payfrit/payfrit-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
payfrit-api/api/tabs/addMember.php
John Mizerek 1f81d98c52 Initial PHP API migration from CFML 
Complete port of all 163 API endpoints from Lucee/CFML to PHP 8.3.
Shared helpers in api/helpers.php (DB, auth, request/response, security).
PDO prepared statements throughout. Same JSON response shapes as CFML.
2026-03-14 14:26:59 -07:00

61 lines
2.5 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/../helpers.php';
runAuth();
try {
$data = readJsonBody();
$tabID = (int) ($data['TabID'] ?? 0);
$ownerUserID = (int) ($data['OwnerUserID'] ?? 0);
$targetUserID = (int) ($data['TargetUserID'] ?? 0);
if ($tabID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_TabID']);
if ($ownerUserID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_OwnerUserID']);
if ($targetUserID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_TargetUserID']);
$qTab = queryOne("
SELECT t.ID, t.OwnerUserID, t.StatusID, t.BusinessID, b.TabMaxMembers
FROM Tabs t JOIN Businesses b ON b.ID = t.BusinessID
WHERE t.ID = ? LIMIT 1
", [$tabID]);
if (!$qTab) apiAbort(['OK' => false, 'ERROR' => 'tab_not_found']);
if ((int) $qTab['StatusID'] !== 1) apiAbort(['OK' => false, 'ERROR' => 'tab_not_open']);
if ((int) $qTab['OwnerUserID'] !== $ownerUserID) apiAbort(['OK' => false, 'ERROR' => 'not_owner']);
// Check member limit
$qCount = queryOne("SELECT COUNT(*) AS Cnt FROM TabMembers WHERE TabID = ? AND StatusID = 1", [$tabID]);
if ((int) $qCount['Cnt'] >= (int) ($qTab['TabMaxMembers'] ?? 0)) {
apiAbort(['OK' => false, 'ERROR' => 'max_members', 'MESSAGE' => 'Tab has reached the maximum number of members.']);
}
// Check target not already on any tab
$qExisting = queryOne("
SELECT t.ID, b.Name AS BusinessName
FROM TabMembers tm JOIN Tabs t ON t.ID = tm.TabID JOIN Businesses b ON b.ID = t.BusinessID
WHERE tm.UserID = ? AND tm.StatusID = 1 AND t.StatusID = 1 LIMIT 1
", [$targetUserID]);
if ($qExisting) apiAbort(['OK' => false, 'ERROR' => 'user_already_on_tab', 'MESSAGE' => 'This user is already on a tab.']);
// Check target user exists
$qTarget = queryOne("SELECT FirstName, LastName FROM Users WHERE ID = ? LIMIT 1", [$targetUserID]);
if (!$qTarget) apiAbort(['OK' => false, 'ERROR' => 'user_not_found']);
queryTimed("
INSERT INTO TabMembers (TabID, UserID, RoleID, StatusID, JoinedOn)
VALUES (?, ?, 2, 1, NOW())
ON DUPLICATE KEY UPDATE StatusID = 1, LeftOn = NULL, JoinedOn = NOW()
", [$tabID, $targetUserID]);
jsonResponse([
'OK' => true,
'MEMBER' => [
'UserID' => $targetUserID,
'FirstName' => $qTarget['FirstName'],
'LastName' => $qTarget['LastName'],
'RoleID' => 2,
],
]);
} catch (Exception $e) {
jsonResponse(['OK' => false, 'ERROR' => 'server_error', 'MESSAGE' => $e->getMessage()]);
}
Reference in a new issue View git blame Copy permalink