Update: 2026-05-03 22:51:59

app/modules_app/dashboard/stats.php

@@ -10,32 +10,41 @@ use App\Middleware\AuthMiddleware;
 $decoded = AuthMiddleware::check();
 $db = Database::getInstance();
 
-$tenantId = $decoded['tenant_id'];
+$tenantId = $decoded['tenant_id'] ?? null;
 $companyId = $decoded['company_id'] ?? null;
 $role = $decoded['role'];
 
 try {
-    // 2. Build Query based on Role
-    $where = "WHERE tenant_id = :tenant_id";
-    $params = [':tenant_id' => $tenantId];
+    $where = "WHERE 1=1";
+    $params = [];
 
-    // If accountant or employee restricted to a company
-    if (($role === 'accountant' || $role === 'viewer') && $companyId) {
-        $where .= " AND company_id = :company_id";
-        $params[':company_id'] = $companyId;
+    // 2. Apply Filters based on Role
+    if ($role === 'super_admin') {
+        // No filters - see everything
+    } elseif ($role === 'admin') {
+        // Filter by Tenant (Accounting Office)
+        $where .= " AND tenant_id = :tenant_id";
+        $params[':tenant_id'] = $tenantId;
+    } else {
+        // Accountant/Viewer: Filter by specific company
+        $where .= " AND tenant_id = :tenant_id";
+        $params[':tenant_id'] = $tenantId;
+        
+        if ($companyId) {
+            $where .= " AND company_id = :company_id";
+            $params[':company_id'] = $companyId;
+        }
     }
 
-    // Total Invoices
+    // 3. Fetch Stats
     $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where");
     $stmt->execute($params);
     $total = $stmt->fetchColumn();
 
-    // Pending Invoices
     $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'pending'");
     $stmt->execute($params);
     $pending = $stmt->fetchColumn();
 
-    // Approved Invoices
     $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'approved'");
     $stmt->execute($params);
     $approved = $stmt->fetchColumn();