Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-04 00:27:42

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-04 00:27:42 +03:00
parent cd85fcf2bd
commit b4ac1e8775
3 changed files with 117 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
app/modules_app/companies/index.php
View File

@@ -10,54 +10,59 @@ use App\Middleware\AuthMiddleware;
$decoded = AuthMiddleware::check();
$db = Database::getInstance();
// 1. Super Admin sees ALL companies
if ($decoded['role'] === 'super_admin') {
$stmt = $db->prepare("SELECT c.*, t.name as tenant_name
FROM companies c
LEFT JOIN tenants t ON c.tenant_id = t.id
WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC");
$stmt->execute();
}
// 2. Admin sees all companies in their tenant
else if ($decoded['role'] === 'admin') {
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$decoded['tenant_id']]);
}
// 3. Others (accountant, etc) see only their assigned company
else {
// Need to get their assigned company_id from users table first
$stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?");
$stmtUser->execute([$decoded['user_id']]);
$assignedCompanyId = $stmtUser->fetchColumn();
try {
// 1. Super Admin sees ALL companies
if ($decoded['role'] === 'super_admin') {
$stmt = $db->prepare("SELECT c.*, t.name as tenant_name
FROM companies c
LEFT JOIN tenants t ON c.tenant_id = t.id
WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC");
$stmt->execute();
}
// 2. Admin sees all companies in their tenant
else if ($decoded['role'] === 'admin') {
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$decoded['tenant_id']]);
}
// 3. Others (accountant, etc) see only their assigned company
else {
// Need to get their assigned company_id from users table first
$stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?");
$stmtUser->execute([$decoded['user_id']]);
$assignedCompanyId = $stmtUser->fetchColumn();
$stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL");
$stmt->execute([$assignedCompanyId]);
}
$companies = $stmt->fetchAll();
// 3. Decrypt fields
foreach ($companies as &$company) {
// Decrypt Name
$decryptedName = Encryption::decrypt($company['name']);
$company['name'] = $decryptedName !== false ? $decryptedName : $company['name'];
// Decrypt Name EN
if (!empty($company['name_en'])) {
$decryptedNameEn = Encryption::decrypt($company['name_en']);
$company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en'];
$stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL");
$stmt->execute([$assignedCompanyId]);
}
// Redact JoFotara secrets if returned to UI (or just don't return them)
unset($company['jofotara_client_id_encrypted']);
unset($company['jofotara_secret_key_encrypted']);
unset($company['certificate_password_encrypted']);
$companies = $stmt->fetchAll();
// Decrypt Tenant Name (if exists)
if (isset($company['tenant_name'])) {
$decTenantName = Encryption::decrypt($company['tenant_name']);
$company['tenant_name'] = $decTenantName !== false ? $decTenantName : $company['tenant_name'];
// 3. Decrypt fields
foreach ($companies as &$company) {
// Decrypt Name
$decryptedName = Encryption::decrypt($company['name']);
$company['name'] = $decryptedName !== false ? $decryptedName : $company['name'];
// Decrypt Name EN
if (!empty($company['name_en'])) {
$decryptedNameEn = Encryption::decrypt($company['name_en']);
$company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en'];
}
// Redact JoFotara secrets if returned to UI (or just don't return them)
unset($company['jofotara_client_id_encrypted']);
unset($company['jofotara_secret_key_encrypted']);
unset($company['certificate_password_encrypted']);
// Decrypt Tenant Name (if exists)
if (isset($company['tenant_name'])) {
$decTenantName = Encryption::decrypt($company['tenant_name']);
$company['tenant_name'] = $decTenantName !== false ? $decTenantName : $company['tenant_name'];
}
}
}
json_success($companies);
json_success($companies);
} catch (\Exception $e) {
json_error('SQL Error in Companies List: ' . $e->getMessage(), 500);
}

23
app/modules_app/tenants/index.php
View File

@@ -14,15 +14,20 @@ if ($decoded['role'] !== 'super_admin') {
$db = Database::getInstance();
$stmt = $db->query("SELECT id, name, email, phone, status, created_at FROM tenants ORDER BY created_at DESC");
$tenants = $stmt->fetchAll();
try {
$stmt = $db->query("SELECT id, name, email, phone, status, created_at FROM tenants ORDER BY created_at DESC");
$tenants = $stmt->fetchAll();
foreach ($tenants as &$t) {
$decName = \App\Core\Encryption::decrypt($t['name']);
$t['name'] = $decName !== false ? $decName : $t['name'];
foreach ($tenants as &$t) {
$decName = \App\Core\Encryption::decrypt($t['name']);
$t['name'] = $decName !== false ? $decName : $t['name'];
$decEmail = \App\Core\Encryption::decrypt($t['email']);
$t['email'] = $decEmail !== false ? $decEmail : $t['email'];
$decEmail = \App\Core\Encryption::decrypt($t['email']);
$t['email'] = $decEmail !== false ? $decEmail : $t['email'];
}
json_success($tenants);
} catch (\Exception $e) {
json_error('SQL Error in Tenants List: ' . $e->getMessage(), 500);
}
json_success($tenants);

