Deploy: 2026-05-23 02:42:32

backend/app/Controllers/AuthController.php

@@ -114,7 +114,8 @@ class AuthController extends BaseController
                 'id'         => $user['id'],
                 'company_id' => $user['company_id'],
                 'name'       => $user['name'],
-                'role'       => $user['role']
+                'role'       => $user['role'],
+                'is_super_admin' => (int)$user['company_id'] === 1
             ]
         ], 200);
     }

backend/app/Controllers/StaffController.php

@@ -60,6 +60,24 @@ class StaffController extends BaseController
             return;
         }
 
+        // Fetch subscription limits for agents
+        $activeSub = \App\Models\CompanySubscription::findActiveByCompany($companyId);
+        $maxAgents = 1;
+        if (isset($request->is_super_admin) && $request->is_super_admin) {
+            $maxAgents = 999;
+        } elseif ($activeSub) {
+            $maxAgents = (int)($activeSub['max_agents'] ?? 1);
+        }
+
+        $currentStaffCount = Database::selectOne("SELECT COUNT(*) as count FROM users WHERE company_id = ? AND role = 'staff'", [$companyId])['count'] ?? 0;
+        if ($currentStaffCount >= $maxAgents) {
+            $response->status(400)->json([
+                'status' => 'error',
+                'error' => "You have reached the maximum number of staff agents allowed by your plan ({$maxAgents})."
+            ]);
+            return;
+        }
+
         $body = $request->getBody();
         $email = strtolower(trim($body['email']));
 

backend/app/Controllers/WhatsAppController.php

@@ -102,9 +102,18 @@ class WhatsAppController extends BaseController
         $companyId = $request->company_id;
         $sessions = WhatsAppSession::findAllByCompany($companyId);
         
+        $activeSub = \App\Models\CompanySubscription::findActiveByCompany($companyId);
+        $maxSessions = 1;
+        if (isset($request->is_super_admin) && $request->is_super_admin) {
+            $maxSessions = 999;
+        } elseif ($activeSub) {
+            $maxSessions = (int)$activeSub['max_sessions'];
+        }
+        
         $response->json([
             'status' => 'success',
-            'data' => $sessions
+            'data' => $sessions,
+            'max_sessions' => $maxSessions
         ]);
     }
 
@@ -120,8 +129,8 @@ class WhatsAppController extends BaseController
         // Fetch subscription limits
         $activeSub = \App\Models\CompanySubscription::findActiveByCompany($companyId);
         $maxSessions = 1;
-        if ($companyId === 1) {
-            $maxSessions = 10;
+        if (isset($request->is_super_admin) && $request->is_super_admin) {
+            $maxSessions = 999; // Unlimited for Super Admin
         } elseif ($activeSub) {
             $maxSessions = (int)$activeSub['max_sessions'];
         }

backend/app/Middlewares/AuthMiddleware.php

@@ -38,5 +38,6 @@ class AuthMiddleware
         $request->user_id = $payload['user_id'];
         $request->company_id = $payload['company_id'];
         $request->role = $payload['role'];
+        $request->is_super_admin = (int)$payload['company_id'] === 1;
     }
 }