🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 14:27
This commit is contained in:
Hamza-Ayed
@@ -4,56 +4,50 @@ declare(strict_types=1);
|
||||
|
||||
namespace App\Modules\ApiKeys;
|
||||
|
||||
use App\Core\{Request, Response};
|
||||
use App\Modules\ApiKeys\ApiKeyModel;
|
||||
use App\Core\{Request, Response, Database};
|
||||
use Ramsey\Uuid\Uuid;
|
||||
|
||||
final class ApiKeyController
|
||||
{
|
||||
public function __construct(private readonly ApiKeyModel $apiKeyModel) {}
|
||||
|
||||
public function list(Request $request): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$keys = $this->apiKeyModel->findAllByTenant($tenantId);
|
||||
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT id, name, public_key, created_at, last_used_at, is_active FROM api_keys WHERE tenant_id = ? ORDER BY created_at DESC");
|
||||
$stmt->execute([$tenantId]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $keys
|
||||
'data' => $stmt->fetchAll()
|
||||
]);
|
||||
}
|
||||
|
||||
public function create(Request $request): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$data = $request->getBody();
|
||||
$userId = $request->user->user_id;
|
||||
$name = $request->input('name');
|
||||
|
||||
if (empty($data['name'])) {
|
||||
Response::error('اسم المفتاح مطلوب', 'VALIDATION_ERROR', 422);
|
||||
if (!$name) {
|
||||
Response::error('يرجى إدخال اسم المفتاح', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
$id = \Ramsey\Uuid\Uuid::uuid4()->toString();
|
||||
// Generate a random key
|
||||
$rawKey = bin2hex(random_bytes(32));
|
||||
$prefix = substr($rawKey, 0, 8);
|
||||
$hashedKey = hash('sha256', $rawKey);
|
||||
$id = Uuid::uuid4()->toString();
|
||||
$publicKey = bin2hex(random_bytes(16));
|
||||
$secretKey = bin2hex(random_bytes(32));
|
||||
$secretHash = password_hash($secretKey, PASSWORD_BCRYPT);
|
||||
|
||||
$this->apiKeyModel->create([
|
||||
'id' => $id,
|
||||
'tenant_id' => $tenantId,
|
||||
'name' => $data['name'],
|
||||
'key_hash' => $hashedKey,
|
||||
'prefix' => $prefix,
|
||||
'is_active' => 1
|
||||
]);
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("INSERT INTO api_keys (id, tenant_id, user_id, name, public_key, secret_hash, is_active) VALUES (?, ?, ?, ?, ?, ?, 1)");
|
||||
$stmt->execute([$id, $tenantId, $userId, $name, $publicKey, $secretHash]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم إنشاء مفتاح API بنجاح',
|
||||
'message' => 'تم إنشاء مفتاح API بنجاح. يرجى حفظ السر لأنه لن يظهر مرة أخرى.',
|
||||
'data' => [
|
||||
'id' => $id,
|
||||
'name' => $data['name'],
|
||||
'key' => $rawKey // Only shown once!
|
||||
'key' => "msq_{$publicKey}.{$secretKey}"
|
||||
]
|
||||
], 201);
|
||||
}
|
||||
|
||||
@@ -18,7 +18,9 @@ final class DashboardController
|
||||
$where = "WHERE tenant_id = ?";
|
||||
$params = [$tenantId];
|
||||
|
||||
if ($role !== 'super_admin') {
|
||||
// Fix: Only accountants should be restricted to a single company if assigned.
|
||||
// Admins and Super Admins should see all companies in their tenant.
