millas 0.2.13 → 0.2.14

package/src/admin/handlers/PageHandler.js

@@ -0,0 +1,351 @@
+'use strict';
+
+const ActivityLog        = require('../ActivityLog');
+const AdminAuth          = require('../AdminAuth');
+const { ViewContext }    = require('../ViewContext');
+
+/**
+ * PageHandler
+ *
+ * Handles all resource page routes:
+ *   GET    /admin/                       → dashboard
+ *   GET    /admin/:resource              → list
+ *   GET    /admin/:resource/create       → create form
+ *   POST   /admin/:resource              → store
+ *   GET    /admin/:resource/:id/edit     → edit form
+ *   POST   /admin/:resource/:id          → update
+ *   POST   /admin/:resource/:id/delete   → destroy
+ *   GET    /admin/:resource/:id          → detail (readonly)
+ *   GET    /admin/search                 → global search
+ */
+class PageHandler {
+  constructor(admin) {
+    this._admin = admin;
+  }
+
+  async dashboard(req, res) {
+    const admin = this._admin;
+    try {
+      const resourceData = await Promise.all(
+        admin.resources().map(async (R) => {
+          let count = 0;
+          let recent = [];
+          let recentCount = 0;
+          try {
+            count  = await R.model.count();
+            const result = await R.fetchList({ page: 1, perPage: 5 });
+            recent = result.data.map(r => r.toJSON ? r.toJSON() : r);
+            try {
+              const since = new Date(Date.now() - 7 * 24 * 60 * 60 * 1000).toISOString();
+              recentCount = await R.model.where('created_at__gte', since).count();
+            } catch { /* model may not have created_at */ }
+          } catch {}
+          return {
+            slug:        R.slug,
+            label:       R._getLabel(),
+            singular:    R._getLabelSingular(),
+            icon:        R.icon,
+            count,
+            recentCount,
+            recent,
+            listFields:  R.fields()
+              .filter(f => f._type !== 'tab' && !f._hidden && !f._detailOnly)
+              .slice(0, 4)
+              .map(f => f.toJSON()),
+          };
+        })
+      );
+
+      const [activityData, activityTotals] = await Promise.all([
+        ActivityLog.recent(25),
+        ActivityLog.totals(),
+      ]);
+
+      return admin._render(req, res, 'pages/dashboard.njk', admin._ctxWithFlash(req, res, {
+        pageTitle:       'Dashboard',
+        activePage:      'dashboard',
+        resources:       resourceData,
+        activity:        activityData,
+        activityTotals,
+      }));
+    } catch (err) {
+      admin._error(req, res, err);
+    }
+  }
+
+  async list(req, res) {
+    const admin = this._admin;
+    try {
+      const R = admin._resolve(req.params.resource, res);
+      if (!R) return;
+
+      const query = {
+        page:    Number(req.query.page)    || 1,
+        search:  req.query.search          || '',
+        sort:    req.query.sort            || 'id',
+        order:   req.query.order           || 'desc',
+        perPage: Number(req.query.perPage) || R.perPage,
+        year:    req.query.year            || null,
+        month:   req.query.month           || null,
+      };
+
+      const activeFilters = {};
+      if (req.query.filter) {
+        for (const [k, v] of Object.entries(req.query.filter)) {
+          if (v !== '') activeFilters[k] = v;
+        }
+      }
+
+      const result = await R.fetchList({ ...query, filters: activeFilters });
+      const rows   = result.data.map(r => r.toJSON ? r.toJSON() : r);
+
+      const perms = {
+        canCreate: admin._perm(R, 'add',    req.adminUser),
+        canEdit:   admin._perm(R, 'change', req.adminUser),
+        canDelete: admin._perm(R, 'delete', req.adminUser),
+        canView:   admin._perm(R, 'view',   req.adminUser),
+      };
+
+      return admin._render(req, res, 'pages/list.njk',
+        ViewContext.list(R, {
+          rows, result, query, activeFilters, perms,
+          baseCtx: admin._ctxWithFlash(req, res, {}),
+        }), R);
+    } catch (err) {
+      admin._error(req, res, err);
+    }
+  }
+
+  async create(req, res) {
+    const admin = this._admin;
+    try {
+      const R = admin._resolve(req.params.resource, res);
+      if (!R) return;
+      if (!admin._perm(R, 'add', req.adminUser)) {
+        return res.status(403).send(`You do not have permission to add ${R._getLabelSingular()} records.`);
