🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 15:11
This commit is contained in:
Hamza-Ayed
@@ -1,49 +1,131 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Modules\Admin;
|
||||
|
||||
use App\Core\{Request, Response, Database};
|
||||
|
||||
final class AdminController
|
||||
{
|
||||
public function getSystemStats(Request $request): void
|
||||
public function listTenants(Request $request): void
|
||||
{
|
||||
// Must be super_admin
|
||||
if (($request->user->role ?? '') !== 'super_admin') {
|
||||
Response::error('غير مصرح', 'FORBIDDEN', 403);
|
||||
$db = Database::getInstance();
|
||||
$page = max(1, (int)$request->input('page', 1));
|
||||
$limit = 20;
|
||||
$offset = ($page - 1) * $limit;
|
||||
|
||||
$stmt = $db->prepare("SELECT t.*,
|
||||
(SELECT COUNT(*) FROM invoices i WHERE i.tenant_id = t.id) as invoices_count,
|
||||
(SELECT COUNT(*) FROM users u WHERE u.tenant_id = t.id) as users_count
|
||||
FROM tenants t ORDER BY t.created_at DESC LIMIT {$limit} OFFSET {$offset}");
|
||||
$stmt->execute();
|
||||
$tenants = $stmt->fetchAll();
|
||||
|
||||
$total = (int)$db->query("SELECT COUNT(*) FROM tenants")->fetchColumn();
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $tenants,
|
||||
'meta' => ['total' => $total, 'page' => $page, 'per_page' => $limit]
|
||||
]);
|
||||
}
|
||||
|
||||
public function getTenant(Request $request, string $id): void
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT t.*, s.plan, s.max_invoices_per_month, s.invoices_used_this_month
|
||||
FROM tenants t
|
||||
LEFT JOIN subscriptions s ON t.id = s.tenant_id
|
||||
WHERE t.id = ?");
|
||||
$stmt->execute([$id]);
|
||||
$tenant = $stmt->fetch();
|
||||
|
||||
if (!$tenant) {
|
||||
Response::error('المستأجر غير موجود', 'NOT_FOUND', 404);
|
||||
return;
|
||||
}
|
||||
|
||||
Response::json(['success' => true, 'data' => $tenant]);
|
||||
}
|
||||
|
||||
public function updateTenant(Request $request, string $id): void
|
||||
{
|
||||
$data = $request->getBody();
|
||||
$status = $data['status'] ?? null;
|
||||
|
||||
if (!in_array($status, ['active', 'suspended', 'trial'])) {
|
||||
Response::error('حالة غير صالحة', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("UPDATE tenants SET status = ? WHERE id = ?");
|
||||
$stmt->execute([$status, $id]);
|
||||
|
||||
Response::json(['success' => true, 'message' => 'تم تحديث حالة المستأجر بنجاح']);
|
||||
}
|
||||
|
||||
public function getSystemStats(Request $request): void
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
$stmt = $db->prepare("SELECT COUNT(*) as count FROM tenants");
|
||||
$stmt->execute();
|
||||
$totalTenants = $stmt->fetch()['count'];
|
||||
$stats = [
|
||||
'tenants' => (int)$db->query("SELECT COUNT(*) FROM tenants")->fetchColumn(),
|
||||
'invoices' => (int)$db->query("SELECT COUNT(*) FROM invoices")->fetchColumn(),
|
||||
'users' => (int)$db->query("SELECT COUNT(*) FROM users")->fetchColumn(),
|
||||
'queue_depth' => (int)$db->query("SELECT COUNT(*) FROM queue_jobs WHERE status = 'pending'")->fetchColumn()
|
||||
];
|
||||
|
||||
$stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices");
|
||||
$stmt->execute();
|
||||
$totalInvoices = $stmt->fetch()['count'];
|
||||
Response::json(['success' => true, 'data' => $stats]);
|
||||
}
|
||||
|
||||
// Simple Health Check
|
||||
$redisHealth = 'ok';
|
||||
try {
|
||||
$redis = \App\Core\Redis::getInstance();
|
||||
$redis->ping();
|
||||
} catch (\Throwable $e) {
|
||||
$redisHealth = 'failed';
|
||||
}
|
||||
public function getQueueStatus(Request $request): void
