src/CompanyGroupBundle/Controller/OwnerDashboardController.php line 26

Open in your IDE?
  1. <?php
  3. namespace CompanyGroupBundle\Controller;
  5. use ApplicationBundle\Interfaces\SessionCheckInterface;
  6. use ApplicationBundle\Modules\Authentication\Constants\UserConstants;
  7. use Symfony\Component\HttpFoundation\JsonResponse;
  8. use Symfony\Component\HttpFoundation\Request;
  9. use Symfony\Component\HttpFoundation\Response;
  11. /**
  12.  * OwnerDashboardController
  13.  *
  14.  * Company Owner Dashboard — central-server view for a business owner managing
  15.  * multiple companies. All routes are under /my/.
  16.  *
  17.  * Auth guard: every action calls requireOwnerSession() which redirects to
  18.  * 'dashboard' (the ERP login) if the user is not logged in on the central server.
  19.  */
  20. class OwnerDashboardController extends CompanyGroupGenericController implements SessionCheckInterface
  21. {
  22.     // =========================================================================
  23.     // MAIN DASHBOARD
  24.     // =========================================================================
  26.     public function dashboardAction(Request $request)
  27.     {
  28.         if (!$this->requireOwnerSession($request)) {
  29.             return $this->redirectToRoute('dashboard');
  30.         }
  32.         $userId = (int)$this->loggedUserId($request);
  34.         /** @var \CompanyGroupBundle\Modules\Api\Service\OwnerDashboardService $svc */
  35.         $svc $this->get('app.owner_dashboard_service');
  37.         $companies     $svc->getOwnedCompanies($userId);
  38.         $appIds        array_column($companies'appId');
  39.         $subscriptions $svc->getSubscriptionsForCompanies(array_map('intval'$appIds));
  40.         $chartData     $svc->getRevenueChartData(array_map('intval'$appIds), 6);
  42.         // Load ERP snapshots from cache (stale is fine for initial page load —
  43.         // the page JS will trigger per-company refresh for the live KPI cards).
  44.         $snapshots $svc->fetchAllErpSnapshots($companiesfalse);
  46.         $aggregate $svc->aggregateFinancials($companies$snapshots);
  47.         $kpis      $svc->aggregateKpis($snapshots);
  48.         $alerts    $svc->buildAlerts($companies$snapshots$subscriptions);
  50.         // Enrich company rows with snapshot + subscription data for the view
  51.         $enriched = [];
  52.         foreach ($companies as $c) {
  53.             $appId = (int)($c['appId'] ?? 0);
  54.             $c['snapshot']     = $snapshots[$appId]     ?? [];
  55.             $c['subscription'] = $subscriptions[$appId] ?? null;
  56.             $enriched[]        = $c;
  57.         }
  59.         // Pre-compute the JS meta array so the Twig template does not need
  60.         // complex arrow-function expressions with nested filters.
  61.         $companiesJsMeta array_map(static function (array $c) {
  62.             return [
  63.                 'appId'       => (int)($c['appId'] ?? 0),
  64.                 'cacheStatus' => $c['snapshot']['_cache_status'] ?? 'pending',
  65.             ];
  66.         }, $enriched);
  68.         return $this->render('@CompanyGroup/pages/owner_dashboard/dashboard.html.twig', [
  69.             'page_title'         => 'My Companies',
  70.             'companies'          => $enriched,
  71.             'aggregate'          => $aggregate,
  72.             'kpis'               => $kpis,
  73.             'alerts'             => $alerts,
  74.             'subscriptions'      => $subscriptions,
  75.             'chart_data'         => $chartData,
  76.             'user_name'          => $request->getSession()->get(UserConstants::USER_NAME'Owner'),
  77.             'companies_js_meta'  => $companiesJsMeta,
  78.         ]);
  79.     }
  81.     // =========================================================================
  82.     // AJAX: LIVE KPI FETCH FOR ONE COMPANY
