Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-04 00:48:53

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-04 00:48:53 +03:00
parent 5abc22dcd8
commit 79308d7f9b
2 changed files with 11 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
app/modules_app/dashboard/stats.php
View File

@@ -15,50 +15,28 @@ $companyId = $decoded['company_id'] ?? null;
$role = $decoded['role'];
try {
$where = "WHERE 1=1";
$params = [];
// 2. Apply Filters based on Role
if ($role === 'super_admin') {
// No filters - see everything
} elseif ($role === 'admin') {
// Filter by Tenant (Accounting Office)
$where .= " AND tenant_id = :tenant_id";
$params[':tenant_id'] = $tenantId;
$where = "WHERE 1=1";
$params = [];
} else {
// Accountant/Viewer: Filter by assigned companies
$where .= " AND tenant_id = :tenant_id";
$params[':tenant_id'] = $tenantId;
// Get assigned company IDs
$stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1");
$stmtUser->execute([$decoded['user_id']]);
$assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN);
if (empty($assignedCompanyIds)) {
// No companies assigned, see nothing
$where .= " AND 1=0";
} else {
$placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?'));
$where .= " AND company_id IN ($placeholders)";
// We need to merge params carefully since we are using both named and positional
// Actually, let's switch to pure positional for simplicity here
$where = str_replace(':tenant_id', '?', $where);
$params = array_merge([$tenantId], $assignedCompanyIds);
}
// Tenant Users (Admin, Accountant, Employee): Filter by Tenant
$where = "WHERE tenant_id = ?";
$params = [$tenantId];
}
// 3. Fetch Stats
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where");
$stmt->execute(array_values($params));
$stmt->execute($params);
$total = $stmt->fetchColumn();
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'pending'");
$stmt->execute(array_values($params));
$stmt->execute($params);
$pending = $stmt->fetchColumn();
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'approved'");
$stmt->execute(array_values($params));
$stmt->execute($params);
$approved = $stmt->fetchColumn();
} catch (\Exception $e) {