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT status, COUNT(*) as count FROM queue_jobs GROUP BY status");
|
||||
$stmt->execute();
|
||||
$counts = $stmt->fetchAll();
|
||||
|
||||
$stmt = $db->prepare("SELECT * FROM queue_jobs WHERE status IN ('failed', 'dead') ORDER BY created_at DESC LIMIT 50");
|
||||
$stmt->execute();
|
||||
$failedJobs = $stmt->fetchAll();
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => [
|
||||
'counts' => $counts,
|
||||
'failed_jobs' => $failedJobs
|
||||
]
|
||||
]);
|
||||
}
|
||||
|
||||
public function retryJob(Request $request, string $id): void
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("UPDATE queue_jobs SET status = 'pending', attempts = 0 WHERE id = ? AND status = 'dead'");
|
||||
$stmt->execute([$id]);
|
||||
|
||||
Response::json(['success' => true, 'message' => 'تم إعادة محاولة الوظيفة بنجاح']);
|
||||
}
|
||||
|
||||
public function health(Request $request): void
|
||||
{
|
||||
$dbStatus = 'ok';
|
||||
try { Database::getInstance()->query("SELECT 1"); } catch (\Throwable $e) { $dbStatus = 'error'; }
|
||||
|
||||
$redisStatus = 'ok';
|
||||
try { \App\Core\Redis::getInstance()->ping(); } catch (\Throwable $e) { $redisStatus = 'error'; }
|
||||
|
||||
$db = Database::getInstance();
|
||||
$queuePending = (int)$db->query("SELECT COUNT(*) FROM queue_jobs WHERE status = 'pending'")->fetchColumn();
|
||||
$queueDead = (int)$db->query("SELECT COUNT(*) FROM queue_jobs WHERE status = 'dead'")->fetchColumn();
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => [
|
||||
'total_tenants' => $totalTenants,
|
||||
'total_invoices' => $totalInvoices,
|
||||
'system_health' => [
|
||||
'database' => 'ok',
|
||||
'redis' => $redisHealth
|
||||
]
|
||||
'db' => $dbStatus,
|
||||
'redis' => $redisStatus,
|
||||
'queue_pending' => $queuePending,
|
||||
'queue_dead' => $queueDead
|
||||
]
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Modules\ApiKeys;
|
||||
|
||||
use App\Core\{Request, Response, Database};
|
||||
@@ -9,7 +7,7 @@ use Ramsey\Uuid\Uuid;
|
||||
|
||||
final class ApiKeyController
|
||||
{
|
||||
public function list(Request $request): void
|
||||
public function index(Request $request): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$db = Database::getInstance();
|
||||
@@ -25,18 +23,13 @@ final class ApiKeyController
|
||||
public function create(Request $request): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$userId = $request->user->user_id;
|
||||
$name = $request->input('name');
|
||||
|
||||
if (!$name) {
|
||||
Response::error('يرجى إدخال اسم المفتاح', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
$userId = $request->user->user_id ?? $request->user->id;
|
||||
$name = $request->input('name') ?: 'Default Key';
|
||||
|
||||
$id = Uuid::uuid4()->toString();
|
||||
$publicKey = bin2hex(random_bytes(16));
|
||||
$secretKey = bin2hex(random_bytes(32));
|
||||
$secretHash = password_hash($secretKey, PASSWORD_BCRYPT);
|
||||
$secret = bin2hex(random_bytes(32));
|
||||
$secretHash = password_hash($secret, PASSWORD_BCRYPT);
|
||||
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("INSERT INTO api_keys (id, tenant_id, user_id, name, public_key, secret_hash, is_active) VALUES (?, ?, ?, ?, ?, ?, 1)");
|
||||
@@ -47,8 +40,22 @@ final class ApiKeyController
|
||||
'message' => 'تم إنشاء مفتاح API بنجاح. يرجى حفظ السر لأنه لن يظهر مرة أخرى.',
|
||||
'data' => [
|
||||
'id' => $id,
|
||||
'key' => "msq_{$publicKey}.{$secretKey}"
|
||||
'public_key' => $publicKey,
|
||||
'secret' => $secret
|
||||
]
|
||||
], 201);
|
||||
}
|
||||
|
||||
