Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-03 22:15:40

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-03 22:15:40 +03:00
parent 089a2b76c0
commit ab9625839e
4 changed files with 21 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/modules_app/auth/login.php
View File

@@ -46,9 +46,10 @@ if (!$secret || strlen($secret) < 32) {
json_error('Server configuration error', 500);
}
$payload = [
'user_id' => $user['id'],
'role' => $user['role'],
'exp' => time() + (15 * 60) // 15 minutes
'user_id' => $user['id'],
'tenant_id' => $user['tenant_id'],
'role' => $user['role'],
'exp' => time() + (15 * 60) // 15 minutes
];
$token = JWT::encode($payload, $secret);

8
app/modules_app/companies/create.php
View File

@@ -63,14 +63,8 @@ try {
date('Y-m-d H:i:s')
]);
$companyId = $db->lastInsertId();
// 4. Pivot link
$stmt = $db->prepare("INSERT INTO user_companies (user_id, company_id, role) VALUES (?, ?, ?)");
$stmt->execute([$decoded['user_id'], $companyId, 'admin']);
$db->commit();
json_success(['id' => $companyId], 'تم إنشاء الشركة بنجاح');
json_success(null, 'تم إنشاء الشركة بنجاح');
} catch (\Exception $e) {
$db->rollBack();

23
app/modules_app/companies/index.php
View File

@@ -13,14 +13,21 @@ $db = Database::getInstance();
// 1. Super Admin sees ALL companies
if ($decoded['role'] === 'super_admin') {
$stmt = $db->query("SELECT * FROM companies WHERE deleted_at IS NULL");
} else {
// 2. Others see only linked companies
$stmt = $db->prepare("
SELECT c.* FROM companies c
JOIN user_companies uc ON c.id = uc.company_id
WHERE uc.user_id = ? AND c.deleted_at IS NULL
");
$stmt->execute([$decoded['user_id']]);
}
// 2. Admin sees all companies in their tenant
else if ($decoded['role'] === 'admin') {
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$decoded['tenant_id']]);
}
// 3. Others (accountant, etc) see only their assigned company
else {
// Need to get their assigned company_id from users table first
$stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?");
$stmtUser->execute([$decoded['user_id']]);
$assignedCompanyId = $stmtUser->fetchColumn();
$stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL");
$stmt->execute([$assignedCompanyId]);
}
$companies = $stmt->fetchAll();