Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-04 01:33:55

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-04 01:33:55 +03:00
parent ad48142492
commit 90f2f6f6e3
6 changed files with 251 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
app/modules_app/invoices/upload.php
View File

@@ -15,58 +15,107 @@ if (!in_array($decoded['role'], $allowedRoles)) {
json_error('Unauthorized to upload invoices', 403);
}
// 2. Validate Request
$companyId = $_POST['company_id'] ?? null;
if (!$companyId || !isset($_FILES['invoice'])) {
json_error('Company ID and invoice file are required', 422);
}
// 3. Permission Check (Can this user upload to this company?)
// 3. Permission Check
$tenantId = $decoded['tenant_id'];
$userId = $decoded['user_id'];
if ($decoded['role'] === 'admin') {
$stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$companyId, $tenantId]);
} elseif ($decoded['role'] === 'accountant') {
$stmt = $db->prepare("
SELECT c.id FROM companies c
JOIN user_company_assignments uca ON c.id = uca.company_id
WHERE c.id = ? AND uca.user_id = ? AND uca.is_active = 1
");
$stmt->execute([$companyId, $userId]);
} else { // employee
// In our schema, employee is linked via users.company_id
$stmt = $db->prepare("SELECT id FROM users WHERE id = ? AND company_id = ?");
// Everyone (except Super Admin who shouldn't upload here) must belong to the tenant
// And if they are NOT an admin, they must be assigned to this company
if ($decoded['role'] !== 'admin' && $decoded['role'] !== 'super_admin') {
$stmt = $db->prepare("SELECT id FROM user_company_assignments WHERE user_id = ? AND company_id = ? AND is_active = 1");
$stmt->execute([$userId, $companyId]);
if (!$stmt->fetch()) {
json_error('Access denied to this company', 403);
}
}
if (!$stmt->fetch()) {
json_error('Access denied to this company', 403);
}
// 4. Handle File Upload
$dateFolder = date('Y-m-d');
$uploadDir = STORAGE_PATH . '/invoices/' . $tenantId . '/' . $companyId . '/' . $dateFolder . '/';
if (!is_dir($uploadDir)) mkdir($uploadDir, 0775, true);
// 4. Handle File Upload (Mock logic for now, using storage/invoices)
$uploadDir = __DIR__ . '/../../../storage/invoices/' . $tenantId . '/' . $companyId . '/';
if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true);
$fileName = time() . '_' . basename($_FILES['invoice']['name']);
$extension = pathinfo($_FILES['invoice']['name'], PATHINFO_EXTENSION);
$fileName = bin2hex(random_bytes(8)) . '_' . time() . '.' . $extension;
$targetFile = $uploadDir . $fileName;
if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
// 5. Save to DB
$stmt = $db->prepare("
INSERT INTO invoices (
tenant_id, company_id, status, uploaded_by, original_file_path, created_at
) VALUES (?, ?, 'uploaded', ?, ?, NOW())
");
$stmt->execute([
$tenantId,
$companyId,
$userId,
$targetFile
]);
// 5. Run AI Extraction
$mimeType = $_FILES['invoice']['type'];
$base64Data = base64_encode(file_get_contents($targetFile));
$extracted = \App\Core\AI::extractInvoiceData($base64Data, $mimeType);
if (!$extracted) {
// Still save basic record if AI fails
$stmt = $db->prepare("INSERT INTO invoices (tenant_id, company_id, uploaded_by, original_file_path, status, created_at) VALUES (?, ?, ?, ?, 'uploaded', NOW())");
$stmt->execute([$tenantId, $companyId, $userId, $targetFile]);
json_success(['id' => $db->lastInsertId()], 'تم رفع الفاتورة ولكن فشل استخراج البيانات تلقائياً');
}
json_success(['id' => $db->lastInsertId()], 'تم رفع الفاتورة بنجاح وبدأت عملية المعالجة');
// 6. Save Extracted Data with Encryption
try {
$db->beginTransaction();
$stmt = $db->prepare("
INSERT INTO invoices (
tenant_id, company_id, uploaded_by, original_file_path, status,
invoice_number, invoice_date, invoice_type, invoice_category,
supplier_tin, supplier_name, supplier_address,
buyer_tin, buyer_name, buyer_national_id,
subtotal, tax_amount, discount_total, grand_total, currency_code,
created_at
) VALUES (?, ?, ?, ?, 'extracted', ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())
");
$stmt->execute([
$tenantId, $companyId, $userId, $targetFile,
$extracted['invoice_number'] ?? null,
$extracted['invoice_date'] ?? null,
$extracted['invoice_type'] ?? 'cash',
$extracted['invoice_category'] ?? 'simplified',
// Encrypt sensitive details
\App\Core\Encryption::encrypt($extracted['supplier_tin'] ?? ''),
\App\Core\Encryption::encrypt($extracted['supplier_name'] ?? ''),
\App\Core\Encryption::encrypt($extracted['supplier_address'] ?? ''),
\App\Core\Encryption::encrypt($extracted['buyer_tin'] ?? ''),
\App\Core\Encryption::encrypt($extracted['buyer_name'] ?? ''),
\App\Core\Encryption::encrypt($extracted['buyer_national_id'] ?? ''),
$extracted['subtotal'] ?? 0,
$extracted['tax_amount'] ?? 0,
$extracted['discount_total'] ?? 0,
$extracted['grand_total'] ?? 0,
$extracted['currency'] ?? 'JOD'
]);
$invoiceId = $db->lastInsertId();
// Save Line Items (No encryption for lines for now, usually not sensitive but can be)
if (!empty($extracted['items'])) {
$lineStmt = $db->prepare("
INSERT INTO invoice_lines (invoice_id, description, quantity, unit_price, tax_amount, total)
VALUES (?, ?, ?, ?, ?, ?)
");
foreach ($extracted['items'] as $item) {
$lineStmt->execute([
$invoiceId,
$item['description'] ?? 'N/A',
$item['quantity'] ?? 1,
$item['unit_price'] ?? 0,
$item['tax_amount'] ?? 0,
$item['total'] ?? 0
]);
}
}
$db->commit();
json_success(['id' => $invoiceId], 'تم رفع الفاتورة واستخراج البيانات بنجاح');
} catch (\Exception $e) {
$db->rollBack();
error_log("DB Error during invoice save: " . $e->getMessage());
json_error('حدث خطأ أثناء حفظ بيانات الفاتورة', 500);
}
} else {
json_error('Failed to save uploaded file', 500);
}