feat: P4 backend kvalita - SELECT * fix, overdue konsolidace, Validator

- SELECT * nahrazen explicitnimi sloupci ve 22 PHP souborech (69+ vyskytu) - users-handlers.php: password_hash explicitne vyloucen z dotazu - Overdue detekce presunuta do invoices.php routeru (1x pred dispatch misto 3x v handlerech) - Validator.php: validacni helper s pravidly required, string, int, email, in, numeric - PaginationHelper: PHPStan typy opraveny Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 18:42:42 +01:00
parent df506dfea4
commit 758be819c3
25 changed files with 513 additions and 102 deletions
--- a/api/admin/handlers/attendance-handlers.php
+++ b/api/admin/handlers/attendance-handlers.php
@@ -7,7 +7,11 @@ function handleGetCurrent(PDO $pdo, int $userId): void
    $today = date('Y-m-d');

    $stmt = $pdo->prepare("
-        SELECT * FROM attendance
+        SELECT id, user_id, shift_date, arrival_time, arrival_lat, arrival_lng,
+               arrival_accuracy, arrival_address, break_start, break_end,
+               departure_time, departure_lat, departure_lng, departure_accuracy,
+               departure_address, notes, project_id, leave_type, leave_hours, created_at
+        FROM attendance
        WHERE user_id = ? AND departure_time IS NULL AND (leave_type IS NULL OR leave_type = 'work')
        ORDER BY created_at DESC LIMIT 1
    ");
@@ -17,7 +21,10 @@ function handleGetCurrent(PDO $pdo, int $userId): void
    $projectLogs = [];
    $activeProjectId = null;
    if ($ongoingShift) {
-        $stmt = $pdo->prepare('SELECT * FROM attendance_project_logs WHERE attendance_id = ? ORDER BY started_at ASC');
+        $stmt = $pdo->prepare(
+            'SELECT id, attendance_id, project_id, started_at, ended_at, hours, minutes
+            FROM attendance_project_logs WHERE attendance_id = ? ORDER BY started_at ASC'
+        );
        $stmt->execute([$ongoingShift['id']]);
        $projectLogs = $stmt->fetchAll();
        foreach ($projectLogs as $log) {
@@ -29,7 +36,11 @@ function handleGetCurrent(PDO $pdo, int $userId): void
    }

    $stmt = $pdo->prepare("
-        SELECT * FROM attendance
+        SELECT id, user_id, shift_date, arrival_time, arrival_lat, arrival_lng,
+               arrival_accuracy, arrival_address, break_start, break_end,
+               departure_time, departure_lat, departure_lng, departure_accuracy,
+               departure_address, notes, project_id, leave_type, leave_hours, created_at
+        FROM attendance
        WHERE user_id = ? AND shift_date = ?
            AND departure_time IS NOT NULL
            AND (leave_type IS NULL OR leave_type = 'work')
@@ -43,7 +54,8 @@ function handleGetCurrent(PDO $pdo, int $userId): void
    if (!empty($completedShiftIds)) {
        $placeholders = implode(',', array_fill(0, count($completedShiftIds), '?'));
        $stmt = $pdo->prepare(
-            "SELECT * FROM attendance_project_logs
+            "SELECT id, attendance_id, project_id, started_at, ended_at, hours, minutes
+            FROM attendance_project_logs
            WHERE attendance_id IN ($placeholders)
            ORDER BY started_at ASC"
        );
@@ -65,7 +77,9 @@ function handleGetCurrent(PDO $pdo, int $userId): void
    $endDate = date('Y-m-t');

    $stmt = $pdo->prepare('
-        SELECT * FROM attendance
+        SELECT id, user_id, shift_date, arrival_time, break_start, break_end,
+               departure_time, notes, project_id, leave_type, leave_hours
+        FROM attendance
        WHERE user_id = ? AND shift_date BETWEEN ? AND ?
    ');
    $stmt->execute([$userId, $startDate, $endDate]);
@@ -167,7 +181,10 @@ function handleGetHistory(PDO $pdo, int $userId): void
    $endDate = date('Y-m-t', strtotime($startDate));

    $stmt = $pdo->prepare('
-        SELECT * FROM attendance
+        SELECT id, user_id, shift_date, arrival_time, arrival_address,
+               break_start, break_end, departure_time, departure_address,
+               notes, project_id, leave_type, leave_hours, created_at
+        FROM attendance
        WHERE user_id = ? AND shift_date BETWEEN ? AND ?
        ORDER BY shift_date DESC
    ');
@@ -245,7 +262,9 @@ function handlePunch(PDO $pdo, int $userId): void
    $address = !empty($input['address']) ? $input['address'] : null;

    $stmt = $pdo->prepare("
-        SELECT * FROM attendance
+        SELECT id, user_id, shift_date, arrival_time, break_start, break_end,
+               departure_time, notes, project_id, leave_type, created_at
+        FROM attendance
        WHERE user_id = ? AND departure_time IS NULL AND (leave_type IS NULL OR leave_type = 'work')
        ORDER BY created_at DESC LIMIT 1
    ");
@@ -529,7 +548,10 @@ function handleGetProjectLogs(PDO $pdo, int $currentUserId, array $authData): vo
        }
    }

-    $stmt = $pdo->prepare('SELECT * FROM attendance_project_logs WHERE attendance_id = ? ORDER BY started_at ASC');
+    $stmt = $pdo->prepare(
+        'SELECT id, attendance_id, project_id, started_at, ended_at, hours, minutes
+        FROM attendance_project_logs WHERE attendance_id = ? ORDER BY started_at ASC'
+    );
    $stmt->execute([$attendanceId]);
    $logs = $stmt->fetchAll();

@@ -556,7 +578,7 @@ function handleSaveProjectLogs(PDO $pdo): void
        errorResponse('attendance_id je povinné');
    }

-    $stmt = $pdo->prepare('SELECT * FROM attendance WHERE id = ?');
+    $stmt = $pdo->prepare('SELECT id FROM attendance WHERE id = ?');
    $stmt->execute([$attendanceId]);
    $record = $stmt->fetch();
    if (!$record) {