payfrit-api/api/assignments/save.php

<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

global $businessId;

if ($businessId <= 0) {
    apiAbort(['OK' => false, 'ERROR' => 'no_business_selected']);
}

$data = readJsonBody();

$beaconID = (int) ($data['BeaconID'] ?? 0);
$servicePointID = (int) ($data['ServicePointID'] ?? 0);

if ($beaconID <= 0) apiAbort(['OK' => false, 'ERROR' => 'missing_BeaconID']);
if ($servicePointID <= 0) apiAbort(['OK' => false, 'ERROR' => 'missing_ServicePointID']);

// Get business (check for parent)
$qBiz = queryOne("SELECT ID, ParentBusinessID FROM Businesses WHERE ID = ? LIMIT 1", [$businessId]);

// Validate beacon access
$sql = "
    SELECT b.ID FROM Beacons b
    WHERE b.ID = ? AND (b.BusinessID = ?
";
$params = [$beaconID, $businessId];

$parentBizId = (int) ($qBiz['ParentBusinessID'] ?? 0);
if ($parentBizId > 0) {
    $sql .= " OR b.BusinessID = ?";
    $params[] = $parentBizId;
}

$sql .= " OR EXISTS (SELECT 1 FROM lt_BeaconsID_BusinessesID lt WHERE lt.BeaconID = b.ID AND lt.BusinessID = ?))
    LIMIT 1";
$params[] = $businessId;

$qB = queryOne($sql, $params);
if (!$qB) {
    apiAbort(['OK' => false, 'ERROR' => 'beacon_not_allowed']);
}

// Validate service point
$qS = queryOne("SELECT ID FROM ServicePoints WHERE ID = ? AND BusinessID = ? LIMIT 1",
    [$servicePointID, $businessId]);
if (!$qS) {
    apiAbort(['OK' => false, 'ERROR' => 'servicepoint_not_found_for_business']);
}

// Check duplicate
$qDup = queryOne("SELECT ID FROM ServicePoints WHERE ID = ? AND BeaconID = ? LIMIT 1",
    [$servicePointID, $beaconID]);
if ($qDup) {
    apiAbort(['OK' => false, 'ERROR' => 'assignment_already_exists']);
}

queryTimed("UPDATE ServicePoints SET BeaconID = ?, AssignedByUserID = 1 WHERE ID = ? AND BusinessID = ?",
    [$beaconID, $servicePointID, $businessId]);

jsonResponse([
    'OK' => true,
    'ACTION' => 'assigned',
    'ServicePointID' => $servicePointID,
    'BeaconID' => $beaconID,
    'BusinessID' => (string) $businessId,
]);