payfrit/payfrit-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
payfrit-api/api/tabs/approveOrder.php
John Mizerek 1f81d98c52 Initial PHP API migration from CFML 
Complete port of all 163 API endpoints from Lucee/CFML to PHP 8.3.
Shared helpers in api/helpers.php (DB, auth, request/response, security).
PDO prepared statements throughout. Same JSON response shapes as CFML.
2026-03-14 14:26:59 -07:00

64 lines
2.8 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/../helpers.php';
runAuth();
try {
$data = readJsonBody();
$tabID = (int) ($data['TabID'] ?? 0);
$orderID = (int) ($data['OrderID'] ?? 0);
$userID = (int) ($data['UserID'] ?? 0);
if ($tabID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_TabID']);
if ($orderID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_OrderID']);
if ($userID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_UserID']);
$qTab = queryOne("
SELECT ID, OwnerUserID, StatusID, AuthAmountCents, RunningTotalCents
FROM Tabs WHERE ID = ? LIMIT 1
", [$tabID]);
if (!$qTab) apiAbort(['OK' => false, 'ERROR' => 'tab_not_found']);
if ((int) $qTab['StatusID'] !== 1) apiAbort(['OK' => false, 'ERROR' => 'tab_not_open']);
if ((int) $qTab['OwnerUserID'] !== $userID) apiAbort(['OK' => false, 'ERROR' => 'not_owner']);
$qTabOrder = queryOne("
SELECT ID, SubtotalCents, TaxCents, ApprovalStatus
FROM TabOrders WHERE TabID = ? AND OrderID = ? LIMIT 1
", [$tabID, $orderID]);
if (!$qTabOrder) apiAbort(['OK' => false, 'ERROR' => 'order_not_on_tab']);
if ($qTabOrder['ApprovalStatus'] !== 'pending') apiAbort(['OK' => false, 'ERROR' => 'not_pending', 'MESSAGE' => "Order is {$qTabOrder['ApprovalStatus']}, not pending."]);
// Check authorization limit
$orderTotal = (int) $qTabOrder['SubtotalCents'] + (int) $qTabOrder['TaxCents'];
$newRunning = (int) $qTab['RunningTotalCents'] + $orderTotal;
if ($newRunning > (int) $qTab['AuthAmountCents']) {
apiAbort([
'OK' => false, 'ERROR' => 'exceeds_authorization',
'MESSAGE' => 'Approving this order would exceed your tab authorization. Increase your authorization first.',
'RUNNING_TOTAL_CENTS' => (int) $qTab['RunningTotalCents'],
'ORDER_CENTS' => $orderTotal,
'AUTH_AMOUNT_CENTS' => (int) $qTab['AuthAmountCents'],
]);
}
queryTimed("UPDATE TabOrders SET ApprovalStatus = 'approved', ApprovedByUserID = ?, ApprovedOn = NOW() WHERE TabID = ? AND OrderID = ?",
[$userID, $tabID, $orderID]);
queryTimed("UPDATE Tabs SET RunningTotalCents = ?, LastActivityOn = NOW() WHERE ID = ?", [$newRunning, $tabID]);
// Auto-submit order to kitchen
$qOrder = queryOne("SELECT StatusID FROM Orders WHERE ID = ? LIMIT 1", [$orderID]);
if ($qOrder && (int) $qOrder['StatusID'] === 0) {
queryTimed("UPDATE Orders SET StatusID = 1, SubmittedOn = NOW(), LastEditedOn = NOW() WHERE ID = ?", [$orderID]);
}
jsonResponse([
'OK' => true,
'RUNNING_TOTAL_CENTS' => $newRunning,
'AUTH_REMAINING_CENTS' => (int) $qTab['AuthAmountCents'] - $newRunning,
]);
} catch (Exception $e) {
jsonResponse(['OK' => false, 'ERROR' => 'server_error', 'MESSAGE' => $e->getMessage()]);
}
Reference in a new issue View git blame Copy permalink