Update: 2026-05-04 00:37:13

app/modules_app/companies/index.php

@@ -18,25 +18,31 @@ try {
             LEFT JOIN tenants t ON c.tenant_id = t.id 
             WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC");
         $stmt->execute();
+        $companies = $stmt->fetchAll();
     } 
     // 2. Admin sees all companies in their tenant
     else if ($decoded['role'] === 'admin') {
         $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
         $stmt->execute([$decoded['tenant_id']]);
+        $companies = $stmt->fetchAll();
     }
-    // 3. Others (accountant, etc) see only their assigned company
+    // 3. Others (accountant, etc) see only their assigned companies
     else {
-        // Need to get their assigned company_id from users table first
-        $stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?");
+        // Get assigned company IDs from the pivot table
+        $stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1");
         $stmtUser->execute([$decoded['user_id']]);
-        $assignedCompanyId = $stmtUser->fetchColumn();
+        $assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN);
 
-        $stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL");
-        $stmt->execute([$assignedCompanyId]);
+        if (empty($assignedCompanyIds)) {
+            $companies = [];
+        } else {
+            $placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?'));
+            $stmt = $db->prepare("SELECT * FROM companies WHERE id IN ($placeholders) AND deleted_at IS NULL");
+            $stmt->execute($assignedCompanyIds);
+            $companies = $stmt->fetchAll();
+        }
     }
 
-    $companies = $stmt->fetchAll();
-
     // 3. Decrypt fields
     foreach ($companies as &$company) {
         // Decrypt Name