🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 15:51
This commit is contained in:
Hamza-Ayed
@@ -21,15 +21,17 @@ final class CompanyController
|
||||
$role = $request->user->role ?? 'viewer';
|
||||
$assignedCompanyId = $request->user->assigned_company_id ?? null;
|
||||
|
||||
$db = \App\Core\Database::getInstance();
|
||||
$columns = "id, name, name_en, tax_identification_number, commercial_registration_number, city, is_jofotara_linked, is_active, created_at";
|
||||
|
||||
if (in_array($role, ['admin', 'super_admin'], true)) {
|
||||
$companies = $this->companyModel->findByTenant($tenantId);
|
||||
$stmt = $db->prepare("SELECT {$columns} FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
|
||||
$stmt->execute([$tenantId]);
|
||||
} else {
|
||||
// Filter by assigned company
|
||||
$db = \App\Core\Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND id = ? AND deleted_at IS NULL");
|
||||
$stmt = $db->prepare("SELECT {$columns} FROM companies WHERE tenant_id = ? AND id = ? AND deleted_at IS NULL");
|
||||
$stmt->execute([$tenantId, $assignedCompanyId]);
|
||||
$companies = $stmt->fetchAll();
|
||||
}
|
||||
$companies = $stmt->fetchAll();
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
@@ -40,36 +42,47 @@ final class CompanyController
|
||||
public function create(Request $request): void
|
||||
{
|
||||
$data = $request->getBody();
|
||||
if (empty($data['name']) || empty($data['tax_identification_number'])) {
|
||||
throw new \App\Core\Exceptions\HttpException("اسم الشركة والرقم الضريبي مطلوبان", "VALIDATION_ERROR", 422);
|
||||
}
|
||||
|
||||
$data['tenant_id'] = $request->tenantId;
|
||||
|
||||
try {
|
||||
$companyId = $this->companyService->createCompany($data);
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => ['id' => $companyId],
|
||||
'message' => 'تم إضافة الشركة بنجاح'
|
||||
], 201);
|
||||
} catch (Throwable $e) {
|
||||
Response::error('فشل إضافة الشركة', 'CREATE_FAILED', 500);
|
||||
}
|
||||
$companyId = $this->companyService->createCompany($data);
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => ['id' => $companyId],
|
||||
'message' => 'تم إضافة الشركة بنجاح'
|
||||
], 201);
|
||||
}
|
||||
|
||||
public function updateJoFotara(Request $request, string $id): void
|
||||
{
|
||||
// 1. Verify Tenant Ownership (IDOR Prevention)
|
||||
$db = \App\Core\Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ?");
|
||||
$stmt->execute([$id, $request->tenantId]);
|
||||
if (!$stmt->fetchColumn()) {
|
||||
throw new \App\Core\Exceptions\HttpException("الشركة غير موجودة أو لا تملك صلاحية الوصول", "NOT_FOUND", 404);
|
||||
}
|
||||
|
||||
$clientId = $request->input('client_id');
|
||||
$secretKey = $request->input('secret_key');
|
||||
|
||||
if (empty($clientId) || empty($secretKey)) {
|
||||
throw new \App\Core\Exceptions\HttpException("يجب توفير Client ID و Secret Key", "VALIDATION_ERROR", 422);
|
||||
}
|
||||
|
||||
$data = [
|
||||
'jofotara_client_id' => $request->input('client_id'),
|
||||
'jofotara_secret_key' => $request->input('secret_key'),
|
||||
'jofotara_client_id' => $clientId,
|
||||
'jofotara_secret_key' => $secretKey,
|
||||
'is_jofotara_linked' => 1
|
||||
];
|
||||
|
||||
try {
|
||||
$this->companyService->updateJoFotara($id, $data);
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم تحديث بيانات جو-فواتير بنجاح'
|
||||
]);
|
||||
} catch (Throwable $e) {
|
||||
Response::error('فشل تحديث البيانات', 'UPDATE_FAILED', 500);
|
||||
}
|
||||
$this->companyService->updateJoFotara($id, $data);
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم تحديث بيانات جو-فواتير بنجاح'
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user