# CMOD Project TODO

## In Progress

### V2 Namespace Removal
- [ ] Complete migration of Doctor role to new architecture
- [ ] Complete migration of Analyst role to new architecture
- [ ] Complete migration of CS (Customer Service) role to new architecture

## Pending

### Print Functionality
- [ ] Refactor print functionality from external URL (`http://glenlis/spooler_db/main_dev.php`) to internal solution
- [ ] Add print preview capability to Admin views
- [ ] Add print preview capability to Lab views
- [ ] Implement server-side PDF generation for print jobs

### API Improvements
- [ ] Add pagination to Users API endpoint
- [ ] Add pagination to Requests API endpoint
- [ ] Add search/filter capability to list endpoints
- [ ] Add audit logging for critical operations (create/update/delete user, validate/unvalidate request)

### Frontend Improvements
- [ ] Add loading states to all API calls
- [ ] Add toast notifications for success/error feedback
- [ ] Implement form validation with clear error messages
- [ ] Add confirmation dialogs for destructive actions (delete, unvalidate)

### Role-Based Access Control
- [ ] Document current permission matrix for each role
- [ ] Add permission checks to API endpoints
- [ ] Create shared permission constants in a central location

### Testing
- [ ] Set up automated tests for API endpoints
- [ ] Add unit tests for controller logic
- [ ] Add integration tests for critical workflows

### Documentation
- [ ] Update README with current architecture overview
- [ ] Document API endpoints with examples
- [ ] Document database schema changes

## Completed

### V2 Namespace Removal
- [x] Created AGENTS.md with project conventions
- [x] Moved v2/admin views to views/admin
- [x] Moved v2/lab views to views/lab
- [x] Renamed V2.php controller to Auth.php
- [x] Renamed V2/Admin.php controller to Admin.php
- [x] Renamed V2/Lab.php controller to Lab.php
- [x] Renamed V2/Users.php controller to Users.php
- [x] Renamed V2/Samples.php controller to Samples.php
- [x] Renamed V2/Requests.php controller to Requests.php
- [x] Updated routes to remove v2 prefix
- [x] Updated view paths in all controllers
- [x] Fixed hardcoded date bug in views (changed to dynamic date)
- [x] Fixed status color mappings (added PartColl, PartRecv, partial statuses)
- [x] Fixed missing variables in Samples controller
- [x] Fixed duplicate db_connect() calls in Requests controller
- [x] Fixed id parameter in Users::update()
- [x] Cleaned up V2 namespace directory
- [x] Cleaned up old controller files (Admin.php, Doctor.php, Analyst.php, CustomerService.php)
- [x] Backed up old views to views/backup/
- [x] Updated AGENTS.md with new code examples

## Backlog

### Features
- [ ] Add user profile page with activity history
- [ ] Add bulk import for users
- [ ] Add bulk operations for sample management
- [ ] Add export to CSV/Excel functionality
- [ ] Add dashboard analytics and statistics

### Technical Debt
- [ ] Remove unused dependencies from composer.json
- [ ] Clean up unused view files in views/backup/
- [ ] Add type hints to all controller methods
- [ ] Add return type declarations to all controller methods
- [ ] Consolidate duplicate code in dialog components

### Security
- [ ] Add rate limiting to login endpoint
- [ ] Add CSRF protection to forms
- [ ] Implement password strength requirements
- [ ] Add session timeout configuration
- [ ] Audit all SQL queries for potential injection vulnerabilities

## Notes

### Print Functionality Current State
The current print implementation uses an external URL that opens a separate window:
```javascript
BASEURL + 'http://glenlis/spooler_db/main_dev.php?req_id=' + req_id
```
This should be replaced with:
1. Server-side PDF generation using a library like TCPDF or Dompdf
2. Display PDF in an iframe for preview before print
3. Send directly to printer using browser print API or WebSocket to print server

### Role Permissions
- **Admin (1)**: Full access to all features including user management
- **Doctor/Lab (2)**: Sample collection, validation
- **Analyst (3)**: Sample validation, report generation
- **CS (4)**: Read-only access to requests and samples

### Database Tables
- `GDC_CMOD.dbo.USERS` - User accounts
- `GDC_CMOD.dbo.REQUESTS` - Test requests
- `GDC_CMOD.dbo.SAMPLES` - Sample records
- `glendb.dbo.*` - Reference data (tests, panels, etc.)

### API Endpoints
All API endpoints return JSON responses and should follow consistent format:
```json
{
  "data": [...]  // or single object for GET by ID
}
```

Error responses:
```json
{
  "message": "Error description"
}
```