+      }
+
+      return admin._render(req, res, 'pages/form.njk',
+        ViewContext.create(R, {
+          adminPrefix: admin._config.prefix,
+          baseCtx:     admin._ctxWithFlash(req, res, {}),
+        }), R);
+    } catch (err) {
+      admin._error(req, res, err);
+    }
+  }
+
+  async store(req, res) {
+    const admin = this._admin;
+    try {
+      const R = admin._resolve(req.params.resource, res);
+      if (!R) return;
+      if (!admin._perm(R, 'add', req.adminUser)) {
+        return res.status(403).send(`You do not have permission to add ${R._getLabelSingular()} records.`);
+      }
+      if (!admin._verifyCsrf(req, res)) return;
+
+      const record = await R.create(req.body, { user: req.adminUser, resource: R });
+      ActivityLog.record('create', R.slug, record?.id, `New ${R._getLabelSingular()}`, req.adminUser);
+
+      const submit = req.body._submit || 'save';
+      if (submit === 'continue' && record?.id) {
+        AdminAuth.setFlash(res, 'success', `${R._getLabelSingular()} created. You may continue editing.`);
+        return res.redirect(`${admin._config.prefix}/${R.slug}/${record.id}/edit`);
+      }
+      if (submit === 'add_another') {
+        AdminAuth.setFlash(res, 'success', `${R._getLabelSingular()} created. Add another below.`);
+        return res.redirect(`${admin._config.prefix}/${R.slug}/create`);
+      }
+
+      admin._flash(req, 'success', `${R._getLabelSingular()} created successfully`);
+      admin._redirectWithFlash(res, `${admin._config.prefix}/${R.slug}`, req._flashType, req._flashMessage);
+    } catch (err) {
+      if (err.status === 422) {
+        const R = admin._resources.get(req.params.resource);
+        return admin._render(req, res, 'pages/form.njk',
+          ViewContext.create(R, {
+            adminPrefix: admin._config.prefix,
+            record:      req.body,
+            errors:      err.errors || {},
+            baseCtx:     admin._ctxWithFlash(req, res, {}),
+          }), R);
+      }
+      admin._error(req, res, err);
+    }
+  }
+
+  async edit(req, res) {
+    const admin = this._admin;
+    try {
+      const R = admin._resolve(req.params.resource, res);
+      if (!R) return;
+      if (!admin._perm(R, 'change', req.adminUser)) {
+        return res.status(403).send(`You do not have permission to change ${R._getLabelSingular()} records.`);
+      }
+
+      const record = await R.fetchOne(req.params.id);
+      const data   = record.toJSON ? record.toJSON() : record;
+
+      return admin._render(req, res, 'pages/form.njk',
+        ViewContext.edit(R, {
+          adminPrefix: admin._config.prefix,
+          id:          req.params.id,
+          record:      data,
+          canDelete:   admin._perm(R, 'delete', req.adminUser),
+          baseCtx:     admin._ctxWithFlash(req, res, {}),
+        }), R);
+    } catch (err) {
+      admin._error(req, res, err);
+    }
+  }
+
+  async update(req, res) {
+    const admin = this._admin;
+    try {
+      const R = admin._resolve(req.params.resource, res);
+      if (!R) return;
+      if (!admin._perm(R, 'change', req.adminUser)) {
+        return res.status(403).send(`You do not have permission to change ${R._getLabelSingular()} records.`);
+      }
+      if (!admin._verifyCsrf(req, res)) return;
+
+      const method = req.body._method || 'POST';
+      if (method === 'PUT' || method === 'POST') {
+        await R.update(req.params.id, req.body, { user: req.adminUser, resource: R });
+        ActivityLog.record('update', R.slug, req.params.id, `${R._getLabelSingular()} #${req.params.id}`, req.adminUser);
+
+        const submit = req.body._submit || 'save';
+        if (submit === 'continue') {
+          AdminAuth.setFlash(res, 'success', 'Changes saved. You may continue editing.');
+          return res.redirect(`${admin._config.prefix}/${R.slug}/${req.params.id}/edit`);
+        }
+
+        admin._flash(req, 'success', `${R._getLabelSingular()} updated successfully`);
+        admin._redirectWithFlash(res, `${admin._config.prefix}/${R.slug}`, req._flashType, req._flashMessage);
+      }
+    } catch (err) {
+      if (err.status === 422) {
+        const R = admin._resources.get(req.params.resource);
+        return admin._render(req, res, 'pages/form.njk',
+          ViewContext.edit(R, {