public function revoke(Request $request, string $id): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("UPDATE api_keys SET is_active = 0 WHERE id = ? AND tenant_id = ?");
|
||||
$stmt->execute([$id, $tenantId]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم إلغاء مفتاح API بنجاح'
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -144,4 +144,14 @@ final class AuthService
|
||||
|
||||
return $this->login($data['email'], $data['password']);
|
||||
}
|
||||
public function logout(string $jti, int $remaining): void
|
||||
{
|
||||
// Blacklist the JTI for its remaining lifetime
|
||||
try {
|
||||
$redis = \App\Core\Redis::getInstance();
|
||||
$redis->setex('jwt_blacklist:' . $jti, max($remaining, 1), '1');
|
||||
} catch (\Throwable $e) {
|
||||
error_log('[AUTH] Could not blacklist JTI: ' . $e->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Modules\Dashboard;
|
||||
|
||||
use App\Core\{Request, Response, Database};
|
||||
@@ -15,45 +13,55 @@ final class DashboardController
|
||||
$assignedCompanyId = $request->user->assigned_company_id ?? null;
|
||||
$db = Database::getInstance();
|
||||
|
||||
$where = "WHERE tenant_id = ?";
|
||||
$companyScope = '';
|
||||
$params = [$tenantId];
|
||||
|
||||
// Fix: Only accountants should be restricted to a single company if assigned.
|
||||
// Admins and Super Admins should see all companies in their tenant.
|
||||
if ($role === 'accountant' && $assignedCompanyId) {
|
||||
$where .= " AND company_id = ?";
|
||||
$companyScope = ' AND i.company_id = ?';
|
||||
$params[] = $assignedCompanyId;
|
||||
}
|
||||
|
||||
// 1. Total Invoices this month
|
||||
$stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices {$where} AND MONTH(created_at) = MONTH(CURRENT_DATE)");
|
||||
// Total this month
|
||||
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices i
|
||||
WHERE i.tenant_id = ? {$companyScope} AND MONTH(i.created_at) = MONTH(CURDATE()) AND YEAR(i.created_at) = YEAR(CURDATE()) AND i.deleted_at IS NULL");
|
||||
$stmt->execute($params);
|
||||
$thisMonth = (int) $stmt->fetch()['count'];
|
||||
$thisMonth = (int)$stmt->fetchColumn();
|
||||
|
||||
// 2. Approved vs Rejected
|
||||
$stmt = $db->prepare("SELECT status, COUNT(*) as count FROM invoices {$where} GROUP BY status");
|
||||
// Status distribution
|
||||
$stmt = $db->prepare("SELECT status, COUNT(*) as count FROM invoices i
|
||||
WHERE i.tenant_id = ? {$companyScope} AND i.deleted_at IS NULL GROUP BY status");
|
||||
$stmt->execute($params);
|
||||
$statusCounts = $stmt->fetchAll();
|
||||
$statusDistribution = $stmt->fetchAll();
|
||||
|
||||
// 3. Recent Activity - Fixed ambiguity
|
||||
$stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? " . ($role === 'accountant' && $assignedCompanyId ? " AND i.company_id = ?" : "") . " ORDER BY i.created_at DESC LIMIT 5");
|
||||
// Subscription usage
|
||||
$stmt = $db->prepare("SELECT max_invoices_per_month, invoices_used_this_month FROM subscriptions WHERE tenant_id = ?");
|
||||
$stmt->execute([$tenantId]);
|
||||
$sub = $stmt->fetch();
|
||||
$usagePct = $sub && $sub['max_invoices_per_month'] > 0
|
||||
? round(($sub['invoices_used_this_month'] / $sub['max_invoices_per_month']) * 100)
|
||||
: 0;
|
||||
|
||||
// Recent invoices
|
||||
$stmt = $db->prepare("SELECT i.id, i.invoice_number, i.invoice_date, i.grand_total, i.status, i.created_at, c.name as company_name, i.ai_confidence_score
|
||||
FROM invoices i
|
||||
JOIN companies c ON i.company_id = c.id
|
||||
WHERE i.tenant_id = ? {$companyScope} AND i.deleted_at IS NULL
|
||||
ORDER BY i.created_at DESC LIMIT 10");
