🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 02:51

2026-05-03 02:51:50 +03:00
parent 7b86fa717d
commit 392f6dbd9b
3 changed files with 65 additions and 7 deletions
--- a/app/Modules/Users/UsersController.php
+++ b/app/Modules/Users/UsersController.php
@@ -13,6 +13,12 @@ final class UsersController

    public function list(Request $request): void
    {
+        $currentUserRole = $request->user->role ?? 'viewer';
+        if (!in_array($currentUserRole, ['super_admin', 'admin'])) {
+            Response::error('ليس لديك صلاحية لعرض المستخدمين', 'FORBIDDEN', 403);
+            return;
+        }
+
        try {
            $tenantId = $request->tenantId;
            $db = Database::getInstance();
@@ -31,11 +37,30 @@ final class UsersController

    public function create(Request $request): void
    {
+        $currentUserRole = $request->user->role ?? 'viewer';
+        if (!in_array($currentUserRole, ['super_admin', 'admin'])) {
+            Response::error('ليس لديك صلاحية لإضافة مستخدمين', 'FORBIDDEN', 403);
+            return;
+        }
+
        $name = $request->input('name');
        $email = $request->input('email');
        $password = $request->input('password');
        $role = $request->input('role', 'accountant');

+        // Admin can only create accountants and employees. Only super_admin can create admins.
+        if ($currentUserRole === 'admin' && in_array($role, ['admin', 'super_admin'])) {
+            Response::error('لا تملك الصلاحية لإضافة مدراء', 'FORBIDDEN', 403);
+            return;
+        }
+
+        // Validate valid roles
+        $validRoles = ['super_admin', 'admin', 'accountant', 'employee', 'viewer'];
+        if (!in_array($role, $validRoles)) {
+            Response::error('صلاحية غير صالحة', 'VALIDATION_ERROR', 422);
+            return;
+        }
+
        if (!$name || !$email || !$password) {
            Response::error('Name, email, and password are required', 'VALIDATION_ERROR', 422);
            return;
--- a/app/Services/FileStorageService.php
+++ b/app/Services/FileStorageService.php
@@ -12,7 +12,8 @@ final class FileStorageService

    public function __construct()
    {
-        $this->storagePath = $_ENV['STORAGE_PATH'] ?? dirname(__DIR__, 2) . '/storage';
+        // Use dynamic path to avoid issues if Mac .env is deployed to Linux server
+        $this->storagePath = dirname(__DIR__, 2) . '/storage';
    }

    public function store(array $file, string $tenantId, string $companyId): string