  83.     // =========================================================================
  85.     public function companyKpiFetchAction(Request $request$appId)
  86.     {
  87.         if (!$this->requireOwnerSession($request)) {
  88.             return new JsonResponse(['success' => false'message' => 'Not authenticated'], 401);
  89.         }
  91.         $userId = (int)$this->loggedUserId($request);
  92.         $appId  = (int)$appId;
  94.         /** @var \CompanyGroupBundle\Modules\Api\Service\OwnerDashboardService $svc */
  95.         $svc $this->get('app.owner_dashboard_service');
  97.         if (!$svc->userOwnsCompany($userId$appId)) {
  98.             return new JsonResponse(['success' => false'message' => 'Access denied'], 403);
  99.         }
  101.         $companies $svc->getOwnedCompanies($userId);
  102.         $company   null;
  103.         foreach ($companies as $c) {
  104.             if ((int)($c['appId'] ?? 0) === $appId) {
  105.                 $company $c;
  106.                 break;
  107.             }
  108.         }
  110.         if ($company === null) {
  111.             return new JsonResponse(['success' => false'message' => 'Company not found'], 404);
  112.         }
  114.         $forceRefresh = (bool)$request->query->get('refresh'false);
  115.         $snapshot $svc->fetchErpOwnerSnapshot($company$forceRefresh);
  117.         return new JsonResponse(['success' => true'data' => $snapshot]);
  118.     }
  120.     // =========================================================================
  121.     // SSO LAUNCH — redirect owner into company ERP
  122.     // =========================================================================
  124.     public function launchErpAction(Request $request$appId)
  125.     {
  126.         if (!$this->requireOwnerSession($request)) {
  127.             return $this->redirectToRoute('dashboard');
  128.         }
  130.         $userId = (int)$this->loggedUserId($request);
  131.         $appId  = (int)$appId;
  133.         /** @var \CompanyGroupBundle\Modules\Api\Service\OwnerDashboardService $svc */
  134.         $svc $this->get('app.owner_dashboard_service');
  136.         if (!$svc->userOwnsCompany($userId$appId)) {
  137.             $this->addFlash('error''You do not have access to that company.');
  138.             return $this->redirectToRoute('owner_dashboard');
  139.         }
  141.         $companies $svc->getOwnedCompanies($userId);
  142.         $company   null;
  143.         foreach ($companies as $c) {
  144.             if ((int)($c['appId'] ?? 0) === $appId) {
  145.                 $company $c;
  146.                 break;
  147.             }
  148.         }
  150.         if ($company === null) {
  151.             $this->addFlash('error''Company not found.');
  152.             return $this->redirectToRoute('owner_dashboard');
  153.         }
  155.         $erpUrl trim((string)($company['erpServerUrl'] ?? $company['erpServerAddress'] ?? ''));
  156.         if ($erpUrl === '') {
  157.             $this->addFlash('error''No ERP server address is configured for this company.');
  158.             return $this->redirectToRoute('owner_dashboard');
  159.         }
  161.         if (!preg_match('#^https?://#i'$erpUrl)) {
  162.             $erpUrl 'http://' $erpUrl;
  163.         }
  164.         $erpUrl rtrim($erpUrl'/');
  166.         $token $svc->generateSsoToken($company$userId);
  168.         // Redirect to the ERP's SSO entry point
  169.         $targetUrl $erpUrl '/central-sso?token=' urlencode($token)
  170.                    . '&uid=' $userId
  171.                    '&returnUrl=' urlencode($erpUrl '/dashboard');
  173.         return $this->redirect($targetUrl);
  174.     }
  176.     // =========================================================================
  177.     // SSO TOKEN VALIDATION API (called server-to-server by the ERP)
  178.     // No session requirement — this is a machine-to-machine call.
