🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 03:15
This commit is contained in:
Hamza-Ayed
@@ -30,7 +30,8 @@ final class AuthService
|
||||
$accessToken = $this->jwtService->issueAccessToken([
|
||||
'user_id' => $user['id'],
|
||||
'tenant_id' => $user['tenant_id'],
|
||||
'role' => $user['role']
|
||||
'role' => $user['role'],
|
||||
'assigned_company_id' => $user['assigned_company_id']
|
||||
]);
|
||||
|
||||
$refreshToken = $this->jwtService->issueRefreshToken($user['id']);
|
||||
@@ -49,7 +50,8 @@ final class AuthService
|
||||
'id' => $user['id'],
|
||||
'name' => $user['name'],
|
||||
'email' => $user['email'],
|
||||
'role' => $user['role']
|
||||
'role' => $user['role'],
|
||||
'assigned_company_id' => $user['assigned_company_id']
|
||||
]
|
||||
];
|
||||
}
|
||||
|
||||
@@ -17,7 +17,20 @@ final class CompanyController
|
||||
|
||||
public function list(Request $request): void
|
||||
{
|
||||
$companies = $this->companyModel->findByTenant($request->tenantId);
|
||||
$tenantId = $request->tenantId;
|
||||
$role = $request->user->role ?? 'viewer';
|
||||
$assignedCompanyId = $request->user->assigned_company_id ?? null;
|
||||
|
||||
if ($role === 'super_admin') {
|
||||
$companies = $this->companyModel->findByTenant($tenantId);
|
||||
} else {
|
||||
// Filter by assigned company
|
||||
$db = \App\Core\Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND id = ? AND deleted_at IS NULL");
|
||||
$stmt->execute([$tenantId, $assignedCompanyId]);
|
||||
$companies = $stmt->fetchAll();
|
||||
}
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $companies
|
||||
|
||||
@@ -11,21 +11,31 @@ final class DashboardController
|
||||
public function getStats(Request $request): void
|
||||
{
|
||||
$tenantId = $request->tenantId;
|
||||
$role = $request->user->role ?? 'viewer';
|
||||
$assignedCompanyId = $request->user->assigned_company_id ?? null;
|
||||
$db = Database::getInstance();
|
||||
|
||||
$where = "WHERE tenant_id = ?";
|
||||
$params = [$tenantId];
|
||||
|
||||
if ($role !== 'super_admin') {
|
||||
$where .= " AND company_id = ?";
|
||||
$params[] = $assignedCompanyId;
|
||||
}
|
||||
|
||||
// 1. Total Invoices this month
|
||||
$stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices WHERE tenant_id = ? AND MONTH(created_at) = MONTH(CURRENT_DATE)");
|
||||
$stmt->execute([$tenantId]);
|
||||
$stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices {$where} AND MONTH(created_at) = MONTH(CURRENT_DATE)");
|
||||
$stmt->execute($params);
|
||||
$thisMonth = $stmt->fetch()['count'];
|
||||
|
||||
// 2. Approved vs Rejected
|
||||
$stmt = $db->prepare("SELECT status, COUNT(*) as count FROM invoices WHERE tenant_id = ? GROUP BY status");
|
||||
$stmt->execute([$tenantId]);
|
||||
$stmt = $db->prepare("SELECT status, COUNT(*) as count FROM invoices {$where} GROUP BY status");
|
||||
$stmt->execute($params);
|
||||
$statusCounts = $stmt->fetchAll();
|
||||
|
||||
// 3. Recent Activity
|
||||
$stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? ORDER BY i.created_at DESC LIMIT 5");
|
||||
$stmt->execute([$tenantId]);
|
||||
$stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id {$where} ORDER BY i.created_at DESC LIMIT 5");
|
||||
$stmt->execute($params);
|
||||
$recent = $stmt->fetchAll();
|
||||
|
||||
Response::json([
|
||||
|
||||
@@ -20,7 +20,20 @@ final class InvoiceController
|
||||
|
||||
public function list(Request $request): void
|
||||
{
|
||||
$invoices = $this->invoiceModel->findByTenant($request->tenantId);
|
||||
$tenantId = $request->tenantId;
|
||||
$role = $request->user->role ?? 'viewer';
|
||||
$assignedCompanyId = $request->user->assigned_company_id ?? null;
|
||||
|
||||
if ($role === 'super_admin') {
|
||||
$invoices = $this->invoiceModel->findByTenant($tenantId);
|
||||
} else {
|
||||
// Filter by assigned company for admin, accountant, etc.
