маски).
// Имена — официальные субъекты РФ по конституционному порядку нумерации.
// Конституционный порядок (ст. 65 Конституции РФ, ред. 2022):
// 24 республики (1..24) → 9 краёв (25..33) → 48 областей (34..81) →
// 3 города фед.знач. (82..84) → 1 АО Еврейская (85) → 4 АО (86..89).
// Sentinel code:0 = "Вся РФ" (UI hint, в БД хранится как regions=[]).
export const REGIONS: Region[] = [
{ code: 0, name: 'Вся РФ' },
{ code: 1, name: 'Республика Адыгея' },
{ code: 2, name: 'Республика Башкортостан' },
{ code: 3, name: 'Республика Бурятия' },
{ code: 4, name: 'Республика Алтай' },
{ code: 5, name: 'Республика Дагестан' },
{ code: 6, name: 'Республика Ингушетия' },
{ code: 7, name: 'Кабардино-Балкарская Республика' },
{ code: 8, name: 'Республика Калмыкия' },
{ code: 9, name: 'Карачаево-Черкесская Республика' },
{ code: 10, name: 'Республика Карелия' },
{ code: 11, name: 'Республика Коми' },
{ code: 12, name: 'Республика Марий Эл' },
{ code: 13, name: 'Республика Мордовия' },
{ code: 14, name: 'Республика Саха (Якутия)' },
{ code: 15, name: 'Республика Северная Осетия — Алания' },
{ code: 16, name: 'Республика Татарстан' },
{ code: 17, name: 'Республика Тыва' },
{ code: 18, name: 'Удмуртская Республика' },
{ code: 19, name: 'Республика Хакасия' },
{ code: 20, name: 'Чеченская Республика' },
{ code: 21, name: 'Чувашская Республика' },
{ code: 22, name: 'Алтайский край' },
{ code: 23, name: 'Краснодарский край' },
{ code: 24, name: 'Красноярский край' },
{ code: 25, name: 'Приморский край' },
{ code: 26, name: 'Ставропольский край' },
{ code: 27, name: 'Хабаровский край' },
{ code: 28, name: 'Амурская область' },
{ code: 29, name: 'Архангельская область' },
{ code: 30, name: 'Астраханская область' },
{ code: 31, name: 'Белгородская область' },
{ code: 0, name: 'Вся РФ', federalDistrict: 0 },
// 24 республики
{ code: 1, name: 'Республика Адыгея', federalDistrict: 3 },
{ code: 2, name: 'Республика Алтай', federalDistrict: 7 },
{ code: 3, name: 'Республика Башкортостан', federalDistrict: 5 },
{ code: 4, name: 'Республика Бурятия', federalDistrict: 8 },
{ code: 5, name: 'Республика Дагестан', federalDistrict: 4 },
{ code: 6, name: 'Донецкая Народная Республика', federalDistrict: 3 },
{ code: 7, name: 'Республика Ингушетия', federalDistrict: 4 },
{ code: 8, name: 'Кабардино-Балкарская Республика', federalDistrict: 4 },
{ code: 9, name: 'Республика Калмыкия', federalDistrict: 3 },
{ code: 10, name: 'Карачаево-Черкесская Республика', federalDistrict: 4 },
{ code: 11, name: 'Республика Карелия', federalDistrict: 2 },
{ code: 12, name: 'Республика Коми', federalDistrict: 2 },
{ code: 13, name: 'Республика Крым', federalDistrict: 3 },
{ code: 14, name: 'Луганская Народная Республика', federalDistrict: 3 },
{ code: 15, name: 'Республика Марий Эл', federalDistrict: 5 },
{ code: 16, name: 'Республика Мордовия', federalDistrict: 5 },
{ code: 17, name: 'Республика Саха (Якутия)', federalDistrict: 8 },
{ code: 18, name: 'Республика Северная Осетия — Алания', federalDistrict: 4 },
{ code: 19, name: 'Республика Татарстан', federalDistrict: 5 },
{ code: 20, name: 'Республика Тыва', federalDistrict: 7 },
{ code: 21, name: 'Удмуртская Республика', federalDistrict: 5 },
{ code: 22, name: 'Республика Хакасия', federalDistrict: 7 },
{ code: 23, name: 'Чеченская Республика', federalDistrict: 4 },
{ code: 24, name: 'Чувашская Республика', federalDistrict: 5 },
// 9 краёв
{ code: 25, name: 'Алтайский край', federalDistrict: 7 },
{ code: 26, name: 'Забайкальский край', federalDistrict: 8 },
{ code: 27, name: 'Камчатский край', federalDistrict: 8 },
{ code: 28, name: 'Краснодарский край', federalDistrict: 3 },
