Skip to content

Validando supervisor principal#388

Merged
Junior-Shyko merged 7 commits into
developfrom
feature/supervisor-monitoring
Jul 13, 2026
Merged

Validando supervisor principal#388
Junior-Shyko merged 7 commits into
developfrom
feature/supervisor-monitoring

Conversation

@Junior-Shyko

@Junior-Shyko Junior-Shyko commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

✅ Descrição do propósito desse Pull Request

valida fiscal principal para edicao na fase de monitoramento

🧭 Referência a Issue

#387

❓ O que foi feito para atingir isso?


🏃‍♀️ Tipo de mudança

Marque as opções relevantes:

  • Bug fix (correção de bug)
  • Nova feature (mudança não retrocompatível que adiciona funcionalidade)
  • Mudança de breaking (correção ou feature que faria com que a funcionalidade existente não funcionasse como esperado)
  • Documentação (somente mudanças ou atualizações na documentação)

🕵️ Como foi testado?

  • Critério de aceitação
  • Testes de software (TDD, BDD, UNITÁRIO, INTEGRAÇÃO, E2E)

Checklist: ✔️

  • Meu código segue as diretrizes do projeto
  • Eu fiz um code review com minha equipe
  • Eu comentei meu código, especialmente em áreas de difícil entendimento
  • Eu atualizei a documentação correspondente
  • Testes novos e existentes passaram localmente com minhas alterações

Observação:

Summary by CodeRabbit

  • New Features

    • Group user listings now display email addresses.
    • Added clearer permission messaging and controls for diligence chat actions.
    • Monitoring and payment actions now use consistent save controls and permission-based access.
  • Style

    • Improved group user row layout by separating names, email addresses, and related information.

@Junior-Shyko Junior-Shyko self-assigned this Jul 10, 2026
@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 53027fb9-587c-482f-ad0a-83ffa637038e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/supervisor-monitoring

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
resources/js/Components/DiligenceChat.vue (1)

110-118: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Add backend authorization for diligences.store. StoreDiligenceMessageRequest::authorize() still returns true, and the controller/service don’t enforce the principal-supervisor rule, so any authenticated user can POST this route and send a diligence message.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@resources/js/Components/DiligenceChat.vue` around lines 110 - 118, Restrict
diligence message creation to authorized principals and supervisors: update
StoreDiligenceMessageRequest::authorize() to enforce the principal-supervisor
rule, and ensure the controller/service path for diligences.store applies the
same authorization before sending the message. Reject unauthorized users with
the appropriate authorization response.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@resources/js/Pages/Groups/Users.vue`:
- Around line 100-106: Adjust the v-col widths in the user row so the checkbox,
avatar, name, email, roles, and actions columns total exactly 12 columns; update
the relevant column declarations in the Users.vue row while preserving their
relative layout and keeping the actions column on the same line.

In `@resources/js/Pages/ProjectDetails/Partials/Tabs/MonitoringTab.vue`:
- Around line 305-311: Enforce the principal-supervisor authorization rule
server-side for both `projects.stages.request-next-installment` and
`projects.stages.advance`, rather than relying on the UI’s
`canUserHandleMonitoring` disabled state. Update the corresponding
controller/action methods and shared authorization logic to reject users who do
not satisfy the principal-supervisor requirement, while preserving the existing
sector-role check for `advance`.

In `@resources/js/Pages/ProjectDetails/Partials/Tabs/PaymentTab.vue`:
- Around line 393-397: The SaveButton in the payment remarks section must remain
disabled throughout the tramitação request, not only while remarksForm is
processing. Update the SaveButton’s loading or can-save binding to also account
for tramitLoading, alongside the existing canUserHandlePayment and
selectedInstallment checks.

---

Outside diff comments:
In `@resources/js/Components/DiligenceChat.vue`:
- Around line 110-118: Restrict diligence message creation to authorized
principals and supervisors: update StoreDiligenceMessageRequest::authorize() to
enforce the principal-supervisor rule, and ensure the controller/service path
for diligences.store applies the same authorization before sending the message.
Reject unauthorized users with the appropriate authorization response.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c3afbdcc-2921-420f-a204-eca7c6af0163

📥 Commits

Reviewing files that changed from the base of the PR and between 175749c and ef343dc.

📒 Files selected for processing (5)
  • app/Http/Controllers/GroupController.php
  • resources/js/Components/DiligenceChat.vue
  • resources/js/Pages/Groups/Users.vue
  • resources/js/Pages/ProjectDetails/Partials/Tabs/MonitoringTab.vue
  • resources/js/Pages/ProjectDetails/Partials/Tabs/PaymentTab.vue

Comment thread resources/js/Pages/Groups/Users.vue Outdated
Comment thread resources/js/Pages/ProjectDetails/Partials/Tabs/MonitoringTab.vue
Comment thread resources/js/Pages/ProjectDetails/Partials/Tabs/PaymentTab.vue
@Junior-Shyko
Junior-Shyko merged commit 87e97e4 into develop Jul 13, 2026
4 checks passed
@Junior-Shyko
Junior-Shyko deleted the feature/supervisor-monitoring branch July 13, 2026 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants