prepare("SELECT c.*, t.name as tenant_name FROM companies c LEFT JOIN tenants t ON c.tenant_id = t.id WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC"); $stmt->execute(); $companies = $stmt->fetchAll(); } // 2. Tenant Users (Admin, Accountant, Employee) see all companies in their tenant else { $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL ORDER BY created_at DESC"); $stmt->execute([$decoded['tenant_id']]); $companies = $stmt->fetchAll(); } // 3. Decrypt fields foreach ($companies as &$company) { // Decrypt Name $decryptedName = Encryption::decrypt($company['name']); $company['name'] = $decryptedName !== false ? $decryptedName : $company['name']; // Decrypt Name EN if (!empty($company['name_en'])) { $decryptedNameEn = Encryption::decrypt($company['name_en']); $company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en']; } // Redact JoFotara secrets if returned to UI (or just don't return them) unset($company['jofotara_client_id_encrypted']); unset($company['jofotara_secret_key_encrypted']); unset($company['certificate_password_encrypted']); // Decrypt Tenant Name (if exists) if (isset($company['tenant_name'])) { $decTenantName = Encryption::decrypt($company['tenant_name']); $company['tenant_name'] = $decTenantName !== false ? $decTenantName : $company['tenant_name']; } } json_success($companies); } catch (\Exception $e) { json_error('SQL Error in Companies List: ' . $e->getMessage(), 500); }