🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 14:50

app/Modules/Invoices/Actions/DownloadInvoiceFileAction.php

@@ -0,0 +1,30 @@
+<?php
+declare(strict_types=1);
+namespace App\Modules\Invoices\Actions;
+
+use App\Core\Database;
+use Exception;
+
+final class DownloadInvoiceFileAction {
+    public function execute(string $invoiceId, string $tenantId, $user): array {
+        $db = Database::getInstance();
+        $stmt = $db->prepare("SELECT original_file_path, company_id FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1");
+        $stmt->execute([$invoiceId, $tenantId]);
+        $invoice = $stmt->fetch();
+
+        if (!$invoice || !file_exists($invoice['original_file_path'])) {
+            throw new Exception('الملف غير موجود', 404);
+        }
+
+        $role = $user->role ?? 'viewer';
+        if ($role !== 'super_admin' && $invoice['company_id'] !== ($user->assigned_company_id ?? null)) {
+            throw new Exception('غير مصرح لك بمشاهدة هذا الملف', 403);
+        }
+
+        return [
+            'path' => $invoice['original_file_path'],
+            'mime' => mime_content_type($invoice['original_file_path']),
+            'name' => basename($invoice['original_file_path'])
+        ];
+    }
+}