Rentiva v4.40.0 — Vendor Management Phase A: React SPA

The Pending Applications and IBAN Requests admin tabs have been completely rewritten as a React SPA backed by a dedicated REST API — eliminating full-page PHP renders and introducing 7 new REST endpoints for programmatic access.

What's New

Vendor Management — React SPA Migration (Phase A)

This is the first phase of the full Vendor Management React migration. Phase A covers the two most complex tabs: application review and IBAN change management.

New REST Endpoints (7)

• GET /mhm-rentiva/v1/vendors/applications — paginated applications list with status/sort filters
• GET /mhm-rentiva/v1/vendors/applications/{id} — application detail with IBAN masking (raw encrypted value never exposed)
• POST /mhm-rentiva/v1/vendors/applications/{id}/approve — approve with role promotion
• POST /mhm-rentiva/v1/vendors/applications/{id}/reject — reject with mandatory reason + 24 h cooldown
• GET /mhm-rentiva/v1/vendors/iban-requests — paginated pending IBAN change requests
• POST /mhm-rentiva/v1/vendors/iban-requests/{vendor_id}/approve — swap active IBAN from pending
• POST /mhm-rentiva/v1/vendors/iban-requests/{vendor_id}/reject — discard pending IBAN, keep active

New React Components

• VendorManagementPage — root with tab navigation and flash notice system
• ApplicationTable — paginated list with approve/reject quick-actions
• ApplicationRow — row with status badge and inline action buttons
• ApplicationDetailPage — full detail view with ApproveForm + RejectForm
• IbanRequestsTab — pending IBAN change queue
• IbanRequestRow — masked IBAN comparison (current vs. requested) with approve/reject

Security

• IBAN data is never exposed in raw form — all REST responses return masked values (TR***5678)
• 24-hour cooldown enforced server-side on rejected applications

Tests

New: 14 PHPUnit integration tests across VendorManagementRESTApplicationsFazATest and VendorManagementRESTIbanFazATest. All passing. PHPCS: 0 errors.