mahdahar/gdc_cmod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gdc_cmod/AGENTS.md
mahdahar 3cf4cc7f3f feat: Implement audit trail system for dual-level validation workflow 
This commit adds comprehensive audit logging for specimen requests and sample collection activities across all roles.
Changes Summary:
New Features:
- Added AUDIT_EVENTS table schema for tracking validation and sample collection events
- Created ApiRequestsAuditController with /api/requests/(:any)/audit endpoint to retrieve audit history
- Added dialog_audit.php view component for displaying audit trails in UI
- Integrated audit logging into validation workflow (VAL1, VAL2, UNVAL events)
Database:
- Created AUDIT_EVENTS table with columns: ACCESSNUMBER, EVENT_TYPE, USERID, EVENT_AT, REASON
- Supports tracking validation events and sample collection actions
Controllers:
- RequestsController: Now inserts audit records for all validation operations
- ApiRequestsAuditController: New API controller returning validation and sample collection history
Routes:
- Added GET /api/requests/(:any)/audit endpoint for retrieving audit trail
- Removed DELETE /api/samples/collect/(:any) endpoint (uncollect functionality)
Views Refactoring:
- Consolidated dashboard layouts into shared components:
  - layout.php (from layout_dashboard.php)
  - script_requests.php (from script_dashboard.php)
  - script_validation.php (from script_validate.php)
  - content_requests.php (from dashboard_table.php)
  - content_validation.php (from dashboard_validate.php)
- Added content_validation_new.php for enhanced validation interface
2026-01-23 16:41:12 +07:00

3.8 KiB
Raw Blame History

AGENTS.md

This file provides guidance to agents when working with code in this repository.

Project Overview

CodeIgniter 4 PHP application for laboratory management (GDC CMOD). Handles specimen tracking, request validation, and result management with role-based access control. SQL Server database with Firebird legacy patient data.

Commands

# Run all tests
composer test
./vendor/bin/phpunit

# Run single test file
./vendor/bin/phpunit tests/unit/HealthTest.php

# Run single test method
./vendor/bin/phpunit tests/unit/HealthTest.php --filter testIsDefinedAppPath

# Development server
php spark serve

# List all routes
php spark list

# Create controller/model
php spark make:controller Admin
php spark make:model User

PHP Standards

  • PHP 8.1+ features (typed properties, match expressions)
  • Always declare return types for public methods
  • No comments unless explaining complex logic
  • Use esc() when outputting user data in views

Naming Conventions

Type Convention Example
Classes PascalCase Admin, UserController
Methods/Variables camelCase getUsers(), $userId
Constants UPPER_SNAKE_CASE DB_HOST
Database tables UPPER_SNAKE_CASE GDC_CMOD.dbo.USERS
Views lowercase_underscores admin/index.php

Role-Based Access Control

Role ID Name Route Prefix
0 Superuser /superuser
1 Admin /admin
2 Lab /lab
3 Phlebo /phlebo
4 CS /cs 
// Single role
['filter' => 'role:1']
// Multiple roles
['filter' => 'role:1,2']

Controller Patterns

namespace App\Controllers;

class Admin extends BaseController {
    public function index() { }
}

// API Controllers use ResponseTrait
use App\Controllers\BaseController;
use CodeIgniter\API\ResponseTrait;

class Users extends BaseController {
    use ResponseTrait;
    protected $db;

    public function __construct() {
        $this->db = \Config\Database::connect();
        helper(['url', 'form', 'text']);
    }
}

Database Operations

$this->db = \Config\Database::connect();

// Parameterized queries only
$query = $this->db->query("SELECT * FROM table WHERE id = ?", [$id]);
$row = $query->getRowArray();
$results = $query->getResultArray();

// Transactions
$this->db->transBegin();
try {
    $this->db->query("INSERT INTO ...", [$data]);
    $this->db->transCommit();
} catch (\Throwable $e) {
    $this->db->transRollback();
}

Request/Response Patterns

// GET input
$date1 = $this->request->getVar('date1') ?? date('Y-m-d');

// POST JSON
$input = $this->request->getJSON(true);

// JSON response
return $this->respond(['data' => $results]);
return $this->response->setJSON(['message' => 'Success']);

// View response
return view('admin/index', $data);

// Redirect with errors
return redirect()->back()->with('errors', ['key' => 'message']);

Session Structure

session()->set([
    'isLoggedIn' => true,
    'userid' => (string) $user['USERID'],
    'userroleid' => (int) $user['USERROLEID'],
    'userrole' => (string) $role,
]);

Validation Endpoints

  • POST /api/{resource}/validate/{id} - validate a record
  • DELETE /api/{resource}/validate/{id} - unvalidate a record

Security

  • Use parameterized queries (never interpolate directly)
  • Hash passwords with password_hash() / password_verify()
  • Validate and sanitize all input before use

Database Schema

  • Primary: SQL Server (GDC_CMOD.dbo)
  • Legacy: Firebird (GLENEAGLES via ODBC)
  • No CI4 Models - raw SQL queries via Database::connect()

Dual-Level Validation

Validation requires 2 different users:

  1. First: ISVAL1=1, VAL1USER, VAL1DATE
  2. Second (different user): ISVAL2=1, VAL2USER, VAL2DATE