mahdahar/gdc_cmod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gdc_cmod/TODO.md
mahdahar b29f807295 Refactor: Remove V2 namespace and consolidate role-based architecture 
- Moved all V2 controllers (Lab, Requests, Samples, Users) to App\Controllers
- Removed deprecated role controllers (Admin, Doctor, Analyst, CustomerService)
- Simplified routes by removing /v2 prefix
- Added AGENTS.md with project conventions and TODO.md with task tracking
- Updated README.md with RBAC documentation
- Fixed hardcoded dates, status color mappings, and duplicate database calls
2026-01-19 10:55:10 +07:00

130 lines
4.5 KiB
Markdown
Raw Blame History

# CMOD Project TODO
## In Progress
### V2 Namespace Removal
- [ ] Complete migration of Doctor role to new architecture
- [ ] Complete migration of Analyst role to new architecture
- [ ] Complete migration of CS (Customer Service) role to new architecture
## Pending
### Print Functionality
- [ ] Refactor print functionality from external URL (`http://glenlis/spooler_db/main_dev.php`) to internal solution
- [ ] Add print preview capability to Admin views
- [ ] Add print preview capability to Lab views
- [ ] Implement server-side PDF generation for print jobs
### API Improvements
- [ ] Add pagination to Users API endpoint
- [ ] Add pagination to Requests API endpoint
- [ ] Add search/filter capability to list endpoints
- [ ] Add audit logging for critical operations (create/update/delete user, validate/unvalidate request)
### Frontend Improvements
- [ ] Add loading states to all API calls
- [ ] Add toast notifications for success/error feedback
- [ ] Implement form validation with clear error messages
- [ ] Add confirmation dialogs for destructive actions (delete, unvalidate)
### Role-Based Access Control
- [ ] Document current permission matrix for each role
- [ ] Add permission checks to API endpoints
- [ ] Create shared permission constants in a central location
### Testing
- [ ] Set up automated tests for API endpoints
- [ ] Add unit tests for controller logic
- [ ] Add integration tests for critical workflows
### Documentation
- [ ] Update README with current architecture overview
- [ ] Document API endpoints with examples
- [ ] Document database schema changes
## Completed
### V2 Namespace Removal
- [x] Created AGENTS.md with project conventions
- [x] Moved v2/admin views to views/admin
- [x] Moved v2/lab views to views/lab
- [x] Renamed V2.php controller to Auth.php
- [x] Renamed V2/Admin.php controller to Admin.php
- [x] Renamed V2/Lab.php controller to Lab.php
- [x] Renamed V2/Users.php controller to Users.php
- [x] Renamed V2/Samples.php controller to Samples.php
- [x] Renamed V2/Requests.php controller to Requests.php
- [x] Updated routes to remove v2 prefix
- [x] Updated view paths in all controllers
- [x] Fixed hardcoded date bug in views (changed to dynamic date)
- [x] Fixed status color mappings (added PartColl, PartRecv, partial statuses)
- [x] Fixed missing variables in Samples controller
- [x] Fixed duplicate db_connect() calls in Requests controller
- [x] Fixed id parameter in Users::update()
- [x] Cleaned up V2 namespace directory
- [x] Cleaned up old controller files (Admin.php, Doctor.php, Analyst.php, CustomerService.php)
- [x] Backed up old views to views/backup/
- [x] Updated AGENTS.md with new code examples
## Backlog
### Features
- [ ] Add user profile page with activity history
- [ ] Add bulk import for users
- [ ] Add bulk operations for sample management
- [ ] Add export to CSV/Excel functionality
- [ ] Add dashboard analytics and statistics
### Technical Debt
- [ ] Remove unused dependencies from composer.json
- [ ] Clean up unused view files in views/backup/
- [ ] Add type hints to all controller methods
- [ ] Add return type declarations to all controller methods
- [ ] Consolidate duplicate code in dialog components
### Security
- [ ] Add rate limiting to login endpoint
- [ ] Add CSRF protection to forms
- [ ] Implement password strength requirements
- [ ] Add session timeout configuration
- [ ] Audit all SQL queries for potential injection vulnerabilities
## Notes
### Print Functionality Current State
The current print implementation uses an external URL that opens a separate window:
```javascript
BASEURL + 'http://glenlis/spooler_db/main_dev.php?req_id=' + req_id
```
This should be replaced with:
1. Server-side PDF generation using a library like TCPDF or Dompdf
2. Display PDF in an iframe for preview before print
3. Send directly to printer using browser print API or WebSocket to print server
### Role Permissions
- **Admin (1)**: Full access to all features including user management
- **Doctor/Lab (2)**: Sample collection, validation
- **Analyst (3)**: Sample validation, report generation
- **CS (4)**: Read-only access to requests and samples
### Database Tables
- `GDC_CMOD.dbo.USERS` - User accounts
- `GDC_CMOD.dbo.REQUESTS` - Test requests
- `GDC_CMOD.dbo.SAMPLES` - Sample records
- `glendb.dbo.*` - Reference data (tests, panels, etc.)
### API Endpoints
All API endpoints return JSON responses and should follow consistent format:
```json
{
"data": [...] // or single object for GET by ID
}
```
Error responses:
```json
{
"message": "Error description"
}
```
Reference in New Issue View Git Blame Copy Permalink