|
||||
$db = \App\Core\Database::getInstance();
|
||||
$stmt = $db->prepare("SELECT * FROM invoices WHERE tenant_id = ? AND company_id = ? AND deleted_at IS NULL ORDER BY created_at DESC");
|
||||
$stmt->execute([$tenantId, $assignedCompanyId]);
|
||||
$invoices = $stmt->fetchAll();
|
||||
}
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $invoices
|
||||
@@ -50,11 +63,10 @@ final class InvoiceController
|
||||
$invoiceId = \Ramsey\Uuid\Uuid::uuid4()->toString();
|
||||
$this->invoiceModel->create([
|
||||
'id' => $invoiceId,
|
||||
'invoice_uuid' => \Ramsey\Uuid\Uuid::uuid4()->toString(),
|
||||
'tenant_id' => $tenantId,
|
||||
'company_id' => $companyId,
|
||||
'uploaded_by' => $request->user->user_id,
|
||||
'status' => 'PROCESSING',
|
||||
'status' => 'uploaded', // Match schema ENUM
|
||||
'original_file_path' => $filePath,
|
||||
'original_file_hash' => $fileHash,
|
||||
'idempotency_key' => bin2hex(random_bytes(16))
|
||||
@@ -67,8 +79,8 @@ final class InvoiceController
|
||||
|
||||
// Update Invoice with extracted data
|
||||
$this->invoiceModel->update($invoiceId, [
|
||||
'status' => 'EXTRACTED',
|
||||
'extracted_data' => json_encode($extractedData, JSON_UNESCAPED_UNICODE)
|
||||
'status' => 'extracted', // Match schema ENUM
|
||||
'ai_raw_response' => json_encode($extractedData, JSON_UNESCAPED_UNICODE)
|
||||
]);
|
||||
|
||||
Response::json([
|
||||
@@ -83,7 +95,7 @@ final class InvoiceController
|
||||
} catch (Throwable $aiError) {
|
||||
// Keep it uploaded, maybe manual retry later
|
||||
$this->invoiceModel->update($invoiceId, [
|
||||
'status' => 'AI_FAILED'
|
||||
'status' => 'validation_failed' // Match schema fallback
|
||||
]);
|
||||
|
||||
Response::json([
|
||||
|
||||
@@ -38,6 +38,8 @@ final class UsersController
|
||||
public function create(Request $request): void
|
||||
{
|
||||
$currentUserRole = $request->user->role ?? 'viewer';
|
||||
$currentAssignedCompanyId = $request->user->assigned_company_id ?? null;
|
||||
|
||||
if (!in_array($currentUserRole, ['super_admin', 'admin'])) {
|
||||
Response::error('ليس لديك صلاحية لإضافة مستخدمين', 'FORBIDDEN', 403);
|
||||
return;
|
||||
@@ -47,11 +49,16 @@ final class UsersController
|
||||
$email = $request->input('email');
|
||||
$password = $request->input('password');
|
||||
$role = $request->input('role', 'accountant');
|
||||
$assignedCompanyId = $request->input('assigned_company_id');
|
||||
|
||||
// Admin can only create accountants and employees. Only super_admin can create admins.
|
||||
if ($currentUserRole === 'admin' && in_array($role, ['admin', 'super_admin'])) {
|
||||
Response::error('لا تملك الصلاحية لإضافة مدراء', 'FORBIDDEN', 403);
|
||||
return;
|
||||
if ($currentUserRole === 'admin') {
|
||||
if (in_array($role, ['admin', 'super_admin'])) {
|
||||
Response::error('لا تملك الصلاحية لإضافة مدراء', 'FORBIDDEN', 403);
|
||||
return;
|
||||
}
|
||||
// Admin automatically assigns their own company to the new user
|
||||
$assignedCompanyId = $currentAssignedCompanyId;
|
||||
}
|
||||
|
||||
// Validate valid roles
|
||||
@@ -62,14 +69,14 @@ final class UsersController
|
||||
}
|
||||
|
||||
if (!$name || !$email || !$password) {
|
||||
Response::error('Name, email, and password are required', 'VALIDATION_ERROR', 422);
|
||||
Response::error('الاسم والبريد وكلمة المرور مطلوبة', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
// Check if email exists
|
||||
if ($this->userModel->findByEmail($email)) {
|
||||
Response::error('Email already in use', 'EMAIL_EXISTS', 409);
|
||||
Response::error('البريد الإلكتروني مستخدم بالفعل', 'EMAIL_EXISTS', 409);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -81,12 +88,13 @@ final class UsersController
|
||||
'email' => $email,
|
||||
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
|
||||
'role' => $role,
|
||||
'assigned_company_id' => $assignedCompanyId,
|
||||
'is_active' => 1
|
||||
]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'User created successfully',
|
||||
'message' => 'تم إنشاء المستخدم بنجاح',
|
||||
'data' => ['id' => $userId]
|
||||
]);
|
||||
} catch (Throwable $e) {
|
||||
|
||||
Reference in New Issue
Block a user