259 lines
10 KiB
PHP
259 lines
10 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
namespace App\Modules\Invoices;
|
|
|
|
use App\Core\{Request, Response, Database};
|
|
use App\Services\FileStorageService;
|
|
use Throwable;
|
|
|
|
final class InvoiceController
|
|
{
|
|
public function __construct(
|
|
private readonly InvoiceModel $invoiceModel,
|
|
private readonly FileStorageService $storage
|
|
) {}
|
|
|
|
public function index(Request $request): void
|
|
{
|
|
$tenantId = $request->tenantId;
|
|
$role = $request->user->role ?? 'viewer';
|
|
$assignedCompanyId = $request->user->assigned_company_id ?? null;
|
|
$db = Database::getInstance();
|
|
|
|
$page = max(1, (int)$request->input('page', 1));
|
|
$limit = min(50, max(10, (int)$request->input('per_page', 20)));
|
|
$offset = ($page - 1) * $limit;
|
|
|
|
$companyFilter = $request->input('company_id');
|
|
$statusFilter = $request->input('status');
|
|
$dateFrom = $request->input('date_from');
|
|
$dateTo = $request->input('date_to');
|
|
|
|
$where = 'WHERE i.tenant_id = ? AND i.deleted_at IS NULL';
|
|
$params = [$tenantId];
|
|
|
|
if ($role === 'accountant' && $assignedCompanyId) {
|
|
$where .= ' AND i.company_id = ?';
|
|
$params[] = $assignedCompanyId;
|
|
} elseif ($companyFilter) {
|
|
$where .= ' AND i.company_id = ?';
|
|
$params[] = $companyFilter;
|
|
}
|
|
if ($statusFilter) { $where .= ' AND i.status = ?'; $params[] = $statusFilter; }
|
|
if ($dateFrom) { $where .= ' AND i.invoice_date >= ?'; $params[] = $dateFrom; }
|
|
if ($dateTo) { $where .= ' AND i.invoice_date <= ?'; $params[] = $dateTo; }
|
|
|
|
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices i {$where}");
|
|
$stmt->execute($params);
|
|
$total = (int)$stmt->fetchColumn();
|
|
|
|
$stmt = $db->prepare("SELECT i.id, i.invoice_number, i.invoice_date, i.grand_total, i.tax_amount,
|
|
i.status, i.ai_confidence_score, i.created_at, c.name as company_name
|
|
FROM invoices i JOIN companies c ON i.company_id = c.id
|
|
{$where} ORDER BY i.created_at DESC LIMIT {$limit} OFFSET {$offset}");
|
|
$stmt->execute($params);
|
|
$invoices = $stmt->fetchAll();
|
|
|
|
Response::json([
|
|
'success' => true,
|
|
'data' => $invoices,
|
|
'meta' => ['total' => $total, 'page' => $page, 'per_page' => $limit, 'last_page' => ceil($total / $limit)]
|
|
]);
|
|
}
|
|
|
|
public function upload(Request $request): void
|
|
{
|
|
$db = Database::getInstance();
|
|
try {
|
|
$files = $request->getFiles();
|
|
if (empty($files['file'])) {
|
|
throw new \App\Core\Exceptions\HttpException('يرجى اختيار ملف للفاتورة', 'VALIDATION_ERROR', 422);
|
|
}
|
|
|
|
$file = $files['file'];
|
|
if ($file['size'] > 20 * 1024 * 1024) { // 20 MB limit
|
|
throw new \App\Core\Exceptions\HttpException('حجم الملف يتجاوز الحد المسموح به (20 ميجابايت)', 'VALIDATION_ERROR', 422);
|
|
}
|
|
|
|
$companyId = (string)$request->input('company_id');
|
|
if (empty($companyId)) {
|
|
throw new \App\Core\Exceptions\HttpException('يرجى اختيار الشركة', 'VALIDATION_ERROR', 422);
