194 lines
6.9 KiB
Perl
194 lines
6.9 KiB
Perl
package Pear::LocalLoop::Controller::Api::Admin;
|
|
use Mojo::Base 'Mojolicious::Controller';
|
|
|
|
has error_messages => sub {
|
|
return {
|
|
pending_organisation_id => {
|
|
required => { message => 'pending_organisation_id is missing', status => 400 },
|
|
number => { message => 'pending_organisation_id is not a number', status => 400 },
|
|
in_resultset => { message => 'pending_organisation_id does not exist in the database', status => 400 },
|
|
},
|
|
postcode => {
|
|
postcode => { message => 'postcode is not a valid uk postcode', status => 400 },
|
|
},
|
|
};
|
|
};
|
|
|
|
sub auth {
|
|
my $c = shift;
|
|
|
|
if ( defined $c->stash->{ api_user }->administrator ) {
|
|
return 1;
|
|
}
|
|
|
|
$c->render(
|
|
json => {
|
|
success => Mojo::JSON->false,
|
|
message => 'Not Authorised',
|
|
},
|
|
status => 403,
|
|
);
|
|
return 0;
|
|
}
|
|
|
|
sub post_admin_approve {
|
|
my $c = shift;
|
|
my $self = $c;
|
|
|
|
my $validation = $c->validation;
|
|
|
|
$validation->input( $c->stash->{api_json} );
|
|
|
|
my $pending_org_rs = $c->schema->resultset('PendingOrganisation');
|
|
$validation->required('pending_organisation_id')->number->in_resultset('id', $pending_org_rs);
|
|
$validation->optional('name');
|
|
$validation->optional('street_name');
|
|
$validation->optional('town');
|
|
$validation->optional('postcode')->postcode;
|
|
|
|
return $c->api_validation_error if $validation->has_error;
|
|
|
|
my $pending_org = $pending_org_rs->find( $validation->param('pending_organisation_id') );
|
|
|
|
my $valid_org = $c->schema->resultset('Organisation')->create({
|
|
name => $validation->param('name') || $pending_org->name,
|
|
street_name => $validation->param('street_name') || $pending_org->street_name,
|
|
town => $validation->param('town') || $pending_org->town,
|
|
postcode => $validation->param('postcode') || $pending_org->postcode,
|
|
});
|
|
|
|
my $pending_transaction_rs = $pending_org->pending_transactions;
|
|
|
|
while ( my $pending_transaction = $pending_transaction_rs->next ) {
|
|
$valid_org->create_related(
|
|
'transactions', {
|
|
buyeruserid_fk => $pending_transaction->buyeruserid_fk,
|
|
valuemicrocurrency => $pending_transaction->valuemicrocurrency,
|
|
proofimage => $pending_transaction->proofimage,
|
|
timedatesubmitted => $pending_transaction->timedatesubmitted,
|
|
}
|
|
);
|
|
}
|
|
|
|
$pending_org->delete;
|
|
|
|
return $self->render(
|
|
json => {
|
|
success => Mojo::JSON->true,
|
|
message => 'Successfully Approved Organisation',
|
|
},
|
|
status => 200,
|
|
);
|
|
}
|
|
|
|
|
|
sub post_admin_merge {
|
|
my $self = shift;
|
|
|
|
my $userId = $self->get_active_user_id();
|
|
if ( ! $self->is_admin($userId) ) {
|
|
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
|
|
return $self->render( json => {
|
|
success => Mojo::JSON->false,
|
|
message => 'You are not an admin.',
|
|
},
|
|
status => 403,); #Forbidden request
|
|
}
|
|
|
|
my $json = $self->req->json;
|
|
if ( ! defined $json ) {
|
|
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
|
|
return $self->render( json => {
|
|
success => Mojo::JSON->false,
|
|
message => 'JSON is missing.',
|
|
},
|
|
status => 400,); #Malformed request
|
|
}
|
|
|
|
my $unvalidatedOrganisationId = $json->{unvalidatedOrganisationId};
|
|
if ( ! defined $unvalidatedOrganisationId ) {
|
|
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
|
|
return $self->render( json => {
|
|
success => Mojo::JSON->false,
|
|
message => 'unvalidatedOrganisationId is missing.',
