/** * Get Businesses for User * Returns list of businesses the authenticated user has access to * * POST: { UserID: int } * Headers: X-User-Token (optional - will use session if not provided) */ response = { "OK": false }; try { // Get UserID from request or session userID = 0; // Check token auth first if (structKeyExists(request, "UserID") && isNumeric(request.UserID)) { userID = int(request.UserID); } // Also check request body if (userID == 0) { requestBody = toString(getHttpRequestData().content); if (len(requestBody)) { requestData = deserializeJSON(requestBody); if (structKeyExists(requestData, "UserID")) { userID = val(requestData.UserID); } } } if (userID == 0) { response["ERROR"] = "not_logged_in"; response["MESSAGE"] = "User not authenticated"; writeOutput(serializeJSON(response)); abort; } // Get businesses for this user (owner only) q = queryExecute(" SELECT b.ID, b.Name FROM Businesses b WHERE b.UserID = :userID ORDER BY b.Name ", { userID: userID }, { datasource: "payfrit" }); businesses = []; for (row in q) { arrayAppend(businesses, { "BusinessID": row.ID, "Name": row.Name }); } response["OK"] = true; response["BUSINESSES"] = businesses; response["COUNT"] = arrayLen(businesses); } catch (any e) { response["ERROR"] = "server_error"; response["MESSAGE"] = e.message; } writeOutput(serializeJSON(response));