diff --git a/app/modules_app/companies/index.php b/app/modules_app/companies/index.php index 2076448..9aee90b 100644 --- a/app/modules_app/companies/index.php +++ b/app/modules_app/companies/index.php @@ -10,54 +10,59 @@ use App\Middleware\AuthMiddleware; $decoded = AuthMiddleware::check(); $db = Database::getInstance(); -// 1. Super Admin sees ALL companies -if ($decoded['role'] === 'super_admin') { - $stmt = $db->prepare("SELECT c.*, t.name as tenant_name - FROM companies c - LEFT JOIN tenants t ON c.tenant_id = t.id - WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC"); - $stmt->execute(); -} -// 2. Admin sees all companies in their tenant -else if ($decoded['role'] === 'admin') { - $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL"); - $stmt->execute([$decoded['tenant_id']]); -} -// 3. Others (accountant, etc) see only their assigned company -else { - // Need to get their assigned company_id from users table first - $stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?"); - $stmtUser->execute([$decoded['user_id']]); - $assignedCompanyId = $stmtUser->fetchColumn(); +try { + // 1. Super Admin sees ALL companies + if ($decoded['role'] === 'super_admin') { + $stmt = $db->prepare("SELECT c.*, t.name as tenant_name + FROM companies c + LEFT JOIN tenants t ON c.tenant_id = t.id + WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC"); + $stmt->execute(); + } + // 2. Admin sees all companies in their tenant + else if ($decoded['role'] === 'admin') { + $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL"); + $stmt->execute([$decoded['tenant_id']]); + } + // 3. Others (accountant, etc) see only their assigned company + else { + // Need to get their assigned company_id from users table first + $stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?"); + $stmtUser->execute([$decoded['user_id']]); + $assignedCompanyId = $stmtUser->fetchColumn(); - $stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL"); - $stmt->execute([$assignedCompanyId]); -} - -$companies = $stmt->fetchAll(); - -// 3. Decrypt fields -foreach ($companies as &$company) { - // Decrypt Name - $decryptedName = Encryption::decrypt($company['name']); - $company['name'] = $decryptedName !== false ? $decryptedName : $company['name']; - - // Decrypt Name EN - if (!empty($company['name_en'])) { - $decryptedNameEn = Encryption::decrypt($company['name_en']); - $company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en']; + $stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL"); + $stmt->execute([$assignedCompanyId]); } - // Redact JoFotara secrets if returned to UI (or just don't return them) - unset($company['jofotara_client_id_encrypted']); - unset($company['jofotara_secret_key_encrypted']); - unset($company['certificate_password_encrypted']); + $companies = $stmt->fetchAll(); - // Decrypt Tenant Name (if exists) - if (isset($company['tenant_name'])) { - $decTenantName = Encryption::decrypt($company['tenant_name']); - $company['tenant_name'] = $decTenantName !== false ? $decTenantName : $company['tenant_name']; + // 3. Decrypt fields + foreach ($companies as &$company) { + // Decrypt Name + $decryptedName = Encryption::decrypt($company['name']); + $company['name'] = $decryptedName !== false ? $decryptedName : $company['name']; + + // Decrypt Name EN + if (!empty($company['name_en'])) { + $decryptedNameEn = Encryption::decrypt($company['name_en']); + $company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en']; + } + + // Redact JoFotara secrets if returned to UI (or just don't return them) + unset($company['jofotara_client_id_encrypted']); + unset($company['jofotara_secret_key_encrypted']); + unset($company['certificate_password_encrypted']); + + // Decrypt Tenant Name (if exists) + if (isset($company['tenant_name'])) { + $decTenantName = Encryption::decrypt($company['tenant_name']); + $company['tenant_name'] = $decTenantName !== false ? $decTenantName : $company['tenant_name']; + } } -} -json_success($companies); + json_success($companies); + +} catch (\Exception $e) { + json_error('SQL Error in Companies List: ' . $e->getMessage(), 500); +} diff --git a/app/modules_app/tenants/index.php b/app/modules_app/tenants/index.php index 4c5a1ad..d7575a4 100644 --- a/app/modules_app/tenants/index.php +++ b/app/modules_app/tenants/index.php @@ -14,15 +14,20 @@ if ($decoded['role'] !== 'super_admin') { $db = Database::getInstance(); -$stmt = $db->query("SELECT id, name, email, phone, status, created_at FROM tenants ORDER BY created_at DESC"); -$tenants = $stmt->fetchAll(); +try { + $stmt = $db->query("SELECT id, name, email, phone, status, created_at FROM tenants ORDER BY created_at DESC"); + $tenants = $stmt->fetchAll(); -foreach ($tenants as &$t) { - $decName = \App\Core\Encryption::decrypt($t['name']); - $t['name'] = $decName !