Files
breadcrumb-the-shire/pages/api/v1/departments/show($id).php
2026-03-04 15:56:58 +01:00

104 lines
3.9 KiB
PHP

<?php
use MintyPHP\Http\ApiAuth;
use MintyPHP\Http\ApiBootstrap;
use MintyPHP\Http\ApiResponse;
ApiBootstrap::init();
$request = requestInput();
$uuid = trim((string) ($id ?? ''));
if ($uuid === '') {
ApiResponse::notFound();
}
$method = $request->method();
if ($method === 'GET') {
ApiResponse::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_API_DEPARTMENTS_VIEW);
$department = app(\MintyPHP\Service\Directory\DirectoryServicesFactory::class)->createDepartmentService()->findByUuid($uuid);
if (!$department) {
ApiResponse::notFound();
}
$departmentId = (int) ($department['id'] ?? 0);
ApiAuth::requireResourceAccess('departments', $departmentId);
$tenantUuid = '';
$tenantId = (int) ($department['tenant_id'] ?? 0);
if ($tenantId > 0) {
$tenant = app(\MintyPHP\Service\Directory\DirectoryServicesFactory::class)->createTenantService()->findById($tenantId);
$tenantUuid = (string) ($tenant['uuid'] ?? '');
}
ApiResponse::success([
'data' => [
'uuid' => $department['uuid'] ?? '',
'description' => $department['description'] ?? '',
'code' => $department['code'] ?? '',
'cost_center' => $department['cost_center'] ?? '',
'active' => (bool) ($department['active'] ?? 1),
'tenant_uuid' => $tenantUuid,
'created' => $department['created'] ?? '',
'modified' => $department['modified'] ?? '',
],
]);
}
if ($method === 'PUT' || $method === 'PATCH') {
ApiResponse::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_API_DEPARTMENTS_UPDATE);
$department = app(\MintyPHP\Service\Directory\DirectoryServicesFactory::class)->createDepartmentService()->findByUuid($uuid);
if (!$department) {
ApiResponse::notFound();
}
$departmentId = (int) ($department['id'] ?? 0);
ApiAuth::requireResourceAccess('departments', $departmentId);
$input = $request->bodyAll();
if (array_key_exists('tenant_id', $input)) {
ApiResponse::validationFromFormErrors(formErrorsFrom(['tenant_id' => ['use_tenant_uuid']]));
}
if (array_key_exists('tenant_uuid', $input)) {
$tenantUuid = trim((string) ($input['tenant_uuid'] ?? ''));
if ($tenantUuid !== '') {
$tenant = app(\MintyPHP\Service\Directory\DirectoryServicesFactory::class)->createTenantService()->findByUuid($tenantUuid);
if (!$tenant) {
ApiResponse::validationFromFormErrors(formErrorsFrom(['tenant_uuid' => ['not_found']]));
}
$input['tenant_id'] = (int) ($tenant['id'] ?? 0);
} else {
$input['tenant_id'] = 0;
}
unset($input['tenant_uuid']);
}
$scopedTenantId = ApiAuth::scopedTenantId();
if ($scopedTenantId) {
$postedTenantId = (int) ($input['tenant_id'] ?? 0);
if ($postedTenantId > 0 && $postedTenantId !== $scopedTenantId) {
ApiResponse::forbidden('tenant_scoped_token_forbidden');
}
$input['tenant_id'] = $scopedTenantId;
}
$result = app(\MintyPHP\Service\Directory\DirectoryServicesFactory::class)->createDepartmentService()->updateFromAdmin($departmentId, $input, ApiAuth::userId());
ApiResponse::fromServiceResult($result);
}
if ($method === 'DELETE') {
ApiResponse::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_API_DEPARTMENTS_DELETE);
$department = app(\MintyPHP\Service\Directory\DirectoryServicesFactory::class)->createDepartmentService()->findByUuid($uuid);
if (!$department) {
ApiResponse::notFound();
}
$departmentId = (int) ($department['id'] ?? 0);
ApiAuth::requireResourceAccess('departments', $departmentId);
$result = app(\MintyPHP\Service\Directory\DirectoryServicesFactory::class)->createDepartmentService()->deleteByUuid($uuid);
ApiResponse::fromServiceResult($result);
}
ApiResponse::methodNotAllowed();