|
|
}
|
|
|
|
// Verify company belongs to tenant
|
|
$stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ?");
|
|
$stmt->execute([$companyId, $request->tenantId]);
|
|
if (!$stmt->fetchColumn()) {
|
|
throw new \App\Core\Exceptions\HttpException('الشركة غير موجودة أو لا تملك صلاحية الوصول', 'FORBIDDEN', 403);
|
|
}
|
|
|
|
$invoiceId = \Ramsey\Uuid\Uuid::uuid4()->toString();
|
|
|
|
// Store file
|
|
$path = $this->storage->store($file, $request->tenantId, $companyId);
|
|
|
|
// Transaction for consistency
|
|
$db->beginTransaction();
|
|
|
|
$this->invoiceModel->create([
|
|
'id' => $invoiceId,
|
|
'tenant_id' => $request->tenantId,
|
|
'company_id' => $companyId,
|
|
'original_file_path' => $path,
|
|
'status' => 'uploaded'
|
|
]);
|
|
|
|
\App\Services\QueueService::push(\queue\Jobs\ExtractInvoiceJob::class, ['invoice_id' => $invoiceId]);
|
|
|
|
$db->commit();
|
|
|
|
Response::json([
|
|
'success' => true,
|
|
'data' => ['invoice_id' => $invoiceId],
|
|
'message' => 'تم رفع الفاتورة بنجاح وجاري استخراج البيانات بالذكاء الاصطناعي'
|
|
], 202);
|
|
} catch (\App\Core\Exceptions\HttpException $e) {
|
|
throw $e; // Let global handler catch it
|
|
} catch (Throwable $e) {
|
|
if ($db->inTransaction()) {
|
|
$db->rollBack();
|
|
}
|
|
throw $e;
|
|
}
|
|
}
|
|
|
|
public function show(Request $request, string $id): void
|
|
{
|
|
$tenantId = $request->tenantId;
|
|
$db = Database::getInstance();
|
|
|
|
// Fetch invoice with company name (tenant-scoped)
|
|
$stmt = $db->prepare("SELECT i.*, c.name as company_name, c.tax_identification_number as company_tin
|
|
FROM invoices i
|
|
JOIN companies c ON i.company_id = c.id
|
|
WHERE i.id = ? AND i.tenant_id = ? AND i.deleted_at IS NULL");
|
|
$stmt->execute([$id, $tenantId]);
|
|
$invoice = $stmt->fetch();
|
|
|
|
if (!$invoice) {
|
|
Response::error('الفاتورة غير موجودة', 'NOT_FOUND', 404);
|
|
return;
|
|
}
|
|
|
|
// Fetch lines
|
|
$stmt = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ? ORDER BY line_number ASC");
|
|
$stmt->execute([$id]);
|
|
$invoice['lines'] = $stmt->fetchAll();
|
|
|
|
// Parse JSON fields
|
|
if ($invoice['validation_errors']) {
|
|
$invoice['validation_errors'] = json_decode($invoice['validation_errors'], true);
|
|
}
|
|
if ($invoice['jofotara_response']) {
|
|
$invoice['jofotara_response'] = json_decode($invoice['jofotara_response'], true);
|
|
}
|
|
|
|
Response::json(['success' => true, 'data' => $invoice]);
|
|
}
|
|
|
|
public function submit(Request $request, string $id): void
|
|
{
|
|
try {
|
|
$db = Database::getInstance();
|
|
$stmt = $db->prepare("SELECT status FROM invoices WHERE id = ? AND tenant_id = ?");
|
|
$stmt->execute([$id, $request->tenantId]);
|
|
$invoice = $stmt->fetch();
|
|
|
|
if (!$invoice) {
|
|
Response::error('الفاتورة غير موجودة', 'NOT_FOUND', 404);
|
|
return;
|
|
}
|
|
|
|
// Update status to submitting
|
|
$this->invoiceModel->update($id, ['status' => 'submitting']);
|
|
|
|
// Queue JoFotara submission
|
|