99
app/modules_app/users/index.php
View File

@@ -14,52 +14,59 @@ $db = Database::getInstance();
$role = $decoded['role'];
$tenantId = $decoded['tenant_id'] ?? null;
// 2. Build Query based on Role
if ($role === 'super_admin') {
// Super Admin sees ALL users from ALL tenants
$stmt = $db->query("
SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name
FROM users u
LEFT JOIN tenants t ON u.tenant_id = t.id
LEFT JOIN companies c ON u.company_id = c.id
");
} elseif ($role === 'admin') {
// Admin sees only users in THEIR tenant (Accounting Office)
$stmt = $db->prepare("
SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name
FROM users u
LEFT JOIN tenants t ON u.tenant_id = t.id
LEFT JOIN companies c ON u.company_id = c.id
WHERE u.tenant_id = ?
");
$stmt->execute([$tenantId]);
} else {
// Other roles shouldn't see user list
json_error('Unauthorized', 403);
}
$users = $stmt->fetchAll();
// 3. Decrypt data and format
foreach ($users as &$user) {
// Decrypt User Name/Email
$decryptedName = Encryption::decrypt($user['name']);
$user['name'] = $decryptedName !== false ? $decryptedName : $user['name'];
$decryptedEmail = Encryption::decrypt($user['email']);
$user['email'] = $decryptedEmail !== false ? $decryptedEmail : $user['email'];
// Decrypt Company Name (if exists)
if ($user['company_name']) {
$decryptedCompanyName = Encryption::decrypt($user['company_name']);
$user['company_name'] = $decryptedCompanyName !== false ? $decryptedCompanyName : $user['company_name'];
try {
// 2. Build Query based on Role
if ($role === 'super_admin') {
// Super Admin sees ALL users from ALL tenants
$stmt = $db->query("
SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name
FROM users u
LEFT JOIN tenants t ON u.tenant_id = t.id
LEFT JOIN companies c ON u.company_id = c.id
ORDER BY u.created_at DESC
");
} elseif ($role === 'admin') {
// Admin sees only users in THEIR tenant (Accounting Office)
$stmt = $db->prepare("
SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name
FROM users u
LEFT JOIN tenants t ON u.tenant_id = t.id
LEFT JOIN companies c ON u.company_id = c.id
WHERE u.tenant_id = ?
ORDER BY u.created_at DESC
");
$stmt->execute([$tenantId]);
} else {
// Other roles shouldn't see user list
json_error('Unauthorized', 403);
}
// Decrypt Tenant Name (if exists)
if ($user['tenant_name']) {
$decryptedTenantName = Encryption::decrypt($user['tenant_name']);
$user['tenant_name'] = $decryptedTenantName !== false ? $decryptedTenantName : $user['tenant_name'];
}
}
$users = $stmt->fetchAll();
json_success($users);
// 3. Decrypt data and format
foreach ($users as &$user) {
// Decrypt User Name/Email
$decryptedName = Encryption::decrypt($user['name']);
$user['name'] = $decryptedName !== false ? $decryptedName : $user['name'];
$decryptedEmail = Encryption::decrypt($user['email']);
$user['email'] = $decryptedEmail !== false ? $decryptedEmail : $user['email'];
// Decrypt Company Name (if exists)
if (!empty($user['company_name'])) {
$decryptedCompanyName = Encryption::decrypt($user['company_name']);
$user['company_name'] = $decryptedCompanyName !== false ? $decryptedCompanyName : $user['company_name'];
}
// Decrypt Tenant Name (if exists)
if (!empty($user['tenant_name'])) {
$decryptedTenantName = Encryption::decrypt($user['tenant_name']);
$user['tenant_name'] = $decryptedTenantName !== false ? $decryptedTenantName : $user['tenant_name'];
}
}
json_success($users);
} catch (\Exception $e) {
json_error('SQL Error in Users List: ' . $e->getMessage(), 500);
}