Make Telegram chat_id per-company, bot token stays global

Each company can now have its own Telegram channel/group for alerts.
- Bot token: global (superadmin only, shared across companies)
- Chat ID: per-company (stored in integrations table config)
- sendTelegramAlert reads chat_id from company integration
- Test message shows company name
- Non-superadmin users can't see/edit bot token

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

api.php

@@ -905,16 +905,26 @@ class ImapClient {
 // ==================== TICKETS HELPER ====================
 
 function sendTelegramAlert(string $companyId, array $ticket): void {
+    // Bot token on globaali, chat_id on yrityskohtainen
     $config = dbLoadConfig();
     $botToken = $config['telegram_bot_token'] ?? '';
-    $chatId = $config['telegram_chat_id'] ?? '';
-    if (!$botToken || !$chatId) return;
+    if (!$botToken) return;
+
+    // Hae yrityskohtainen chat_id integraation configista
+    $integ = dbGetIntegration($companyId, 'telegram');
+    if (!$integ || !$integ['enabled']) return;
+    $chatId = $integ['config']['chat_id'] ?? '';
+    if (!$chatId) return;
+
+    // Hae yrityksen nimi
+    $company = dbGetCompany($companyId);
+    $companyName = $company['nimi'] ?? $companyId;
 
     $text = "🚨 *URGENT TIKETTI*\n\n";
     $text .= "📋 *" . ($ticket['subject'] ?? '(Ei aihetta)') . "*\n";
     $text .= "👤 " . ($ticket['from_name'] ?? $ticket['from_email'] ?? 'Tuntematon') . "\n";
     $text .= "📧 " . ($ticket['from_email'] ?? '') . "\n";
-    $text .= "🏢 " . $companyId . "\n";
+    $text .= "🏢 " . $companyName . "\n";
     $text .= "🕐 " . date('d.m.Y H:i');
 
     $url = "https://api.telegram.org/bot{$botToken}/sendMessage";
@@ -1367,11 +1377,14 @@ switch ($action) {
         requireAuth();
         $companyId = requireCompany();
         $globalConf = dbLoadConfig();
+        // Telegram chat_id on yrityskohtainen
+        $teleInteg = dbGetIntegration($companyId, 'telegram');
+        $teleChatId = ($teleInteg && $teleInteg['config']) ? ($teleInteg['config']['chat_id'] ?? '') : '';
         echo json_encode([
             'api_key' => dbGetCompanyApiKey($companyId),
             'cors_origins' => dbGetCompanyCorsOrigins($companyId),
             'telegram_bot_token' => $globalConf['telegram_bot_token'] ?? '',
-            'telegram_chat_id' => $globalConf['telegram_chat_id'] ?? '',
+            'telegram_chat_id' => $teleChatId,
         ]);
         break;
 
@@ -1387,12 +1400,17 @@ switch ($action) {
             $origins = array_filter(array_map('trim', explode("\n", $input['cors_origins'])));
             dbSetCompanyCorsOrigins($companyId, array_values($origins));
         }
-        // Telegram-asetukset (globaalit, tallennetaan config-tauluun)
-        if (isset($input['telegram_bot_token'])) {
+        // Telegram Bot Token: globaali (vain superadmin voi muuttaa)
+        if (isset($input['telegram_bot_token']) && ($_SESSION['role'] ?? '') === 'superadmin') {
             dbSaveConfig(['telegram_bot_token' => trim($input['telegram_bot_token'])]);
         }
+        // Telegram Chat ID: yrityskohtainen (tallennetaan integrations-tauluun)
         if (isset($input['telegram_chat_id'])) {
-            dbSaveConfig(['telegram_chat_id' => trim($input['telegram_chat_id'])]);
+            $teleInteg = dbGetIntegration($companyId, 'telegram');
+            $teleConfig = ($teleInteg && $teleInteg['config']) ? $teleInteg['config'] : [];
+            $teleConfig['chat_id'] = trim($input['telegram_chat_id']);
+            $teleEnabled = $teleInteg ? $teleInteg['enabled'] : false;
+            dbSaveIntegration($companyId, 'telegram', $teleEnabled, $teleConfig);
         }
         dbAddLog($companyId, currentUser(), 'config_update', '', '', 'Päivitti asetuksia');
         echo json_encode([
@@ -1403,17 +1421,22 @@ switch ($action) {
 
     case 'telegram_test':
         requireAdmin();
+        $companyId = requireCompany();
         if ($method !== 'POST') break;
         $config = dbLoadConfig();
         $botToken = $config['telegram_bot_token'] ?? '';
-        $chatId = $config['telegram_chat_id'] ?? '';
+        // Chat ID yrityskohtainen
+        $teleInteg = dbGetIntegration($companyId, 'telegram');
+        $chatId = ($teleInteg && $teleInteg['config']) ? ($teleInteg['config']['chat_id'] ?? '') : '';
         if (!$botToken || !$chatId) {
             http_response_code(400);
-            echo json_encode(['error' => 'Telegram Bot Token ja Chat ID vaaditaan']);
+            echo json_encode(['error' => 'Telegram Bot Token (globaali) ja Chat ID (yrityskohtainen) vaaditaan']);
             break;
         }
+        $company = dbGetCompany($companyId);
+        $companyName = $company['nimi'] ?? $companyId;
         $url = "https://api.telegram.org/bot{$botToken}/sendMessage";
-        $data = ['chat_id' => $chatId, 'text' => '✅ Noxus HUB Telegram-hälytys toimii!', 'parse_mode' => 'Markdown'];
+        $data = ['chat_id' => $chatId, 'text' => "✅ Noxus HUB Telegram-hälytys toimii!\n🏢 $companyName", 'parse_mode' => 'Markdown'];
         $ch = curl_init($url);
         curl_setopt_array($ch, [CURLOPT_POST => true, CURLOPT_POSTFIELDS => json_encode($data), CURLOPT_HTTPHEADER => ['Content-Type: application/json'], CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5]);
         $resp = curl_exec($ch);