prepare("SELECT c.*, t.name as tenant_name FROM companies c LEFT JOIN tenants t ON c.tenant_id = t.id WHERE c.deleted_at IS NULL ORDER BY c.created_at DESC"); $stmt->execute(); } // 2. Admin sees all companies in their tenant else if ($decoded['role'] === 'admin') { $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND deleted_at IS NULL"); $stmt->execute([$decoded['tenant_id']]); } // 3. Others (accountant, etc) see only their assigned company else { // Need to get their assigned company_id from users table first $stmtUser = $db->prepare("SELECT company_id FROM users WHERE id = ?"); $stmtUser->execute([$decoded['user_id']]); $assignedCompanyId = $stmtUser->fetchColumn(); $stmt = $db->prepare("SELECT * FROM companies WHERE id = ? AND deleted_at IS NULL"); $stmt->execute([$assignedCompanyId]); } $companies = $stmt->fetchAll(); // 3. Decrypt fields foreach ($companies as &$company) { // Decrypt Name $decryptedName = Encryption::decrypt($company['name']); $company['name'] = $decryptedName !== false ? $decryptedName : $company['name']; // Decrypt Name EN if (!empty($company['name_en'])) { $decryptedNameEn = Encryption::decrypt($company['name_en']); $company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en']; } // Redact JoFotara secrets if returned to UI (or just don't return them) unset($company['jofotara_client_id_encrypted']); unset($company['jofotara_secret_key_encrypted']); unset($company['certificate_password_encrypted']); // Decrypt Tenant Name (if exists) if (isset($company['tenant_name'])) { $decTenantName = Encryption::decrypt($company['tenant_name']); $company['tenant_name'] = $decTenantName !== false ? $decTenantName : $company['tenant_name']; } } json_success($companies);