From d6cedd23c10e92213620335020eb026d53cae1b5 Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Tue, 12 May 2026 01:19:04 +0300
Subject: [PATCH] Update: 2026-05-12 01:19:04

---
 app/modules_app/batches/status.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/modules_app/batches/status.php b/app/modules_app/batches/status.php
index f9a1230..b777c52 100644
--- a/app/modules_app/batches/status.php
+++ b/app/modules_app/batches/status.php
@@ -27,14 +27,14 @@ $db = Database::getInstance();
 
 // 1. Get batch info
 $stmt = $db->prepare("
-    SELECT id, status, total_images, processed_images, failed_images, created_at, completed_at
+    SELECT id, tenant_id, status, total_images, processed_images, failed_images, created_at, completed_at
     FROM invoice_batches 
-    WHERE id = ? AND tenant_id = ?
+    WHERE id = ?
 ");
-$stmt->execute([$batchId, $tenantId]);
+$stmt->execute([$batchId]);
 $batch = $stmt->fetch();
 
-if (!$batch) {
+if (!$batch || ($decoded['role'] !== 'super_admin' && $batch['tenant_id'] !== $tenantId)) {
     json_error('الدفعة غير موجودة', 404);
 }