src/Controller/CarSaleDocumentController.php line 51

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\CarSale;
  6. use App\Entity\CarSaleDocument;
  7. use Doctrine\ORM\EntityManagerInterface;
  8. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  9. use Symfony\Component\Filesystem\Filesystem;
  10. use Symfony\Component\HttpFoundation\BinaryFileResponse;
  11. use Symfony\Component\HttpFoundation\File\UploadedFile;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpFoundation\Response;
  14. use Symfony\Component\HttpFoundation\ResponseHeaderBag;
  15. use Symfony\Component\Routing\Annotation\Route;
  17. use Symfony\Component\HttpFoundation\JsonResponse;
  20. #[Route('/car/sale/documents')]
  21. class CarSaleDocumentController extends AbstractController
  22. {
  23.     private const ALLOWED_MIME = [
  24.         'application/pdf',
  25.     ];
  27.     private const MAX_SIZE_BYTES 15 1024 1024// 15 MB
  29.     public function __construct(
  30.         private EntityManagerInterface $em,
  31.     ) {}
  33.     // ============ MODAL (HTML) ============
  34.     #[Route('/car-sale/{id}/documents/modal'name'car_sale_documents_modal'methods: ['GET'])]
  35.     public function modal(CarSale $carSaleEntityManagerInterface $em): Response
  36.     {
  37.         $docs $em->getRepository(\App\Entity\CarSaleDocument::class)->findBy(
  38.             ['carSale' => $carSale],
  39.             ['type' => 'ASC''uploadedAt' => 'DESC']
  40.         );
  42.         return $this->render('car_sale/documents_modal.html.twig', [
  43.             'car_sale'    => $carSale,
  44.             'documents'   => $docs,
  45.             'typeChoices' => ['CERTIFICADO_TRANSFERENCIA','MANDATO','DNI_COMPRADOR','DNI_VENDEDOR','TITULO','CEDULA','POLIZA','FORM_08','OTRO'],
  46.         ]);
  47.     }
  49.     // ============ LISTAR + FORMULARIO ============
  50.     #[Route('/car-sale/{id}/documents'name'car_sale_documents_index'methods: ['GET'])]
  51.     public function index(Request $requestCarSale $carSaleEntityManagerInterface $em): Response
  52.     {
  53.         $docs $em->getRepository(\App\Entity\CarSaleDocument::class)->findBy(
  54.             ['carSale' => $carSale],
  55.             ['type' => 'ASC''uploadedAt' => 'DESC']
  56.         );
  58.         $wantsJson $request->isXmlHttpRequest()
  59.             || str_contains((string) $request->headers->get('accept'), 'application/json');
  61.         if ($wantsJson) {
  62.             $items array_map(function (\App\Entity\CarSaleDocument $d) use ($carSale) {
  63.                 return [
  64.                     'id'          => $d->getId(),
  65.                     'type'        => $d->getType(),
  66.                     'fileName'    => $d->getFileName(),
  67.                     'filePath'    => $d->getFilePath(),
  68.                     'sizeBytes'   => $d->getSizeBytes(),
  69.                     'sizeHuman'   => $d->getSizeBytes() ? (string)round($d->getSizeBytes()/1024).' KB' null,
  70.                     'uploadedAt' => $d->getUploadedAt()
  71.                                     ? $d->getUploadedAt()
  72.                                         ->setTimezone(new \DateTimeZone('America/Argentina/Buenos_Aires'))
  73.                                         ->format('Y-m-d H:i:s') : null,
  74.                     'status'      => $d->getStatus(),
  75.                     'version'     => $d->getVersion(),
  76.                     'downloadUrl' => $this->generateUrl('car_sale_documents_download', ['id' => $d->getId()]),
  77.                     'deleteUrl'   => $this->generateUrl('car_sale_documents_delete',   ['id' => $d->getId()]),
  78.                     'viewUrl'     => $d->getFilePath(), 
  79.                     'csrfDelete'  => $this->container->get('security.csrf.token_manager')
  80.                          ->getToken('delete_document_'.$d->getId())->getValue(),
  81.                 ];
