payfrit/payfrit-biz
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow child businesses to use parent service points without grant

Browse source 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
John Mizerek 2026-02-07 11:58:44 -08:00
parent 87ff082279
commit e40e87efe0
1 changed files with 35 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
api/orders/getOrCreateCart.cfm
View file

@ -263,33 +263,44 @@
{ datasource = "payfrit" }
)>
<cfif qSPOwner.recordCount GT 0 AND qSPOwner.BusinessID NEQ BusinessID>
<!--- SP belongs to another business - check for active grant --->
<cfset qGrant = queryTimed(
"SELECT ID, OwnerBusinessID, EconomicsType, EconomicsValue, EligibilityScope, TimePolicyType, TimePolicyData
FROM ServicePointGrants
WHERE GuestBusinessID = ? AND ServicePointID = ? AND StatusID = 1
LIMIT 1",
[
{ value = BusinessID, cfsqltype = "cf_sql_integer" },
{ value = ServicePointID, cfsqltype = "cf_sql_integer" }
],
<!--- SP belongs to another business - check if ordering business is a child of SP owner --->
<cfset qParent = queryTimed(
"SELECT ParentBusinessID FROM Businesses WHERE ID = ? LIMIT 1",
[ { value = BusinessID, cfsqltype = "cf_sql_integer" } ],
{ datasource = "payfrit" }
)>
<cfif qGrant.recordCount EQ 0>
<cfset apiAbort({ "OK": false, "ERROR": "sp_not_accessible", "MESSAGE": "Service point is not accessible to your business.", "DETAIL": "" })>
<cfset isChildOfSPOwner = qParent.recordCount GT 0 AND val(qParent.ParentBusinessID) EQ qSPOwner.BusinessID>
<cfif NOT isChildOfSPOwner>
<!--- Not a child business - check for active grant --->
<cfset qGrant = queryTimed(
"SELECT ID, OwnerBusinessID, EconomicsType, EconomicsValue, EligibilityScope, TimePolicyType, TimePolicyData
FROM ServicePointGrants
WHERE GuestBusinessID = ? AND ServicePointID = ? AND StatusID = 1
LIMIT 1",
[
{ value = BusinessID, cfsqltype = "cf_sql_integer" },
{ value = ServicePointID, cfsqltype = "cf_sql_integer" }
],
{ datasource = "payfrit" }
)>
<cfif qGrant.recordCount EQ 0>
<cfset apiAbort({ "OK": false, "ERROR": "sp_not_accessible", "MESSAGE": "Service point is not accessible to your business.", "DETAIL": "" })>
</cfif>
<!--- Validate time policy --->
<cfif NOT isGrantTimeActive(qGrant.TimePolicyType, qGrant.TimePolicyData)>
<cfset apiAbort({ "OK": false, "ERROR": "grant_time_inactive", "MESSAGE": "Service point access is not available at this time.", "DETAIL": "" })>
</cfif>
<!--- Validate eligibility --->
<cfif NOT checkGrantEligibility(qGrant.EligibilityScope, UserID, qGrant.OwnerBusinessID, BusinessID)>
<cfset apiAbort({ "OK": false, "ERROR": "grant_eligibility_failed", "MESSAGE": "You are not eligible to order at this service point.", "DETAIL": "" })>
</cfif>
<cfset grantID = qGrant.ID>
<cfset grantOwnerBusinessID = qGrant.OwnerBusinessID>
<cfset grantEconomicsType = qGrant.EconomicsType>
<cfset grantEconomicsValue = qGrant.EconomicsValue>
</cfif>
<!--- Validate time policy --->
<cfif NOT isGrantTimeActive(qGrant.TimePolicyType, qGrant.TimePolicyData)>
<cfset apiAbort({ "OK": false, "ERROR": "grant_time_inactive", "MESSAGE": "Service point access is not available at this time.", "DETAIL": "" })>
</cfif>
<!--- Validate eligibility --->
<cfif NOT checkGrantEligibility(qGrant.EligibilityScope, UserID, qGrant.OwnerBusinessID, BusinessID)>
<cfset apiAbort({ "OK": false, "ERROR": "grant_eligibility_failed", "MESSAGE": "You are not eligible to order at this service point.", "DETAIL": "" })>
</cfif>
<cfset grantID = qGrant.ID>
<cfset grantOwnerBusinessID = qGrant.OwnerBusinessID>
<cfset grantEconomicsType = qGrant.EconomicsType>
<cfset grantEconomicsValue = qGrant.EconomicsValue>
<!--- If isChildOfSPOwner is true, no grant needed - child can use parent's service points --->
</cfif>
</cfif>