|
||||
$stmt->execute($params);
|
||||
$recent = $stmt->fetchAll();
|
||||
|
||||
// 4. Calculate Subscription Usage
|
||||
$stmt = $db->prepare("SELECT max_invoices_per_month FROM subscriptions WHERE tenant_id = ?");
|
||||
// Pending extraction (from queue)
|
||||
$stmt = $db->prepare("SELECT COUNT(*) FROM queue_jobs WHERE tenant_id = ? AND status = 'pending' AND job_type = 'ExtractInvoiceJob'");
|
||||
$stmt->execute([$tenantId]);
|
||||
$sub = $stmt->fetch();
|
||||
$maxInvoices = (int) ($sub['max_invoices_per_month'] ?? 100);
|
||||
$usage = $maxInvoices > 0 ? round(($thisMonth / $maxInvoices) * 100, 1) : 0;
|
||||
$pendingExtraction = (int)$stmt->fetchColumn();
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => [
|
||||
'total_this_month' => $thisMonth,
|
||||
'status_distribution' => $statusCounts,
|
||||
'subscription_usage' => $usagePct,
|
||||
'status_distribution' => $statusDistribution,
|
||||
'recent_invoices' => $recent,
|
||||
'subscription_usage' => $usage
|
||||
'pending_extraction' => $pendingExtraction
|
||||
]
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -1,19 +1,9 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Modules\Invoices;
|
||||
|
||||
use App\Core\{Request, Response};
|
||||
use App\Core\{Request, Response, Database};
|
||||
use App\Services\FileStorageService;
|
||||
use App\Modules\Invoices\InvoiceModel;
|
||||
use App\Modules\Invoices\Actions\{
|
||||
ListInvoicesAction,
|
||||
UploadInvoiceAction,
|
||||
GetInvoiceDetailAction,
|
||||
SubmitInvoiceAction,
|
||||
DownloadInvoiceFileAction
|
||||
};
|
||||
use Throwable;
|
||||
|
||||
final class InvoiceController
|
||||
@@ -23,27 +13,84 @@ final class InvoiceController
|
||||
private readonly FileStorageService $storage
|
||||
) {}
|
||||
|
||||
public function list(Request $request): void
|
||||
public function index(Request $request): void
|
||||
{
|
||||
try {
|
||||
$action = new ListInvoicesAction();
|
||||
$invoices = $action->execute($request->tenantId, $request->user);
|
||||
Response::json(['success' => true, 'data' => $invoices]);
|
||||
} catch (Throwable $e) {
|
||||
Response::error($e->getMessage(), 'LIST_ERROR', (int)($e->getCode() ?: 500));
|
||||
$tenantId = $request->tenantId;
|
||||
$role = $request->user->role ?? 'viewer';
|
||||
$assignedCompanyId = $request->user->assigned_company_id ?? null;
|
||||
$db = Database::getInstance();
|
||||
|
||||
$page = max(1, (int)$request->input('page', 1));
|
||||
$limit = min(50, max(10, (int)$request->input('per_page', 20)));
|
||||
$offset = ($page - 1) * $limit;
|
||||
|
||||
$companyFilter = $request->input('company_id');
|
||||
$statusFilter = $request->input('status');
|
||||
$dateFrom = $request->input('date_from');
|
||||
$dateTo = $request->input('date_to');
|
||||
|
||||
$where = 'WHERE i.tenant_id = ? AND i.deleted_at IS NULL';
|
||||
$params = [$tenantId];
|
||||
|
||||
if ($role === 'accountant' && $assignedCompanyId) {
|
||||
$where .= ' AND i.company_id = ?';
|
||||
$params[] = $assignedCompanyId;
|
||||
} elseif ($companyFilter) {
|
||||
$where .= ' AND i.company_id = ?';
|
||||
$params[] = $companyFilter;
|
||||
}
|
||||
if ($statusFilter) { $where .= ' AND i.status = ?'; $params[] = $statusFilter; }
|
||||
if ($dateFrom) { $where .= ' AND i.invoice_date >= ?'; $params[] = $dateFrom; }
|
||||
if ($dateTo) { $where .= ' AND i.invoice_date <= ?'; $params[] = $dateTo; }
|
||||
|
||||
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices i {$where}");
|
||||
$stmt->execute($params);
|
||||
$total = (int)$stmt->fetchColumn();
|
