40 lines
1011 B
PHP
40 lines
1011 B
PHP
<?php
|
|
/**
|
|
* Delete Company Endpoint (Soft Delete)
|
|
*/
|
|
|
|
use App\Core\Database;
|
|
use App\Middleware\AuthMiddleware;
|
|
|
|
$decoded = AuthMiddleware::check();
|
|
$db = Database::getInstance();
|
|
|
|
$companyId = input('id');
|
|
if (!$companyId) {
|
|
json_error('Company ID is required', 422);
|
|
}
|
|
|
|
// Authorization
|
|
if ($decoded['role'] !== 'super_admin' && $decoded['role'] !== 'admin') {
|
|
json_error('Unauthorized', 403);
|
|
}
|
|
|
|
// Fetch company to check tenant if admin
|
|
$stmt = $db->prepare("SELECT tenant_id FROM companies WHERE id = ?");
|
|
$stmt->execute([$companyId]);
|
|
$company = $stmt->fetch();
|
|
|
|
if (!$company) {
|
|
json_error('الشركة غير موجودة', 404);
|
|
}
|
|
|
|
if ($decoded['role'] === 'admin' && $company['tenant_id'] !== $decoded['tenant_id']) {
|
|
json_error('ليس لديك صلاحية لحذف هذه الشركة', 403);
|
|
}
|
|
|
|
// Soft Delete
|
|
$stmt = $db->prepare("UPDATE companies SET deleted_at = NOW() WHERE id = ?");
|
|
$stmt->execute([$companyId]);
|
|
|
|
json_success(null, 'تم حذف الشركة بنجاح');
|