Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-04 00:37:13

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-04 00:37:14 +03:00
parent e9cea98e95
commit 5abc22dcd8
2 changed files with 34 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app/modules_app/companies/index.php
View File

@@ -18,25 +18,31 @@ try {
LEFT JOIN tenants t ON c.tenant_id = t.id
WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC");
$stmt->execute();
$companies = $stmt->fetchAll();
}
// 2. Admin sees all companies in their tenant
else if ($decoded['role'] === 'admin') {
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$decoded['tenant_id']]);
$companies = $stmt->fetchAll();
}
// 3. Others (accountant, etc) see only their assigned company
// 3. Others (accountant, etc) see only their assigned companies
else {
// Need to get their assigned company_id from users table first
$stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?");
// Get assigned company IDs from the pivot table
$stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1");
$stmtUser->execute([$decoded['user_id']]);
$assignedCompanyId = $stmtUser->fetchColumn();
$assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN);
$stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL");
$stmt->execute([$assignedCompanyId]);
if (empty($assignedCompanyIds)) {
$companies = [];
} else {
$placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?'));
$stmt = $db->prepare("SELECT * FROM companies WHERE id IN ($placeholders) AND deleted_at IS NULL");
$stmt->execute($assignedCompanyIds);
$companies = $stmt->fetchAll();
}
}
$companies = $stmt->fetchAll();
// 3. Decrypt fields
foreach ($companies as &$company) {
// Decrypt Name

28
app/modules_app/dashboard/stats.php
View File

@@ -26,27 +26,39 @@ try {
$where .= " AND tenant_id = :tenant_id";
$params[':tenant_id'] = $tenantId;
} else {
// Accountant/Viewer: Filter by specific company
// Accountant/Viewer: Filter by assigned companies
$where .= " AND tenant_id = :tenant_id";
$params[':tenant_id'] = $tenantId;
if ($companyId) {
$where .= " AND company_id = :company_id";
$params[':company_id'] = $companyId;
// Get assigned company IDs
$stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1");
$stmtUser->execute([$decoded['user_id']]);
$assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN);
if (empty($assignedCompanyIds)) {
// No companies assigned, see nothing
$where .= " AND 1=0";
} else {
$placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?'));
$where .= " AND company_id IN ($placeholders)";
// We need to merge params carefully since we are using both named and positional
// Actually, let's switch to pure positional for simplicity here
$where = str_replace(':tenant_id', '?', $where);
$params = array_merge([$tenantId], $assignedCompanyIds);
}
}
// 3. Fetch Stats
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where");
$stmt->execute($params);
$stmt->execute(array_values($params));
$total = $stmt->fetchColumn();
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'pending'");
$stmt->execute($params);
$stmt->execute(array_values($params));
$pending = $stmt->fetchColumn();
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'approved'");
$stmt->execute($params);
$stmt->execute(array_values($params));
$approved = $stmt->fetchColumn();
} catch (\Exception $e) {