Update: 2026-05-04 00:48:53

app/modules_app/companies/index.php

@@ -20,28 +20,12 @@ try {
         $stmt->execute();
         $companies = $stmt->fetchAll();
     } 
-    // 2. Admin sees all companies in their tenant
+    // 2. Tenant Users (Admin, Accountant, Employee) see all companies in their tenant
-    else if ($decoded['role'] === 'admin') {
+    else {
-        $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
+        $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL ORDER BY created_at DESC");
         $stmt->execute([$decoded['tenant_id']]);
         $companies = $stmt->fetchAll();
     }
-    // 3. Others (accountant, etc) see only their assigned companies
-    else {
-        // Get assigned company IDs from the pivot table
-        $stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1");
-        $stmtUser->execute([$decoded['user_id']]);
-        $assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN);
-
-        if (empty($assignedCompanyIds)) {
-            $companies = [];
-        } else {
-            $placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?'));
-            $stmt = $db->prepare("SELECT * FROM companies WHERE id IN ($placeholders) AND deleted_at IS NULL");
-            $stmt->execute($assignedCompanyIds);
-            $companies = $stmt->fetchAll();
-        }
-    }
 
     // 3. Decrypt fields
     foreach ($companies as &$company) {

app/modules_app/dashboard/stats.php

@@ -15,50 +15,28 @@ $companyId = $decoded['company_id'] ?? null;
 $role = $decoded['role'];
 
 try {
-    $where = "WHERE 1=1";
-    $params = [];
-
     // 2. Apply Filters based on Role
     if ($role === 'super_admin') {
         // No filters - see everything
-    } elseif ($role === 'admin') {
+        $where = "WHERE 1=1";
-        // Filter by Tenant (Accounting Office)
+        $params = [];
-        $where .= " AND tenant_id = :tenant_id";
-        $params[':tenant_id'] = $tenantId;
     } else {
-        // Accountant/Viewer: Filter by assigned companies
+        // Tenant Users (Admin, Accountant, Employee): Filter by Tenant
-        $where .= " AND tenant_id = :tenant_id";
+        $where = "WHERE tenant_id = ?";
-        $params[':tenant_id'] = $tenantId;
+        $params = [$tenantId];
-
-        // Get assigned company IDs
-        $stmtUser = $db->prepare("SELECT company_id FROM user_company_assignments WHERE user_id = ? AND is_active = 1");
-        $stmtUser->execute([$decoded['user_id']]);
-        $assignedCompanyIds = $stmtUser->fetchAll(PDO::FETCH_COLUMN);
-
-        if (empty($assignedCompanyIds)) {
-            // No companies assigned, see nothing
-            $where .= " AND 1=0";
-        } else {
-            $placeholders = implode(',', array_fill(0, count($assignedCompanyIds), '?'));
-            $where .= " AND company_id IN ($placeholders)";
-            // We need to merge params carefully since we are using both named and positional
-            // Actually, let's switch to pure positional for simplicity here
-            $where = str_replace(':tenant_id', '?', $where);
-            $params = array_merge([$tenantId], $assignedCompanyIds);
-        }
     }
 
     // 3. Fetch Stats
     $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where");
-    $stmt->execute(array_values($params));
+    $stmt->execute($params);
     $total = $stmt->fetchColumn();
 
     $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'pending'");
-    $stmt->execute(array_values($params));
+    $stmt->execute($params);
     $pending = $stmt->fetchColumn();
 
     $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'approved'");
-    $stmt->execute(array_values($params));
+    $stmt->execute($params);
     $approved = $stmt->fetchColumn();
 
 } catch (\Exception $e) {