||||
|
||||
$stmt = $db->prepare("SELECT i.id, i.invoice_number, i.invoice_date, i.grand_total, i.tax_amount,
|
||||
i.status, i.ai_confidence_score, i.created_at, c.name as company_name
|
||||
FROM invoices i JOIN companies c ON i.company_id = c.id
|
||||
{$where} ORDER BY i.created_at DESC LIMIT {$limit} OFFSET {$offset}");
|
||||
$stmt->execute($params);
|
||||
$invoices = $stmt->fetchAll();
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $invoices,
|
||||
'meta' => ['total' => $total, 'page' => $page, 'per_page' => $limit, 'last_page' => ceil($total / $limit)]
|
||||
]);
|
||||
}
|
||||
|
||||
public function upload(Request $request): void
|
||||
{
|
||||
try {
|
||||
$action = new UploadInvoiceAction($this->storage, $this->invoiceModel);
|
||||
$invoiceId = $action->execute(
|
||||
$request->getFiles(),
|
||||
(string)$request->input('company_id'),
|
||||
$request->tenantId,
|
||||
$request->user
|
||||
);
|
||||
$files = $request->getFiles();
|
||||
if (empty($files['file'])) {
|
||||
throw new \Exception('يرجى اختيار ملف للفاتورة');
|
||||
}
|
||||
|
||||
$companyId = (string)$request->input('company_id');
|
||||
if (empty($companyId)) {
|
||||
throw new \Exception('يرجى اختيار الشركة');
|
||||
}
|
||||
|
||||
$file = $files['file'];
|
||||
$invoiceId = \Ramsey\Uuid\Uuid::uuid4()->toString();
|
||||
|
||||
// Store file
|
||||
$path = $this->storage->store($file, "invoices/{$request->tenantId}/{$invoiceId}");
|
||||
|
||||
// Create record
|
||||
$this->invoiceModel->create([
|
||||
'id' => $invoiceId,
|
||||
'tenant_id' => $request->tenantId,
|
||||
'company_id' => $companyId,
|
||||
'original_file_path' => $path,
|
||||
'status' => 'uploaded'
|
||||
]);
|
||||
|
||||
// Queue extraction and risk analysis
|
||||
\App\Services\QueueService::push(\queue\Jobs\ExtractInvoiceJob::class, ['invoice_id' => $invoiceId]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
@@ -55,41 +102,124 @@ final class InvoiceController
|
||||
}
|
||||
}
|
||||
|
||||
public function detail(Request $request, string $id): void
|
||||
public function show(Request $request, string $id): void
|
||||
{
|
||||
try {
|
||||
$action = new GetInvoiceDetailAction();
|
||||
$invoice = $action->execute($id, $request->tenantId, $request->user);
|
||||
Response::json(['success' => true, 'data' => $invoice]);
|
||||
} catch (Throwable $e) {
|
||||
Response::error($e->getMessage(), 'DETAIL_ERROR', (int)($e->getCode() ?: 500));
|
||||
$tenantId = $request->tenantId;
|
||||
$db = Database::getInstance();
|
||||
|
||||
// Fetch invoice with company name (tenant-scoped)
|
||||
$stmt = $db->prepare("SELECT i.*, c.name as company_name, c.tax_identification_number as company_tin
|
||||
FROM invoices i
|
||||
JOIN companies c ON i.company_id = c.id
|
||||
WHERE i.id = ? AND i.tenant_id = ? AND i.deleted_at IS NULL");
|
||||
$stmt->execute([$id, $tenantId]);
|
||||
$invoice = $stmt->fetch();
|
||||
|
||||
if (!$invoice) {
|
||||
Response::error('الفاتورة غير موجودة', 'NOT_FOUND', 404);
|
||||
return;
|
||||
}
|
||||
|
||||
// Fetch lines
|
||||
$stmt = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ? ORDER BY line_number ASC");
|
||||
$stmt->execute([$id]);
|
||||
$invoice['lines'] = $stmt->fetchAll();
|
||||
|
||||
// Parse JSON fields
|
||||
if ($invoice['validation_errors']) {
|
||||
$invoice['validation_errors'] = json_decode($invoice['validation_errors'], true);
|
||||
}
|
||||
if ($invoice['jofotara_response']) {
|
||||
$invoice['jofotara_response'] = json_decode($invoice['jofotara_response'], true);
|
||||
}
|
||||
|
||||
