feat(payments): accounts payment queue with two-step payment and product price auto-update

Step 1 (process): MGR_APPROVED → SENT_FOR_PAYMENT, notifies submitter and managers. Step 2 (mark paid): SENT_FOR_PAYMENT → PAID_DELIVERED, stores paymentRef. On mark paid: auto-updates Product.lastPrice and lastVendorId for any line items linked to a product code; logs PRODUCT_PRICE_UPDATED action.
2026-05-06 00:15:14 +05:30 · 2026-05-06 00:15:14 +05:30 · 207c16e0e5
commit 207c16e0e5
parent a685e093ac
3 changed files with 281 additions and 0 deletions
--- a/App/pelagia-portal/app/(portal)/payments/actions.ts
+++ b/App/pelagia-portal/app/(portal)/payments/actions.ts
@ -0,0 +1,118 @@
+"use server";
+
+import { auth } from "@/auth";
+import { db } from "@/lib/db";
+import { canPerformAction } from "@/lib/po-state-machine";
+import { processPaymentSchema } from "@/lib/validations/po";
+import { notify } from "@/lib/notifier";
+import { revalidatePath } from "next/cache";
+
+type ActionResult = { ok: true } | { error: string };
+
+// Step 1: Accounts picks up the PO — MGR_APPROVED → SENT_FOR_PAYMENT
+export async function processPayment({
+  poId,
+}: {
+  poId: string;
+}): Promise<ActionResult> {
+  const session = await auth();
+  if (!session?.user) return { error: "Unauthorized" };
+
+  const po = await db.purchaseOrder.findUnique({
+    where: { id: poId },
+    include: { submitter: true },
+  });
+  if (!po) return { error: "PO not found" };
+  if (!canPerformAction(po.status, "process_payment", session.user.role)) {
+    return { error: "You cannot process payment for this PO." };
+  }
+
+  await db.purchaseOrder.update({
+    where: { id: poId },
+    data: { status: "SENT_FOR_PAYMENT" },
+  });
+
+  const [managers, accounts] = await Promise.all([
+    db.user.findMany({ where: { role: "MANAGER", isActive: true } }),
+    db.user.findMany({ where: { role: "ACCOUNTS", isActive: true } }),
+  ]);
+  await notify({ event: "PAYMENT_PROCESSING", po, recipients: [...managers, ...accounts] });
+
+  revalidatePath("/payments");
+  revalidatePath(`/po/${poId}`);
+  return { ok: true };
+}
+
+// Step 2: Accounts confirms payment sent — SENT_FOR_PAYMENT → PAID_DELIVERED
+export async function markPaid({
+  poId,
+  paymentRef,
+}: {
+  poId: string;
+  paymentRef: string;
+}): Promise<ActionResult> {
+  const session = await auth();
+  if (!session?.user) return { error: "Unauthorized" };
+
+  const parsed = processPaymentSchema.safeParse({ paymentRef });
+  if (!parsed.success) return { error: "Payment reference is required." };
+
+  const po = await db.purchaseOrder.findUnique({
+    where: { id: poId },
+    include: {
+      submitter: true,
+      lineItems: true,
+    },
+  });
+  if (!po) return { error: "PO not found" };
+  if (!canPerformAction(po.status, "mark_paid", session.user.role)) {
+    return { error: "You cannot confirm payment for this PO." };
+  }
+
+  await db.purchaseOrder.update({
+    where: { id: poId },
+    data: {
+      status: "PAID_DELIVERED",
+      paidAt: new Date(),
+      paymentRef: parsed.data.paymentRef,
+      actions: {
+        create: {
+          actionType: "PAYMENT_SENT",
+          actorId: session.user.id,
+          metadata: { paymentRef: parsed.data.paymentRef },
+        },
+      },
+    },
+  });
+
+  // Auto-update product catalogue: set lastPrice + lastVendorId for each linked product
+  const linkedItems = po.lineItems.filter((li) => li.productId !== null);
+  if (linkedItems.length > 0) {
+    await Promise.all(
+      linkedItems.map((li) =>
+        db.product.update({
+          where: { id: li.productId! },
+          data: {
+            lastPrice: li.unitPrice,
+            lastVendorId: po.vendorId ?? undefined,
+          },
+        })
+      )
+    );
+    await db.pOAction.create({
+      data: {
+        actionType: "PRODUCT_PRICE_UPDATED",
+        actorId: session.user.id,
+        poId,
+        metadata: { updatedProductIds: linkedItems.map((li) => li.productId) },
+      },
+    });
+  }
+
+  const managers = await db.user.findMany({ where: { role: "MANAGER", isActive: true } });
+  await notify({ event: "PAYMENT_SENT", po, recipients: [po.submitter, ...managers] });
+
+  revalidatePath("/payments");
+  revalidatePath(`/po/${poId}`);
+  return { ok: true };
+}
--- a/App/pelagia-portal/app/(portal)/payments/page.tsx
+++ b/App/pelagia-portal/app/(portal)/payments/page.tsx
@ -0,0 +1,93 @@
+import { auth } from "@/auth";
+import { db } from "@/lib/db";
+import { hasPermission } from "@/lib/permissions";
+import { redirect } from "next/navigation";
+import Link from "next/link";
+import { formatCurrency, formatDate } from "@/lib/utils";
+import { PaymentActions } from "./payment-actions";
+import type { Metadata } from "next";
+
+export const metadata: Metadata = { title: "Payments" };
+
+export default async function PaymentsPage() {
+  const session = await auth();
+  if (!session?.user) redirect("/login");
+
+  if (!hasPermission(session.user.role, "process_payment")) redirect("/dashboard");
+
+  const queue = await db.purchaseOrder.findMany({
+    where: { status: { in: ["MGR_APPROVED", "SENT_FOR_PAYMENT"] } },
+    include: { submitter: true, vessel: true, account: true, vendor: true },
+    orderBy: { approvedAt: "asc" },
+  });
+
+  return (
+    <div>
+      <div className="mb-6">
+        <h1 className="text-2xl font-semibold text-neutral-900">Payment Queue</h1>
+        <p className="mt-1 text-sm text-neutral-500">
+          {queue.length} order{queue.length !== 1 ? "s" : ""} in the payment pipeline
