Update: 2026-05-06 17:10:14

app/modules_app/dashboard/recent_activity.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * Dashboard Recent Activity Endpoint
+ */
+
+declare(strict_types=1);
+
+use App\Core\Database;
+use App\Middleware\AuthMiddleware;
+
+$decoded = AuthMiddleware::check();
+$db = Database::getInstance();
+
+$tenantId = $decoded['tenant_id'] ?? null;
+$role = $decoded['role'];
+
+try {
+    if ($role === 'super_admin') {
+        $where = "WHERE 1=1";
+        $params = [];
+    } else {
+        $where = "WHERE tenant_id = ?";
+        $params = [$tenantId];
+    }
+
+    // Join with users table to get the name of the person who did the action
+    $stmt = $db->prepare("
+        SELECT a.id, a.action, a.entity_type, a.created_at, u.name as user_name
+        FROM audit_logs a
+        LEFT JOIN users u ON a.user_id = u.id
+        $where
+        ORDER BY a.created_at DESC
+        LIMIT 20
+    ");
+    $stmt->execute($params);
+    $activities = $stmt->fetchAll();
+
+    json_success($activities);
+
+} catch (\Exception $e) {
+    json_error('Failed to fetch recent activity', 500);
+}

app/modules_app/dashboard/stats.php

@@ -15,38 +15,67 @@ $companyId = $decoded['company_id'] ?? null;
 $role = $decoded['role'];
 
 try {
-    // 2. Apply Filters based on Role
+    $stats = [
+        'role' => $role,
+        'invoices' => [
+            'total' => 0,
+            'pending' => 0,
+            'approved' => 0
+        ]
+    ];
+
+    // 2. Fetch Invoice Stats
     if ($role === 'super_admin') {
-        // No filters - see everything
         $where = "WHERE 1=1";
         $params = [];
+    } elseif ($role === 'accountant' || $role === 'viewer') {
+        $where = "WHERE tenant_id = ? AND company_id = ?";
+        $params = [$tenantId, $companyId];
     } else {
-        // Tenant Users (Admin, Accountant, Employee): Filter by Tenant
+        // admin
         $where = "WHERE tenant_id = ?";
         $params = [$tenantId];
     }
 
-    // 3. Fetch Stats
     $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where");
     $stmt->execute($params);
-    $total = $stmt->fetchColumn();
+    $stats['invoices']['total'] = (int)$stmt->fetchColumn();
 
     $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'extracted'");
     $stmt->execute($params);
-    $pending = $stmt->fetchColumn();
+    $stats['invoices']['pending'] = (int)$stmt->fetchColumn();
 
     $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'approved'");
     $stmt->execute($params);
-    $approved = $stmt->fetchColumn();
+    $stats['invoices']['approved'] = (int)$stmt->fetchColumn();
+
+    // 3. Role-Specific Extra Stats
+    if ($role === 'super_admin') {
+        $stats['tenants'] = (int)$db->query("SELECT COUNT(*) FROM tenants")->fetchColumn();
+        $stats['total_users'] = (int)$db->query("SELECT COUNT(*) FROM users")->fetchColumn();
+    } elseif ($role === 'admin') {
+        $stmt = $db->prepare("SELECT COUNT(*) FROM companies WHERE tenant_id = ?");
+        $stmt->execute([$tenantId]);
+        $stats['companies'] = (int)$stmt->fetchColumn();
+
+        $stmt = $db->prepare("SELECT COUNT(*) FROM users WHERE tenant_id = ?");
+        $stmt->execute([$tenantId]);
+        $stats['users'] = (int)$stmt->fetchColumn();
+
+        // Get Subscription Quota
+        $stmt = $db->prepare("SELECT max_invoices_per_month, invoices_used_this_month FROM subscriptions WHERE tenant_id = ?");
+        $stmt->execute([$tenantId]);
+        $sub = $stmt->fetch();
+        if ($sub) {
+            $stats['subscription'] = [
+                'limit' => (int)$sub['max_invoices_per_month'],
+                'used'  => (int)$sub['invoices_used_this_month']
+            ];
+        }
+    }
 
 } catch (\Exception $e) {
-    $total = 0;
-    $pending = 0;
-    $approved = 0;
+    // Return default zeroed stats on error
 }
 
-json_success([
-    'total' => $total,
-    'pending' => $pending,
-    'approved' => $approved
-]);
+json_success($stats);