1f81d98c52
Complete port of all 163 API endpoints from Lucee/CFML to PHP 8.3. Shared helpers in api/helpers.php (DB, auth, request/response, security). PDO prepared statements throughout. Same JSON response shapes as CFML.
30 lines
1.4 KiB
PHP
30 lines
1.4 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../helpers.php';
|
|
runAuth();
|
|
|
|
try {
|
|
$data = readJsonBody();
|
|
$tabID = (int) ($data['TabID'] ?? 0);
|
|
$orderID = (int) ($data['OrderID'] ?? 0);
|
|
$userID = (int) ($data['UserID'] ?? 0);
|
|
|
|
if ($tabID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_TabID']);
|
|
if ($orderID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_OrderID']);
|
|
if ($userID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_UserID']);
|
|
|
|
$qTab = queryOne("SELECT OwnerUserID, StatusID FROM Tabs WHERE ID = ? LIMIT 1", [$tabID]);
|
|
if (!$qTab) apiAbort(['OK' => false, 'ERROR' => 'tab_not_found']);
|
|
if ((int) $qTab['OwnerUserID'] !== $userID) apiAbort(['OK' => false, 'ERROR' => 'not_owner']);
|
|
|
|
$qTabOrder = queryOne("SELECT ApprovalStatus FROM TabOrders WHERE TabID = ? AND OrderID = ? LIMIT 1", [$tabID, $orderID]);
|
|
if (!$qTabOrder) apiAbort(['OK' => false, 'ERROR' => 'order_not_on_tab']);
|
|
if ($qTabOrder['ApprovalStatus'] !== 'pending') apiAbort(['OK' => false, 'ERROR' => 'not_pending']);
|
|
|
|
queryTimed("UPDATE TabOrders SET ApprovalStatus = 'rejected' WHERE TabID = ? AND OrderID = ?", [$tabID, $orderID]);
|
|
queryTimed("UPDATE Orders SET TabID = NULL WHERE ID = ?", [$orderID]);
|
|
|
|
jsonResponse(['OK' => true]);
|
|
|
|
} catch (Exception $e) {
|
|
jsonResponse(['OK' => false, 'ERROR' => 'server_error', 'MESSAGE' => $e->getMessage()]);
|
|
}
|