|
||||
if ($role === 'accountant' && $assignedCompanyId) {
|
||||
$where .= " AND company_id = ?";
|
||||
$params[] = $assignedCompanyId;
|
||||
}
|
||||
@@ -26,7 +28,7 @@ final class DashboardController
|
||||
// 1. Total Invoices this month
|
||||
$stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices {$where} AND MONTH(created_at) = MONTH(CURRENT_DATE)");
|
||||
$stmt->execute($params);
|
||||
$thisMonth = $stmt->fetch()['count'];
|
||||
$thisMonth = (int) $stmt->fetch()['count'];
|
||||
|
||||
// 2. Approved vs Rejected
|
||||
$stmt = $db->prepare("SELECT status, COUNT(*) as count FROM invoices {$where} GROUP BY status");
|
||||
@@ -34,17 +36,24 @@ final class DashboardController
|
||||
$statusCounts = $stmt->fetchAll();
|
||||
|
||||
// 3. Recent Activity - Fixed ambiguity
|
||||
$stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? " . ($role !== 'super_admin' ? " AND i.company_id = ?" : "") . " ORDER BY i.created_at DESC LIMIT 5");
|
||||
$stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? " . ($role === 'accountant' && $assignedCompanyId ? " AND i.company_id = ?" : "") . " ORDER BY i.created_at DESC LIMIT 5");
|
||||
$stmt->execute($params);
|
||||
$recent = $stmt->fetchAll();
|
||||
|
||||
// 4. Calculate Subscription Usage
|
||||
$stmt = $db->prepare("SELECT max_invoices_per_month FROM subscriptions WHERE tenant_id = ?");
|
||||
$stmt->execute([$tenantId]);
|
||||
$sub = $stmt->fetch();
|
||||
$maxInvoices = (int) ($sub['max_invoices_per_month'] ?? 100);
|
||||
$usage = $maxInvoices > 0 ? round(($thisMonth / $maxInvoices) * 100, 1) : 0;
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => [
|
||||
'total_this_month' => $thisMonth,
|
||||
'status_distribution' => $statusCounts,
|
||||
'recent_invoices' => $recent,
|
||||
'subscription_usage' => 45 // Placeholder
|
||||
'subscription_usage' => $usage
|
||||
]
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -24,7 +24,8 @@ final class InvoiceController
|
||||
$role = $request->user->role ?? 'viewer';
|
||||
$assignedCompanyId = $request->user->assigned_company_id ?? null;
|
||||
|
||||
if ($role === 'super_admin') {
|
||||
$db = \App\Core\Database::getInstance();
|
||||
if ($role === 'super_admin' || $role === 'admin') {
|
||||
$stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? AND i.deleted_at IS NULL ORDER BY i.created_at DESC");
|
||||
$stmt->execute([$tenantId]);
|
||||
$invoices = $stmt->fetchAll();
|
||||
@@ -90,10 +91,10 @@ final class InvoiceController
|
||||
}
|
||||
}
|
||||
|
||||
public function detail(Request $request, array $vars): void
|
||||
public function detail(Request $request, string $id): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$invoiceId = $vars['id'] ?? null;
|
||||
$invoiceId = $id;
|
||||
|
||||
$db = \App\Core\Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT * FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1");
|
||||
@@ -123,10 +124,10 @@ final class InvoiceController
|
||||
]);
|
||||
}
|
||||
|
||||
public function submit(Request $request, array $vars): void
|
||||
public function submit(Request $request, string $id): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$invoiceId = $vars['id'];
|
||||
$invoiceId = $id;
|
||||
|
||||
// Push to Queue for JoFotara Submission
|
||||
\App\Services\QueueService::push('submit_jofotara', [
|
||||
@@ -137,5 +138,32 @@ final class InvoiceController
|
||||
'success' => true,
|
||||
'message' => 'Invoice submission queued.'
