update ordedr list

fix filter order by outlet id
Revert "add filter order by outlet id"
2026-05-14 16:17:28 +07:00 · 2026-05-14 15:57:46 +07:00 · 2026-05-14 15:28:45 +07:00 · 2026-05-14 15:15:32 +07:00 · 2026-05-14 14:46:32 +07:00 · 2026-05-14 14:41:50 +07:00
4 changed files with 41 additions and 24 deletions
--- a/2
+++ b/2
@ -1,5 +1,5 @@
 # 1) Build stage
-FROM golang:1.24-alpine AS build
+FROM golang:1.21-alpine AS build
 RUN apk --no-cache add ca-certificates tzdata git curl
 WORKDIR /src
 COPY go.mod go.sum ./
--- a/internal/handler/order_handler.go
+++ b/internal/handler/order_handler.go
@ -140,6 +140,7 @@ func (h *OrderHandler) ListOrders(c *gin.Context) {
 	if modelReq.OutletID == nil && contextInfo.OutletID != uuid.Nil {
 		modelReq.OutletID = &contextInfo.OutletID
 	}
+
 	response, err := h.orderService.ListOrders(c.Request.Context(), modelReq)
 	if err != nil {
 		util.HandleResponse(c.Writer, c.Request, contract.BuildErrorResponse([]*contract.ResponseError{contract.NewResponseError("internal_error", "OrderHandler::ListOrders", err.Error())}), "OrderHandler::ListOrders")
--- a/internal/repository/order_repository.go
+++ b/internal/repository/order_repository.go
@ -98,7 +98,42 @@ func (r *OrderRepositoryImpl) List(ctx context.Context, filters map[string]inter
 	var orders []*entities.Order
 	var total int64

-	query := r.db.WithContext(ctx).Model(&entities.Order{}).
+	// organization_id is mandatory to prevent cross-org data leaks
+	organizationID, ok := filters["organization_id"]
+	if !ok {
+		return nil, 0, fmt.Errorf("organization_id is required for listing orders")
+	}
+
+	baseQuery := r.db.WithContext(ctx).Model(&entities.Order{}).
+		Where("organization_id = ?", organizationID)
+
+	// outlet_id is optional — if present, scope to that outlet; otherwise return all outlets in the org
+	if outletID, exists := filters["outlet_id"]; exists {
+		baseQuery = baseQuery.Where("outlet_id = ?", outletID)
+	}
+
+	for key, value := range filters {
+		switch key {
+		case "organization_id", "outlet_id":
+			// already handled above
+		case "search":
+			searchValue := "%" + value.(string) + "%"
+			baseQuery = baseQuery.Where("order_number ILIKE ?", searchValue)
+		case "date_from":
+			baseQuery = baseQuery.Where("created_at >= ?", value)
+		case "date_to":
+			baseQuery = baseQuery.Where("created_at <= ?", value)
+		default:
+			baseQuery = baseQuery.Where(key+" = ?", value)
+		}
+	}
+
+	// Use separate queries for count and find to avoid GORM state mutation issues
+	if err := baseQuery.Count(&total).Error; err != nil {
+		return nil, 0, err
+	}
+
+	err := baseQuery.
 		Preload("Organization").
 		Preload("Outlet").
 		Preload("User").
@ -107,27 +142,8 @@ func (r *OrderRepositoryImpl) List(ctx context.Context, filters map[string]inter
 		Preload("OrderItems.ProductVariant").
 		Preload("Payments").
 		Preload("Payments.PaymentMethod").
-		Preload("Payments.PaymentOrderItems")
-
-	for key, value := range filters {
-		switch key {
-		case "search":
-			searchValue := "%" + value.(string) + "%"
-			query = query.Where("order_number ILIKE ?", searchValue)
-		case "date_from":
-			query = query.Where("created_at >= ?", value)
-		case "date_to":
-			query = query.Where("created_at <= ?", value)
-		default:
-			query = query.Where(key+" = ?", value)
-		}
-	}
-
-	if err := query.Count(&total).Error; err != nil {
-		return nil, 0, err
-	}
-
-	err := query.Limit(limit).Offset(offset).Order("created_at DESC").Find(&orders).Error
+		Preload("Payments.PaymentOrderItems").
+		Limit(limit).Offset(offset).Order("created_at DESC").Find(&orders).Error
 	return orders, total, err
 }

--- a/internal/repository/organization_repository.go
+++ b/internal/repository/organization_repository.go
@ -105,7 +105,7 @@ func (r *OrganizationRepositoryImpl) GetTotalOmset(ctx context.Context, organiza
 	var total float64
 	err := r.db.WithContext(ctx).
 		Table("orders").
-		Where("organization_id = ? AND payment_status = ?", organizationID, "completed").
+		Where("organization_id = ? AND payment_status = ? AND is_void = ? AND is_refund = ?", organizationID, "completed", false, false).
 		Select("COALESCE(SUM(total_amount), 0)").
 		Scan(&total).Error
 	return total, err
Author	SHA1	Message	Date
Efril	d9b51a7616	update ordedr list	2026-05-14 16:17:28 +07:00
ryan	b27e40b531	fix filter order by outlet id	2026-05-14 15:57:46 +07:00
ryan	44aca7641f	Revert "add filter order by outlet id" This reverts commit a89ff00d9463283fcbd64930e03a243c28724ada.	2026-05-14 15:28:45 +07:00
ryan	a89ff00d94	add filter order by outlet id	2026-05-14 15:15:32 +07:00
ryan	227f11359c	Revert "add list order by outlet id" This reverts commit 7a737d7f830faadcad8e7eaec09f160d436a0049.	2026-05-14 14:46:32 +07:00
ryan	7a737d7f83	add list order by outlet id	2026-05-14 14:41:50 +07:00
ryan	312ea94e62	fix scheduler counting void and refund	2026-05-14 14:22:07 +07:00