From 79308d7f9b6fbdebfa6a41eea094afb7d166c51f Mon Sep 17 00:00:00 2001 From: Hamza-Ayed Date: Mon, 4 May 2026 00:48:53 +0300 Subject: [PATCH] Update: 2026-05-04 00:48:53 --- app/modules_app/companies/index.php | 22 +++-------------- app/modules_app/dashboard/stats.php | 38 ++++++----------------------- 2 files changed, 11 insertions(+), 49 deletions(-) diff --git a/app/modules_app/companies/index.php b/app/modules_app/companies/index.php index 8609cdf..860411f 100644 --- a/app/modules_app/companies/index.php +++ b/app/modules_app/companies/index.php @@ -20,28 +20,12 @@ try { $stmt->execute(); $companies = $stmt->fetchAll(); } - // 2. Admin sees all companies in their tenant - else if ($decoded['role'] === 'admin') { - $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL"); + // 2. Tenant Users (Admin, Accountant, Employee) see all companies in their tenant + else { + $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL ORDER BY created_at DESC"); $stmt->execute([$decoded['tenant_id']]); $companies = $stmt->fetchAll(); } - // 3. Others (accountant, etc) see only their assigned companies - else { - // Get assigned company IDs from the pivot table - $stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1"); - $stmtUser->execute([$decoded['user_id']]); - $assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN); - - if (empty($assignedCompanyIds)) { - $companies = []; - } else { - $placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?')); - $stmt = $db->prepare("SELECT * FROM companies WHERE id IN ($placeholders) AND deleted_at IS NULL"); - $stmt->execute($assignedCompanyIds); - $companies = $stmt->fetchAll(); - } - } // 3. Decrypt fields foreach ($companies as &$company) { diff --git a/app/modules_app/dashboard/stats.php b/app/modules_app/dashboard/stats.php index 10bb6c1..5d2b125 100644 --- a/app/modules_app/dashboard/stats.php +++ b/app/modules_app/dashboard/stats.php @@ -15,50 +15,28 @@ $companyId = $decoded['company_id'] ?? null; $role = $decoded['role']; try { - $where = "WHERE 1=1"; - $params = []; - // 2. Apply Filters based on Role if ($role === 'super_admin') { // No filters - see everything - } elseif ($role === 'admin') { - // Filter by Tenant (Accounting Office) - $where .= " AND tenant_id = :tenant_id"; - $params[':tenant_id'] = $tenantId; + $where = "WHERE 1=1"; + $params = []; } else { - // Accountant/Viewer: Filter by assigned companies - $where .= " AND tenant_id = :tenant_id"; - $params[':tenant_id'] = $tenantId; - - // Get assigned company IDs - $stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1"); - $stmtUser->execute([$decoded['user_id']]); - $assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN); - - if (empty($assignedCompanyIds)) { - // No companies assigned, see nothing - $where .= " AND 1=0"; - } else { - $placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?')); - $where .= " AND company_id IN ($placeholders)"; - // We need to merge params carefully since we are using both named and positional - // Actually, let's switch to pure positional for simplicity here - $where = str_replace(':tenant_id', '?', $where); - $params = array_merge([$tenantId], $assignedCompanyIds); - } + // Tenant Users (Admin, Accountant, Employee): Filter by Tenant + $where = "WHERE tenant_id = ?"; + $params = [$tenantId]; } // 3. Fetch Stats $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where"); - $stmt->execute(array_values($params)); + $stmt->execute($params); $total = $stmt->fetchColumn(); $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'pending'"); - $stmt->execute(array_values($params)); + $stmt->execute($params); $pending = $stmt->fetchColumn(); $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'approved'"); - $stmt->execute(array_values($params)); + $stmt->execute($params); $approved = $stmt->fetchColumn(); } catch (\Exception $e) {