|
|
},
|
|
status => 400,); #Malformed request
|
|
}
|
|
elsif (! Scalar::Util::looks_like_number($unvalidatedOrganisationId)){
|
|
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
|
|
return $self->render( json => {
|
|
success => Mojo::JSON->false,
|
|
message => 'unvalidatedOrganisationId does not look like a number.',
|
|
},
|
|
status => 400,); #Malformed request
|
|
}
|
|
|
|
my $validatedOrganisationId = $json->{validatedOrganisationId};
|
|
if ( ! defined $validatedOrganisationId ) {
|
|
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
|
|
return $self->render( json => {
|
|
success => Mojo::JSON->false,
|
|
message => 'validatedOrganisationId is missing.',
|
|
},
|
|
status => 400,); #Malformed request
|
|
}
|
|
elsif (! Scalar::Util::looks_like_number($validatedOrganisationId)){
|
|
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
|
|
return $self->render( json => {
|
|
success => Mojo::JSON->false,
|
|
message => 'validatedOrganisationId does not look like a number.',
|
|
},
|
|
status => 400,); #Malformed request
|
|
}
|
|
|
|
#FIXME This requires mutual exclusion.
|
|
|
|
my $doesUnvalidatedIdNotExist = ($self->db->selectrow_array("SELECT COUNT(*) FROM PendingOrganisations WHERE PendingOrganisationId = ?", undef, ($unvalidatedOrganisationId)) == 0);
|
|
if ($doesUnvalidatedIdNotExist) {
|
|
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
|
|
return $self->render( json => {
|
|
success => Mojo::JSON->false,
|
|
message => 'unvalidatedOrganisationId does not exist in the database.',
|
|
},
|
|
status => 400,); #Malformed request
|
|
}
|
|
|
|
my $doesValidatedIdNotExist = ($self->db->selectrow_array("SELECT COUNT(*) FROM Organisations WHERE OrganisationalId = ?", undef, ($validatedOrganisationId)) == 0);
|
|
if ($doesValidatedIdNotExist) {
|
|
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
|
|
return $self->render( json => {
|
|
success => Mojo::JSON->false,
|
|
message => 'validatedOrganisationId does not exist in the database.',
|
|
},
|
|
status => 400,); #Malformed request
|
|
}
|
|
|
|
|
|
#FIXME there may be race conditions here, so may get the wrong number, mutux is needed.
|
|
my $statementSelectPendingTrans = $self->db->prepare("SELECT BuyerUserId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted FROM PendingTransactions WHERE PendingSellerOrganisationId_FK = ?");
|
|
$statementSelectPendingTrans->execute($unvalidatedOrganisationId);
|
|
|
|
my $statementInsTrans = $self->db->prepare("INSERT INTO Transactions (BuyerUserId_FK, SellerOrganisationId_FK, ValueMicroCurrency, ProofImage, TimeDateSubmitted) VALUES (?, ?, ?, ?, ?)");
|
|
|
|
#Move all transactions from pending onto verified.
|
|
while (my ($buyerUserId, $value, $imgName, $timeDate) = $statementSelectPendingTrans->fetchrow_array()) {
|
|
$statementInsTrans->execute($buyerUserId, $validatedOrganisationId, $value, $imgName, $timeDate);
|
|
}
|
|
|
|
#Delete transactions first, so there is no dependancy when deleting the row from PendingOrganisations.
|
|
$self->db->prepare("DELETE FROM PendingTransactions WHERE PendingSellerOrganisationId_FK = ?")->execute($unvalidatedOrganisationId);
|
|
$self->db->prepare("DELETE FROM PendingOrganisations WHERE PendingOrganisationId = ?")->execute($unvalidatedOrganisationId);
|
|
|
|
$self->app->log->debug('Path Success: file:' . __FILE__ . ', line: ' . __LINE__);
|
|
return $self->render( json => {
|
|
success => Mojo::JSON->true,
|
|
},
|
|
status => 200,);
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|
|
|