1f81d98c52
Complete port of all 163 API endpoints from Lucee/CFML to PHP 8.3. Shared helpers in api/helpers.php (DB, auth, request/response, security). PDO prepared statements throughout. Same JSON response shapes as CFML.
62 lines
1.6 KiB
PHP
62 lines
1.6 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../helpers.php';
|
|
runAuth();
|
|
|
|
require_once __DIR__ . '/_grantUtils.php';
|
|
|
|
global $userId;
|
|
|
|
$data = readJsonBody();
|
|
$grantID = (int) ($data['GrantID'] ?? 0);
|
|
|
|
if ($grantID <= 0) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'missing_grantid', 'MESSAGE' => 'GrantID is required.']);
|
|
}
|
|
|
|
if ($userId <= 0) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'not_authenticated']);
|
|
}
|
|
|
|
$qGrant = queryOne(
|
|
"SELECT g.ID, g.OwnerBusinessID, g.GuestBusinessID, g.StatusID, b.UserID AS OwnerUserID
|
|
FROM ServicePointGrants g
|
|
JOIN Businesses b ON b.ID = g.OwnerBusinessID
|
|
WHERE g.ID = ?
|
|
LIMIT 1",
|
|
[$grantID]
|
|
);
|
|
|
|
if (!$qGrant) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'not_found', 'MESSAGE' => 'Grant not found.']);
|
|
}
|
|
|
|
if ((int) $qGrant['OwnerUserID'] !== $userId) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'not_owner', 'MESSAGE' => 'Only the owner business can revoke a grant.']);
|
|
}
|
|
|
|
$statusID = (int) $qGrant['StatusID'];
|
|
|
|
if ($statusID === 3) {
|
|
apiAbort(['OK' => true, 'MESSAGE' => 'Grant is already revoked.', 'GrantID' => $grantID]);
|
|
}
|
|
|
|
if ($statusID !== 0 && $statusID !== 1) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'bad_state', 'MESSAGE' => 'Only pending or active grants can be revoked.']);
|
|
}
|
|
|
|
queryTimed("UPDATE ServicePointGrants SET StatusID = 3, RevokedOn = NOW() WHERE ID = ?", [$grantID]);
|
|
|
|
recordGrantHistory(
|
|
$grantID,
|
|
'revoked',
|
|
$userId,
|
|
(int) $qGrant['OwnerBusinessID'],
|
|
['StatusID' => $statusID],
|
|
['StatusID' => 3]
|
|
);
|
|
|
|
jsonResponse([
|
|
'OK' => true,
|
|
'GrantID' => $grantID,
|
|
'MESSAGE' => 'Grant revoked. All access stopped immediately.',
|
|
]);
|