Update: 2026-05-15 14:28:07

app/modules_app/invoices/upload.php

@@ -48,14 +48,25 @@ try {
     }
 
     // 3. Permission Check
-    $stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
+    if ($decoded['role'] === 'super_admin') {
+        $stmt = $db->prepare("SELECT id, tenant_id FROM companies WHERE id = ? AND deleted_at IS NULL");
+        $stmt->execute([$companyId]);
+    } else {
+        $stmt = $db->prepare("SELECT id, tenant_id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
         $stmt->execute([$companyId, $tenantId]);
+    }
 
-    if (!$stmt->fetch()) {
+    $company = $stmt->fetch();
+    if (!$company) {
         json_error('الوصول مرفوض لهذه الشركة أو رقم الشركة غير صحيح', 403);
         exit;
     }
 
+    // لضمان حفظ الفاتورة في المكتب الصحيح إذا كان المرفوع سوبر أدمن
+    if ($decoded['role'] === 'super_admin') {
+        $tenantId = $company['tenant_id'];
+    }
+
     // 4. Handle File Upload
     $tenantDir = STORAGE_PATH . '/invoices/' . $tenantId;
     $companyDir = $tenantDir . '/' . $companyId;