enhanced navigation and added coach reassignment
This commit is contained in:
@ -168,6 +168,75 @@ case 'POST':
|
||||
}
|
||||
break;
|
||||
|
||||
case 'PUT':
|
||||
case 'PATCH':
|
||||
if ($callerRole !== 'admin') {
|
||||
json_error('FORBIDDEN', 'Only admins can reassign coaches', 403);
|
||||
}
|
||||
|
||||
$body = read_json_body();
|
||||
$targetUserID = trim($body['userID'] ?? '');
|
||||
$supervisorID = trim($body['supervisorID'] ?? '');
|
||||
|
||||
if ($targetUserID === '' || $supervisorID === '') {
|
||||
json_error('MISSING_FIELDS', 'userID and supervisorID are required', 400);
|
||||
}
|
||||
|
||||
try {
|
||||
[$pdo, $tmpDb, $lockFp] = qdb_open(true);
|
||||
|
||||
$row = $pdo->prepare(
|
||||
"SELECT u.userID, u.username, u.role, u.entityID, c.supervisorID
|
||||
FROM users u
|
||||
LEFT JOIN coach c ON c.coachID = u.entityID AND u.role = 'coach'
|
||||
WHERE u.userID = :uid"
|
||||
);
|
||||
$row->execute([':uid' => $targetUserID]);
|
||||
$target = $row->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if (!$target) {
|
||||
qdb_discard($tmpDb, $lockFp);
|
||||
json_error('NOT_FOUND', 'User not found', 404);
|
||||
}
|
||||
if (($target['role'] ?? '') !== 'coach') {
|
||||
qdb_discard($tmpDb, $lockFp);
|
||||
json_error('INVALID_FIELD', 'Only coaches can be reassigned to a supervisor', 400);
|
||||
}
|
||||
|
||||
$svCheck = $pdo->prepare('SELECT username FROM supervisor WHERE supervisorID = :sid');
|
||||
$svCheck->execute([':sid' => $supervisorID]);
|
||||
$svUsername = $svCheck->fetchColumn();
|
||||
if ($svUsername === false) {
|
||||
qdb_discard($tmpDb, $lockFp);
|
||||
json_error('NOT_FOUND', 'Supervisor not found', 404);
|
||||
}
|
||||
|
||||
if (($target['supervisorID'] ?? '') === $supervisorID) {
|
||||
qdb_discard($tmpDb, $lockFp);
|
||||
json_success([
|
||||
'userID' => $targetUserID,
|
||||
'supervisorID' => $supervisorID,
|
||||
'supervisorUsername' => $svUsername,
|
||||
]);
|
||||
}
|
||||
|
||||
$pdo->prepare('UPDATE coach SET supervisorID = :sid WHERE coachID = :cid')
|
||||
->execute([':sid' => $supervisorID, ':cid' => $target['entityID']]);
|
||||
|
||||
qdb_save($tmpDb, $lockFp);
|
||||
|
||||
json_success([
|
||||
'userID' => $targetUserID,
|
||||
'supervisorID' => $supervisorID,
|
||||
'supervisorUsername' => $svUsername,
|
||||
]);
|
||||
} catch (Throwable $e) {
|
||||
if (isset($tmpDb, $lockFp)) qdb_discard($tmpDb, $lockFp);
|
||||
error_log($e->getMessage());
|
||||
json_error('SERVER_ERROR', 'Server error', 500);
|
||||
}
|
||||
break;
|
||||
|
||||
case 'DELETE':
|
||||
$body = read_json_body();
|
||||
$targetUserID = trim($body['userID'] ?? '');
|
||||
|
||||
Reference in New Issue
Block a user