+            adminPrefix: admin._config.prefix,
+            id:          req.params.id,
+            record:      { id: req.params.id, ...req.body },
+            canDelete:   admin._perm(R, 'delete', req.adminUser),
+            errors:      err.errors || {},
+            baseCtx:     admin._ctxWithFlash(req, res, {}),
+          }), R);
+      }
+      admin._error(req, res, err);
+    }
+  }
+
+  async destroy(req, res) {
+    const admin = this._admin;
+    try {
+      const R = admin._resolve(req.params.resource, res);
+      if (!R) return;
+      if (!admin._perm(R, 'delete', req.adminUser)) {
+        return res.status(403).send(`You do not have permission to delete ${R._getLabelSingular()} records.`);
+      }
+      if (!admin._verifyCsrf(req, res)) return;
+
+      await R.destroy(req.params.id, { user: req.adminUser, resource: R });
+      ActivityLog.record('delete', R.slug, req.params.id, `${R._getLabelSingular()} #${req.params.id}`, req.adminUser);
+      admin._flash(req, 'success', `${R._getLabelSingular()} deleted`);
+      admin._redirectWithFlash(res, `${admin._config.prefix}/${R.slug}`, req._flashType, req._flashMessage);
+    } catch (err) {
+      admin._error(req, res, err);
+    }
+  }
+
+  async detail(req, res) {
+    const admin = this._admin;
+    try {
+      const R = admin._resolve(req.params.resource, res);
+      if (!R) return;
+      if (!admin._perm(R, 'view', req.adminUser)) {
+        if (admin._perm(R, 'change', req.adminUser)) {
+          return res.redirect(`${admin._config.prefix}/${R.slug}/${req.params.id}/edit`);
+        }
+        return res.status(403).send(`You do not have permission to view ${R._getLabelSingular()} records.`);
+      }
+
+      const record = await R.fetchOne(req.params.id);
+      const data   = record.toJSON ? record.toJSON() : record;
+
+      const inlineData = await Promise.all(
+        (R.inlines || []).map(async (inline, idx) => {
+          const rows = await inline.fetchRows(data[R.model.primaryKey || 'id']);
+          return { ...inline.toJSON(), rows, inlineIndex: idx };
+        })
+      );
+
+      return admin._render(req, res, 'pages/detail.njk',
+        ViewContext.detail(R, {
+          id:         req.params.id,
+          record:     data,
+          inlineData,
+          perms: {
+            canEdit:   admin._perm(R, 'change', req.adminUser),
+            canDelete: admin._perm(R, 'delete', req.adminUser),
+            canCreate: admin._perm(R, 'add',    req.adminUser),
+          },
+          baseCtx: admin._ctxWithFlash(req, res, {}),
+        }), R);
+    } catch (err) {
+      admin._error(req, res, err);
+    }
+  }
+
+  async search(req, res) {
+    const admin = this._admin;
+    try {
+      const q = (req.query.q || '').trim();
+
+      if (!q) {
+        return admin._render(req, res, 'pages/search.njk',
+          ViewContext.search({
+            query: '', results: [], total: 0,
+            baseCtx: admin._ctxWithFlash(req, res, { activePage: 'search' }),
+          }));
+      }
+
+      const results = await Promise.all(
+        admin.resources().map(async (R) => {
+          if (!R.searchable || !R.searchable.length) return null;
+          try {
+            const result = await R.fetchList({ page: 1, perPage: 8, search: q });
+            if (!result.data.length) return null;
+            return {
+              slug:     R.slug,
+              label:    R._getLabel(),
+              singular: R._getLabelSingular(),
+              icon:     R.icon,
+              total:    result.total,
+              rows:     result.data.map(r => r.toJSON ? r.toJSON() : r),
+              listFields: R.fields()
+                .filter(f => f._type !== 'tab' && !f._hidden && !f._detailOnly)
+                .slice(0, 4)
+                .map(f => f.toJSON()),
+            };
+          } catch { return null; }
+        })
+      );
+
+      const filtered = results.filter(Boolean);
+      const total    = filtered.reduce((s, r) => s + r.total, 0);
+
+      return admin._render(req, res, 'pages/search.njk',
+        ViewContext.search({
+          query: q, results: filtered, total,
+          baseCtx: admin._ctxWithFlash(req, res, { activePage: 'search' }),
+        }));
+    } catch (err) {
+      admin._error(req, res, err);
+    }
+  }
+}
+
+module.exports = PageHandler;

