star-erp/app/Http/Controllers/ProductController.php

<?php

namespace App\Http\Controllers;

use App\Models\Product;
use App\Models\Unit;
use Illuminate\Http\Request;
use Inertia\Inertia;
use Inertia\Response;

class ProductController extends Controller
{
    /**
     * Display a listing of the resource.
     */
    public function index(Request $request): Response
    {
        $query = Product::with(['category', 'baseUnit', 'largeUnit', 'purchaseUnit']);

        if ($request->filled('search')) {
            $search = $request->search;
            $query->where(function ($q) use ($search) {
                $q->where('name', 'like', "%{$search}%")
                  ->orWhere('code', 'like', "%{$search}%")
                  ->orWhere('brand', 'like', "%{$search}%");
            });
        }

        if ($request->filled('category_id') && $request->category_id !== 'all') {
            $query->where('category_id', $request->category_id);
        }

        $perPage = $request->input('per_page', 10);
        if (!in_array($perPage, [10, 20, 50, 100])) {
            $perPage = 10;
        }

        $sortField = $request->input('sort_field', 'id');
        $sortDirection = $request->input('sort_direction', 'desc');
        
        // Define allowed sort fields to prevent SQL injection
        $allowedSorts = ['id', 'code', 'name', 'category_id', 'base_unit_id', 'conversion_rate'];
        if (!in_array($sortField, $allowedSorts)) {
            $sortField = 'id';
        }
        if (!in_array(strtolower($sortDirection), ['asc', 'desc'])) {
            $sortDirection = 'desc';
        }

        // Handle relation sorting (category name) separately if needed, or simple join
        if ($sortField === 'category_id') {
            // Join categories for sorting by name? Or just by ID?
            // Simple approach: sort by ID for now, or join if user wants name sort.
            // Let's assume standard field sorting first.
            $query->orderBy('category_id', $sortDirection);
        } else {
             $query->orderBy($sortField, $sortDirection);
        }

        $products = $query->paginate($perPage)->withQueryString();

        $categories = \App\Models\Category::where('is_active', true)->get();

        return Inertia::render('Product/Index', [
            'products' => $products,
            'categories' => $categories,
            'units' => Unit::all(),
            'filters' => $request->only(['search', 'category_id', 'per_page', 'sort_field', 'sort_direction']),
        ]);
    }

    /**
     * Store a newly created resource in storage.
     */
    public function store(Request $request)
    {
        $validated = $request->validate([
            'code' => 'required|string|max:2|unique:products,code',
            'name' => 'required|string|max:255',
            'category_id' => 'required|exists:categories,id',
            'brand' => 'nullable|string|max:255',
            'specification' => 'nullable|string',

            'base_unit_id' => 'required|exists:units,id',
            'large_unit_id' => 'nullable|exists:units,id',
            'conversion_rate' => 'required_with:large_unit_id|nullable|numeric|min:0.0001',
            'purchase_unit_id' => 'nullable|exists:units,id',
        ], [
            'code.required' => '商品代號為必填',
            'code.max' => '商品代號最多 2 碼',
            'code.unique' => '商品代號已存在',
            'name.required' => '商品名稱為必填',
            'category_id.required' => '請選擇分類',
            'category_id.exists' => '所選分類不存在',
            'base_unit_id.required' => '基本庫存單位為必填',
            'base_unit_id.exists' => '所選基本單位不存在',
            'conversion_rate.required_with' => '填寫大單位時，換算率為必填',
            'conversion_rate.numeric' => '換算率必須為數字',
            'conversion_rate.min' => '換算率最小為 0.0001',
        ]);
        
        $product = Product::create($validated);

        return redirect()->back()->with('success', '商品已建立');
    }

    /**
     * Update the specified resource in storage.
     */
    public function update(Request $request, Product $product)
    {
        $validated = $request->validate([
            'code' => 'required|string|max:2|unique:products,code,' . $product->id,
            'name' => 'required|string|max:255',
            'category_id' => 'required|exists:categories,id',
            'brand' => 'nullable|string|max:255',
            'specification' => 'nullable|string',
            'base_unit_id' => 'required|exists:units,id',
            'large_unit_id' => 'nullable|exists:units,id',
            'conversion_rate' => 'required_with:large_unit_id|nullable|numeric|min:0.0001',
            'purchase_unit_id' => 'nullable|exists:units,id',
        ], [
            'code.required' => '商品代號為必填',
            'code.max' => '商品代號最多 2 碼',
            'code.unique' => '商品代號已存在',
            'name.required' => '商品名稱為必填',
            'category_id.required' => '請選擇分類',
            'category_id.exists' => '所選分類不存在',
            'base_unit_id.required' => '基本庫存單位為必填',
            'base_unit_id.exists' => '所選基本單位不存在',
            'conversion_rate.required_with' => '填寫大單位時，換算率為必填',
            'conversion_rate.numeric' => '換算率必須為數字',
            'conversion_rate.min' => '換算率最小為 0.0001',
        ]);

        $product->update($validated);

        return redirect()->back()->with('success', '商品已更新');
    }

    /**
     * Remove the specified resource from storage.
     */
    public function destroy(Product $product)
    {
        $product->delete();

        return redirect()->back()->with('success', '商品已刪除');
    }
}