Update: 2026-05-04 00:48:53
This commit is contained in:
Hamza-Ayed
@@ -20,28 +20,12 @@ try {
|
||||
$stmt->execute();
|
||||
$companies = $stmt->fetchAll();
|
||||
}
|
||||
// 2. Admin sees all companies in their tenant
|
||||
else if ($decoded['role'] === 'admin') {
|
||||
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
|
||||
// 2. Tenant Users (Admin, Accountant, Employee) see all companies in their tenant
|
||||
else {
|
||||
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL ORDER BY created_at DESC");
|
||||
$stmt->execute([$decoded['tenant_id']]);
|
||||
$companies = $stmt->fetchAll();
|
||||
}
|
||||
// 3. Others (accountant, etc) see only their assigned companies
|
||||
else {
|
||||
// Get assigned company IDs from the pivot table
|
||||
$stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1");
|
||||
$stmtUser->execute([$decoded['user_id']]);
|
||||
$assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN);
|
||||
|
||||
if (empty($assignedCompanyIds)) {
|
||||
$companies = [];
|
||||
} else {
|
||||
$placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?'));
|
||||
$stmt = $db->prepare("SELECT * FROM companies WHERE id IN ($placeholders) AND deleted_at IS NULL");
|
||||
$stmt->execute($assignedCompanyIds);
|
||||
$companies = $stmt->fetchAll();
|
||||
}
|
||||
}
|
||||
|
||||
// 3. Decrypt fields
|
||||
foreach ($companies as &$company) {
|
||||
|
||||
@@ -15,50 +15,28 @@ $companyId = $decoded['company_id'] ?? null;
|
||||
$role = $decoded['role'];
|
||||
|
||||
try {
|
||||
$where = "WHERE 1=1";
|
||||
$params = [];
|
||||
|
||||
// 2. Apply Filters based on Role
|
||||
if ($role === 'super_admin') {
|
||||
// No filters - see everything
|
||||
} elseif ($role === 'admin') {
|
||||
// Filter by Tenant (Accounting Office)
|
||||
$where .= " AND tenant_id = :tenant_id";
|
||||
$params[':tenant_id'] = $tenantId;
|
||||
$where = "WHERE 1=1";
|
||||
$params = [];
|
||||
} else {
|
||||
// Accountant/Viewer: Filter by assigned companies
|
||||
$where .= " AND tenant_id = :tenant_id";
|
||||
$params[':tenant_id'] = $tenantId;
|
||||
|
||||
// Get assigned company IDs
|
||||
$stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1");
|
||||
$stmtUser->execute([$decoded['user_id']]);
|
||||
$assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN);
|
||||
|
||||
if (empty($assignedCompanyIds)) {
|
||||
// No companies assigned, see nothing
|
||||
$where .= " AND 1=0";
|
||||
} else {
|
||||
$placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?'));
|
||||
$where .= " AND company_id IN ($placeholders)";
|
||||
// We need to merge params carefully since we are using both named and positional
|
||||
// Actually, let's switch to pure positional for simplicity here
|
||||
$where = str_replace(':tenant_id', '?', $where);
|
||||
$params = array_merge([$tenantId], $assignedCompanyIds);
|
||||
}
|
||||
// Tenant Users (Admin, Accountant, Employee): Filter by Tenant
|
||||
$where = "WHERE tenant_id = ?";
|
||||
$params = [$tenantId];
|
||||
}
|
||||
|
||||
// 3. Fetch Stats
|
||||
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where");
|
||||
$stmt->execute(array_values($params));
|
||||
$stmt->execute($params);
|
||||
$total = $stmt->fetchColumn();
|
||||
|
||||
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'pending'");
|
||||
$stmt->execute(array_values($params));
|
||||
$stmt->execute($params);
|
||||
$pending = $stmt->fetchColumn();
|
||||
|
||||
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'approved'");
|
||||
$stmt->execute(array_values($params));
|
||||
$stmt->execute($params);
|
||||
$approved = $stmt->fetchColumn();
|
||||
|
||||
} catch (\Exception $e) {
|
||||
|
||||
Reference in New Issue
Block a user