Update: 2026-05-06 17:10:14

app/modules_app/users/create.php

@@ -6,13 +6,12 @@
 use App\Core\Database;
 use App\Core\Encryption;
 use App\Core\Validator;
+use App\Core\AuditLogger;
 use App\Middleware\AuthMiddleware;
+use App\Middleware\RoleMiddleware;
 
-// 1. Auth Check (Only super_admin or admin can create users)
-$decoded = AuthMiddleware::check();
-if ($decoded['role'] !== 'super_admin' && $decoded['role'] !== 'admin') {
-    json_error('Unauthorized', 403);
-}
+// 1. Auth + Role Check (Only super_admin or admin can create users)
+$decoded = RoleMiddleware::require(['super_admin', 'admin']);
 
 $data = input();
 
@@ -76,6 +75,12 @@ try {
     ]);
 
     json_success(null, 'تم إضافة المستخدم بنجاح');
+
+    AuditLogger::log('user.created', 'user', null, null, [
+        'name'  => $data['name'],
+        'email' => $data['email'],
+        'role'  => $data['role'],
+    ], $decoded);
 } catch (\Exception $e) {
     if (str_contains($e->getMessage(), 'Duplicate entry')) {
         json_error('البريد الإلكتروني مسجل مسبقاً', 409);

app/modules_app/users/delete.php

@@ -4,10 +4,12 @@
  */
 
 use App\Core\Database;
+use App\Core\AuditLogger;
 use App\Middleware\AuthMiddleware;
+use App\Middleware\RoleMiddleware;
 
-// 1. Auth Check
-$decoded = AuthMiddleware::check();
+// 1. Auth + Role Check
+$decoded = RoleMiddleware::require(['super_admin', 'admin']);
 $db = Database::getInstance();
 
 $currentUserId = $decoded['user_id'];
@@ -52,4 +54,8 @@ if ($currentUserRole === 'super_admin') {
 $stmt = $db->prepare("UPDATE users SET deleted_at = NOW(), is_active = 0 WHERE id = ?");
 $stmt->execute([$targetUserId]);
 
+AuditLogger::log('user.deleted', 'user', $targetUserId, [
+    'role' => $targetUser['role'],
+], null, $decoded);
+
 json_success(null, 'تم حذف المستخدم بنجاح');