Update: 2026-05-04 01:52:13

app/modules_app/companies/delete.php

@@ -0,0 +1,39 @@
+<?php
+/**
+ * Delete Company Endpoint (Soft Delete)
+ */
+
+use App\Core\Database;
+use App\Middleware\AuthMiddleware;
+
+$decoded = AuthMiddleware::check();
+$db = Database::getInstance();
+
+$companyId = input('id');
+if (!$companyId) {
+    json_error('Company ID is required', 422);
+}
+
+// Authorization
+if ($decoded['role'] !== 'super_admin' && $decoded['role'] !== 'admin') {
+    json_error('Unauthorized', 403);
+}
+
+// Fetch company to check tenant if admin
+$stmt = $db->prepare("SELECT tenant_id FROM companies WHERE id = ?");
+$stmt->execute([$companyId]);
+$company = $stmt->fetch();
+
+if (!$company) {
+    json_error('الشركة غير موجودة', 404);
+}
+
+if ($decoded['role'] === 'admin' && $company['tenant_id'] !== $decoded['tenant_id']) {
+    json_error('ليس لديك صلاحية لحذف هذه الشركة', 403);
+}
+
+// Soft Delete
+$stmt = $db->prepare("UPDATE companies SET deleted_at = NOW() WHERE id = ?");
+$stmt->execute([$companyId]);
+
+json_success(null, 'تم حذف الشركة بنجاح');

app/modules_app/invoices/upload.php

@@ -14,6 +14,13 @@ $allowedRoles = ['admin', 'accountant', 'employee'];
 if (!in_array($decoded['role'], $allowedRoles)) {
     json_error('Unauthorized to upload invoices', 403);
 }
+// 2. Validate Request
+$data = input();
+$companyId = $data['company_id'] ?? null;
+
+if (!$companyId || !isset($_FILES['invoice'])) {
+    json_error('Company ID and invoice file are required', 422);
+}
 
 // 3. Permission Check
 $tenantId = $decoded['tenant_id'];