false, 'error' => 'Methode nicht erlaubt'], 405); } $auth = TaskCertAuthContext::fromGlobals(); if (!$auth->hasPermission('r-task-cert-admin')) { TaskCertResponse::json(['success' => false, 'error' => 'Keine Berechtigung'], 403); } $contentType = trim((string) ($_SERVER['CONTENT_TYPE'] ?? '')); $isJson = strpos($contentType, 'application/json') !== false; if ($isJson) { $rawBody = file_get_contents('php://input'); $body = json_decode($rawBody ?: '{}', true); if (!is_array($body)) { $body = []; } $csrfToken = trim((string) ($body['csrf_token'] ?? '')); if ($csrfToken !== '') { $_POST['csrf_token'] = $csrfToken; } TaskCertCsrf::assertValidFromRequest(true); $taskId = (int) ($body['task_id'] ?? 0); $assignmentId = (int) ($body['assignment_id'] ?? 0); $adminNote = trim((string) ($body['admin_note'] ?? '')); $methodPayloads = []; $rawMethods = $body['method'] ?? []; if (is_array($rawMethods)) { foreach ($rawMethods as $methodId => $fields) { $methodId = (int) $methodId; if ($methodId <= 0 || !is_array($fields)) { continue; } $methodPayloads[$methodId] = $fields; } } } else { TaskCertCsrf::assertValidFromRequest(true); $taskId = TaskCertRequest::postInt('task_id', 0); $assignmentId = TaskCertRequest::postInt('assignment_id', 0); $adminNote = TaskCertRequest::postString('admin_note', ''); $methodPayloads = []; $rawMethods = $_POST['method'] ?? []; if (is_array($rawMethods)) { foreach ($rawMethods as $methodId => $fields) { $methodId = (int) $methodId; if ($methodId <= 0 || !is_array($fields)) { continue; } $methodPayloads[$methodId] = $fields; } } } if ($taskId <= 0) { TaskCertResponse::json(['success' => false, 'error' => 'Ungültige task_id'], 400); } if ($assignmentId <= 0) { TaskCertResponse::json(['success' => false, 'error' => 'Ungültige assignment_id'], 400); } try { $services = task_cert_services(); $taskService = $services['taskDefinitionService'] ?? null; if (!$taskService instanceof TaskDefinitionService) { throw new RuntimeException('TaskDefinitionService konnte nicht geladen werden.'); } $stats = $taskService->adminMarkCompleted( $taskId, $assignmentId, $auth->contactId(), $methodPayloads, $adminNote ); TaskCertResponse::json([ 'success' => true, 'task_id' => $taskId, 'assignment_id' => $assignmentId, 'stats' => $stats, ]); } catch (Throwable $throwable) { TaskCertResponse::json([ 'success' => false, 'error' => $throwable->getMessage(), ], 400); }