{ code: 29, name: 'Красноярский край', federalDistrict: 7 },
{ code: 30, name: 'Пермский край', federalDistrict: 5 },
{ code: 31, name: 'Приморский край', federalDistrict: 8 },
{ code: 32, name: 'Ставропольский край', federalDistrict: 4 },
{ code: 33, name: 'Хабаровский край', federalDistrict: 8 },
// 48 областей
{ code: 34, name: 'Амурская область', federalDistrict: 8 },
{ code: 35, name: 'Архангельская область', federalDistrict: 2 },
{ code: 36, name: 'Астраханская область', federalDistrict: 3 },
{ code: 37, name: 'Белгородская область', federalDistrict: 1 },
{ code: 38, name: 'Брянская область', federalDistrict: 1 },
{ code: 39, name: 'Владимирская область', federalDistrict: 1 },
{ code: 40, name: 'Волгоградская область', federalDistrict: 3 },
{ code: 41, name: 'Вологодская область', federalDistrict: 2 },
{ code: 42, name: 'Воронежская область', federalDistrict: 1 },
{ code: 43, name: 'Запорожская область', federalDistrict: 3 },
{ code: 44, name: 'Ивановская область', federalDistrict: 1 },
{ code: 45, name: 'Иркутская область', federalDistrict: 7 },
{ code: 46, name: 'Калининградская область', federalDistrict: 2 },
{ code: 47, name: 'Калужская область', federalDistrict: 1 },
{ code: 48, name: 'Кемеровская область', federalDistrict: 7 },
{ code: 49, name: 'Кировская область', federalDistrict: 5 },
{ code: 50, name: 'Костромская область', federalDistrict: 1 },
{ code: 51, name: 'Курганская область', federalDistrict: 6 },
{ code: 52, name: 'Курская область', federalDistrict: 1 },
{ code: 53, name: 'Ленинградская область', federalDistrict: 2 },
{ code: 54, name: 'Липецкая область', federalDistrict: 1 },
{ code: 55, name: 'Магаданская область', federalDistrict: 8 },
{ code: 56, name: 'Московская область', federalDistrict: 1 },
{ code: 57, name: 'Мурманская область', federalDistrict: 2 },
{ code: 58, name: 'Нижегородская область', federalDistrict: 5 },
{ code: 59, name: 'Новгородская область', federalDistrict: 2 },
{ code: 60, name: 'Новосибирская область', federalDistrict: 7 },
{ code: 61, name: 'Омская область', federalDistrict: 7 },
{ code: 62, name: 'Оренбургская область', federalDistrict: 5 },
{ code: 63, name: 'Орловская область', federalDistrict: 1 },
{ code: 64, name: 'Пензенская область', federalDistrict: 5 },
{ code: 65, name: 'Псковская область', federalDistrict: 2 },
{ code: 66, name: 'Ростовская область', federalDistrict: 3 },
{ code: 67, name: 'Рязанская область', federalDistrict: 1 },
{ code: 68, name: 'Самарская область', federalDistrict: 5 },
{ code: 69, name: 'Саратовская область', federalDistrict: 5 },
{ code: 70, name: 'Сахалинская область', federalDistrict: 8 },
{ code: 71, name: 'Свердловская область', federalDistrict: 6 },
{ code: 72, name: 'Смоленская область', federalDistrict: 1 },
{ code: 73, name: 'Тамбовская область', federalDistrict: 1 },
{ code: 74, name: 'Тверская область', federalDistrict: 1 },
{ code: 75, name: 'Томская область', federalDistrict: 7 },
{ code: 76, name: 'Тульская область', federalDistrict: 1 },
{ code: 77, name: 'Тюменская область', federalDistrict: 6 },
{ code: 78, name: 'Ульяновская область', federalDistrict: 5 },
{ code: 79, name: 'Херсонская область', federalDistrict: 3 },
{ code: 80, name: 'Челябинская область', federalDistrict: 6 },
{ code: 81, name: 'Ярославская область', federalDistrict: 1 },
// 3 города федерального значения
{ code: 82, name: 'Москва', federalDistrict: 1 },
{ code: 83, name: 'Санкт-Петербург', federalDistrict: 2 },
{ code: 84, name: 'Севастополь', federalDistrict: 3 },
// 1 автономная область
{ code: 85, name: 'Еврейская автономная область', federalDistrict: 8 },
// 4 автономных округа
