🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 14:27

2026-05-03 14:27:28 +03:00
parent cb69abe221
commit 31bb1bf565
15 changed files with 6142 additions and 172 deletions
--- a/app/Modules/Invoices/InvoiceController.php
+++ b/app/Modules/Invoices/InvoiceController.php
@@ -24,7 +24,8 @@ final class InvoiceController
        $role = $request->user->role ?? 'viewer';
        $assignedCompanyId = $request->user->assigned_company_id ?? null;

-        if ($role === 'super_admin') {
+        $db = \App\Core\Database::getInstance();
+        if ($role === 'super_admin' || $role === 'admin') {
            $stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? AND i.deleted_at IS NULL ORDER BY i.created_at DESC");
            $stmt->execute([$tenantId]);
            $invoices = $stmt->fetchAll();
@@ -90,10 +91,10 @@ final class InvoiceController
        }
    }

-    public function detail(Request $request, array $vars): void
+    public function detail(Request $request, string $id): void
    {
        $tenantId = $request->tenantId;
-        $invoiceId = $vars['id'] ?? null;
+        $invoiceId = $id;
        
        $db = \App\Core\Database::getInstance();
        $stmt = $db->prepare("SELECT * FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1");
@@ -123,10 +124,10 @@ final class InvoiceController
        ]);
    }

-    public function submit(Request $request, array $vars): void
+    public function submit(Request $request, string $id): void
    {
        $tenantId = $request->tenantId;
-        $invoiceId = $vars['id'];
+        $invoiceId = $id;

        // Push to Queue for JoFotara Submission
        \App\Services\QueueService::push('submit_jofotara', [
@@ -137,5 +138,32 @@ final class InvoiceController
            'success' => true,
            'message' => 'Invoice submission queued.'
        ]);
+    public function downloadFile(Request $request, string $id): void
+    {
+        $tenantId = $request->tenantId;
+        $db = \App\Core\Database::getInstance();
+        $stmt = $db->prepare("SELECT original_file_path, company_id FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1");
+        $stmt->execute([$id, $tenantId]);
+        $invoice = $stmt->fetch();
+
+        if (!$invoice || !file_exists($invoice['original_file_path'])) {
+            Response::error('الملف غير موجود', 'NOT_FOUND', 404);
+            return;
+        }
+
+        $role = $request->user->role ?? 'viewer';
+        if ($role !== 'super_admin' && $invoice['company_id'] !== $request->user->assigned_company_id) {
+            Response::error('غير مصرح لك بمشاهدة هذا الملف', 'FORBIDDEN', 403);
+            return;
+        }
+
+        $path = $invoice['original_file_path'];
+        $mime = mime_content_type($path);
+        
+        header("Content-Type: $mime");
+        header("Content-Disposition: inline; filename=\"" . basename($path) . "\"");
+        header("Content-Length: " . filesize($path));
+        readfile($path);
+        exit;
    }
 }