Response::json(['success' => true, 'data' => $invoice]);
|
||||
}
|
||||
|
||||
public function submit(Request $request, string $id): void
|
||||
{
|
||||
try {
|
||||
$action = new SubmitInvoiceAction();
|
||||
$action->execute($id, $request->tenantId);
|
||||
Response::json(['success' => true, 'message' => 'Invoice submission queued.']);
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT status FROM invoices WHERE id = ? AND tenant_id = ?");
|
||||
$stmt->execute([$id, $request->tenantId]);
|
||||
$invoice = $stmt->fetch();
|
||||
|
||||
if (!$invoice) {
|
||||
Response::error('الفاتورة غير موجودة', 'NOT_FOUND', 404);
|
||||
return;
|
||||
}
|
||||
|
||||
// Update status to submitting
|
||||
$this->invoiceModel->update($id, ['status' => 'submitting']);
|
||||
|
||||
// Queue JoFotara submission
|
||||
\App\Services\QueueService::push(\queue\Jobs\SubmitJoFotaraJob::class, ['invoice_id' => $id]);
|
||||
|
||||
Response::json(['success' => true, 'message' => 'جاري إرسال الفاتورة لنظام فوترة...']);
|
||||
} catch (Throwable $e) {
|
||||
Response::error($e->getMessage(), 'SUBMIT_ERROR', (int)($e->getCode() ?: 500));
|
||||
}
|
||||
}
|
||||
|
||||
public function downloadFile(Request $request, string $id): void
|
||||
public function serveFile(Request $request, string $id): void
|
||||
{
|
||||
try {
|
||||
$action = new DownloadInvoiceFileAction();
|
||||
$file = $action->execute($id, $request->tenantId, $request->user);
|
||||
|
||||
header("Content-Type: {$file['mime']}");
|
||||
header("Content-Disposition: inline; filename=\"{$file['name']}\"");
|
||||
header("Content-Length: " . filesize($file['path']));
|
||||
readfile($file['path']);
|
||||
exit;
|
||||
} catch (Throwable $e) {
|
||||
Response::error($e->getMessage(), 'DOWNLOAD_ERROR', (int)($e->getCode() ?: 500));
|
||||
$tenantId = $request->tenantId;
|
||||
$db = Database::getInstance();
|
||||
|
||||
$stmt = $db->prepare("SELECT original_file_path FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
|
||||
$stmt->execute([$id, $tenantId]);
|
||||
$invoice = $stmt->fetch();
|
||||
|
||||
if (!$invoice || !$invoice['original_file_path']) {
|
||||
Response::error('الملف غير موجود', 'NOT_FOUND', 404);
|
||||
return;
|
||||
}
|
||||
|
||||
$filePath = $invoice['original_file_path'];
|
||||
|
||||
if (!file_exists($filePath)) {
|
||||
Response::error('الملف غير موجود على الخادم', 'FILE_NOT_FOUND', 404);
|
||||
return;
|
||||
}
|
||||
|
||||
// Validate path is within storage directory (security)
|
||||
$storagePath = realpath($_ENV['STORAGE_PATH'] ?? '/home/intaleqapp-musadeq/storage');
|
||||
$realPath = realpath($filePath);
|
||||
if (!$realPath || !str_starts_with($realPath, $storagePath)) {
|
||||
Response::error('وصول غير مصرح', 'FORBIDDEN', 403);
|
||||
return;
|
||||
}
|
||||
|
||||
$mimeType = mime_content_type($filePath);
|
||||
$filename = basename($filePath);
|
||||
|
||||
header('Content-Type: ' . $mimeType);
|
||||
header('Content-Length: ' . filesize($filePath));
|
||||
header('Content-Disposition: inline; filename="' . $filename . '"');
|
||||
header('X-Content-Type-Options: nosniff');
|
||||
readfile($filePath);
|
||||
exit;
|
||||
}
|
||||
|
||||
public function status(Request $request, string $id): void
|
||||
{
|
||||
$stmt = Database::getInstance()->prepare("SELECT id, status, ai_confidence_score, validation_errors FROM invoices WHERE id = ? AND tenant_id = ?");
|
||||
$stmt->execute([$id, $request->tenantId]);
|
||||
$invoice = $stmt->fetch();
|
||||
Response::json(['success' => true, 'data' => $invoice]);
|
||||
}
|
||||
|
||||
public function update(Request $request, string $id): void
