/** * Get Businesses for User * Returns list of businesses the authenticated user has access to * * POST: { UserID: int } * Headers: X-User-Token (optional - will use session if not provided) */ response = { "OK": false }; try { // Get UserID from request or session userID = 0; // Check token auth first if (structKeyExists(request, "UserID") && isNumeric(request.UserID)) { userID = int(request.UserID); } // Also check request body if (userID == 0) { requestBody = toString(getHttpRequestData().content); if (len(requestBody)) { requestData = deserializeJSON(requestBody); if (structKeyExists(requestData, "UserID")) { userID = val(requestData.UserID); } } } if (userID == 0) { response["ERROR"] = "not_logged_in"; response["MESSAGE"] = "User not authenticated"; writeOutput(serializeJSON(response)); abort; } // Get businesses for this user // Users are linked to businesses via BusinessUserID field (owner) q = queryExecute(" SELECT b.BusinessID, b.BusinessName FROM Businesses b WHERE b.BusinessUserID = :userID ORDER BY b.BusinessName ", { userID: userID }, { datasource: "payfrit" }); businesses = []; for (row in q) { arrayAppend(businesses, { "BusinessID": row.BusinessID, "BusinessName": row.BusinessName }); } response["OK"] = true; response["BUSINESSES"] = businesses; response["COUNT"] = arrayLen(businesses); } catch (any e) { response["ERROR"] = "server_error"; response["MESSAGE"] = e.message; } writeOutput(serializeJSON(response));