🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 03:15
This commit is contained in:
Hamza-Ayed
@@ -38,6 +38,8 @@ final class UsersController
|
||||
public function create(Request $request): void
|
||||
{
|
||||
$currentUserRole = $request->user->role ?? 'viewer';
|
||||
$currentAssignedCompanyId = $request->user->assigned_company_id ?? null;
|
||||
|
||||
if (!in_array($currentUserRole, ['super_admin', 'admin'])) {
|
||||
Response::error('ليس لديك صلاحية لإضافة مستخدمين', 'FORBIDDEN', 403);
|
||||
return;
|
||||
@@ -47,11 +49,16 @@ final class UsersController
|
||||
$email = $request->input('email');
|
||||
$password = $request->input('password');
|
||||
$role = $request->input('role', 'accountant');
|
||||
$assignedCompanyId = $request->input('assigned_company_id');
|
||||
|
||||
// Admin can only create accountants and employees. Only super_admin can create admins.
|
||||
if ($currentUserRole === 'admin' && in_array($role, ['admin', 'super_admin'])) {
|
||||
Response::error('لا تملك الصلاحية لإضافة مدراء', 'FORBIDDEN', 403);
|
||||
return;
|
||||
if ($currentUserRole === 'admin') {
|
||||
if (in_array($role, ['admin', 'super_admin'])) {
|
||||
Response::error('لا تملك الصلاحية لإضافة مدراء', 'FORBIDDEN', 403);
|
||||
return;
|
||||
}
|
||||
// Admin automatically assigns their own company to the new user
|
||||
$assignedCompanyId = $currentAssignedCompanyId;
|
||||
}
|
||||
|
||||
// Validate valid roles
|
||||
@@ -62,14 +69,14 @@ final class UsersController
|
||||
}
|
||||
|
||||
if (!$name || !$email || !$password) {
|
||||
Response::error('Name, email, and password are required', 'VALIDATION_ERROR', 422);
|
||||
Response::error('الاسم والبريد وكلمة المرور مطلوبة', 'VALIDATION_ERROR', 422);
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
// Check if email exists
|
||||
if ($this->userModel->findByEmail($email)) {
|
||||
Response::error('Email already in use', 'EMAIL_EXISTS', 409);
|
||||
Response::error('البريد الإلكتروني مستخدم بالفعل', 'EMAIL_EXISTS', 409);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -81,12 +88,13 @@ final class UsersController
|
||||
'email' => $email,
|
||||
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
|
||||
'role' => $role,
|
||||
'assigned_company_id' => $assignedCompanyId,
|
||||
'is_active' => 1
|
||||
]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'User created successfully',
|
||||
'message' => 'تم إنشاء المستخدم بنجاح',
|
||||
'data' => ['id' => $userId]
|
||||
]);
|
||||
} catch (Throwable $e) {
|
||||
|
||||
Reference in New Issue
Block a user