customerapi: on cancel check also registration ownership
This commit is contained in:
parent
89b3ab4ce5
commit
b993f5dee0
@ -186,10 +186,13 @@ class EventRegistrationManager extends BaseObject
|
|||||||
* @return array|EventRegistration|ActiveRecord|null
|
* @return array|EventRegistration|ActiveRecord|null
|
||||||
* @throws NotFoundHttpException
|
* @throws NotFoundHttpException
|
||||||
*/
|
*/
|
||||||
public function loadRegistration($idRegistration)
|
public function loadRegistration($idRegistration, $idCustomer)
|
||||||
{
|
{
|
||||||
|
|
||||||
$registration = EventRegistration::find()->andWhere(['id' => $idRegistration])->one();
|
$registration = EventRegistration::find()
|
||||||
|
->andWhere(['id' => $idRegistration])
|
||||||
|
->andWhere(['id_customer' => $idCustomer])
|
||||||
|
->one();
|
||||||
if ($registration === null) {
|
if ($registration === null) {
|
||||||
throw new NotFoundHttpException('The requested registration does not exist.');
|
throw new NotFoundHttpException('The requested registration does not exist.');
|
||||||
}
|
}
|
||||||
@ -200,8 +203,12 @@ class EventRegistrationManager extends BaseObject
|
|||||||
* @param EventRegistration $registration
|
* @param EventRegistration $registration
|
||||||
* @throws ServerErrorHttpException
|
* @throws ServerErrorHttpException
|
||||||
*/
|
*/
|
||||||
public function cancelRegistration($registration)
|
public function cancelRegistration($registration, $idCustomer)
|
||||||
{
|
{
|
||||||
|
if ( $registration->id_customer != $idCustomer){
|
||||||
|
throw new NotFoundHttpException('The requested registration does not exist.');
|
||||||
|
}
|
||||||
|
|
||||||
if (isset($registration->canceled_at)) {
|
if (isset($registration->canceled_at)) {
|
||||||
throw new BadRequestHttpException('The registration is already canceled', self::ALREADY_CANCELLED);
|
throw new BadRequestHttpException('The registration is already canceled', self::ALREADY_CANCELLED);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -18,6 +18,4 @@ use yii\web\NotFoundHttpException;
|
|||||||
class CustomerApiController extends RestController
|
class CustomerApiController extends RestController
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -122,29 +122,6 @@ class EventController extends \customerapi\controllers\CustomerApiController
|
|||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @param Query $query
|
|
||||||
* @param $interval
|
|
||||||
* @return Query the query with the added conditions
|
|
||||||
*/
|
|
||||||
private function buildEventQuery($query, $interval)
|
|
||||||
{
|
|
||||||
|
|
||||||
$paramEventStartMax = (clone $interval->lastActiveDate);
|
|
||||||
$paramEventStartMax = $paramEventStartMax->modify('+1 day');
|
|
||||||
$paramEventStartMax = $paramEventStartMax->getTimestamp();
|
|
||||||
|
|
||||||
|
|
||||||
/** @var ActiveQuery $query */
|
|
||||||
return $query
|
|
||||||
->innerJoinWith('trainer')
|
|
||||||
->innerJoinWith('eventType')
|
|
||||||
->innerJoinWith('room')
|
|
||||||
->joinWith('activeEventRegistrations')
|
|
||||||
->andWhere(['>=', 'event.start', $interval->firstActiveDate->getTimestamp()])
|
|
||||||
->andWhere(['<', 'event.start', $paramEventStartMax])
|
|
||||||
->andWhere(['event.active' => '1']);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param integer $id_event the id of the event
|
* @param integer $id_event the id of the event
|
||||||
|
|||||||
@ -76,9 +76,9 @@ class EventRegistrationController extends CustomerApiController
|
|||||||
*/
|
*/
|
||||||
public function actionCancel($idRegistration) {
|
public function actionCancel($idRegistration) {
|
||||||
$manager = new \common\manager\EventRegistrationManager();
|
$manager = new \common\manager\EventRegistrationManager();
|
||||||
$registration = $manager->loadRegistration($idRegistration);
|
$registration = $manager->loadRegistration($idRegistration,\Yii::$app->user->id);
|
||||||
$manager->cancelRegistration($registration);
|
$manager->cancelRegistration($registration,\Yii::$app->user->id);
|
||||||
$registration = $manager->loadRegistration($idRegistration);
|
$registration = $manager->loadRegistration($idRegistration,\Yii::$app->user->id);
|
||||||
return $this->asJson($registration);
|
return $this->asJson($registration);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -38,43 +38,43 @@ class SiteController extends Controller
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
// /**
|
||||||
* @inheritdoc
|
// * @inheritdoc
|
||||||
*/
|
// */
|
||||||
public function actions()
|
// public function actions()
|
||||||
{
|
// {
|
||||||
return [
|
// return [
|
||||||
'error' => [
|
// 'error' => [
|
||||||
'class' => 'yii\web\ErrorAction',
|
// 'class' => 'yii\web\ErrorAction',
|
||||||
],
|
// ],
|
||||||
'captcha' => [
|
// 'captcha' => [
|
||||||
'class' => 'yii\captcha\CaptchaAction',
|
// 'class' => 'yii\captcha\CaptchaAction',
|
||||||
'fixedVerifyCode' => YII_ENV_TEST ? 'testme' : null,
|
// 'fixedVerifyCode' => YII_ENV_TEST ? 'testme' : null,
|
||||||
],
|
// ],
|
||||||
];
|
// ];
|
||||||
}
|
// }
|
||||||
|
|
||||||
/**
|
// /**
|
||||||
* Displays homepage.
|
// * Displays homepage.
|
||||||
*
|
// *
|
||||||
* @return mixed
|
// * @return mixed
|
||||||
*/
|
// */
|
||||||
public function actionIndex()
|
// public function actionIndex()
|
||||||
{
|
// {
|
||||||
return $this->render('index');
|
// return $this->render('index');
|
||||||
}
|
// }
|
||||||
|
//
|
||||||
/**
|
// /**
|
||||||
* Logs out the current user.
|
// * Logs out the current user.
|
||||||
*
|
// *
|
||||||
* @return mixed
|
// * @return mixed
|
||||||
*/
|
// */
|
||||||
public function actionLogout()
|
// public function actionLogout()
|
||||||
{
|
// {
|
||||||
Yii::$app->user->logout();
|
// Yii::$app->user->logout();
|
||||||
|
//
|
||||||
return $this->goHome();
|
// return $this->goHome();
|
||||||
}
|
// }
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user