\App\Services\QueueService::push(\queue\Jobs\SubmitJoFotaraJob::class, ['invoice_id' => $id]);
|
|
|
|
Response::json(['success' => true, 'message' => 'جاري إرسال الفاتورة لنظام فوترة...']);
|
|
} catch (Throwable $e) {
|
|
Response::error($e->getMessage(), 'SUBMIT_ERROR', (int)($e->getCode() ?: 500));
|
|
}
|
|
}
|
|
|
|
public function serveFile(Request $request, string $id): void
|
|
{
|
|
$tenantId = $request->tenantId;
|
|
$db = Database::getInstance();
|
|
|
|
$stmt = $db->prepare("SELECT original_file_path FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
|
|
$stmt->execute([$id, $tenantId]);
|
|
$invoice = $stmt->fetch();
|
|
|
|
if (!$invoice || !$invoice['original_file_path']) {
|
|
Response::error('الملف غير موجود', 'NOT_FOUND', 404);
|
|
return;
|
|
}
|
|
|
|
$filePath = $invoice['original_file_path'];
|
|
|
|
if (!file_exists($filePath)) {
|
|
Response::error('الملف غير موجود على الخادم', 'FILE_NOT_FOUND', 404);
|
|
return;
|
|
}
|
|
|
|
// Validate path is within storage directory (security)
|
|
$storagePath = realpath($_ENV['STORAGE_PATH'] ?? '/home/intaleqapp-musadeq/storage');
|
|
$realPath = realpath($filePath);
|
|
if (!$realPath || !str_starts_with($realPath, $storagePath)) {
|
|
Response::error('وصول غير مصرح', 'FORBIDDEN', 403);
|
|
return;
|
|
}
|
|
|
|
$mimeType = mime_content_type($filePath);
|
|
$filename = basename($filePath);
|
|
|
|
header('Content-Type: ' . $mimeType);
|
|
header('Content-Length: ' . filesize($filePath));
|
|
header('Content-Disposition: inline; filename="' . $filename . '"');
|
|
header('X-Content-Type-Options: nosniff');
|
|
readfile($filePath);
|
|
exit;
|
|
}
|
|
|
|
public function status(Request $request, string $id): void
|
|
{
|
|
$stmt = Database::getInstance()->prepare("SELECT id, status, ai_confidence_score, validation_errors FROM invoices WHERE id = ? AND tenant_id = ?");
|
|
$stmt->execute([$id, $request->tenantId]);
|
|
$invoice = $stmt->fetch();
|
|
Response::json(['success' => true, 'data' => $invoice]);
|
|
}
|
|
|
|
public function update(Request $request, string $id): void
|
|
{
|
|
$db = Database::getInstance();
|
|
$stmt = $db->prepare("SELECT id FROM invoices WHERE id = ? AND tenant_id = ?");
|
|
$stmt->execute([$id, $request->tenantId]);
|
|
if (!$stmt->fetchColumn()) {
|
|
throw new \App\Core\Exceptions\HttpException('الفاتورة غير موجودة', 'NOT_FOUND', 404);
|
|
}
|
|
|
|
$data = $request->getBody();
|
|
$this->invoiceModel->update($id, $data);
|
|
Response::json(['success' => true, 'message' => 'تم تحديث الفاتورة بنجاح']);
|
|
}
|
|
|
|
public function destroy(Request $request, string $id): void
|
|
{
|
|
$db = Database::getInstance();
|
|
$stmt = $db->prepare("SELECT id FROM invoices WHERE id = ? AND tenant_id = ?");
|
|
$stmt->execute([$id, $request->tenantId]);
|
|
if (!$stmt->fetchColumn()) {
|
|
throw new \App\Core\Exceptions\HttpException('الفاتورة غير موجودة', 'NOT_FOUND', 404);
|
|
}
|
|
|
|
$this->invoiceModel->delete($id);
|
|
Response::json(['success' => true, 'message' => 'تم حذف الفاتورة بنجاح']);
|
|
}
|
|
}
|