package/src/admin/resources/AdminResource.js

@@ -52,9 +52,21 @@ class AdminResource {
   /** Singular label */
   static labelSingular = null;
 
-  /** SVG icon id (without ic- prefix) */
+  /** Bootstrap Icons name (e.g. 'house', 'people', 'credit-card') */
   static icon = 'table';
 
+  /**
+   * Sidebar group label. Resources with the same group are rendered under
+   * the same collapsible section in the admin sidebar.
+   *
+   *   static group = 'Property & Units';
+   *   static group = 'Payments';
+   *   static group = 'KYC';
+   *
+   * Resources with no group are placed under a default 'Resources' section.
+   */
+  static group = null;
+
   /** Records per page default */
   static perPage = 20;
 
@@ -431,6 +443,15 @@ class AdminResource {
           // Never write id — already deleted above
           delete clean[key];
           break;
+        case 'password':
+          // Blank password on an edit form means "keep the current hash" —
+          // remove the key entirely so it is never written to the DB and
+          // never passed to before_save. Non-blank values pass through as-is;
+          // the developer hashes them in before_save using Hash.make().
+          if (raw === '' || raw === null || raw === undefined) {
+            delete clean[key];
+          }
+          break;
         default:
           // string-like fields: leave as-is
       }

package/src/admin/static/SelectFilter2.js

@@ -0,0 +1,34 @@
+/**
+ * SelectFilter2.js — Millas Admin M2M Dual-List Widget
+ *
+ * Moves options between "available" and "chosen" select lists.
+ * Also ensures all chosen options are selected before form submit
+ * so their values are included in the POST body.
+ *
+ * Requires: jQuery
+ */
+(function ($) {
+  'use strict';
+
+  // ── Move options between lists ───────────────────────────────────────────────
+  window.m2mMove = function (fieldName, fromId, toId) {
+    $('#m2m-' + fromId + '-' + fieldName + ' option:selected')
+      .appendTo('#m2m-' + toId + '-' + fieldName);
+  };
+
+  // ── Wire move buttons via data attributes ────────────────────────────────────
+  $(document).on('click', '[data-m2m-move]', function () {
+    var fieldName = $(this).data('m2m-field');
+    var from      = $(this).data('m2m-from');
+    var to        = $(this).data('m2m-to');
+    if (fieldName && from && to) {
+      m2mMove(fieldName, from, to);
+    }
+  });
+
+  // ── Select all chosen before form submit ─────────────────────────────────────
+  $(document).on('submit', 'form', function () {
+    $('[id^="m2m-chosen-"] option').prop('selected', true);
+  });
+
+}(jQuery));