+        </p>
+      </div>
+
+      {queue.length === 0 ? (
+        <div className="rounded-lg border border-neutral-200 bg-white p-12 text-center">
+          <p className="text-neutral-500">No orders in the payment queue.</p>
+        </div>
+      ) : (
+        <div className="space-y-4">
+          {queue.map((po) => (
+            <div key={po.id} className="rounded-lg border border-neutral-200 bg-white p-5">
+              <div className="flex items-start justify-between gap-4">
+                <div className="flex-1 min-w-0">
+                  <div className="flex items-center gap-2 mb-1">
+                    <span className="font-mono text-xs text-neutral-500">{po.poNumber}</span>
+                  </div>
+                  <h3 className="font-medium text-neutral-900 truncate">{po.title}</h3>
+                  <div className="mt-1 flex flex-wrap gap-3 text-sm text-neutral-500">
+                    <span>{po.vessel.name}</span>
+                    <span>·</span>
+                    <span>{po.submitter.name}</span>
+                    {po.vendor && (
+                      <>
+                        <span>·</span>
+                        <span>{po.vendor.name}</span>
+                      </>
+                    )}
+                    {po.approvedAt && (
+                      <>
+                        <span>·</span>
+                        <span>Approved {formatDate(po.approvedAt)}</span>
+                      </>
+                    )}
+                  </div>
+                </div>
+                <div className="text-right shrink-0">
+                  <div className="text-lg font-semibold text-neutral-900 font-mono">
+                    {formatCurrency(Number(po.totalAmount), po.currency)}
+                  </div>
+                  <Link
+                    href={`/po/${po.id}`}
+                    className="text-xs text-neutral-400 hover:text-primary-600"
+                  >
+                    View PO →
+                  </Link>
+                </div>
+              </div>
+              <div className="mt-4 border-t border-neutral-100 pt-4 flex items-center justify-between gap-4">
+                <span className={`text-xs font-medium rounded-full px-2.5 py-0.5 ${
+                  po.status === "SENT_FOR_PAYMENT"
+                    ? "bg-primary-50 text-primary-700"
+                    : "bg-warning-50 text-warning-700"
+                }`}>
+                  {po.status === "SENT_FOR_PAYMENT" ? "Processing — awaiting confirmation" : "Ready for payment"}
+                </span>
+                <PaymentActions poId={po.id} poStatus={po.status} />
+              </div>
+            </div>
+          ))}
+        </div>
+      )}
+    </div>
+  );
+}
--- a/App/pelagia-portal/app/(portal)/payments/payment-actions.tsx
+++ b/App/pelagia-portal/app/(portal)/payments/payment-actions.tsx
@ -0,0 +1,70 @@
+"use client";
+
+import { useState } from "react";
+import { useRouter } from "next/navigation";
+import { processPayment, markPaid } from "./actions";
+import type { POStatus } from "@prisma/client";
+
+export function PaymentActions({ poId, poStatus }: { poId: string; poStatus: POStatus }) {
+  const router = useRouter();
+  const [ref, setRef] = useState("");
+  const [pending, setPending] = useState(false);
+  const [error, setError] = useState("");
+
+  async function handleProcessPayment() {
+    setPending(true);
+    setError("");
+    const result = await processPayment({ poId });
+    if ("error" in result) { setError(result.error); setPending(false); }
+    else { router.refresh(); }
+  }
+
+  async function handleMarkPaid(e: React.FormEvent) {
+    e.preventDefault();
+    if (!ref.trim()) { setError("Payment reference is required."); return; }
+    setPending(true);
+    setError("");
+    const result = await markPaid({ poId, paymentRef: ref });
+    if ("error" in result) { setError(result.error); setPending(false); }
+    else { router.refresh(); }
+  }
+
+  if (poStatus === "MGR_APPROVED") {
+    return (
+      <div className="flex items-center gap-3">
+        {error && <span className="text-xs text-danger-700">{error}</span>}
+        <button
+          onClick={handleProcessPayment}
+          disabled={pending}
+          className="rounded-lg bg-primary-600 px-4 py-2 text-sm font-semibold text-white hover:bg-primary-700 disabled:opacity-60 transition-colors whitespace-nowrap"
+        >
+          {pending ? "Processing…" : "Start Payment Processing"}
+        </button>
+      </div>
+    );
+  }
+
+  if (poStatus === "SENT_FOR_PAYMENT") {
+    return (
+      <form onSubmit={handleMarkPaid} className="flex items-center gap-3">
+        <input
+          type="text"
+          placeholder="Payment reference / transaction ID"
+          value={ref}
+          onChange={(e) => setRef(e.target.value)}
+          className="flex-1 rounded-lg border border-neutral-300 px-3 py-2 text-sm focus:border-primary-500 focus:outline-none focus:ring-2 focus:ring-primary-500/20"
+        />
+        {error && <span className="text-xs text-danger-700">{error}</span>}
+        <button
+          type="submit"
+          disabled={pending}
+          className="rounded-lg bg-success px-4 py-2 text-sm font-semibold text-white hover:opacity-90 disabled:opacity-60 transition-opacity whitespace-nowrap"
+        >
+          {pending ? "Confirming…" : "Confirm Payment Sent"}
+        </button>
+      </form>
+    );
+  }
+
+  return null;
+}