152 lines
6.1 KiB
PHP
152 lines
6.1 KiB
PHP
<?php
|
|
/**
|
|
* Invoice Upload Endpoint (Multi-Tenant & Role-Aware)
|
|
*/
|
|
|
|
use App\Core\Database;
|
|
use App\Middleware\AuthMiddleware;
|
|
|
|
// 1. Auth Check
|
|
$decoded = AuthMiddleware::check();
|
|
$db = Database::getInstance();
|
|
|
|
$allowedRoles = ['admin', 'accountant', 'employee'];
|
|
if (!in_array($decoded['role'], $allowedRoles)) {
|
|
json_error('Unauthorized to upload invoices', 403);
|
|
}
|
|
// 2. Validate Request
|
|
$data = input();
|
|
$companyId = $data['company_id'] ?? null;
|
|
|
|
if (!$companyId || !isset($_FILES['invoice'])) {
|
|
json_error('Company ID and invoice file are required', 422);
|
|
}
|
|
|
|
// 3. Permission Check
|
|
$tenantId = $decoded['tenant_id'];
|
|
$userId = $decoded['user_id'];
|
|
|
|
// Everyone (except Super Admin) must belong to the same tenant as the company
|
|
$stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
|
|
$stmt->execute([$companyId, $tenantId]);
|
|
|
|
if (!$stmt->fetch()) {
|
|
json_error('Access denied to this company or invalid company ID', 403);
|
|
}
|
|
|
|
// 4. Handle File Upload (Step-by-step for permission safety)
|
|
$tenantDir = STORAGE_PATH . '/invoices/' . $tenantId;
|
|
$companyDir = $tenantDir . '/' . $companyId;
|
|
$dateFolder = date('Y-m-d');
|
|
$uploadDir = $companyDir . '/' . $dateFolder . '/';
|
|
|
|
foreach ([$tenantDir, $companyDir, $uploadDir] as $dir) {
|
|
if (!is_dir($dir)) {
|
|
if (!mkdir($dir, 0777, true)) {
|
|
error_log("UPLOAD ERROR: Failed to create directory: " . $dir);
|
|
json_error('فشل في إنشاء مجلد التخزين: ' . $dir, 500);
|
|
}
|
|
chmod($dir, 0777); // Force permissions
|
|
}
|
|
}
|
|
|
|
$extension = pathinfo($_FILES['invoice']['name'], PATHINFO_EXTENSION);
|
|
$fileName = bin2hex(random_bytes(8)) . '_' . time() . '.' . $extension;
|
|
$targetFile = $uploadDir . $fileName;
|
|
|
|
if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
|
|
// 5. Run AI Extraction
|
|
$mimeType = $_FILES['invoice']['type'];
|
|
$fileContent = file_get_contents($targetFile);
|
|
if (!$fileContent) {
|
|
error_log("UPLOAD ERROR: Failed to read file content: " . $targetFile);
|
|
json_error('فشل في قراءة الملف المرفوع', 500);
|
|
}
|
|
$base64Data = base64_encode($fileContent);
|
|
|
|
$extracted = \App\Core\AI::extractInvoiceData($base64Data, $mimeType);
|
|
|
|
if (!$extracted) {
|
|
// Still save basic record if AI fails
|
|
$stmt = $db->prepare("INSERT INTO invoices (tenant_id, company_id, uploaded_by, original_file_path, status, created_at) VALUES (?, ?, ?, ?, 'uploaded', NOW())");
|
|
$stmt->execute([$tenantId, $companyId, $userId, $targetFile]);
|
|
json_success(['id' => $db->lastInsertId()], 'تم رفع الفاتورة ولكن فشل استخراج البيانات تلقائياً');
|
|
}
|
|
|
|
// 6. Save Extracted Data with Encryption
|
|
try {
|
|
$db->beginTransaction();
|
|
|
|
$stmt = $db->prepare("
|
|
INSERT INTO invoices (
|
|
tenant_id, company_id, uploaded_by, original_file_path, status,
|
|
invoice_number, invoice_date, invoice_type, invoice_category,
|
|
supplier_tin, supplier_name, supplier_address,
|
|
buyer_tin, buyer_name, buyer_national_id,
|
|
subtotal, tax_amount, discount_total, grand_total, currency_code,
|
|
created_at
|
|
) VALUES (?, ?, ?, ?, 'extracted', ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())
|
|
");
|
|
|
|
$stmt->execute([
|
|
$tenantId, $companyId, $userId, $targetFile,
|
|
$extracted['invoice_number'] ?? null,
|
|
$extracted['invoice_date'] ?? null,
|
|
$extracted['invoice_type'] ?? 'cash',
|
|
$extracted['invoice_category'] ?? 'simplified',
|
|
// Encrypt sensitive details
|
|
\App\Core\Encryption::encrypt($extracted['supplier_tin'] ?? ''),
|
|
\App\Core\Encryption::encrypt($extracted['supplier_name'] ?? ''),
|
|
\App\Core\Encryption::encrypt($extracted['supplier_address'] ?? ''),
|
|
\App\Core\Encryption::encrypt($extracted['buyer_tin'] ?? ''),
|
|
\App\Core\Encryption::encrypt($extracted['buyer_name'] ?? ''),
|
|
\App\Core\Encryption::encrypt($extracted['buyer_national_id'] ?? ''),
|
|
$extracted['subtotal'] ?? 0,
|
|
$extracted['tax_amount'] ?? 0,
|
|
$extracted['discount_total'] ?? 0,
|
|
$extracted['grand_total'] ?? 0,
|
|
$extracted['currency'] ?? 'JOD'
|
|
]);
|
|
|
|
$invoiceId = $db->lastInsertId();
|
|
|
|
// Save Line Items
|
|
if (!empty($extracted['items'])) {
|
|
$lineStmt = $db->prepare("
|
|
INSERT INTO invoice_lines (invoice_id, line_number, description, quantity, unit_price, tax_rate, line_total)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?)
|
|
");
|
|
$lineNo = 1;
|
|
foreach ($extracted['items'] as $item) {
|
|
// Calculate tax rate if not provided (fallback to 0.16 for Jordan)
|
|
$taxRate = 0.16;
|
|
if (!empty($item['unit_price']) && !empty($item['tax_amount'])) {
|
|
$taxRate = round($item['tax_amount'] / ($item['unit_price'] * ($item['quantity'] ?: 1)), 4);
|
|
}
|
|
|
|
$lineStmt->execute([
|
|
$invoiceId,
|
|
$lineNo++,
|
|
$item['description'] ?? 'N/A',
|
|
$item['quantity'] ?? 1,
|
|
$item['unit_price'] ?? 0,
|
|
$taxRate,
|
|
$item['total'] ?? 0
|
|
]);
|
|
}
|
|
}
|
|
|
|
$db->commit();
|
|
json_success(['id' => $invoiceId], 'تم رفع الفاتورة واستخراج البيانات بنجاح');
|
|
|
|
} catch (\Exception $e) {
|
|
$db->rollBack();
|
|
error_log("DB Error during invoice save: " . $e->getMessage());
|
|
json_error('حدث خطأ أثناء حفظ بيانات الفاتورة', 500);
|
|
}
|
|
} else {
|
|
$uploadError = $_FILES['invoice']['error'] ?? 'Unknown';
|
|
error_log("UPLOAD ERROR: move_uploaded_file failed. Error Code: $uploadError. Target: $targetFile. Tmp: " . ($_FILES['invoice']['tmp_name'] ?? 'N/A'));
|
|
json_error('Failed to save uploaded file. PHP Error Code: ' . $uploadError, 500);
|
|
}
|