fix the company_id in th frontend

controllers/B3CprRegisterController.php

@@ -54,6 +54,17 @@ class B3CprRegisterController
 
     public function __invoke(ServerRequestInterface $request)
     {
+        $timezone = $_ENV['APP_TIMEZONE'] ?? 'America/Sao_Paulo';
+        $now = new \DateTimeImmutable('now', new \DateTimeZone($timezone));
+        $hour = (int)$now->format('H');
+        if ($hour >= 20 || $hour < 8) {
+            return ResponseLib::sendFail(
+                'B3 se encontra offline no momento. Tente novamente entre 08:00 e 20:00.',
+                ['current_time' => $now->format('Y-m-d H:i:s'), 'timezone' => $timezone],
+                'E_B3_OFFLINE'
+            )->withStatus(503);
+        }
+
         $body = json_decode((string)$request->getBody(), true);
         if (!is_array($body)) {
             return ResponseLib::sendFail('Invalid JSON body', [], 'E_VALIDATE')->withStatus(400);

controllers/CprQueryController.php

@@ -28,19 +28,6 @@ class CprQueryController
             return ResponseLib::sendFail('Authenticated company not found', [], 'E_VALIDATE')->withStatus(401);
         }
 
-        $bodyCompanyId = (int)($body['company_id'] ?? $authCompanyId);
-        if ($bodyCompanyId <= 0) {
-            return ResponseLib::sendFail('company_id is required', [], 'E_VALIDATE')->withStatus(400);
-        }
-
-        if ($authCompanyId !== 1 && $authCompanyId !== $bodyCompanyId) {
-            return ResponseLib::sendFail(
-                'Unauthorized company access',
-                [],
-                'E_AUTH'
-            )->withStatus(403);
-        }
-
         $hasGlobalAccess = $authCompanyId === 1;
         $cprId = isset($body['cpr_id']) ? (int)$body['cpr_id'] : null;
 

controllers/UserDeleteController.php

@@ -22,14 +22,16 @@ class UserDeleteController
         $body = json_decode((string)$request->getBody(), true) ?? [];
 
         try {
-            val::key('company_id', val::intType()->positive())
-                ->key('user_id', val::intType()->positive())
+            val::key('user_id', val::intType()->positive())
                 ->assert($body);
         } catch (ValidationException $e) {
             return ResponseLib::sendFail("Validation failed: " . $e->getFullMessage(), [], "E_VALIDATE")->withStatus(400);
         }
 
-        $companyId = (int) $body['company_id'];
+        $companyId = (int)($request->getAttribute('api_company_id') ?? 0);
+        if ($companyId <= 0) {
+            return ResponseLib::sendFail('Authenticated company not found', [], 'E_VALIDATE')->withStatus(401);
+        }
         $userId = (int) $body['user_id'];
 
         $deleted = $this->model->deleteUserById($userId, $companyId);

controllers/UserGetController.php

@@ -21,14 +21,10 @@ class UserGetController
     {
         $body = json_decode((string)$request->getBody(), true) ?? [];
 
-        try {
-            val::key('company_id', val::intType()->positive())
-                ->assert($body);
-        } catch (ValidationException $e) {
-            return ResponseLib::sendFail("Validation failed: " . $e->getFullMessage(), [], "E_VALIDATE")->withStatus(400);
+        $companyId = (int)($request->getAttribute('api_company_id') ?? 0);
+        if ($companyId <= 0) {
+            return ResponseLib::sendFail('Authenticated company not found', [], 'E_VALIDATE')->withStatus(401);
         }
-
-        $companyId = (int) $body['company_id'];
         $users = $this->model->getUsersByCompany($companyId);
 
         return $users