  82.             }, $docs);
  84.             return $this->json([
  85.                 'status'    => 'success',
  86.                 'saleId'    => $carSale->getId(),
  87.                 'documents' => $items,
  88.             ]);
  89.         }
  90.         return $this->render('document_sale.html.twig', [
  91.             'car_sale'    => $carSale,
  92.             'isCreated'   => (null !== $carSale->getId()),
  93.             'documents'   => $docs,      
  94.             'typeChoices' => ['CERTIFICADO_TRANSFERENCIA','MANDATO','DNI_COMPRADOR','DNI_VENDEDOR','TITULO','CEDULA','POLIZA','FORM_08','OTRO'],
  95.         ]);
  96.     }
  99.     // ============ SUBIR DESDE FORM HTML ============
  100.     #[Route('/car-sale/{id}/documents'name'car_sale_documents_upload'methods: ['POST'])]
  101.     public function upload(Request $requestCarSale $carSaleEntityManagerInterface $em): JsonResponse
  102.     {
  103.         if (!$this->canManageDocuments()) {
  104.             return new JsonResponse(['status' => 'error''message' => 'No tiene permisos para cargar documentos.'], 403);
  105.         }
  107.         $type $this->sanitizeType((string) $request->request->get('type'''));
  108.         $enforceSingleActive $request->request->get('enforceSingleActive''1') === '1';
  110.         if ($type === '') {
  111.             return new JsonResponse(['status' => 'error''message' => 'El campo "Tipo" es obligatorio.'], 400);
  112.         }
  114.         /** @var UploadedFile[]|null $files */
  115.         $files $request->files->all('files');
  116.         if (!$files || count($files) === 0) {
  117.             $file $request->files->get('file');
  118.             if ($file instanceof UploadedFile$files = [$file];
  119.         }
  120.         if (!$files || count($files) === 0) {
  121.             return new JsonResponse(['status' => 'error''message' => 'No se recibió ningún archivo.'], 400);
  122.         }
  124.         $savedCount 0;
  126.         foreach ($files as $file) {
  127.             if (!$file instanceof UploadedFile || !$file->isValid()) {
  128.                 // archivo inválido: seguimos con el resto
  129.                 continue;
  130.             }
  132.             $mime $file->getClientMimeType() ?: $file->getMimeType();
  133.             $size = (int) $file->getSize();
  135.             if (!in_array($mimeself::ALLOWED_MIMEtrue)) {
  136.                 return new JsonResponse(['status' => 'error''message' => sprintf('Tipo no permitido: %s'$mime)], 400);
  137.             }
  138.             if ($size self::MAX_SIZE_BYTES) {
  139.                 return new JsonResponse(['status' => 'error''message' => 'El archivo excede el tamaño máximo permitido (15 MB).'], 400);
  140.             }
  142.             // Nombre cliente (first + last) seguro para filename
  143.             $first $carSale->getClient()?->getFirstName() ?? '';
  144.             $last  $carSale->getClient()?->getLastName() ?? '';
  145.             $clientName trim($first.' '.$last) ?: 'SIN_CLIENTE';
  147.             [$publicPath$absolutePath$finalFileName] = $this->resolveTargetPaths(
  148.                 $carSale->getId(),
  149.                 $type,
  150.                 $file,
  151.                 $clientName
  152.             );
  154.             $fs = new Filesystem();
  155.             $fs->mkdir(\dirname($absolutePath));
  156.             $file->move(\dirname($absolutePath), $finalFileName);
  158.             $sha256 = @hash_file('sha256'$absolutePath) ?: null;
  160.             // Versionado y archivado de activos previos del mismo tipo
  161.             $version 1;
  162.             if ($enforceSingleActive) {
  163.                 $currentActives $em->getRepository(CarSaleDocument::class)->findBy([
  164.                     'carSale' => $carSale,
  165.                     'type'    => $type,
  166.                     'status'  => 'ACTIVE',
