transactionModel = $this->model('Transaction'); } /** * List all transactions */ public function index() { $this->requireLogin(); $user = $this->getCurrentUser(); $locationId = $user['role_name'] === 'admin' ? null : $user['location_id']; // Get filters from URL $dateFrom = $_GET['date_from'] ?? date('Y-m-d'); $dateTo = $_GET['date_to'] ?? date('Y-m-d'); $search = $_GET['search'] ?? ''; // Get transactions $transactions = $this->transactionModel->getAllTransactions($locationId, $dateFrom, $dateTo, $search); // Get summary $summary = $this->transactionModel->getDailySummary( $locationId ?? 1, date('Y-m-d') ); $data = [ 'title' => 'Transactions - ' . config('app_name'), 'user' => $user, 'transactions' => $transactions, 'summary' => $summary, 'dateFrom' => $dateFrom, 'dateTo' => $dateTo, 'search' => $search ]; $this->view('transactions/index', $data); } /** * View single transaction details * Method name: detail (not view - to avoid conflict with parent) * * @param int $transactionId Transaction ID */ public function detail($transactionId = null) { $this->requireLogin(); if (!$transactionId) { $this->setFlash('Transaction ID required', 'error'); $this->redirect('transaction'); return; } $transaction = $this->transactionModel->getTransactionById($transactionId); if (!$transaction) { $this->setFlash('Transaction not found', 'error'); $this->redirect('transaction'); return; } // Check permission $user = $this->getCurrentUser(); if ($user['role_name'] !== 'admin' && $transaction['location_id'] != $user['location_id']) { $this->setFlash('Access denied', 'error'); $this->redirect('transaction'); return; } $items = $this->transactionModel->getTransactionItems($transactionId); $data = [ 'title' => 'Transaction Details - ' . $transaction['receipt_number'], 'user' => $user, 'transaction' => $transaction, 'items' => $items ]; $this->view('transactions/view', $data); } /** * Void a transaction (admin only) * * @param int $transactionId Transaction ID */ public function void($transactionId = null) { $this->requireRole('admin'); if ($_SERVER['REQUEST_METHOD'] !== 'POST') { $this->redirect('transaction'); return; } if (!$transactionId) { $this->setFlash('Transaction ID required', 'error'); $this->redirect('transaction'); return; } // Validate CSRF if (!$this->validateCSRF($_POST['csrf_token'] ?? '')) { $this->setFlash('Invalid security token', 'error'); $this->redirect('transaction'); return; } $reason = $this->sanitize($_POST['reason'] ?? ''); if (empty($reason)) { $this->setFlash('Please provide a reason for voiding', 'error'); $this->redirect('transaction/detail/' . $transactionId); return; } $userId = $_SESSION['user_id']; if ($this->transactionModel->voidTransaction($transactionId, $reason, $userId)) { $this->logAudit('void_transaction', 'transactions', $transactionId, null, ['reason' => $reason]); $this->setFlash('Transaction voided successfully', 'success'); } else { $this->setFlash('Failed to void transaction', 'error'); } $this->redirect('transaction'); } /** * Search transactions (AJAX) */ public function search() { header('Content-Type: application/json'); $this->requireLogin(); $user = $this->getCurrentUser(); $locationId = $user['role_name'] === 'admin' ? null : $user['location_id']; $search = $_GET['q'] ?? ''; $transactions = $this->transactionModel->getAllTransactions($locationId, null, null, $search); $this->json([ 'success' => true, 'transactions' => $transactions ]); } /** * Print receipt * * @param int $transactionId Transaction ID */ public function receipt($transactionId = null) { $this->requireLogin(); if (!$transactionId) { die('Transaction ID required'); } $transaction = $this->transactionModel->getTransactionById($transactionId); if (!$transaction) { die('Transaction not found'); } $items = $this->transactionModel->getTransactionItems($transactionId); $data = [ 'transaction' => $transaction, 'items' => $items ]; $this->view('transactions/receipt', $data); } } ?>