Update: 2026-05-04 17:29:56
This commit is contained in:
Hamza-Ayed
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/**
|
||||
* View Invoice Details Endpoint (with Line Items)
|
||||
* Invoice View Endpoint (Decrypted & JoFotara Aware)
|
||||
*/
|
||||
|
||||
use App\Core\Database;
|
||||
@@ -11,32 +11,24 @@ use App\Middleware\AuthMiddleware;
|
||||
$decoded = AuthMiddleware::check();
|
||||
$db = Database::getInstance();
|
||||
|
||||
$id = input('id');
|
||||
if (!$id) {
|
||||
json_error('Invoice ID is required', 422);
|
||||
}
|
||||
// 2. Validate Request
|
||||
$id = $_GET['id'] ?? null;
|
||||
if (!$id) json_error('Invoice ID is required', 422);
|
||||
|
||||
// 3. Permission Check (Multi-Tenant Isolation)
|
||||
$tenantId = $decoded['tenant_id'];
|
||||
|
||||
try {
|
||||
// 2. Fetch Invoice
|
||||
$stmt = $db->prepare("
|
||||
SELECT i.*, c.name as company_name
|
||||
SELECT i.*, c.name as company_name
|
||||
FROM invoices i
|
||||
LEFT JOIN companies c ON i.company_id = c.id
|
||||
WHERE i.id = ?
|
||||
JOIN companies c ON i.company_id = c.id
|
||||
WHERE i.id = ? AND i.tenant_id = ?
|
||||
");
|
||||
$stmt->execute([$id]);
|
||||
$stmt->execute([$id, $tenantId]);
|
||||
$invoice = $stmt->fetch();
|
||||
|
||||
if (!$invoice) {
|
||||
json_error('Invoice not found', 404);
|
||||
}
|
||||
|
||||
// 3. Authorization Check
|
||||
if ($decoded['role'] !== 'super_admin') {
|
||||
if ($invoice['tenant_id'] !== $decoded['tenant_id']) {
|
||||
json_error('Unauthorized access to this invoice', 403);
|
||||
}
|
||||
}
|
||||
if (!$invoice) json_error('Invoice not found or access denied', 404);
|
||||
|
||||
// 4. Fetch Line Items
|
||||
$stmtLines = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ? ORDER BY line_number ASC");
|
||||
@@ -57,13 +49,30 @@ try {
|
||||
$invoice['company_name'] = $decrypt($invoice['company_name']);
|
||||
}
|
||||
|
||||
// 6. Generate Public URL for File (Assuming storage is symlinked or served)
|
||||
// For now, let's just return the relative path or a proxy route
|
||||
// We'll add a proxy route later if needed.
|
||||
$invoice['file_url'] = '/index.php?route=v1/invoices/file&id=' . $invoice['id'];
|
||||
// 6. Fetch JoFotara Submission Data
|
||||
$stmtSub = $db->prepare("
|
||||
SELECT jofotara_uuid, submitted_at, qr_code_raw, status as submission_status, response_body
|
||||
FROM jofotara_submissions
|
||||
WHERE invoice_id = ? AND status = 'accepted'
|
||||
ORDER BY created_at DESC LIMIT 1
|
||||
");
|
||||
$stmtSub->execute([$id]);
|
||||
$submission = $stmtSub->fetch();
|
||||
|
||||
$invoice['jofotara'] = $submission ? [
|
||||
'uuid' => $submission['jofotara_uuid'],
|
||||
'submitted_at' => $submission['submitted_at'],
|
||||
'qr_image_uri' => $submission['qr_code_raw'] ? 'data:image/png;base64,' . $submission['qr_code_raw'] : null,
|
||||
'has_xml' => true
|
||||
] : null;
|
||||
|
||||
// 7. Generate Public URL for File
|
||||
$token = Encryption::encrypt($invoice['original_file_path']);
|
||||
$invoice['file_url'] = '/index.php?route=v1/invoices/file&file_token=' . urlencode($token);
|
||||
|
||||
json_success($invoice);
|
||||
|
||||
} catch (\Exception $e) {
|
||||
json_error('Error fetching invoice: ' . $e->getMessage(), 500);
|
||||
error_log("Invoice View Error: " . $e->getMessage());
|
||||
json_error('Server error during invoice retrieval', 500);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user