package/src/admin/static/actions.js

@@ -0,0 +1,201 @@
+/**
+ * actions.js — Millas Admin List Page
+ *
+ * Bulk selection, bulk delete, bulk actions, filter toggle,
+ * per-row action dropdowns and context menus.
+ *
+ * Requires: ui.js, core.js, jQuery
+ */
+(function ($) {
+  'use strict';
+
+  $(function () {
+    var PREFIX = (window.MILLAS_ADMIN_PREFIX || '/admin').replace(/\/+$/, '');
+    var SLUG   = (window.MILLAS_RESOURCE_SLUG || '').replace(/\/+$/, '');
+
+    // ── Filter panel ─────────────────────────────────────────────────────────
+    if (window.MILLAS_HAS_ACTIVE_FILTERS) {
+      $('#filter-panel').show();
+    }
+
+    $(document).on('click', '#filter-toggle', function () {
+      $('#filter-panel').toggle();
+    });
+
+    // ── Live search on Enter ──────────────────────────────────────────────────
+    $('#search-form input[name="search"]').on('keydown', function (e) {
+      if (e.key === 'Enter') $('#search-form').submit();
+    });
+
+    // ── Bulk selection ────────────────────────────────────────────────────────
+    function updateBulkBar() {
+      var $checked = $('.item-check:checked');
+      var n        = $checked.length;
+      var total    = $('.item-check').length;
+      $('#bulk-bar').toggleClass('visible', n > 0);
+      $('#bulk-count').text(n + ' selected');
+      $('#check-all')
+        .prop('indeterminate', n > 0 && n < total)
+        .prop('checked',       n > 0 && n === total);
+    }
+
+    $(document).on('click', '#check-all', function () {
+      $('.item-check').prop('checked', this.checked);
+      updateBulkBar();
+    });
+
+    $(document).on('change', '.item-check', updateBulkBar);
+
+    $(document).on('click', '#clear-selection', function () {
+      $('.item-check, #check-all').prop('checked', false).prop('indeterminate', false);
+      updateBulkBar();
+    });
+
+    // ── Bulk delete ───────────────────────────────────────────────────────────
+    $(document).on('click', '#bulk-delete-btn', function () {
+      var ids   = $('.item-check:checked').map(function () { return this.value; }).get();
+      if (!ids.length) return;
+      var label = ids.length + ' record' + (ids.length > 1 ? 's' : '');
+      UI.Confirm.show({
+        title:   'Delete ' + label,
+        message: 'Delete <strong>' + label + '</strong>? This cannot be undone.',
+        confirm: 'Delete',
+        danger:  true,
+      }).then(function (ok) {
+        if (!ok) return;
+        var csrf  = $('meta[name="csrf-token"]').attr('content') || '';
+        var $form = $('<form method="POST">').attr('action', PREFIX + '/' + SLUG + '/bulk-delete');
+        $form.append('<input name="_csrf" value="' + csrf + '">');
+        $.each(ids, function (_, id) {
+          $form.append('<input type="hidden" name="ids[]" value="' + id + '">');
+        });
+        $form.appendTo('body').submit();
+      });
+    });
+
+    // ── Bulk action ───────────────────────────────────────────────────────────
+    $(document).on('click', '[data-bulk-action]', function () {
+      var actionIndex = $(this).data('bulk-action');
+      var ids         = $('.item-check:checked').map(function () { return this.value; }).get();
+      if (!ids.length) return;
+      var csrf  = $('meta[name="csrf-token"]').attr('content') || '';
+      var $form = $('<form method="POST">').attr('action', PREFIX + '/' + SLUG + '/bulk-action');
+      $form.append('<input name="_csrf" value="' + csrf + '">');
+      $form.append('<input type="hidden" name="actionIndex" value="' + actionIndex + '">');
+      $.each(ids, function (_, id) {
+        $form.append('<input type="hidden" name="ids[]" value="' + id + '">');
+      });
+      $form.appendTo('body').submit();
+    });
+
+    // ── Export menu ───────────────────────────────────────────────────────────
+    var $exportBtn   = $('#export-menu-btn');
+    var $exportPanel = $('#export-menu-panel');
+    if ($exportBtn.length && $exportPanel.length) {
+      var exportDd = UI.Dropdown.create({
+        anchor:    $exportBtn[0],
