This repository has been archived on 2023-08-16. You can view files and clone it, but cannot push or open issues or pull requests.
Foodloop-Server/lib/Pear/LocalLoop/Controller/Api/Admin.pm

235 lines
8.8 KiB
Perl
Raw Normal View History

package Pear::LocalLoop::Controller::Api::Admin;
2017-02-24 19:27:43 +00:00
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
sub auth {
my $c = shift;
if ( defined $c->stash->{ api_user }->administrator ) {
return 1;
}
$c->render(
json => {
success => Mojo::JSON->false,
message => 'Not Authorised',
},
status => 403,
);
return 0;
}
2017-02-24 19:27:43 +00:00
sub post_admin_approve {
my $c = shift;
my $self = $c;
my $user = $c->stash->{ api_user };
2017-02-24 19:27:43 +00:00
my $userId = $self->get_active_user_id();
if ( ! $self->is_admin($userId) ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'You are not an admin.',
},
status => 403,); #Forbidden request
}
my $json = $self->req->json;
if ( ! defined $json ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'JSON is missing.',
},
status => 400,); #Malformed request
}
my $unvalidatedOrganisationId = $json->{unvalidatedOrganisationId};
if ( ! defined $unvalidatedOrganisationId ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'unvalidatedOrganisationId is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($unvalidatedOrganisationId)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'unvalidatedOrganisationId does not look like a number.',
},
status => 400,); #Malformed request
}
my ($id, $name, $fullAddress, $postcode) = $self->db->selectrow_array("SELECT PendingOrganisationId, Name, FullAddress, Postcode FROM PendingOrganisations WHERE PendingOrganisationId = ?", undef, ($unvalidatedOrganisationId));
#It does not exist.
if (! defined $id) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
2017-02-24 19:27:43 +00:00
return $self->render( json => {
success => Mojo::JSON->false,
message => 'the specified unvalidatedOrganisationId does not exist.',
},
status => 400,); #Malformed request
}
my $nameJson = $json->{name};
if (defined $nameJson) {
$name = $nameJson;
}
my $fullAddressJson = $json->{fullAddress};
if (defined $fullAddressJson) {
$fullAddress = $fullAddressJson;
}
my $postCodeJson = $json->{postCode};
if (defined $postCodeJson) {
$postcode = $postCodeJson;
}
#FIXME there may be race conditions here, so may get the wrong number, mutux is needed.
my $statementInsOrg = $self->db->prepare("INSERT INTO Organisations (Name, FullAddress, PostCode) VALUES (?, ?, ?)");
$statementInsOrg->execute($name, $fullAddress, $postcode);
my $organisationalId = $self->db->last_insert_id(undef,undef, "Organisations", "OrganisationalId");
#print "OrgId: " . $organisationalId . "\n";
2017-02-24 19:27:43 +00:00
my $statementSelectPendingTrans = $self->db->prepare("SELECT BuyerUserId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted FROM PendingTransactions WHERE PendingSellerOrganisationId_FK = ?");
$statementSelectPendingTrans->execute($unvalidatedOrganisationId);
2017-02-24 19:27:43 +00:00
my $statementInsTrans = $self->db->prepare("INSERT INTO Transactions (BuyerUserId_FK, SellerOrganisationId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted) VALUES (?, ?, ?, ?, ?)");
#Move all transactions from pending onto verified.
while (my ($buyerUserId, $value, $imgName, $timeDate) = $statementSelectPendingTrans->fetchrow_array()) {
$statementInsTrans->execute($buyerUserId, $organisationalId, $value, $imgName, $timeDate);
}
#Delete transactions first, so there is no dependancy when deleting the row from PendingOrganisations.
$self->db->prepare("DELETE FROM PendingTransactions WHERE PendingSellerOrganisationId_FK = ?")->execute($unvalidatedOrganisationId);
$self->db->prepare("DELETE FROM PendingOrganisations WHERE PendingOrganisationId = ?")->execute($unvalidatedOrganisationId);
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->true,
validatedOrganisationId => $organisationalId,
},
status => 200,);
}
2017-03-06 03:35:49 +00:00
sub post_admin_merge {
my $self = shift;
my $userId = $self->get_active_user_id();
if ( ! $self->is_admin($userId) ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'You are not an admin.',
},
status => 403,); #Forbidden request
}
my $json = $self->req->json;
if ( ! defined $json ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'JSON is missing.',
},
status => 400,); #Malformed request
}
my $unvalidatedOrganisationId = $json->{unvalidatedOrganisationId};
if ( ! defined $unvalidatedOrganisationId ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'unvalidatedOrganisationId is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($unvalidatedOrganisationId)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'unvalidatedOrganisationId does not look like a number.',
},
status => 400,); #Malformed request
}
my $validatedOrganisationId = $json->{validatedOrganisationId};
if ( ! defined $validatedOrganisationId ) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'validatedOrganisationId is missing.',
},
status => 400,); #Malformed request
}
elsif (! Scalar::Util::looks_like_number($validatedOrganisationId)){
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'validatedOrganisationId does not look like a number.',
},
status => 400,); #Malformed request
}
#FIXME This requires mutual exclusion.
my $doesUnvalidatedIdNotExist = ($self->db->selectrow_array("SELECT COUNT(*) FROM PendingOrganisations WHERE PendingOrganisationId = ?", undef, ($unvalidatedOrganisationId)) == 0);
if ($doesUnvalidatedIdNotExist) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'unvalidatedOrganisationId does not exist in the database.',
},
status => 400,); #Malformed request
}
my $doesValidatedIdNotExist = ($self->db->selectrow_array("SELECT COUNT(*) FROM Organisations WHERE OrganisationalId = ?", undef, ($validatedOrganisationId)) == 0);
if ($doesValidatedIdNotExist) {
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->false,
message => 'validatedOrganisationId does not exist in the database.',
},
status => 400,); #Malformed request
}
#FIXME there may be race conditions here, so may get the wrong number, mutux is needed.
my $statementSelectPendingTrans = $self->db->prepare("SELECT BuyerUserId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted FROM PendingTransactions WHERE PendingSellerOrganisationId_FK = ?");
$statementSelectPendingTrans->execute($unvalidatedOrganisationId);
my $statementInsTrans = $self->db->prepare("INSERT INTO Transactions (BuyerUserId_FK, SellerOrganisationId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted) VALUES (?, ?, ?, ?, ?)");
#Move all transactions from pending onto verified.
while (my ($buyerUserId, $value, $imgName, $timeDate) = $statementSelectPendingTrans->fetchrow_array()) {
$statementInsTrans->execute($buyerUserId, $validatedOrganisationId, $value, $imgName, $timeDate);
}
#Delete transactions first, so there is no dependancy when deleting the row from PendingOrganisations.
$self->db->prepare("DELETE FROM PendingTransactions WHERE PendingSellerOrganisationId_FK = ?")->execute($unvalidatedOrganisationId);
$self->db->prepare("DELETE FROM PendingOrganisations WHERE PendingOrganisationId = ?")->execute($unvalidatedOrganisationId);
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
return $self->render( json => {
success => Mojo::JSON->true,
},
status => 200,);
}
2017-03-02 15:46:35 +00:00
2017-02-24 19:27:43 +00:00
1;