|
||||
]);
|
||||
public function downloadFile(Request $request, string $id): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$db = \App\Core\Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT original_file_path, company_id FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1");
|
||||
$stmt->execute([$id, $tenantId]);
|
||||
$invoice = $stmt->fetch();
|
||||
|
||||
if (!$invoice || !file_exists($invoice['original_file_path'])) {
|
||||
Response::error('الملف غير موجود', 'NOT_FOUND', 404);
|
||||
return;
|
||||
}
|
||||
|
||||
$role = $request->user->role ?? 'viewer';
|
||||
if ($role !== 'super_admin' && $invoice['company_id'] !== $request->user->assigned_company_id) {
|
||||
Response::error('غير مصرح لك بمشاهدة هذا الملف', 'FORBIDDEN', 403);
|
||||
return;
|
||||
}
|
||||
|
||||
$path = $invoice['original_file_path'];
|
||||
$mime = mime_content_type($path);
|
||||
|
||||
header("Content-Type: $mime");
|
||||
header("Content-Disposition: inline; filename=\"" . basename($path) . "\"");
|
||||
header("Content-Length: " . filesize($path));
|
||||
readfile($path);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,12 +22,10 @@ final class UserController
|
||||
]);
|
||||
}
|
||||
|
||||
public function detail(Request $request, array $vars): void
|
||||
public function detail(Request $request, string $id): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$userId = $vars['id'];
|
||||
|
||||
$user = $this->userModel->findById($userId, $tenantId);
|
||||
$user = $this->userModel->findById($id, $tenantId);
|
||||
|
||||
if (!$user) {
|
||||
Response::error('المستخدم غير موجود', 'NOT_FOUND', 404);
|
||||
|
||||
@@ -1,104 +0,0 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Modules\Users;
|
||||
|
||||
use App\Core\{Request, Response, Database};
|
||||
use Throwable;
|
||||
|
||||
final class UsersController
|
||||
{
|
||||
public function __construct(private readonly UserModel $userModel) {}
|
||||
|
||||
public function list(Request $request): void
|
||||
{
|
||||
$currentUserRole = $request->user->role ?? 'viewer';
|
||||
if (!in_array($currentUserRole, ['super_admin', 'admin'])) {
|
||||
Response::error('ليس لديك صلاحية لعرض المستخدمين', 'FORBIDDEN', 403);
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
$tenantId = $request->tenantId;
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT id, name, email, role, is_active, created_at FROM users WHERE tenant_id = ? AND deleted_at IS NULL ORDER BY created_at DESC");
|
||||
$stmt->execute([$tenantId]);
|
||||
$users = $stmt->fetchAll();
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $users
|
||||
]);
|
||||
} catch (Throwable $e) {
|
||||
Response::error('Failed to load users: ' . $e->getMessage(), 'USERS_FETCH_ERROR', 500);
|
||||
}
|
||||
}
|
||||
|
||||
public function create(Request $request): void
|
||||
{
|
||||
$currentUserRole = $request->user->role ?? 'viewer';
|
||||
$currentAssignedCompanyId = $request->user->assigned_company_id ?? null;
|
||||
|
||||
if (!in_array($currentUserRole, ['super_admin', 'admin'])) {
|
||||
Response::error('ليس لديك صلاحية لإضافة مستخدمين', 'FORBIDDEN', 403);
|
||||
return;
|
||||
}
|
||||
|
||||
$name = $request->input('name');
|
||||
$email = $request->input('email');
|
||||
$password = $request->input('password');
|
||||
$role = $request->input('role', 'accountant');
|
||||
$assignedCompanyId = $request->input('assigned_company_id');
|
||||
|
||||
// Admin can only create accountants and employees. Only super_admin can create admins.
|
||||
if ($currentUserRole === 'admin') {
|
||||
if (in_array($role, ['admin', 'super_admin'])) {
|
||||
Response::error('لا تملك الصلاحية لإضافة مدراء', 'FORBIDDEN', 403);
|
||||
return;
|
||||
}
|
||||
// Admin automatically assigns their own company to the new user
|
||||
$assignedCompanyId = $currentAssignedCompanyId;
|
||||
}
|
||||
|
||||
// Validate valid roles
|
||||
$validRoles = ['super_admin', 'admin', 'accountant', 'employee', 'viewer'];
|
||||
if (!in_array($role, $validRoles)) {
|
||||
Response::error('صلاحية غير صالحة', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$name || !$email || !$password) {
|
||||
Response::error('الاسم والبريد وكلمة المرور مطلوبة', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
// Check if email exists
|
||||
if ($this->userModel->findByEmail($email)) {
|
||||
Response::error('البريد الإلكتروني مستخدم بالفعل', 'EMAIL_EXISTS', 409);
|
||||
return;
|
||||
}
|
||||
|
||||
$userId = \Ramsey\Uuid\Uuid::uuid4()->toString();
|
||||
$this->userModel->create([
|
||||
'id' => $userId,
|
||||
'tenant_id' => $request->tenantId,
|
||||
'name' => $name,
|
||||
'email' => $email,
|
||||
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
|
||||
'role' => $role,
|
||||
'assigned_company_id' => $assignedCompanyId,
|
||||
'is_active' => 1
|
||||
]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم إنشاء المستخدم بنجاح',
|
||||
'data' => ['id' => $userId]
|
||||
]);
|
||||
} catch (Throwable $e) {
|
||||
Response::error($e->getMessage(), 'USER_CREATE_ERROR', 500);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user