PowderCoatingLogix

spouliot/PowderCoatingLogix

Fork 0

Commit Graph

Author	SHA1	Message	Date
spouliot	8acbc8605d	Harden multi-tenant isolation across all user-facing controllers Added explicit CompanyId == companyId predicates to every tenant-scoped query in 22 controllers so cross-tenant data leakage is impossible even if EF Core global query filters are bypassed or misconfigured. Also fixed ApplicationDbContext.IsPlatformAdmin to correctly return true for SuperAdmins with no CompanyId claim (break-glass accounts) and when no HTTP context is present (background services, unit tests), resolving 225 unit test failures that stemmed from the global filter blocking all in-memory test data. New MultiTenantIsolationTests class (8 tests) verifies the explicit predicate layer independently of the global query filters. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-17 18:04:22 -04:00
spouliot	d94612cc9c	Fix 4 post-review issues found in accounting module audit - Drop orphan VendorCreditId1 column from VendorCreditApplications (was scaffolded by EF because WithMany() lacked inverse navigation name; fixed WithMany() → WithMany(vc => vc.Applications) in ApplicationDbContext) - Wire EarlyPaymentDiscount fields through full data path: added EarlyPaymentDiscountPercent/Days to CreateInvoiceDto, hidden inputs to Invoice Create view, and JS to populate from customer AJAX response - Add missing [HttpGet] attribute to TaxRatesController.Index - Document GenerateNow architecture exception with XML rationale Migration DropOrphanVendorCreditId1 applied. Build: 0 errors, 168 warnings. Unit tests: 200/200 passing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-10 11:32:44 -04:00
spouliot	d3a5d827f9	Phase F: Customer/Vendor Statements, Payment Terms Parser, Tax Rates F1: GetCustomerStatementAsync/GetVendorStatementAsync on IFinancialReportService; StatementLineDto; CustomerStatementDto/VendorStatementDto; Statement action on CustomersController + VendorsController; Statement views + PDF download via StatementPdfHelper (QuestPDF); Statement button on Customer/Vendor Details pages. F2: PaymentTermsParser static helper (CalculateDueDate, ParseEarlyPaymentDiscount); EarlyPaymentDiscountPercent/Days on Invoice entity; GetCustomerPaymentTerms AJAX endpoint on InvoicesController auto-populates Terms + due date on customer select; early payment discount notice on Invoice Create. F3: TaxRate entity (Name/Rate/State/IsDefault/IsActive, tenant-filtered); IUnitOfWork.TaxRates + UnitOfWork + ApplicationDbContext; TaxRatesController (Index/Create/Edit/Delete/ToggleActive, CompanyAdminOnly); GetTaxRateForCustomer AJAX endpoint; Tax Rates in Settings gear menu. Also fixes AddVendorCredits migration: VendorCreditApplications FKs changed from CASCADE to NoAction to resolve SQL Server error 1785 (multiple cascade paths). Migration: AddPaymentTermsAndTaxRates applied locally; 200/200 unit tests pass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-10 10:55:22 -04:00

Author

SHA1

Message

Date

spouliot

8acbc8605d

Harden multi-tenant isolation across all user-facing controllers

Added explicit CompanyId == companyId predicates to every tenant-scoped
query in 22 controllers so cross-tenant data leakage is impossible even
if EF Core global query filters are bypassed or misconfigured.

Also fixed ApplicationDbContext.IsPlatformAdmin to correctly return true
for SuperAdmins with no CompanyId claim (break-glass accounts) and when
no HTTP context is present (background services, unit tests), resolving
225 unit test failures that stemmed from the global filter blocking all
in-memory test data.

New MultiTenantIsolationTests class (8 tests) verifies the explicit
predicate layer independently of the global query filters.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-17 18:04:22 -04:00

spouliot

d94612cc9c

Fix 4 post-review issues found in accounting module audit

- Drop orphan VendorCreditId1 column from VendorCreditApplications (was
  scaffolded by EF because WithMany() lacked inverse navigation name;
  fixed WithMany() → WithMany(vc => vc.Applications) in ApplicationDbContext)
- Wire EarlyPaymentDiscount fields through full data path: added
  EarlyPaymentDiscountPercent/Days to CreateInvoiceDto, hidden inputs to
  Invoice Create view, and JS to populate from customer AJAX response
- Add missing [HttpGet] attribute to TaxRatesController.Index
- Document GenerateNow architecture exception with XML rationale

Migration DropOrphanVendorCreditId1 applied. Build: 0 errors, 168 warnings.
Unit tests: 200/200 passing.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-10 11:32:44 -04:00

spouliot

d3a5d827f9

Phase F: Customer/Vendor Statements, Payment Terms Parser, Tax Rates

F1: GetCustomerStatementAsync/GetVendorStatementAsync on IFinancialReportService;
    StatementLineDto; CustomerStatementDto/VendorStatementDto; Statement action on
    CustomersController + VendorsController; Statement views + PDF download via
    StatementPdfHelper (QuestPDF); Statement button on Customer/Vendor Details pages.

F2: PaymentTermsParser static helper (CalculateDueDate, ParseEarlyPaymentDiscount);
    EarlyPaymentDiscountPercent/Days on Invoice entity; GetCustomerPaymentTerms AJAX
    endpoint on InvoicesController auto-populates Terms + due date on customer select;
    early payment discount notice on Invoice Create.

F3: TaxRate entity (Name/Rate/State/IsDefault/IsActive, tenant-filtered);
    IUnitOfWork.TaxRates + UnitOfWork + ApplicationDbContext; TaxRatesController
    (Index/Create/Edit/Delete/ToggleActive, CompanyAdminOnly); GetTaxRateForCustomer
    AJAX endpoint; Tax Rates in Settings gear menu.

Also fixes AddVendorCredits migration: VendorCreditApplications FKs changed from
CASCADE to NoAction to resolve SQL Server error 1785 (multiple cascade paths).
Migration: AddPaymentTermsAndTaxRates applied locally; 200/200 unit tests pass.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-10 10:55:22 -04:00

3 Commits