47 lines
1.4 KiB
PHP
47 lines
1.4 KiB
PHP
<?php
|
|
/**
|
|
* List Companies Endpoint (Synchronized Schema)
|
|
*/
|
|
|
|
use App\Core\Database;
|
|
use App\Core\Encryption;
|
|
use App\Middleware\AuthMiddleware;
|
|
|
|
$decoded = AuthMiddleware::check();
|
|
$db = Database::getInstance();
|
|
|
|
// 1. Super Admin sees ALL companies
|
|
if ($decoded['role'] === 'super_admin') {
|
|
$stmt = $db->query("SELECT * FROM companies WHERE deleted_at IS NULL");
|
|
} else {
|
|
// 2. Others see only linked companies
|
|
$stmt = $db->prepare("
|
|
SELECT c.* FROM companies c
|
|
JOIN user_companies uc ON c.id = uc.company_id
|
|
WHERE uc.user_id = ? AND c.deleted_at IS NULL
|
|
");
|
|
$stmt->execute([$decoded['user_id']]);
|
|
}
|
|
|
|
$companies = $stmt->fetchAll();
|
|
|
|
// 3. Decrypt fields
|
|
foreach ($companies as &$company) {
|
|
// Decrypt Name
|
|
$decryptedName = Encryption::decrypt($company['name']);
|
|
$company['name'] = $decryptedName !== false ? $decryptedName : $company['name'];
|
|
|
|
// Decrypt Name EN
|
|
if (!empty($company['name_en'])) {
|
|
$decryptedNameEn = Encryption::decrypt($company['name_en']);
|
|
$company['name_en'] = $decryptedNameEn !== false ? $decryptedNameEn : $company['name_en'];
|
|
}
|
|
|
|
// Redact JoFotara secrets if returned to UI (or just don't return them)
|
|
unset($company['jofotara_client_id_encrypted']);
|
|
unset($company['jofotara_secret_key_encrypted']);
|
|
unset($company['certificate_password_encrypted']);
|
|
}
|
|
|
|
json_success($companies);
|