|
||||
{
|
||||
// Implementation for PUT /api/v1/invoices/{id}
|
||||
$data = $request->getBody();
|
||||
$this->invoiceModel->update($id, $data);
|
||||
Response::json(['success' => true, 'message' => 'تم تحديث الفاتورة بنجاح']);
|
||||
}
|
||||
|
||||
public function destroy(Request $request, string $id): void
|
||||
{
|
||||
$this->invoiceModel->delete($id);
|
||||
Response::json(['success' => true, 'message' => 'تم حذف الفاتورة بنجاح']);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,75 +0,0 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Modules\Users;
|
||||
|
||||
use App\Core\{Request, Response};
|
||||
use App\Modules\Users\UserModel;
|
||||
|
||||
final class UserController
|
||||
{
|
||||
public function __construct(private readonly UserModel $userModel) {}
|
||||
|
||||
public function index(Request $request): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$users = $this->userModel->findAllByTenant($tenantId);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $users
|
||||
]);
|
||||
}
|
||||
|
||||
public function detail(Request $request, string $id): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$user = $this->userModel->findById($id, $tenantId);
|
||||
|
||||
if (!$user) {
|
||||
Response::error('المستخدم غير موجود', 'NOT_FOUND', 404);
|
||||
return;
|
||||
}
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $user
|
||||
]);
|
||||
}
|
||||
|
||||
public function create(Request $request): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$data = $request->getBody();
|
||||
|
||||
if (empty($data['email']) || empty($data['password']) || empty($data['name']) || empty($data['role'])) {
|
||||
Response::error('جميع الحقول مطلوبة', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
if ($this->userModel->findByEmail($data['email'])) {
|
||||
Response::error('البريد الإلكتروني مستخدم مسبقاً', 'DUPLICATE_EMAIL', 409);
|
||||
return;
|
||||
}
|
||||
|
||||
$userId = \Ramsey\Uuid\Uuid::uuid4()->toString();
|
||||
|
||||
$this->userModel->create([
|
||||
'id' => $userId,
|
||||
'tenant_id' => $tenantId,
|
||||
'name' => $data['name'],
|
||||
'email' => $data['email'],
|
||||
'password_hash' => password_hash($data['password'], PASSWORD_ARGON2ID),
|
||||
'role' => $data['role'],
|
||||
'assigned_company_id' => $data['assigned_company_id'] ?? null,
|
||||
'is_active' => 1
|
||||
]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم إضافة المستخدم بنجاح',
|
||||
'data' => ['id' => $userId]
|
||||
], 201);
|
||||
}
|
||||
}
|
||||
154
app/Modules/Users/UsersController.php
Normal file
154
app/Modules/Users/UsersController.php
Normal file
@@ -0,0 +1,154 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
namespace App\Modules\Users;
|
||||
|
||||
use App\Core\{Request, Response, Database};
|
||||
use Ramsey\Uuid\Uuid;
|
||||
|
||||
final class UsersController
|
||||
{
|
||||
public function __construct(private readonly UserModel $userModel) {}
|
||||
|
||||
public function list(Request $request): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$users = $this->userModel->findAllByTenant($tenantId);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $users
|
||||
]);
|
||||
}
|
||||
|
||||
public function create(Request $request): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$data = $request->getBody();
|
||||
|
||||
if (empty($data['email']) || empty($data['password']) || empty($data['name']) || empty($data['role'])) {
|
||||
Response::error('جميع الحقول مطلوبة', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
if ($this->userModel->findByEmail($data['email'])) {
