Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-15 14:28:07

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-15 14:28:07 +03:00
parent f5260d854e
commit 54a4acdcab
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/modules_app/invoices/upload.php
View File

@@ -48,14 +48,25 @@ try {
}
// 3. Permission Check
$stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$companyId, $tenantId]);
if ($decoded['role'] === 'super_admin') {
$stmt = $db->prepare("SELECT id, tenant_id FROM companies WHERE id = ? AND deleted_at IS NULL");
$stmt->execute([$companyId]);
} else {
$stmt = $db->prepare("SELECT id, tenant_id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$companyId, $tenantId]);
}
if (!$stmt->fetch()) {
$company = $stmt->fetch();
if (!$company) {
json_error('الوصول مرفوض لهذه الشركة أو رقم الشركة غير صحيح', 403);
exit;
}
// لضمان حفظ الفاتورة في المكتب الصحيح إذا كان المرفوع سوبر أدمن
if ($decoded['role'] === 'super_admin') {
$tenantId = $company['tenant_id'];
}
// 4. Handle File Upload
$tenantDir = STORAGE_PATH . '/invoices/' . $tenantId;
$companyDir = $tenantDir . '/' . $companyId;