payfrit-biz/api/tabs/removeMember.cfm

<cfsetting showdebugoutput="false">
<cfsetting enablecfoutputonly="true">
<cfcontent type="application/json; charset=utf-8" reset="true">
<cfheader name="Cache-Control" value="no-store">

<cfscript>
/**
 * Remove Member from Tab
 * Tab owner removes a member. Can't remove yourself (use close/cancel instead).
 *
 * POST: { TabID: int, OwnerUserID: int, TargetUserID: int }
 */

try {
    requestData = deserializeJSON(toString(getHttpRequestData().content));
    tabID = val(requestData.TabID ?: 0);
    ownerUserID = val(requestData.OwnerUserID ?: 0);
    targetUserID = val(requestData.TargetUserID ?: 0);

    if (tabID == 0) apiAbort({ "OK": false, "ERROR": "missing_TabID" });
    if (ownerUserID == 0) apiAbort({ "OK": false, "ERROR": "missing_OwnerUserID" });
    if (targetUserID == 0) apiAbort({ "OK": false, "ERROR": "missing_TargetUserID" });

    qTab = queryTimed("SELECT OwnerUserID, StatusID FROM Tabs WHERE ID = :tabID LIMIT 1", {
        tabID: { value: tabID, cfsqltype: "cf_sql_integer" }
    });
    if (qTab.recordCount == 0) apiAbort({ "OK": false, "ERROR": "tab_not_found" });
    if (qTab.StatusID != 1) apiAbort({ "OK": false, "ERROR": "tab_not_open" });
    if (qTab.OwnerUserID != ownerUserID) apiAbort({ "OK": false, "ERROR": "not_owner" });
    if (targetUserID == ownerUserID) apiAbort({ "OK": false, "ERROR": "cannot_remove_self" });

    // Reject any pending orders from this member
    queryTimed("
        UPDATE TabOrders SET ApprovalStatus = 'rejected'
        WHERE TabID = :tabID AND UserID = :uid AND ApprovalStatus = 'pending'
    ", {
        tabID: { value: tabID, cfsqltype: "cf_sql_integer" },
        uid: { value: targetUserID, cfsqltype: "cf_sql_integer" }
    });

    queryTimed("
        UPDATE TabMembers SET StatusID = 2, LeftOn = NOW()
        WHERE TabID = :tabID AND UserID = :uid AND StatusID = 1
    ", {
        tabID: { value: tabID, cfsqltype: "cf_sql_integer" },
        uid: { value: targetUserID, cfsqltype: "cf_sql_integer" }
    });

    apiAbort({ "OK": true });

} catch (any e) {
    apiAbort({ "OK": false, "ERROR": "server_error", "MESSAGE": e.message });
}
</cfscript>