feat(procurement): 統一採購單按鈕樣式與術語更名為「作廢」，並加強權限控管

app/Modules/Procurement/Controllers/PurchaseOrderController.php

@@ -447,11 +447,17 @@ class PurchaseOrderController extends Controller
             $taxAmount = !is_null($inputTax) ? $inputTax : round($totalAmount * 0.05, 2);
             $grandTotal = $totalAmount + $taxAmount;
 
+            // 狀態轉移權限檢查
+            if (isset($validated['status']) && $order->status !== $validated['status']) {
+                if (!$order->canTransitionTo($validated['status'])) {
+                    return back()->withErrors(['error' => '您沒有權限將狀態從 ' . $order->status . ' 變更為 ' . $validated['status']]);
+                }
+            }
             // 1. 填充屬性但暫不儲存以捕捉變更
             $order->fill([
                 'vendor_id' => $validated['vendor_id'],
                 'warehouse_id' => $validated['warehouse_id'],
-                'order_date' => $validated['order_date'], // 新增
+                'order_date' => $validated['order_date'],
                 'expected_delivery_date' => $validated['expected_delivery_date'],
                 'total_amount' => $totalAmount,
                 'tax_amount' => $taxAmount,
@@ -460,11 +466,22 @@ class PurchaseOrderController extends Controller
                 'status' => $validated['status'],
                 'invoice_number' => $validated['invoice_number'] ?? null,
                 'invoice_date' => $validated['invoice_date'] ?? null,
-                'invoice_amount' => $validated['invoice_amount'] ?? null,
+                'invoice_amount' => (float) ($validated['invoice_amount'] ?? 0),
             ]);
 
-            // 捕捉變更屬性以進行手動記錄
+            // 捕捉變更屬性
             $dirty = $order->getDirty();
+
+            // 嚴格權限檢查：如果修改了 status 以外的任何欄位，必須具備編輯權限
+            $otherChanges = array_diff(array_keys($dirty), ['status']);
+            if (!empty($otherChanges)) {
+                $canEdit = auth()->user()->hasRole('super-admin') || auth()->user()->can('purchase_orders.edit');
+                if (!$canEdit) {
+                    throw new \Exception('您沒有權限修改採購單的基本內容，僅能執行流程異動（如：送審）。');
+                }
+            }
+
+            // 捕捉舊屬性以進行記錄
             $oldAttributes = [];
             $newAttributes = [];
 
@@ -657,7 +674,7 @@ class PurchaseOrderController extends Controller
             
             DB::commit();
             
-            return redirect()->route('purchase-orders.index')->with('success', '採購單已刪除');
+            return redirect()->route('purchase-orders.index')->with('success', '採購單已作廢');
         } catch (\Exception $e) {
             DB::rollBack();
             return back()->withErrors(['error' => '刪除失敗：' . $e->getMessage()]);