Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-04 00:27:42

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-04 00:27:42 +03:00
parent cd85fcf2bd
commit b4ac1e8775
3 changed files with 117 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
app/modules_app/companies/index.php
View File

@@ -10,54 +10,59 @@ use App\Middleware\AuthMiddleware;
$decoded = AuthMiddleware::check(); $decoded = AuthMiddleware::check();
$db = Database::getInstance(); $db = Database::getInstance();
// 1. Super Admin sees ALL companies try {
if ($decoded['role'] === 'super_admin') { // 1. Super Admin sees ALL companies
$stmt = $db->prepare("SELECT c.*, t.name as tenant_name if ($decoded['role'] === 'super_admin') {
FROM companies c $stmt = $db->prepare("SELECT c.*, t.name as tenant_name
LEFT JOIN tenants t ON c.tenant_id = t.id FROM companies c
WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC"); LEFT JOIN tenants t ON c.tenant_id = t.id
$stmt->execute(); WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC");
} $stmt->execute();
// 2. Admin sees all companies in their tenant }
else if ($decoded['role'] === 'admin') { // 2. Admin sees all companies in their tenant
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL"); else if ($decoded['role'] === 'admin') {
$stmt->execute([$decoded['tenant_id']]); $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
} $stmt->execute([$decoded['tenant_id']]);
// 3. Others (accountant, etc) see only their assigned company }
else { // 3. Others (accountant, etc) see only their assigned company
// Need to get their assigned company_id from users table first else {
$stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?"); // Need to get their assigned company_id from users table first
$stmtUser->execute([$decoded['user_id']]); $stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?");
$assignedCompanyId = $stmtUser->fetchColumn(); $stmtUser->execute([$decoded['user_id']]);
$assignedCompanyId = $stmtUser->fetchColumn();
$stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL"); $stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL");
$stmt->execute([$assignedCompanyId]); $stmt->execute([$assignedCompanyId]);
}
$companies = $stmt->fetchAll();
// 3. Decrypt fields
foreach ($companies as &$company) {
// Decrypt Name
$decryptedName = Encryption::decrypt($company['name']);
$company['name'] = $decryptedName !== false ? $decryptedName : $company['name'];
// Decrypt Name EN
if (!empty($company['name_en'])) {
$decryptedNameEn = Encryption::decrypt($company['name_en']);
$company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en'];
} }
// Redact JoFotara secrets if returned to UI (or just don't return them) $companies = $stmt->fetchAll();
unset($company['jofotara_client_id_encrypted']);
unset($company['jofotara_secret_key_encrypted']);
unset($company['certificate_password_encrypted']);
// Decrypt Tenant Name (if exists) // 3. Decrypt fields
if (isset($company['tenant_name'])) { foreach ($companies as &$company) {
$decTenantName = Encryption::decrypt($company['tenant_name']); // Decrypt Name
$company['tenant_name'] = $decTenantName !== false ? $decTenantName : $company['tenant_name']; $decryptedName = Encryption::decrypt($company['name']);
$company['name'] = $decryptedName !== false ? $decryptedName : $company['name'];
// Decrypt Name EN
if (!empty($company['name_en'])) {
$decryptedNameEn = Encryption::decrypt($company['name_en']);
$company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en'];
}
// Redact JoFotara secrets if returned to UI (or just don't return them)
unset($company['jofotara_client_id_encrypted']);
unset($company['jofotara_secret_key_encrypted']);
unset($company['certificate_password_encrypted']);
// Decrypt Tenant Name (if exists)
if (isset($company['tenant_name'])) {
$decTenantName = Encryption::decrypt($company['tenant_name']);
$company['tenant_name'] = $decTenantName !== false ? $decTenantName : $company['tenant_name'];
}
} }
}
json_success($companies); json_success($companies);
} catch (\Exception $e) {
json_error('SQL Error in Companies List: ' . $e->getMessage(), 500);
}

23
app/modules_app/tenants/index.php
View File

@@ -14,15 +14,20 @@ if ($decoded['role'] !== 'super_admin') {
$db = Database::getInstance(); $db = Database::getInstance();
$stmt = $db->query("SELECT id, name, email, phone, status, created_at FROM tenants ORDER BY created_at DESC"); try {
$tenants = $stmt->fetchAll(); $stmt = $db->query("SELECT id, name, email, phone, status, created_at FROM tenants ORDER BY created_at DESC");
$tenants = $stmt->fetchAll();
foreach ($tenants as &$t) { foreach ($tenants as &$t) {
$decName = \App\Core\Encryption::decrypt($t['name']); $decName = \App\Core\Encryption::decrypt($t['name']);
$t['name'] = $decName !== false ? $decName : $t['name']; $t['name'] = $decName !== false ? $decName : $t['name'];
$decEmail = \App\Core\Encryption::decrypt($t['email']); $decEmail = \App\Core\Encryption::decrypt($t['email']);
$t['email'] = $decEmail !== false ? $decEmail : $t['email']; $t['email'] = $decEmail !== false ? $decEmail : $t['email'];
}
json_success($tenants);
} catch (\Exception $e) {
json_error('SQL Error in Tenants List: ' . $e->getMessage(), 500);
} }
json_success($tenants);

