69 lines
2.1 KiB
PHP
69 lines
2.1 KiB
PHP
|
|
<?php
|
||
|
|
declare(strict_types=1);
|
||
|
|
|
||
|
|
require_once dirname(dirname(__DIR__)) . '/bootstrap.php';
|
||
|
|
|
||
|
|
if (!TaskCertRequest::isPost()) {
|
||
|
|
TaskCertResponse::json(['success' => false, 'error' => 'Methode nicht erlaubt'], 405);
|
||
|
|
}
|
||
|
|
|
||
|
|
$auth = TaskCertAuthContext::fromGlobals();
|
||
|
|
if (!$auth->hasPermission('r-task-cert-admin')) {
|
||
|
|
TaskCertResponse::json(['success' => false, 'error' => 'Keine Berechtigung'], 403);
|
||
|
|
}
|
||
|
|
|
||
|
|
$contentType = trim((string) ($_SERVER['CONTENT_TYPE'] ?? ''));
|
||
|
|
$isJson = strpos($contentType, 'application/json') !== false;
|
||
|
|
|
||
|
|
if ($isJson) {
|
||
|
|
$rawBody = file_get_contents('php://input');
|
||
|
|
$body = json_decode($rawBody ?: '{}', true);
|
||
|
|
if (!is_array($body)) {
|
||
|
|
$body = [];
|
||
|
|
}
|
||
|
|
|
||
|
|
$csrfToken = trim((string) ($body['csrf_token'] ?? ''));
|
||
|
|
if ($csrfToken !== '') {
|
||
|
|
$_POST['csrf_token'] = $csrfToken;
|
||
|
|
}
|
||
|
|
TaskCertCsrf::assertValidFromRequest(true);
|
||
|
|
|
||
|
|
$submissionId = (int) ($body['submission_id'] ?? 0);
|
||
|
|
$decision = trim((string) ($body['decision'] ?? ''));
|
||
|
|
$note = trim((string) ($body['note'] ?? ''));
|
||
|
|
} else {
|
||
|
|
TaskCertCsrf::assertValidFromRequest(true);
|
||
|
|
$submissionId = TaskCertRequest::postInt('submission_id', 0);
|
||
|
|
$decision = TaskCertRequest::postString('decision', '');
|
||
|
|
$note = TaskCertRequest::postString('note', '');
|
||
|
|
}
|
||
|
|
|
||
|
|
if ($submissionId <= 0) {
|
||
|
|
TaskCertResponse::json(['success' => false, 'error' => 'Ungültige submission_id'], 400);
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!in_array($decision, ['approve', 'reject'], true)) {
|
||
|
|
TaskCertResponse::json(['success' => false, 'error' => 'Ungültige decision'], 400);
|
||
|
|
}
|
||
|
|
|
||
|
|
try {
|
||
|
|
$services = task_cert_services();
|
||
|
|
|
||
|
|
if ($decision === 'approve') {
|
||
|
|
$services['approvalService']->approveSubmission($submissionId, $auth->contactId(), $note);
|
||
|
|
} else {
|
||
|
|
$services['approvalService']->rejectSubmission($submissionId, $auth->contactId(), $note);
|
||
|
|
}
|
||
|
|
|
||
|
|
TaskCertResponse::json([
|
||
|
|
'success' => true,
|
||
|
|
'submission_id' => $submissionId,
|
||
|
|
'decision' => $decision,
|
||
|
|
]);
|
||
|
|
} catch (Throwable $throwable) {
|
||
|
|
TaskCertResponse::json([
|
||
|
|
'success' => false,
|
||
|
|
'error' => $throwable->getMessage(),
|
||
|
|
], 400);
|
||
|
|
}
|