  167.                 ]);
  168.                 foreach ($currentActives as $active) {
  169.                     $active->setStatus('ARCHIVED');
  170.                     $em->persist($active);
  171.                     $version max($version$active->getVersion() + 1);
  172.                 }
  173.             } else {
  174.                 $allOfType $em->getRepository(CarSaleDocument::class)->findBy([
  175.                     'carSale' => $carSale,
  176.                     'type'    => $type,
  177.                 ]);
  178.                 foreach ($allOfType as $docOfType) {
  179.                     $version max($version$docOfType->getVersion() + 1);
  180.                 }
  181.             }
  183.             $doc = new CarSaleDocument();
  184.             $doc->setCarSale($carSale);
  185.             $doc->setType($type);
  186.             $doc->setFileName($finalFileName);
  187.             $doc->setFilePath($publicPath);                 // ej: /uploads/car_sale_docs/123/CONTRATO-Juan_Perez-123.pdf
  188.             $doc->setMimeType($mime ?? 'application/pdf');
  189.             $doc->setSizeBytes($size);
  190.             $doc->setSha256($sha256);
  191.             $doc->setStatus('ACTIVE');
  192.             $doc->setVersion($version);
  194.             $em->persist($doc);
  195.             $savedCount++;
  196.         }
  198.         $em->flush();
  200.         if ($savedCount 0) {
  201.             return new JsonResponse(['status' => 'success''message' => sprintf('Se subieron %d archivo(s) correctamente.'$savedCount)]);
  202.         }
  204.         return new JsonResponse(['status' => 'warning''message' => 'No se pudo subir ningún archivo.'], 400);
  205.     }
  207.     /** Normaliza el tipo a MAYUSCULAS_SIN_ESPACIOS */
  208.     private function sanitizeType(string $type): string
  209.     {
  210.         $type \trim($type);
  211.         $type \preg_replace('/\s+/''_'$type);
  212.         $type \preg_replace('/[^A-Za-z0-9_\-]/'''$type);
  213.         return \strtoupper($type);
  214.     }
  216.     /**
  217.      * Genera rutas destino y nombre final:
  218.      *  file: {TYPE}-{CLIENTE}-{SALEID}.pdf
  219.      *  path pub:  /uploads/car_sale_docs/{SALEID}/{file}
  220.      *  path abs:  {project}/public/uploads/car_sale_docs/{SALEID}/{file}
  221.      *
  222.      * @return array{0:string,1:string,2:string} [publicPath, absolutePath, finalFileName]
  223.      */
  224.     private function resolveTargetPaths(int $saleIdstring $typeUploadedFile $file, ?string $clientName): array
  225.     {
  226.         $safeClient \preg_replace('/[^A-Za-z0-9_\-]/''_'$clientName ?: 'SIN_CLIENTE');
  227.         $safeType   \preg_replace('/[^A-Za-z0-9_\-]/''_'$type);
  228.         $finalFileName sprintf('%s-%s-%d.pdf'$safeType$safeClient$saleId);
  230.         $basePublicDir '/uploads/car_sale_docs/'.$saleId.'/';
  231.         $baseAbsolute  $this->getParameter('kernel.project_dir') . '/public' $basePublicDir;
  233.         return [$basePublicDir $finalFileName$baseAbsolute $finalFileName$finalFileName];
  234.     }
  236.     // ============ DESCARGAR ============
  237.     #[Route('/car-sale-documents/{id}/download'name'car_sale_documents_download'methods: ['GET'])]
  238.     public function download(CarSaleDocument $document): Response
  239.     {
  240.         $absolute $this->toAbsolutePath($document->getFilePath());
  241.         if (!is_file($absolute)) {
  242.             $this->addFlash('danger''Archivo no encontrado en disco.');
  243.             return $this->redirectToRoute('car_sale_documents_index', ['id' => $document->getCarSale()->getId()]);
  244.         }
  246.         $response = new BinaryFileResponse($absolute);
  247.         $response->headers->set('Content-Type'$document->getMimeType() ?? 'application/pdf');
  248.         $disposition $response->headers->makeDisposition(
