Update: 2026-05-09 17:21:01

2026-05-09 17:21:01 +03:00
parent f75e2719fa
commit c94855ed9c
5 changed files with 198 additions and 84 deletions
--- a/app/modules_app/payments/delete.php
+++ b/app/modules_app/payments/delete.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * Delete/Cancel Payment Request (Admin/Accountant)
+ * POST /api/v1/payments/delete
+ */
+
+declare(strict_types=1);
+
+use App\Core\Database;
+use App\Middleware\AuthMiddleware;
+
+try {
+    $decoded = AuthMiddleware::check();
+    $db = Database::getInstance();
+    $tenantId = $decoded['tenant_id'];
+
+    $data = json_decode(file_get_contents('php://input'), true);
+    $paymentId = $data['payment_id'] ?? null;
+
+    if (!$paymentId) {
+        json_error('معرف طلب الدفع مطلوب.', 422);
+    }
+
+    // Only allow deleting PENDING requests
+    $stmt = $db->prepare("SELECT id FROM payment_requests WHERE id = ? AND tenant_id = ? AND status = 'pending'");
+    $stmt->execute([$paymentId, $tenantId]);
+    $payment = $stmt->fetch();
+
+    if (!$payment) {
+        json_error('لا يمكن حذف هذا الطلب (قد يكون مقبولاً بالفعل أو غير موجود).', 404);
+    }
+
+    $stmt = $db->prepare("DELETE FROM payment_requests WHERE id = ? AND tenant_id = ?");
+    $stmt->execute([$paymentId, $tenantId]);
+
+    // Log deletion
+    $logStmt = $db->prepare("INSERT INTO audit_logs (tenant_id, user_id, action, entity_type, entity_id) VALUES (?, ?, 'payment.deleted', 'payment', ?)");
+    $logStmt->execute([$tenantId, $decoded['user_id'], $paymentId]);
+
+    json_success([], 'تم إلغاء طلب الدفع بنجاح.');
+
+} catch (\Throwable $e) {
+    error_log("Payment Delete Error: " . $e->getMessage());
+    json_error('حدث خطأ أثناء حذف طلب الدفع.', 500);
+}