106 lines
3.8 KiB
PHP
106 lines
3.8 KiB
PHP
<?php
|
|
|
|
$tokenRec = require_valid_token();
|
|
require_role(['admin', 'supervisor'], $tokenRec);
|
|
|
|
$callerRole = $tokenRec['role'];
|
|
$callerEntityID = $tokenRec['entityID'] ?? '';
|
|
|
|
switch ($method) {
|
|
|
|
case 'GET':
|
|
try {
|
|
[$pdo, $tmpDb, $lockFp] = qdb_open(false);
|
|
|
|
if ($callerRole === 'admin') {
|
|
$coaches = $pdo->query(
|
|
"SELECT c.coachID, c.username, c.supervisorID, sv.username AS supervisorUsername
|
|
FROM coach c
|
|
LEFT JOIN supervisor sv ON sv.supervisorID = c.supervisorID
|
|
ORDER BY sv.username, c.username"
|
|
)->fetchAll(PDO::FETCH_ASSOC);
|
|
} else {
|
|
$stmt = $pdo->prepare(
|
|
"SELECT c.coachID, c.username, c.supervisorID, sv.username AS supervisorUsername
|
|
FROM coach c
|
|
LEFT JOIN supervisor sv ON sv.supervisorID = c.supervisorID
|
|
WHERE c.supervisorID = :sid ORDER BY c.username"
|
|
);
|
|
$stmt->execute([':sid' => $callerEntityID]);
|
|
$coaches = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
}
|
|
|
|
[$clause, $params] = rbac_client_filter($tokenRec, 'cl');
|
|
$clientStmt = $pdo->prepare(
|
|
"SELECT cl.clientCode, cl.coachID, co.username AS coachUsername
|
|
FROM client cl
|
|
LEFT JOIN coach co ON co.coachID = cl.coachID
|
|
WHERE $clause
|
|
ORDER BY cl.coachID, cl.clientCode"
|
|
);
|
|
foreach ($params as $k => $v) $clientStmt->bindValue($k, $v);
|
|
$clientStmt->execute();
|
|
$clients = $clientStmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
qdb_discard($tmpDb, $lockFp);
|
|
json_success(['coaches' => $coaches, 'clients' => $clients]);
|
|
} catch (Throwable $e) {
|
|
if (isset($tmpDb, $lockFp)) qdb_discard($tmpDb, $lockFp);
|
|
error_log($e->getMessage());
|
|
json_error('SERVER_ERROR', 'Server error', 500);
|
|
}
|
|
break;
|
|
|
|
case 'POST':
|
|
$body = read_json_body();
|
|
$clientCodes = $body['clientCodes'] ?? [];
|
|
$coachID = trim($body['coachID'] ?? '');
|
|
|
|
if (empty($clientCodes) || $coachID === '') {
|
|
json_error('MISSING_FIELDS', 'clientCodes and coachID are required', 400);
|
|
}
|
|
if (!is_array($clientCodes)) $clientCodes = [$clientCodes];
|
|
|
|
try {
|
|
[$pdo, $tmpDb, $lockFp] = qdb_open(true);
|
|
|
|
if ($callerRole === 'supervisor') {
|
|
$chk = $pdo->prepare("SELECT coachID FROM coach WHERE coachID = :cid AND supervisorID = :sid");
|
|
$chk->execute([':cid' => $coachID, ':sid' => $callerEntityID]);
|
|
} else {
|
|
$chk = $pdo->prepare("SELECT coachID FROM coach WHERE coachID = :cid");
|
|
$chk->execute([':cid' => $coachID]);
|
|
}
|
|
if (!$chk->fetch()) {
|
|
qdb_discard($tmpDb, $lockFp);
|
|
json_error('NOT_FOUND', 'Coach not found or not authorized', 400);
|
|
}
|
|
|
|
[$rbacClause, $rbacParams] = rbac_client_filter($tokenRec);
|
|
$pdo->beginTransaction();
|
|
$updStmt = $pdo->prepare(
|
|
"UPDATE client SET coachID = :cid WHERE clientCode = :cc AND ($rbacClause)"
|
|
);
|
|
$count = 0;
|
|
foreach ($clientCodes as $cc) {
|
|
$cc = trim($cc);
|
|
if ($cc === '') continue;
|
|
$updStmt->execute(array_merge([':cid' => $coachID, ':cc' => $cc], $rbacParams));
|
|
$count += $updStmt->rowCount();
|
|
}
|
|
$pdo->commit();
|
|
qdb_save($tmpDb, $lockFp);
|
|
|
|
json_success(['assigned' => $count]);
|
|
} catch (Throwable $e) {
|
|
if (isset($pdo) && $pdo->inTransaction()) $pdo->rollBack();
|
|
if (isset($tmpDb, $lockFp)) qdb_discard($tmpDb, $lockFp);
|
|
error_log($e->getMessage());
|
|
json_error('SERVER_ERROR', 'Server error', 500);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
json_error('METHOD_NOT_ALLOWED', 'Method not allowed', 405);
|
|
}
|