== false ? $decName : $t['name']; + foreach ($tenants as &$t) { + $decName = \App\Core\Encryption::decrypt($t['name']); + $t['name'] = $decName !== false ? $decName : $t['name']; - $decEmail = \App\Core\Encryption::decrypt($t['email']); - $t['email'] = $decEmail !== false ? $decEmail : $t['email']; + $decEmail = \App\Core\Encryption::decrypt($t['email']); + $t['email'] = $decEmail !== false ? $decEmail : $t['email']; + } + + json_success($tenants); + +} catch (\Exception $e) { + json_error('SQL Error in Tenants List: ' . $e->getMessage(), 500); } - -json_success($tenants); diff --git a/app/modules_app/users/index.php b/app/modules_app/users/index.php index ebfd0ae..d33059c 100644 --- a/app/modules_app/users/index.php +++ b/app/modules_app/users/index.php @@ -14,52 +14,59 @@ $db = Database::getInstance(); $role = $decoded['role']; $tenantId = $decoded['tenant_id'] ?? null; -// 2. Build Query based on Role -if ($role === 'super_admin') { - // Super Admin sees ALL users from ALL tenants - $stmt = $db->query(" - SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name - FROM users u - LEFT JOIN tenants t ON u.tenant_id = t.id - LEFT JOIN companies c ON u.company_id = c.id - "); -} elseif ($role === 'admin') { - // Admin sees only users in THEIR tenant (Accounting Office) - $stmt = $db->prepare(" - SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name - FROM users u - LEFT JOIN tenants t ON u.tenant_id = t.id - LEFT JOIN companies c ON u.company_id = c.id - WHERE u.tenant_id = ? - "); - $stmt->execute([$tenantId]); -} else { - // Other roles shouldn't see user list - json_error('Unauthorized', 403); -} - -$users = $stmt->fetchAll(); - -// 3. Decrypt data and format -foreach ($users as &$user) { - // Decrypt User Name/Email - $decryptedName = Encryption::decrypt($user['name']); - $user['name'] = $decryptedName !== false ? $decryptedName : $user['name']; - - $decryptedEmail = Encryption::decrypt($user['email']); - $user['email'] = $decryptedEmail !== false ? $decryptedEmail : $user['email']; - - // Decrypt Company Name (if exists) - if ($user['company_name']) { - $decryptedCompanyName = Encryption::decrypt($user['company_name']); - $user['company_name'] = $decryptedCompanyName !== false ? $decryptedCompanyName : $user['company_name']; +try { + // 2. Build Query based on Role + if ($role === 'super_admin') { + // Super Admin sees ALL users from ALL tenants + $stmt = $db->query(" + SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name + FROM users u + LEFT JOIN tenants t ON u.tenant_id = t.id + LEFT JOIN companies c ON u.company_id = c.id + ORDER BY u.created_at DESC + "); + } elseif ($role === 'admin') { + // Admin sees only users in THEIR tenant (Accounting Office) + $stmt = $db->prepare(" + SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name + FROM users u + LEFT JOIN tenants t ON u.tenant_id = t.id + LEFT JOIN companies c ON u.company_id = c.id + WHERE u.tenant_id = ? + ORDER BY u.created_at DESC + "); + $stmt->execute([$tenantId]); + } else { + // Other roles shouldn't see user list + json_error('Unauthorized', 403); } - // Decrypt Tenant Name (if exists) - if ($user['tenant_name']) { - $decryptedTenantName = Encryption::decrypt($user['tenant_name']); - $user['tenant_name'] = $decryptedTenantName !== false ? $decryptedTenantName : $user['tenant_name']; - } -} + $users = $stmt->fetchAll(); -json_success($users); + // 3. Decrypt data and format + foreach ($users as &$user) { + // Decrypt User Name/Email + $decryptedName = Encryption::decrypt($user['name']); + $user['name'] = $decryptedName !== false ? $decryptedName : $user['name']; + + $decryptedEmail = Encryption::decrypt($user['email']); + $user['email'] = $decryptedEmail !== false ? $decryptedEmail : $user['email']; + + // Decrypt Company Name (if exists) + if (!empty($user['company_name'])) { + $decryptedCompanyName = Encryption::decrypt($user['company_name']); + $user['company_name'] = $decryptedCompanyName !== false ? $decryptedCompanyName : $user['company_name']; + } + + // Decrypt Tenant Name (if exists) + if (!empty($user['tenant_name'])) { + $decryptedTenantName = Encryption::decrypt($user['tenant_name']); + $user['tenant_name'] = $decryptedTenantName !== false ? $decryptedTenantName : $user['tenant_name']; + } + } + + json_success($users); + +} catch (\Exception $e) { + json_error('SQL Error in Users List: ' . $e->getMessage(), 500); +}