44 lines
1.1 KiB
PHP
44 lines
1.1 KiB
PHP
<?php
|
|
/**
|
|
* Delete Company Endpoint (Soft Delete)
|
|
*/
|
|
|
|
use App\Core\Database;
|
|
use App\Core\AuditLogger;
|
|
use App\Middleware\AuthMiddleware;
|
|
use App\Middleware\RoleMiddleware;
|
|
use App\Middleware\CompanyAccessMiddleware;
|
|
|
|
$decoded = RoleMiddleware::require(['super_admin', 'admin']);
|
|
$db = Database::getInstance();
|
|
|
|
$companyId = input('id');
|
|
if (!$companyId) {
|
|
json_error('Company ID is required', 422);
|
|
}
|
|
|
|
// Authorization
|
|
if ($decoded['role'] !== 'super_admin' && $decoded['role'] !== 'admin') {
|
|
json_error('Unauthorized', 403);
|
|
}
|
|
|
|
// Fetch company to check tenant if admin
|
|
$stmt = $db->prepare("SELECT tenant_id FROM companies WHERE id = ?");
|
|
$stmt->execute([$companyId]);
|
|
$company = $stmt->fetch();
|
|
|
|
if (!$company) {
|
|
json_error('الشركة غير موجودة', 404);
|
|
}
|
|
|
|
// Verify tenant access (admin can only delete from their tenant)
|
|
CompanyAccessMiddleware::check($companyId, $decoded);
|
|
|
|
// Soft Delete
|
|
$stmt = $db->prepare("UPDATE companies SET deleted_at = NOW() WHERE id = ?");
|
|
$stmt->execute([$companyId]);
|
|
|
|
AuditLogger::log('company.deleted', 'company', $companyId, null, null, $decoded);
|
|
|
|
json_success(null, 'تم حذف الشركة بنجاح');
|