Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-07 01:18:53

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-07 01:18:53 +03:00
parent 8a935dc362
commit f206591c01
3 changed files with 29 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/modules_app/batches/upload_image.php
View File

@@ -28,20 +28,23 @@ if (!$batchId || !isset($_FILES['image']) || $_FILES['image']['error'] !== UPLOA
json_error("معرّف الدفعة وصورة الفاتورة مطلوبان (كود: {$uploadError})", 422);
}
// 2. Verify batch belongs to this tenant and is still uploading
// 2. Verify batch belongs to this user and tenant
$db = Database::getInstance();
$stmt = $db->prepare("
SELECT id, company_id, status, total_images
SELECT id, tenant_id, company_id, status, total_images
FROM invoice_batches
WHERE id = ? AND tenant_id = ? AND uploaded_by = ?
WHERE id = ? AND uploaded_by = ?
");
$stmt->execute([$batchId, $tenantId, $userId]);
$stmt->execute([$batchId, $userId]);
$batch = $stmt->fetch();
if (!$batch) {
if (!$batch || ($decoded['role'] !== 'super_admin' && $batch['tenant_id'] !== $tenantId)) {
json_error('الدفعة غير موجودة أو ليس لديك صلاحية', 404);
}
// Override tenantId with the actual batch's tenantId
$tenantId = $batch['tenant_id'];
if ($batch['status'] !== 'uploading') {
json_error('لا يمكن إضافة صور لدفعة تمت معالجتها', 400);
}