Update: 2026-05-07 23:06:22

app/modules_app/assignments/create.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * Create User-Company Assignment
+ * POST /v1/assignments/create
+ */
+
+declare(strict_types=1);
+
+use App\Core\Database;
+use App\Middleware\AuthMiddleware;
+use App\Middleware\RoleMiddleware;
+
+// Only Admin/Super Admin
+$decoded = RoleMiddleware::require(['super_admin', 'admin']);
+
+$data = input();
+$userId = $data['user_id'] ?? null;
+$companyId = $data['company_id'] ?? null;
+
+if (!$userId || !$companyId) {
+    json_error('userId and companyId are required', 422);
+}
+
+$db = Database::getInstance();
+
+try {
+    // Check if user belongs to the same tenant (if not super_admin)
+    if ($decoded['role'] !== 'super_admin') {
+        $stmt = $db->prepare("SELECT tenant_id FROM users WHERE id = ?");
+        $stmt->execute([$userId]);
+        $userTenant = $stmt->fetchColumn();
+        
+        if ($userTenant !== $decoded['tenant_id']) {
+            json_error('User does not belong to your office', 403);
+        }
+    }
+
+    $stmt = $db->prepare("
+        INSERT INTO user_company_assignments (id, user_id, company_id, is_active, created_at)
+        VALUES (?, ?, ?, 1, ?)
+        ON DUPLICATE KEY UPDATE is_active = 1
+    ");
+    
+    $stmt->execute([
+        Database::generateUuid(),
+        $userId,
+        $companyId,
+        date('Y-m-d H:i:s')
+    ]);
+
+    json_success(null, 'تم تخصيص المستخدم للشركة بنجاح');
+
+} catch (\Exception $e) {
+    json_error('حدث خطأ أثناء التخصيص: ' . $e->getMessage(), 500);
+}