  179.     // =========================================================================
  181.     public function validateSsoTokenAction(Request $request)
  182.     {
  183.         $token = (string)$request->get('token''');
  185.         /** @var \CompanyGroupBundle\Modules\Api\Service\OwnerDashboardService $svc */
  186.         $svc $this->get('app.owner_dashboard_service');
  188.         $payload $svc->validateSsoToken($token);
  190.         if ($payload === null) {
  191.             return new JsonResponse(['success' => false'message' => 'Invalid or expired token'], 401);
  192.         }
  194.         // Look up the central user's email so the ERP can match a local account
  195.         $em    $this->getDoctrine()->getManager('company_group');
  196.         $email '';
  197.         $name  '';
  199.         try {
  200.             $user $em->getRepository('CompanyGroupBundle\Entity\EntityUser')
  201.                 ->find((int)($payload['central_user_id'] ?? 0));
  202.             if ($user) {
  203.                 $email = (string)$user->getEmail();
  204.                 $name  = (string)$user->getName();
  205.             }
  206.         } catch (\Exception $e) {
  207.             // Non-fatal
  208.         }
  210.         return new JsonResponse([
  211.             'success'          => true,
  212.             'central_user_id'  => $payload['central_user_id'],
  213.             'app_id'           => $payload['app_id'],
  214.             'email'            => $email,
  215.             'name'             => $name,
  216.             'expires_ts'       => $payload['expires_ts'],
  217.         ]);
  218.     }
  220.     // =========================================================================
  221.     // EXTEND SUBSCRIPTION
  222.     // =========================================================================
  224.     public function extendSubscriptionAction(Request $request$appId)
  225.     {
  226.         if (!$this->requireOwnerSession($request)) {
  227.             return $this->redirectToRoute('dashboard');
  228.         }
  230.         $userId = (int)$this->loggedUserId($request);
  231.         $appId  = (int)$appId;
  233.         /** @var \CompanyGroupBundle\Modules\Api\Service\OwnerDashboardService $svc */
  234.         $svc $this->get('app.owner_dashboard_service');
  236.         if (!$svc->userOwnsCompany($userId$appId)) {
  237.             $this->addFlash('error''Access denied.');
  238.             return $this->redirectToRoute('owner_dashboard');
  239.         }
  241.         $em           $this->getDoctrine()->getManager('company_group');
  242.         $companyGroup $em->getRepository('CompanyGroupBundle\Entity\CompanyGroup')
  243.             ->findOneBy(['appId' => $appId]);
  245.         if (!$companyGroup) {
  246.             $this->addFlash('error''Company not found.');
  247.             return $this->redirectToRoute('owner_dashboard');
  248.         }
  250.         $subscriptions $svc->getSubscriptionsForCompanies([$appId]);
  251.         $subscription  $subscriptions[$appId] ?? null;
  253.         if ($request->isMethod('POST')) {
  254.             $billingCycle $request->request->get('billing_cycle''monthly');
  255.             $planType     $request->request->get('plan_type''team');
  256.             $normalUsers  max(0, (int)$request->request->get('normal_user_count'0));
  257.             $adminUsers   max(0, (int)$request->request->get('admin_user_count'0));
  258.             $mlUsers      max(0, (int)$request->request->get('ml_user_count'0));
  260.             /** @var \CompanyGroupBundle\Modules\Api\Service\QuoteService $quoteSvc */
  261.             $quoteSvc $this->get('app.quote_service');
  263.             $quote $quoteSvc->createCustomerQuote([
  264.                 'app_id'              => $appId,
  265.                 'plan_type'           => $planType,
  266.                 'billing_cycle'       => $billingCycle,
  267.                 'payment_type'        => 'manual',
  268.                 'normal_user_count'   => $normalUsers,
  269.                 'admin_user_count'    => $adminUsers,
  270.                 'ml_user_count'       => $mlUsers,
  271.                 'customer_email'      => $companyGroup->getEmail() ?? '',
  272.                 'customer_name'       => $companyGroup->getName() ?? '',
  273.                 'company_name'        => $companyGroup->getName() ?? '',
  274.                 'customer_notes'      => 'Subscription extension requested from Owner Dashboard',
  275.             ]);
  277.             $this->addFlash('success''Extension request submitted. Our team will confirm shortly.');
  278.             return $this->redirectToRoute('quote_view_customer', ['token' => $quote->getQuoteToken()]);