  249.             ResponseHeaderBag::DISPOSITION_INLINE,
  250.             $document->getFileName()
  251.         );
  252.         $response->headers->set('Content-Disposition'$disposition);
  253.         return $response;
  254.     }
  256.     // ============ ACTIVAR UNA VERSIÓN ============
  257.     #[Route('/car-sale-documents/{id}/activate'name'car_sale_documents_activate'methods: ['POST'])]
  258.     public function activateVersion(Request $requestCarSaleDocument $document): Response
  259.     {
  260.         if (!$this->isCsrfTokenValid('activate_doc_'.$document->getId(), (string)$request->request->get('_token'))) {
  261.             $this->addFlash('danger''Token inválido.');
  262.             return $this->redirectToRoute('car_sale_documents_index', ['id' => $document->getCarSale()->getId()]);
  263.         }
  265.         $sale $document->getCarSale();
  266.         $type $document->getType();
  268.         $repo $this->em->getRepository(CarSaleDocument::class);
  269.         $all  $repo->findBy(['carSale' => $sale'type' => $type]);
  271.         $maxVersion 0;
  272.         foreach ($all as $d) {
  273.             $d->setStatus('ARCHIVED');
  274.             $this->em->persist($d);
  275.             $maxVersion max($maxVersion$d->getVersion());
  276.         }
  278.         $document->setStatus('ACTIVE');
  279.         if ($document->getVersion() < $maxVersion) {
  280.             $document->setVersion($maxVersion 1);
  281.         }
  283.         $this->em->persist($document);
  284.         $this->em->flush();
  286.         $this->addFlash('success'sprintf('Se activó la versión del documento #%d.'$document->getId()));
  287.         return $this->redirectToRoute('car_sale_documents_index', ['id' => $sale->getId()]);
  288.     }
  290.     // ============ ELIMINAR ============
  291.     #[Route('/car-sale-documents/{id}'name'car_sale_documents_delete'methods: ['POST','DELETE'])]
  292.     public function delete(Request $requestCarSaleDocument $documentEntityManagerInterface $em): Response
  293.     {
  294.         if (!$this->canManageDocuments()) {
  295.             $message = ['status' => 'error''message' => 'No tiene permisos para eliminar documentos.'];
  296.             return $request->isXmlHttpRequest()
  297.                 ? $this->json($message403)
  298.                 : $this->redirectToRoute('car_sale_documents_index', ['id' => $document->getCarSale()->getId()]);
  299.         }
  301.         $isAjax $request->isXmlHttpRequest() || str_contains((string)$request->headers->get('accept'), 'application/json');
  302.         $token  = (string)($request->request->get('_token') ?? $request->headers->get('X-CSRF-TOKEN'''));
  304.         if (!$this->isCsrfTokenValid('delete_document_'.$document->getId(), $token)) {
  305.             return $isAjax
  306.                 $this->json(['status' => 'error''message' => 'Token inválido.'], 400)
  307.                 : $this->redirectToRoute('car_sale_documents_index', ['id' => $document->getCarSale()->getId()]);
  308.         }
  310.         $abs $this->getParameter('kernel.project_dir').'/public/'.ltrim($document->getFilePath(), '/');
  311.         if (is_file($abs)) @unlink($abs);
  313.         $em->remove($document);
  314.         $em->flush();
  316.         return $isAjax
  317.             $this->json(['status' => 'success''message' => 'Documento eliminado.'])
  318.             : $this->redirectToRoute('car_sale_documents_index', ['id' => $document->getCarSale()->getId()]);
  319.     }
  321.     private function canManageDocuments(): bool
  322.     {
  323.         return $this->isGranted('ROLE_ADMIN') || $this->isGranted('ROLE_AGENCY');
  324.     }
  327.     private function toAbsolutePath(string $publicPath): string
  328.     {
  329.         $projectDir $this->getParameter('kernel.project_dir');
  330.         return rtrim($projectDir'/') . '/public' $publicPath;
  331.     }
  332. }