- Email notyfikacji zawiera numer zamówienia, klienta, datę, kwotę
- Order joby (send_order, sync_payment, sync_status) ponawiane w nieskończoność co 30 min
- Rozróżnienie PONAWIANY vs TRWAŁY BŁĄD w emailu
- Cleanup stuck jobów po udanym wysłaniu zamówienia
- +2 testy infinite retry w CronJobRepositoryTest
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Nowa klasa \Shared\Security\CsrfToken (generate/validate/regenerate)
- Token CSRF we wszystkich formularzach edycji (form-edit.php)
- Walidacja CSRF w FormRequestHandler::handleSubmit()
- Token CSRF w formularzu logowania i formularzach 2FA
- Walidacja CSRF w App::special_actions() dla żądań POST
- Regeneracja tokenu po udanym logowaniu (bezpośrednia i przez 2FA)
- Fix XSS: htmlspecialchars na $alert w unlogged-layout.php
- 7 nowych testów CsrfTokenTest (817 testów łącznie)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Token CSRF w sesji zapobiega duplikowaniu zamówień przy wielokrotnym
kliknięciu przycisku. Przy duplikacie przekierowanie do istniejącego
zamówienia. JS naprawiony — nasłuch na submit formularza zamiast click.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ProductRepository::getProductForApi() eksportuje new_to_date, additional_message,
additional_message_required, additional_message_text
- ProductsApiController obsługuje te pola w PUT/PATCH
- Zaktualizowana dokumentacja API.md i CHANGELOG
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace file-based JSON cron queue with DB-backed job queue (pp_cron_jobs,
pp_cron_schedules). New Domain\CronJob module: CronJobType (constants),
CronJobRepository (CRUD, atomic fetch, retry/backoff), CronJobProcessor
(orchestration with handler registration). Priority ordering guarantees
apilo_send_order (40) runs before sync tasks (50). Includes cron.php auth
protection, race condition fix in fetchNext, API response validation,
and DI wiring across all entry points. 41 new tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- NEW: IntegrationsRepository::shopproExportProduct() — eksport produktu do
zdalnej instancji shopPRO (pola główne, tłumaczenia, custom fields, zdjęcia)
- NEW: sendImageToShopproApi() — wysyłka zdjęć przez API shopPRO (base64 POST)
- REFACTOR: shopproImportProduct() — wydzielono shopproDb() i
missingShopproSetting(); dodano security_information, producer_id,
custom fields, alt zdjęcia
- NEW: AttributeRepository::ensureAttributeForApi() i
ensureAttributeValueForApi() — idempotent find-or-create dla słowników
- NEW: API POST dictionaries/ensure_attribute — utwórz lub znajdź atrybut
- NEW: API POST dictionaries/ensure_attribute_value — utwórz lub znajdź wartość
- NEW: API POST products/upload_image — przyjmuje base64, zapisuje plik i DB
- NEW: IntegrationsController::shoppro_product_export() — akcja admina
- NEW: przycisk "Eksportuj do shopPRO" w liście produktów
- NEW: pole API key w ustawieniach integracji shopPRO
Tests: 765 tests, 2153 assertions — all green
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Nowa zakladka "Logi" w sekcji Integracje - podglad tabeli pp_log
z paginacja, sortowaniem, filtrami i rozwijalnym kontekstem JSON.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Kolorowe badge statusow na liscie zamowien (pp_shop_statuses.color)
- Walidacja hex koloru z DB (regex), sanityzacja HTML transport
- Polaczenie 2 zapytan SQL w jedno orderStatusData()
- Path-based form submit w table-list.php (admin URL routing)
- 11 nowych testow (750 total, 2114 assertions)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When all payment methods for a transport are filtered out by
min_order_amount/max_order_amount limits, the transport is now hidden
from the basket. Prevents showing delivery options with empty payment
method lists (e.g. "Kurier - płatność przy odbiorze" when COD exceeds
max amount).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace hardcoded PayPo condition (id=6, 40-1000 PLN) with generic
min/max order amount columns on pp_shop_payment_methods. Admin form
fields added, frontend basket checkout filters dynamically. Cache
invalidation on save. 4 new tests (734 total, 2080 assertions).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the manual ZIP packaging workflow with an automated build script.
UpdateRepository now supports both manifest JSON format (new) and legacy
_sql.txt/_files.txt format (fallback), enabling a smooth transition for
existing client instances.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New API layer: ApiRouter, OrdersApiController, DictionariesApiController
- Orders API: list (with filters/pagination/updated_since), details, change status, set paid/unpaid
- Dictionaries API: order statuses, transport methods, payment methods
- X-Api-Key authentication via pp_settings.api_key
- OrderRepository: listForApi(), findForApi(), touchUpdatedAt()
- updated_at column on pp_shop_orders for polling support
- api.php: skip session for API requests, route to ApiRouter
- SettingsController: api_key field in system tab
- 30 new tests (666 total, 1930 assertions)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Order product CRUD in admin panel (add, delete, edit quantity/prices)
- AJAX product search endpoint for order edit form
- Automatic stock adjustment when editing order products
- Transport cost recalculation based on free delivery threshold
- Fix: promo price = 0 when equal to base price (no real promotion)
- Clean up stale temp/ build artifacts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add cached frontend methods to existing Domain repositories (allSettings, getSingleValue, defaultLanguage, activeLanguages, translations)
- Convert front\factory\Settings and Languages to facades delegating to Domain repositories
- Fix get_single_settings_value() - was hardcoded to 'firm_name', now uses $param correctly
- Add CacheHandler stub methods (get/set/exists) to test bootstrap
- Establish architectural rule: Domain classes are shared between admin and frontend
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Implemented TransportRepository for managing transport data with methods for listing, finding, saving, and retrieving transport costs.
- Created ShopTransportController to handle transport-related actions, including listing, editing, and saving transports.
- Added views for transport management: transports list and transport edit forms.
- Introduced JavaScript for responsive tabs in transport edit view.
- Updated testing suite with comprehensive unit tests for TransportRepository and ShopTransportController.
- Increased test coverage with new assertions and scenarios for transport functionalities.
