Update: 2026-05-06 17:10:14

app/modules_app/users/create.php

@@ -6,13 +6,12 @@
 use App\Core\Database;
 use App\Core\Encryption;
 use App\Core\Validator;
+use App\Core\AuditLogger;
 use App\Middleware\AuthMiddleware;
+use App\Middleware\RoleMiddleware;
 
-// 1. Auth Check (Only super_admin or admin can create users)
-$decoded = AuthMiddleware::check();
-if ($decoded['role'] !== 'super_admin' && $decoded['role'] !== 'admin') {
-    json_error('Unauthorized', 403);
-}
+// 1. Auth + Role Check (Only super_admin or admin can create users)
+$decoded = RoleMiddleware::require(['super_admin', 'admin']);
 
 $data = input();
 
@@ -76,6 +75,12 @@ try {
     ]);
 
     json_success(null, 'تم إضافة المستخدم بنجاح');
+
+    AuditLogger::log('user.created', 'user', null, null, [
+        'name'  => $data['name'],
+        'email' => $data['email'],
+        'role'  => $data['role'],
+    ], $decoded);
 } catch (\Exception $e) {
     if (str_contains($e->getMessage(), 'Duplicate entry')) {
         json_error('البريد الإلكتروني مسجل مسبقاً', 409);