Update: 2026-05-03 21:58:11

2026-05-03 21:58:11 +03:00
parent e1d4917369
commit 089a2b76c0
10 changed files with 668 additions and 9 deletions
--- a/app/modules_app/companies/index.php
+++ b/app/modules_app/companies/index.php
@@ -0,0 +1,46 @@
+<?php
+/**
+ * List Companies Endpoint (Synchronized Schema)
+ */
+
+use App\Core\Database;
+use App\Core\Encryption;
+use App\Middleware\AuthMiddleware;
+
+$decoded = AuthMiddleware::check();
+$db = Database::getInstance();
+
+// 1. Super Admin sees ALL companies
+if ($decoded['role'] === 'super_admin') {
+    $stmt = $db->query("SELECT * FROM companies WHERE deleted_at IS NULL");
+} else {
+    // 2. Others see only linked companies
+    $stmt = $db->prepare("
+        SELECT c.* FROM companies c
+        JOIN user_companies uc ON c.id = uc.company_id
+        WHERE uc.user_id = ? AND c.deleted_at IS NULL
+    ");
+    $stmt->execute([$decoded['user_id']]);
+}
+
+$companies = $stmt->fetchAll();
+
+// 3. Decrypt fields
+foreach ($companies as &$company) {
+    // Decrypt Name
+    $decryptedName = Encryption::decrypt($company['name']);
+    $company['name'] = $decryptedName !== false ? $decryptedName : $company['name'];
+
+    // Decrypt Name EN
+    if (!empty($company['name_en'])) {
+        $decryptedNameEn = Encryption::decrypt($company['name_en']);
+        $company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en'];
+    }
+
+    // Redact JoFotara secrets if returned to UI (or just don't return them)
+    unset($company['jofotara_client_id_encrypted']);
+    unset($company['jofotara_secret_key_encrypted']);
+    unset($company['certificate_password_encrypted']);
+}
+
+json_success($companies);