{ code: 86, name: 'Ненецкий автономный округ', federalDistrict: 2 },
{ code: 87, name: 'Ханты-Мансийский автономный округ — Югра', federalDistrict: 6 },
{ code: 88, name: 'Чукотский автономный округ', federalDistrict: 8 },
{ code: 89, name: 'Ямало-Ненецкий автономный округ', federalDistrict: 6 },
];
export const FEDERAL_DISTRICT_NAMES: Record<number, string> = {
1: 'Центральный',
2: 'Северо-Западный',
3: 'Южный',
4: 'Северо-Кавказский',
5: 'Приволжский',
6: 'Уральский',
7: 'Сибирский',
8: 'Дальневосточный',
};
app/resources/js/histoire.setup.ts
+1
View File
@@ -12,6 +12,7 @@ export const setupVue3 = defineSetupVue3(({ app }) => {
{ path: '/register', component: { template: '<div />' } },
{ path: '/forgot', component: { template: '<div />' } },
{ path: '/2fa', component: { template: '<div />' } },
{ path: '/recovery', component: { template: '<div />' } },
{ path: '/recovery-use', component: { template: '<div />' } },
{ path: '/dashboard', component: { template: '<div />' } },
{ path: '/deals', component: { template: '<div />' } },
app/resources/js/layouts/AdminLayout.vue
+2 -5
View File
@@ -1,6 +1,6 @@
<script setup lang="ts">
/**
* Layout админки SaaS отдельный sidebar с пометкой ADMIN, 7 nav-пунктов,
* Layout админки SaaS отдельный sidebar с пометкой ADMIN, 4 nav-пункта,
* без user-chip как в обычной AppLayout.
*
* Источник дизайна: liderra_v8_handoff/concepts/v8_admin.html.
@@ -8,6 +8,7 @@
*
* Не входит в этот коммит:
* - Auth-guard на /admin/* должен проверять `super_admin` role + 2FA.
* - Impersonation banner (когда admin вошёл «как клиент» Ю-1: 15 мин / 5 попыток).
* - Audit-log записей для всех action'ов admin (по schema v8.7 §10
* `saas_admin_audit_log`).
*/
@@ -15,7 +16,6 @@ import { useAuthStore } from '../stores/auth';
import { computed } from 'vue';
import { RouterView, useRoute, useRouter } from 'vue-router';
import DevIndexBadge from '../components/DevIndexBadge.vue';
import ImpersonationBanner from '../components/admin/ImpersonationBanner.vue';
interface NavItem {
title: string;
@@ -27,8 +27,6 @@ interface NavItem {
const navItems: NavItem[] = [
{ title: 'Тенанты', icon: 'mdi-account-group-outline', to: '/admin/tenants', count: 142 },
{ title: 'Биллинг', icon: 'mdi-credit-card-outline', to: '/admin/billing' },
{ title: 'Тарифная сетка', icon: 'mdi-tag-arrow-right', to: '/admin/pricing-tiers' },
{ title: 'Цены поставщиков', icon: 'mdi-currency-rub', to: '/admin/supplier-prices' },
{ title: 'Инциденты', icon: 'mdi-alert-outline', to: '/admin/incidents', count: 3 },
{ title: 'Impersonation', icon: 'mdi-account-switch', to: '/admin/impersonation' },
{ title: 'Система', icon: 'mdi-cog-outline', to: '/admin/system' },
@@ -131,7 +129,6 @@ const currentPageTitle = computed(() => {
</v-app-bar>
<v-main class="admin-main">
<ImpersonationBanner />
<RouterView />
</v-main>
<DevIndexBadge :index="route.meta.devIndex" :label="route.meta.devLabel" />
app/resources/js/layouts/AppLayout.vue
-2
View File
@@ -18,7 +18,6 @@ import { usePolling } from '../composables/usePolling';
import AppSidebar from '../components/layout/AppSidebar.vue';
import AppTopbar from '../components/layout/AppTopbar.vue';
import DevIndexBadge from '../components/DevIndexBadge.vue';
import CommandPalette from '../components/layout/CommandPalette.vue';
const auth = useAuthStore();
const notifications = useNotificationsStore();
@@ -74,7 +73,6 @@ usePolling(loadReminderCounts, { intervalMs: 60_000, enabled: true });
</RouterView>
</v-main>
<DevIndexBadge :index="route.meta.devIndex" :label="route.meta.devLabel" />
<CommandPalette />
</v-app>
</template>

Some files were not shown because too many files have changed in this diff Show More