mahdahar/gdc_cmod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gdc_cmod/TODO.md
mahdahar b29f807295 Refactor: Remove V2 namespace and consolidate role-based architecture 
- Moved all V2 controllers (Lab, Requests, Samples, Users) to App\Controllers
- Removed deprecated role controllers (Admin, Doctor, Analyst, CustomerService)
- Simplified routes by removing /v2 prefix
- Added AGENTS.md with project conventions and TODO.md with task tracking
- Updated README.md with RBAC documentation
- Fixed hardcoded dates, status color mappings, and duplicate database calls
2026-01-19 10:55:10 +07:00

4.5 KiB
Raw Blame History

CMOD Project TODO

In Progress

V2 Namespace Removal

  • Complete migration of Doctor role to new architecture
  • Complete migration of Analyst role to new architecture
  • Complete migration of CS (Customer Service) role to new architecture

Pending

Print Functionality

  • Refactor print functionality from external URL (http://glenlis/spooler_db/main_dev.php) to internal solution
  • Add print preview capability to Admin views
  • Add print preview capability to Lab views
  • Implement server-side PDF generation for print jobs

API Improvements

  • Add pagination to Users API endpoint
  • Add pagination to Requests API endpoint
  • Add search/filter capability to list endpoints
  • Add audit logging for critical operations (create/update/delete user, validate/unvalidate request)

Frontend Improvements

  • Add loading states to all API calls
  • Add toast notifications for success/error feedback
  • Implement form validation with clear error messages
  • Add confirmation dialogs for destructive actions (delete, unvalidate)

Role-Based Access Control

  • Document current permission matrix for each role
  • Add permission checks to API endpoints
  • Create shared permission constants in a central location

Testing

  • Set up automated tests for API endpoints
  • Add unit tests for controller logic
  • Add integration tests for critical workflows

Documentation

  • Update README with current architecture overview
  • Document API endpoints with examples
  • Document database schema changes

Completed

V2 Namespace Removal

  • Created AGENTS.md with project conventions
  • Moved v2/admin views to views/admin
  • Moved v2/lab views to views/lab
  • Renamed V2.php controller to Auth.php
  • Renamed V2/Admin.php controller to Admin.php
  • Renamed V2/Lab.php controller to Lab.php
  • Renamed V2/Users.php controller to Users.php
  • Renamed V2/Samples.php controller to Samples.php
  • Renamed V2/Requests.php controller to Requests.php
  • Updated routes to remove v2 prefix
  • Updated view paths in all controllers
  • Fixed hardcoded date bug in views (changed to dynamic date)
  • Fixed status color mappings (added PartColl, PartRecv, partial statuses)
  • Fixed missing variables in Samples controller
  • Fixed duplicate db_connect() calls in Requests controller
  • Fixed id parameter in Users::update()
  • Cleaned up V2 namespace directory
  • Cleaned up old controller files (Admin.php, Doctor.php, Analyst.php, CustomerService.php)
  • Backed up old views to views/backup/
  • Updated AGENTS.md with new code examples

Backlog

Features

  • Add user profile page with activity history
  • Add bulk import for users
  • Add bulk operations for sample management
  • Add export to CSV/Excel functionality
  • Add dashboard analytics and statistics

Technical Debt

  • Remove unused dependencies from composer.json
  • Clean up unused view files in views/backup/
  • Add type hints to all controller methods
  • Add return type declarations to all controller methods
  • Consolidate duplicate code in dialog components

Security

  • Add rate limiting to login endpoint
  • Add CSRF protection to forms
  • Implement password strength requirements
  • Add session timeout configuration
  • Audit all SQL queries for potential injection vulnerabilities

Notes

Print Functionality Current State

The current print implementation uses an external URL that opens a separate window:

BASEURL + 'http://glenlis/spooler_db/main_dev.php?req_id=' + req_id

This should be replaced with:

  1. Server-side PDF generation using a library like TCPDF or Dompdf
  2. Display PDF in an iframe for preview before print
  3. Send directly to printer using browser print API or WebSocket to print server

Role Permissions

  • Admin (1): Full access to all features including user management
  • Doctor/Lab (2): Sample collection, validation
  • Analyst (3): Sample validation, report generation
  • CS (4): Read-only access to requests and samples

Database Tables

  • GDC_CMOD.dbo.USERS - User accounts
  • GDC_CMOD.dbo.REQUESTS - Test requests
  • GDC_CMOD.dbo.SAMPLES - Sample records
  • glendb.dbo.* - Reference data (tests, panels, etc.)

API Endpoints

All API endpoints return JSON responses and should follow consistent format:

{
  "data": [...]  // or single object for GET by ID
}

Error responses:

{
  "message": "Error description"
}