  279.         }
  281.         /** @var \CompanyGroupBundle\Modules\Api\Service\PricingService $pricingSvc */
  282.         $pricingSvc $this->get('app.pricing_service');
  284.         $currentPlan  $subscription['package_type'] ?? $companyGroup->getPackageType() ?? 'team';
  285.         $normalUsers  = (int)($companyGroup->getUserAllowed() ?? 5);
  286.         $adminUsers   = (int)($companyGroup->getAdminUserAllowed() ?? 1);
  287.         $breakdown    $pricingSvc->getPriceBreakdown($normalUsers$adminUsers0'monthly'$currentPlan);
  289.         return $this->render('@CompanyGroup/pages/owner_dashboard/extend_subscription.html.twig', [
  290.             'page_title'    => 'Extend Subscription',
  291.             'company'       => $companyGroup,
  292.             'subscription'  => $subscription,
  293.             'breakdown'     => $breakdown,
  294.             'app_id'        => $appId,
  295.             'current_plan'  => $currentPlan,
  296.             'normal_users'  => $normalUsers,
  297.             'admin_users'   => $adminUsers,
  298.         ]);
  299.     }
  301.     // =========================================================================
  302.     // ADD USER SEATS
  303.     // =========================================================================
  305.     public function addUsersAction(Request $request$appId)
  306.     {
  307.         if (!$this->requireOwnerSession($request)) {
  308.             return $this->redirectToRoute('dashboard');
  309.         }
  311.         $userId = (int)$this->loggedUserId($request);
  312.         $appId  = (int)$appId;
  314.         /** @var \CompanyGroupBundle\Modules\Api\Service\OwnerDashboardService $svc */
  315.         $svc $this->get('app.owner_dashboard_service');
  317.         if (!$svc->userOwnsCompany($userId$appId)) {
  318.             $this->addFlash('error''Access denied.');
  319.             return $this->redirectToRoute('owner_dashboard');
  320.         }
  322.         $em           $this->getDoctrine()->getManager('company_group');
  323.         $companyGroup $em->getRepository('CompanyGroupBundle\Entity\CompanyGroup')
  324.             ->findOneBy(['appId' => $appId]);
  326.         if (!$companyGroup) {
  327.             $this->addFlash('error''Company not found.');
  328.             return $this->redirectToRoute('owner_dashboard');
  329.         }
  331.         $subscriptions $svc->getSubscriptionsForCompanies([$appId]);
  332.         $subscription  $subscriptions[$appId] ?? null;
  333.         $currentPlan   $subscription['package_type'] ?? $companyGroup->getPackageType() ?? 'team';
  335.         if ($request->isMethod('POST')) {
  336.             $addNormal max(0, (int)$request->request->get('add_normal_users'0));
  337.             $addAdmin  max(0, (int)$request->request->get('add_admin_users',  0));
  338.             $addMl     max(0, (int)$request->request->get('add_ml_users',     0));
  340.             if ($addNormal $addAdmin $addMl <= 0) {
  341.                 $this->addFlash('error''Please select at least one seat to add.');
  342.                 return $this->redirectToRoute('owner_add_users', ['appId' => $appId]);
  343.             }
  345.             $totalNormal = (int)($companyGroup->getUserAllowed() ?? 0) + $addNormal;
  346.             $totalAdmin  = (int)($companyGroup->getAdminUserAllowed() ?? 0) + $addAdmin;
  347.             $totalMl     $addMl;
  349.             /** @var \CompanyGroupBundle\Modules\Api\Service\QuoteService $quoteSvc */
  350.             $quoteSvc $this->get('app.quote_service');
  352.             $quote $quoteSvc->createCustomerQuote([
  353.                 'app_id'              => $appId,
  354.                 'plan_type'           => $currentPlan,
  355.                 'billing_cycle'       => $subscription['billing_cycle'] ?? 'monthly',
  356.                 'payment_type'        => 'manual',
  357.                 'normal_user_count'   => $totalNormal,
  358.                 'admin_user_count'    => $totalAdmin,
  359.                 'ml_user_count'       => $totalMl,
  360.                 'customer_email'      => $companyGroup->getEmail() ?? '',
  361.                 'customer_name'       => $companyGroup->getName() ?? '',
  362.                 'company_name'        => $companyGroup->getName() ?? '',
  363.                 'customer_notes'      => "Add-seats request from Owner Dashboard: +{$addNormal} normal, +{$addAdmin} admin, +{$addMl} ML",
  364.             ]);
  366.             $this->addFlash('success''Seat request submitted. Our team will confirm and provision shortly.');
  367.             return $this->redirectToRoute('quote_view_customer', ['token' => $quote->getQuoteToken()]);
  368.         }
  370.         /** @var \CompanyGroupBundle\Modules\Api\Service\PricingService $pricingSvc */
