Require auth on all work order QR codes and add top view QR

- StatusBump (GET + POST) now requires authentication; routes by job ID instead of anonymous ShopAccessCode GUID; records actual user name in status history instead of anonymous token string - WorkOrder action generates a second "View Job" QR in the header linking to the authenticated Details page (for verifying specs and seeing catalog images on mobile); status bump QR updated to ID-based URL - WorkOrder view: top QR added to header alongside job number; status bump label updated (removed "no login required" copy) - StatusBump view: updated form routing from asp-route-token to asp-route-id - HelpKnowledgeBase and Jobs help article updated with two-tier QR docs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-25 13:27:43 -04:00
parent 9361cd4495
commit 4f976b1332
6 changed files with 209 additions and 50 deletions
@@ -3,7 +3,7 @@
    Layout = null;
    var job = ViewBag.Job as PowderCoating.Core.Entities.Job;
    var allStatuses = ViewBag.AllStatuses as List<PowderCoating.Core.Entities.JobStatusLookup>;
-    var token = (Guid)ViewBag.Token;
+    var jobId = (int)ViewBag.JobId;

    // Determine next/previous status options
    var currentOrder = job!.JobStatus.DisplayOrder;
@@ -240,7 +240,7 @@
                    @* On hold — offer resume (next logical status after resume by advancing) *@
                    @if (nextStatus != null)
                    {
-                        <form method="post" asp-action="StatusBump" asp-route-token="@token">
+                        <form method="post" asp-action="StatusBump" asp-route-id="@jobId">
                            @Html.AntiForgeryToken()
                            <input type="hidden" name="newStatusId" value="@nextStatus.Id" />
                            <button type="submit" class="btn-resume">
@@ -254,7 +254,7 @@
                    @* Advance to next step *@
                    @if (nextStatus != null)
                    {
-                        <form method="post" asp-action="StatusBump" asp-route-token="@token">
+                        <form method="post" asp-action="StatusBump" asp-route-id="@jobId">
                            @Html.AntiForgeryToken()
                            <input type="hidden" name="newStatusId" value="@nextStatus.Id" />
                            <button type="submit" class="btn-advance">
@@ -270,7 +270,7 @@
                    @* On Hold option *@
                    @if (onHoldStatus != null)
                    {
-                        <form method="post" asp-action="StatusBump" asp-route-token="@token">
+                        <form method="post" asp-action="StatusBump" asp-route-id="@jobId">
                            @Html.AntiForgeryToken()
                            <input type="hidden" name="newStatusId" value="@onHoldStatus.Id" />
                            <button type="submit" class="btn-hold">