/
Order.php
159 lines (143 loc) · 4.68 KB
/
Order.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
<?php
use Luracast\Restler\RestException;
class Order
{
/**
* @smart-auto-routing false
*/
/**
* @url POST
* @url POST /user/{userId}
*/
protected function postNewOrder($userId, $coin, $bonus, $amount)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = "
INSERT INTO `order` (userId, coin, bonus, amount, status, bankId)
VALUE (:userId, :coin, :bonus, :amount, :status, :bankId)
";
$bind = array (
'userId' => $userId,
'coin' => $coin,
'bonus' => $bonus,
'amount' => $amount,
'status' => 'order',
'bankId' => 1
);
$row_insert = \Db::execute($statement, $bind);
\TTOMail::createAndSendAdmin('A user ordered coin', json_encode($bind));
if ($row_insert > 0) {
$last_insert_id = \Db::getLastInsertId();
$statement = 'SELECT * FROM `order` WHERE orderId = :orderId';
$bind = array('orderId' => $last_insert_id);
return \Db::getRow($statement, $bind);
} else {
throw new RestException(500, 'New Order Error !!!');
}
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url GET
*/
protected function getAllOrder()
{
if (\TTO::getRole() == 'admin') {
$statement = '
SELECT O.*, U.nickname
FROM `order` AS O
INNER JOIN user AS U
ON UC.userId = U.userId
ORDER BY status DESC
';
return \Db::getResult($statement);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url GET user/{userId}
*/
protected function getAllUserOrder($userId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = 'SELECT * FROM `order` WHERE userId = :userId ORDER BY status DESC';
$bind = array('userId' => $userId);
return \Db::getResult($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url PUT {orderId}/user/{userId}
*/
protected function putConfirmOrder($orderId, $userId, $bankId, $transferAmount, $transferDate)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = '
UPDATE `order` SET
status = :status,
bankId = :bankId,
transferAmount = :transferAmount,
transferDate = :transferDate
WHERE orderId = :orderId
';
$bind = array(
'orderId' => $orderId,
'bankId' => $bankId,
'transferAmount' => $transferAmount,
'transferDate' => $transferDate,
'status' => 'confirm'
);
$count = \Db::execute($statement, $bind);
\TTOMail::createAndSendAdmin('Updated order', json_encode($bind));
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url DELETE {orderId}/user/{userId}
*/
protected function deleteOrder($orderId, $userId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = 'DELETE `order` WHERE orderId = :orderId';
$bind = array('orderId' => $orderId);
$count = \Db::execute($statement, $bind);
\TTOMail::createAndSendAdmin('A user cancelled order', json_encode($bind));
if ($count > 0) {
return;
} else {
throw new RestException(500, 'Cancel Error !!!');
}
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url PUT {orderId}
*/
protected function postApproveOrder($orderId)
{
if (\TTO::getRole() == 'admin') {
$statement = 'UPDATE `order` SET status = :status WHERE orderId = :orderId';
$bind = array('orderId' => $orderId, 'status' => 'approve');
$count = \Db::execute($statement, $bind);
\TTOMail::createAndSendAdmin('Admin approved an order', json_encode($bind));
\TTOMail::createAndSend(ADMINEMAIL, \TTO::getUserEmail($userId), 'Admin have approved your order', 'Please check on the system');
if ($count > 0) {
$statement = 'SELECT coin + bonus FROM `order` WHERE orderId = :orderId';
$bind = array('orderId' => $orderId);
$coin = \Db::getValue($statement, $bind);
$statement = 'UPDATE user SET coin = coin + :coin WHERE userId = :userId';
$bind = array('userId' => $userId, 'coin' => $coin);
$count = \Db::execute($statement, $bind);
} else {
throw new RestException(500, 'Approve Error !!!');
}
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
}