  371.         $pricingSvc $this->get('app.pricing_service');
  372.         $breakdown  $pricingSvc->getPriceBreakdown(
  373.             (int)($companyGroup->getUserAllowed() ?? 5),
  374.             (int)($companyGroup->getAdminUserAllowed() ?? 1),
  375.             0,
  376.             $subscription['billing_cycle'] ?? 'monthly',
  377.             $currentPlan
  378.         );
  380.         return $this->render('@CompanyGroup/pages/owner_dashboard/add_users.html.twig', [
  381.             'page_title'    => 'Add User Seats',
  382.             'company'       => $companyGroup,
  383.             'subscription'  => $subscription,
  384.             'breakdown'     => $breakdown,
  385.             'app_id'        => $appId,
  386.             'current_plan'  => $currentPlan,
  387.             'current_normal'=> (int)($companyGroup->getUserAllowed() ?? 0),
  388.             'current_admin' => (int)($companyGroup->getAdminUserAllowed() ?? 0),
  389.         ]);
  390.     }
  392.     // =========================================================================
  393.     // COMPANY SETTINGS
  394.     // =========================================================================
  396.     public function companySettingsAction(Request $request$appId)
  397.     {
  398.         if (!$this->requireOwnerSession($request)) {
  399.             return $this->redirectToRoute('dashboard');
  400.         }
  402.         $userId = (int)$this->loggedUserId($request);
  403.         $appId  = (int)$appId;
  405.         /** @var \CompanyGroupBundle\Modules\Api\Service\OwnerDashboardService $svc */
  406.         $svc $this->get('app.owner_dashboard_service');
  408.         if (!$svc->userOwnsCompany($userId$appId)) {
  409.             $this->addFlash('error''Access denied.');
  410.             return $this->redirectToRoute('owner_dashboard');
  411.         }
  413.         $em           $this->getDoctrine()->getManager('company_group');
  414.         $companyGroup $em->getRepository('CompanyGroupBundle\Entity\CompanyGroup')
  415.             ->findOneBy(['appId' => $appId]);
  417.         if (!$companyGroup) {
  418.             $this->addFlash('error''Company not found.');
  419.             return $this->redirectToRoute('owner_dashboard');
  420.         }
  422.         if ($request->isMethod('POST')) {
  423.             $name           trim((string)$request->request->get('name'''));
  424.             $email          trim((string)$request->request->get('email'''));
  425.             $contactNumber  trim((string)$request->request->get('contact_number'''));
  426.             $address        trim((string)$request->request->get('address'''));
  427.             $billingAddress trim((string)$request->request->get('billing_address'''));
  428.             $motto          trim((string)$request->request->get('motto'''));
  429.             $invoiceFooter  trim((string)$request->request->get('invoice_footer'''));
  431.             if ($name !== '') {
  432.                 $companyGroup->setName($name);
  433.             }
  434.             if ($email !== '') {
  435.                 $companyGroup->setEmail($email);
  436.             }
  437.             $companyGroup->setContactNumber($contactNumber !== '' $contactNumber null);
  438.             $companyGroup->setAddress($address !== '' $address null);
  439.             $companyGroup->setBillingAddress($billingAddress !== '' $billingAddress null);
  440.             $companyGroup->setMotto($motto !== '' $motto null);
  441.             $companyGroup->setInvoiceFooter($invoiceFooter !== '' $invoiceFooter null);
  443.             $em->flush();
  445.             $this->addFlash('success''Company settings saved successfully.');
  446.             return $this->redirectToRoute('owner_company_settings', ['appId' => $appId]);
  447.         }
  449.         return $this->render('@CompanyGroup/pages/owner_dashboard/company_settings.html.twig', [
  450.             'page_title'    => 'Company Settings — ' $companyGroup->getName(),
  451.             'company'       => $companyGroup,
  452.             'app_id'        => $appId,
  453.         ]);
  454.     }
  456.     // =========================================================================
  457.     // PRIVATE HELPERS
  458.     // =========================================================================
  460.     /**
  461.      * Returns true if a valid owner session exists. Does NOT redirect — the
  462.      * caller decides the redirect target.
  463.      */
  464.     private function requireOwnerSession(Request $request): bool
  465.     {
  466.         $userId = (int)$request->getSession()->get(UserConstants::USER_ID0);
  467.         return $userId 0;
  468.     }
  469. }