diff --git a/app/modules_app/companies/index.php b/app/modules_app/companies/index.php index 9aee90b..8609cdf 100644 --- a/app/modules_app/companies/index.php +++ b/app/modules_app/companies/index.php @@ -18,25 +18,31 @@ try { LEFT JOIN tenants t ON c.tenant_id = t.id WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC"); $stmt->execute(); + $companies = $stmt->fetchAll(); } // 2. Admin sees all companies in their tenant else if ($decoded['role'] === 'admin') { $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL"); $stmt->execute([$decoded['tenant_id']]); + $companies = $stmt->fetchAll(); } - // 3. Others (accountant, etc) see only their assigned company + // 3. Others (accountant, etc) see only their assigned companies else { - // Need to get their assigned company_id from users table first - $stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?"); + // Get assigned company IDs from the pivot table + $stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1"); $stmtUser->execute([$decoded['user_id']]); - $assignedCompanyId = $stmtUser->fetchColumn(); + $assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN); - $stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL"); - $stmt->execute([$assignedCompanyId]); + if (empty($assignedCompanyIds)) { + $companies = []; + } else { + $placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?')); + $stmt = $db->prepare("SELECT * FROM companies WHERE id IN ($placeholders) AND deleted_at IS NULL"); + $stmt->execute($assignedCompanyIds); + $companies = $stmt->fetchAll(); + } } - $companies = $stmt->fetchAll(); - // 3. Decrypt fields foreach ($companies as &$company) { // Decrypt Name diff --git a/app/modules_app/dashboard/stats.php b/app/modules_app/dashboard/stats.php index fad1c3b..10bb6c1 100644 --- a/app/modules_app/dashboard/stats.php +++ b/app/modules_app/dashboard/stats.php @@ -26,27 +26,39 @@ try { $where .= " AND tenant_id = :tenant_id"; $params[':tenant_id'] = $tenantId; } else { - // Accountant/Viewer: Filter by specific company + // Accountant/Viewer: Filter by assigned companies $where .= " AND tenant_id = :tenant_id"; $params[':tenant_id'] = $tenantId; - - if ($companyId) { - $where .= " AND company_id = :company_id"; - $params[':company_id'] = $companyId; + + // Get assigned company IDs + $stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1"); + $stmtUser->execute([$decoded['user_id']]); + $assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN); + + if (empty($assignedCompanyIds)) { + // No companies assigned, see nothing + $where .= " AND 1=0"; + } else { + $placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?')); + $where .= " AND company_id IN ($placeholders)"; + // We need to merge params carefully since we are using both named and positional + // Actually, let's switch to pure positional for simplicity here + $where = str_replace(':tenant_id', '?', $where); + $params = array_merge([$tenantId], $assignedCompanyIds); } } // 3. Fetch Stats $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where"); - $stmt->execute($params); + $stmt->execute(array_values($params)); $total = $stmt->fetchColumn(); $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'pending'"); - $stmt->execute($params); + $stmt->execute(array_values($params)); $pending = $stmt->fetchColumn(); $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'approved'"); - $stmt->execute($params); + $stmt->execute(array_values($params)); $approved = $stmt->fetchColumn(); } catch (\Exception $e) {