Update: 2026-05-04 00:27:42
This commit is contained in:
Hamza-Ayed
@@ -10,54 +10,59 @@ use App\Middleware\AuthMiddleware;
|
||||
$decoded = AuthMiddleware::check();
|
||||
$db = Database::getInstance();
|
||||
|
||||
// 1. Super Admin sees ALL companies
|
||||
if ($decoded['role'] === 'super_admin') {
|
||||
$stmt = $db->prepare("SELECT c.*, t.name as tenant_name
|
||||
FROM companies c
|
||||
LEFT JOIN tenants t ON c.tenant_id = t.id
|
||||
WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC");
|
||||
$stmt->execute();
|
||||
}
|
||||
// 2. Admin sees all companies in their tenant
|
||||
else if ($decoded['role'] === 'admin') {
|
||||
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
|
||||
$stmt->execute([$decoded['tenant_id']]);
|
||||
}
|
||||
// 3. Others (accountant, etc) see only their assigned company
|
||||
else {
|
||||
// Need to get their assigned company_id from users table first
|
||||
$stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?");
|
||||
$stmtUser->execute([$decoded['user_id']]);
|
||||
$assignedCompanyId = $stmtUser->fetchColumn();
|
||||
try {
|
||||
// 1. Super Admin sees ALL companies
|
||||
if ($decoded['role'] === 'super_admin') {
|
||||
$stmt = $db->prepare("SELECT c.*, t.name as tenant_name
|
||||
FROM companies c
|
||||
LEFT JOIN tenants t ON c.tenant_id = t.id
|
||||
WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC");
|
||||
$stmt->execute();
|
||||
}
|
||||
// 2. Admin sees all companies in their tenant
|
||||
else if ($decoded['role'] === 'admin') {
|
||||
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
|
||||
$stmt->execute([$decoded['tenant_id']]);
|
||||
}
|
||||
// 3. Others (accountant, etc) see only their assigned company
|
||||
else {
|
||||
// Need to get their assigned company_id from users table first
|
||||
$stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?");
|
||||
$stmtUser->execute([$decoded['user_id']]);
|
||||
$assignedCompanyId = $stmtUser->fetchColumn();
|
||||
|
||||
$stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL");
|
||||
$stmt->execute([$assignedCompanyId]);
|
||||
}
|
||||
|
||||
$companies = $stmt->fetchAll();
|
||||
|
||||
// 3. Decrypt fields
|
||||
foreach ($companies as &$company) {
|
||||
// Decrypt Name
|
||||
$decryptedName = Encryption::decrypt($company['name']);
|
||||
$company['name'] = $decryptedName !== false ? $decryptedName : $company['name'];
|
||||
|
||||
// Decrypt Name EN
|
||||
if (!empty($company['name_en'])) {
|
||||
$decryptedNameEn = Encryption::decrypt($company['name_en']);
|
||||
$company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en'];
|
||||
$stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL");
|
||||
$stmt->execute([$assignedCompanyId]);
|
||||
}
|
||||
|
||||
// Redact JoFotara secrets if returned to UI (or just don't return them)
|
||||
unset($company['jofotara_client_id_encrypted']);
|
||||
unset($company['jofotara_secret_key_encrypted']);
|
||||
unset($company['certificate_password_encrypted']);
|
||||
$companies = $stmt->fetchAll();
|
||||
|
||||
// Decrypt Tenant Name (if exists)
|
||||
if (isset($company['tenant_name'])) {
|
||||
$decTenantName = Encryption::decrypt($company['tenant_name']);
|
||||
$company['tenant_name'] = $decTenantName !== false ? $decTenantName : $company['tenant_name'];
|
||||
// 3. Decrypt fields
|
||||
foreach ($companies as &$company) {
|
||||
// Decrypt Name
|
||||
$decryptedName = Encryption::decrypt($company['name']);
|
||||
$company['name'] = $decryptedName !== false ? $decryptedName : $company['name'];
|
||||
|
||||
// Decrypt Name EN
|
||||
if (!empty($company['name_en'])) {
|
||||
$decryptedNameEn = Encryption::decrypt($company['name_en']);
|
||||
$company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en'];
|
||||
}
|
||||
|
||||
// Redact JoFotara secrets if returned to UI (or just don't return them)
|
||||
unset($company['jofotara_client_id_encrypted']);
|
||||
unset($company['jofotara_secret_key_encrypted']);
|
||||
unset($company['certificate_password_encrypted']);
|
||||
|
||||
// Decrypt Tenant Name (if exists)
|
||||
if (isset($company['tenant_name'])) {
|
||||
$decTenantName = Encryption::decrypt($company['tenant_name']);
|
||||
$company['tenant_name'] = $decTenantName !== false ? $decTenantName : $company['tenant_name'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
json_success($companies);
|
||||
json_success($companies);
|
||||
|
||||
} catch (\Exception $e) {
|
||||
json_error('SQL Error in Companies List: ' . $e->getMessage(), 500);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user