|
||||
Response::error('البريد الإلكتروني مستخدم مسبقاً', 'DUPLICATE_EMAIL', 409);
|
||||
return;
|
||||
}
|
||||
|
||||
$userId = Uuid::uuid4()->toString();
|
||||
|
||||
$this->userModel->create([
|
||||
'id' => $userId,
|
||||
'tenant_id' => $tenantId,
|
||||
'name' => $data['name'],
|
||||
'email' => $data['email'],
|
||||
'password_hash' => password_hash($data['password'], PASSWORD_ARGON2ID),
|
||||
'role' => $data['role'],
|
||||
'assigned_company_id' => $data['assigned_company_id'] ?? null,
|
||||
'is_active' => 1
|
||||
]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم إضافة المستخدم بنجاح',
|
||||
'data' => ['id' => $userId]
|
||||
], 201);
|
||||
}
|
||||
|
||||
public function update(Request $request, string $id): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$user = $this->userModel->findById($id, $tenantId);
|
||||
if (!$user) {
|
||||
Response::error('المستخدم غير موجود', 'NOT_FOUND', 404);
|
||||
return;
|
||||
}
|
||||
|
||||
$data = $request->getBody();
|
||||
$updateData = [];
|
||||
if (isset($data['name'])) $updateData['name'] = $data['name'];
|
||||
if (isset($data['role'])) $updateData['role'] = $data['role'];
|
||||
if (isset($data['is_active'])) $updateData['is_active'] = $data['is_active'];
|
||||
if (isset($data['assigned_company_id'])) $updateData['assigned_company_id'] = $data['assigned_company_id'];
|
||||
|
||||
if (empty($updateData)) {
|
||||
Response::error('لا توجد بيانات لتحديثها', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
$this->userModel->update($id, $updateData);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم تحديث بيانات المستخدم بنجاح'
|
||||
]);
|
||||
}
|
||||
|
||||
public function destroy(Request $request, string $id): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$user = $this->userModel->findById($id, $tenantId);
|
||||
if (!$user) {
|
||||
Response::error('المستخدم غير موجود', 'NOT_FOUND', 404);
|
||||
return;
|
||||
}
|
||||
|
||||
if ($user['id'] === $request->user->user_id) {
|
||||
Response::error('لا يمكنك حذف حسابك الشخصي', 'FORBIDDEN', 403);
|
||||
return;
|
||||
}
|
||||
|
||||
$this->userModel->delete($id);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم حذف المستخدم بنجاح'
|
||||
]);
|
||||
}
|
||||
|
||||
public function updateProfile(Request $request): void
|
||||
{
|
||||
$userId = $request->user->user_id;
|
||||
$data = $request->getBody();
|
||||
|
||||
if (empty($data['name'])) {
|
||||
Response::error('الاسم مطلوب', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
$this->userModel->update($userId, [
|
||||
'name' => $data['name']
|
||||
]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم تحديث الملف الشخصي بنجاح'
|
||||
]);
|
||||
}
|
||||
|
||||
public function changePassword(Request $request): void
|
||||
{
|
||||
$userId = $request->user->user_id;
|
||||
$data = $request->getBody();
|
||||
|
||||
if (empty($data['current_password']) || empty($data['new_password'])) {
|
||||
Response::error('كلمة المرور الحالية والجديدة مطلوبة', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
$user = $this->userModel->find($userId);
|
||||
if (!password_verify($data['current_password'], $user['password_hash'])) {
|
||||
Response::error('كلمة المرور الحالية غير صحيحة', 'UNAUTHORIZED', 401);
|
||||
return;
|
||||
}
|
||||
|
||||
$this->userModel->update($userId, [
|
||||
'password_hash' => password_hash($data['new_password'], PASSWORD_ARGON2ID)
|
||||
]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم تغيير كلمة المرور بنجاح'
|
||||
]);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user