+        content:   $exportPanel[0],
+        placement: 'bottom-end',
+        offset:    4,
+      });
+      $exportBtn.on('click', function () { exportDd.toggle(); });
+    }
+
+    // ── Per-row action menus ──────────────────────────────────────────────────
+    $('.ui-menu').each(function () {
+      var $menu  = $(this);
+      var $btn   = $menu.find('.ui-menu-trigger');
+      var $panel = $menu.find('.ui-menu-panel');
+      if (!$btn.length || !$panel.length) return;
+
+      var dd = UI.Dropdown.create({
+        anchor:    $btn[0],
+        content:   $panel[0],
+        placement: 'bottom-end',
+        offset:    4,
+      });
+
+      $btn.on('click', function (e) {
+        e.stopPropagation();
+        dd.toggle();
+      });
+
+      $panel.find('[data-confirm-delete]').on('click', function () {
+        dd.close();
+        confirmDelete($(this).data('confirm-delete'), $(this).data('confirm-label'));
+      });
+
+      $panel.find('[data-row-action]').on('click', function () {
+        dd.close();
+        var url   = $(this).data('row-action');
+        var label = $(this).data('row-action-label');
+        UI.Confirm.show({
+          title:   label,
+          message: 'Run <strong>' + label + '</strong> on this record?',
+          confirm: label,
+        }).then(function (ok) {
+          if (!ok) return;
+          var csrf  = $('meta[name="csrf-token"]').attr('content') || '';
+          var $form = $('<form method="POST">').attr('action', url);
+          $form.append('<input name="_csrf" value="' + csrf + '">');
+          $form.appendTo('body').submit();
+        });
+      });
+
+      // ── Right-click context menu ──────────────────────────────────────────
+      (function ($menuPanel) {
+        var $row = $menuPanel.closest('tr');
+
+        $row.on('contextmenu', function (e) {
+          e.preventDefault();
+          e.stopPropagation();
+
+          $('.context-menu-portal').remove();
+
+          var $p = $('<div class="ui-menu-panel context-menu-portal"></div>');
+          $p.html($menuPanel.html());
+          $p.css({
+            position: 'fixed',
+            top:      Math.min(e.clientY, window.innerHeight - 240) + 'px',
+            left:     Math.min(e.clientX, window.innerWidth  - 190) + 'px',
+            zIndex:   9999,
+          });
+          $('body').append($p);
+
+          $p.find('[data-confirm-delete]').on('click', function () {
+            $p.remove();
+            confirmDelete($(this).data('confirm-delete'), $(this).data('confirm-label'));
+          });
+
+          $p.find('[data-row-action]').on('click', function () {
+            $p.remove();
+            var _url   = $(this).data('row-action');
+            var _label = $(this).data('row-action-label');
+            UI.Confirm.show({
+              title:   _label,
+              message: 'Run <strong>' + _label + '</strong> on this record?',
+              confirm: _label,
+            }).then(function (ok) {
+              if (!ok) return;
+              var csrf  = $('meta[name="csrf-token"]').attr('content') || '';
+              var $form = $('<form method="POST">').attr('action', _url);
+              $form.append('<input name="_csrf" value="' + csrf + '">');
+              $form.appendTo('body').submit();
+            });
+          });
+
+          $p.find('a.ui-menu-item').on('click', function () { $p.remove(); });
+
+          setTimeout(function () {
+            $(document).one('click.ctxmenu', function () { $p.remove(); });
+          }, 0);
+          $(document).one('keydown.ctxmenu', function (ev) {
+            if (ev.key === 'Escape') { $p.remove(); }
+          });
+        });
+      }($panel));
+    });
+
+  });
+
+}(jQuery));

package/src/admin/static/admin.css

@@ -97,6 +97,13 @@
       overflow-y: auto;
       overflow-x: hidden;
     }
+    .nav-section-container{
+         display: flex;
+      flex-direction: column;
+      overflow-y: auto;
+      overflow-x: hidden;
+        flex-grow: 1;
+    }
 
     .sidebar-brand {
       padding: 18px 16px 16px;