/** * Reject Tab Order * Tab owner rejects a pending member order. * * POST: { TabID: int, OrderID: int, UserID: int (tab owner) } */ try { requestData = deserializeJSON(toString(getHttpRequestData().content)); tabID = val(requestData.TabID ?: 0); orderID = val(requestData.OrderID ?: 0); userID = val(requestData.UserID ?: 0); if (tabID == 0) apiAbort({ "OK": false, "ERROR": "missing_TabID" }); if (orderID == 0) apiAbort({ "OK": false, "ERROR": "missing_OrderID" }); if (userID == 0) apiAbort({ "OK": false, "ERROR": "missing_UserID" }); qTab = queryTimed("SELECT OwnerUserID, StatusID FROM Tabs WHERE ID = :tabID LIMIT 1", { tabID: { value: tabID, cfsqltype: "cf_sql_integer" } }); if (qTab.recordCount == 0) apiAbort({ "OK": false, "ERROR": "tab_not_found" }); if (qTab.OwnerUserID != userID) apiAbort({ "OK": false, "ERROR": "not_owner" }); qTabOrder = queryTimed("SELECT ApprovalStatus FROM TabOrders WHERE TabID = :tabID AND OrderID = :orderID LIMIT 1", { tabID: { value: tabID, cfsqltype: "cf_sql_integer" }, orderID: { value: orderID, cfsqltype: "cf_sql_integer" } }); if (qTabOrder.recordCount == 0) apiAbort({ "OK": false, "ERROR": "order_not_on_tab" }); if (qTabOrder.ApprovalStatus != "pending") apiAbort({ "OK": false, "ERROR": "not_pending" }); queryTimed(" UPDATE TabOrders SET ApprovalStatus = 'rejected' WHERE TabID = :tabID AND OrderID = :orderID ", { tabID: { value: tabID, cfsqltype: "cf_sql_integer" }, orderID: { value: orderID, cfsqltype: "cf_sql_integer" } }); // Also unlink the order from the tab queryTimed("UPDATE Orders SET TabID = NULL WHERE ID = :orderID", { orderID: { value: orderID, cfsqltype: "cf_sql_integer" } }); apiAbort({ "OK": true }); } catch (any e) { apiAbort({ "OK": false, "ERROR": "server_error", "MESSAGE": e.message }); }