99
app/modules_app/users/index.php
View File

@@ -14,52 +14,59 @@ $db = Database::getInstance();
$role = $decoded['role']; $role = $decoded['role'];
$tenantId = $decoded['tenant_id'] ?? null; $tenantId = $decoded['tenant_id'] ?? null;
// 2. Build Query based on Role try {
if ($role === 'super_admin') { // 2. Build Query based on Role
// Super Admin sees ALL users from ALL tenants if ($role === 'super_admin') {
$stmt = $db->query(" // Super Admin sees ALL users from ALL tenants
SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name $stmt = $db->query("
FROM users u SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name
LEFT JOIN tenants t ON u.tenant_id = t.id FROM users u
LEFT JOIN companies c ON u.company_id = c.id LEFT JOIN tenants t ON u.tenant_id = t.id
"); LEFT JOIN companies c ON u.company_id = c.id
} elseif ($role === 'admin') { ORDER BY u.created_at DESC
// Admin sees only users in THEIR tenant (Accounting Office) ");
$stmt = $db->prepare(" } elseif ($role === 'admin') {
SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name // Admin sees only users in THEIR tenant (Accounting Office)
FROM users u $stmt = $db->prepare("
LEFT JOIN tenants t ON u.tenant_id = t.id SELECT u.id, u.name, u.email, u.role, u.is_active, u.created_at, t.name as tenant_name, c.name as company_name
LEFT JOIN companies c ON u.company_id = c.id FROM users u
WHERE u.tenant_id = ? LEFT JOIN tenants t ON u.tenant_id = t.id
"); LEFT JOIN companies c ON u.company_id = c.id
$stmt->execute([$tenantId]); WHERE u.tenant_id = ?
} else { ORDER BY u.created_at DESC
// Other roles shouldn't see user list ");
json_error('Unauthorized', 403); $stmt->execute([$tenantId]);
} } else {
// Other roles shouldn't see user list
$users = $stmt->fetchAll(); json_error('Unauthorized', 403);
// 3. Decrypt data and format
foreach ($users as &$user) {
// Decrypt User Name/Email
$decryptedName = Encryption::decrypt($user['name']);
$user['name'] = $decryptedName !== false ? $decryptedName : $user['name'];
$decryptedEmail = Encryption::decrypt($user['email']);
$user['email'] = $decryptedEmail !== false ? $decryptedEmail : $user['email'];
// Decrypt Company Name (if exists)
if ($user['company_name']) {
$decryptedCompanyName = Encryption::decrypt($user['company_name']);
$user['company_name'] = $decryptedCompanyName !== false ? $decryptedCompanyName : $user['company_name'];
} }
// Decrypt Tenant Name (if exists) $users = $stmt->fetchAll();
if ($user['tenant_name']) {
$decryptedTenantName = Encryption::decrypt($user['tenant_name']);
$user['tenant_name'] = $decryptedTenantName !== false ? $decryptedTenantName : $user['tenant_name'];
}
}
json_success($users); // 3. Decrypt data and format
foreach ($users as &$user) {
// Decrypt User Name/Email
$decryptedName = Encryption::decrypt($user['name']);
$user['name'] = $decryptedName !== false ? $decryptedName : $user['name'];
$decryptedEmail = Encryption::decrypt($user['email']);
$user['email'] = $decryptedEmail !== false ? $decryptedEmail : $user['email'];
// Decrypt Company Name (if exists)
if (!empty($user['company_name'])) {
$decryptedCompanyName = Encryption::decrypt($user['company_name']);
$user['company_name'] = $decryptedCompanyName !== false ? $decryptedCompanyName : $user['company_name'];
}
// Decrypt Tenant Name (if exists)
if (!empty($user['tenant_name'])) {
$decryptedTenantName = Encryption::decrypt($user['tenant_name']);
$user['tenant_name'] = $decryptedTenantName !== false ? $decryptedTenantName : $user['tenant_name'];
}
}
json_success($users);
} catch (\Exception $e) {
json_error('SQL Error in Users List: ' . $e->getMessage(), 500);
}