api settings user e school
This commit is contained in:
@@ -0,0 +1,108 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
require_once __DIR__ . '/_bootstrap.php'; // $pdo, $iduserlogin
|
||||
|
||||
try {
|
||||
$school_id = isset($_GET['school_id']) ? (int)$_GET['school_id'] : 0;
|
||||
|
||||
if ($school_id <= 0) {
|
||||
http_response_code(422);
|
||||
echo json_encode(['success' => false, 'message' => 'Missing school_id']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// --- Security: user must be active in this school ---
|
||||
$chk = $pdo->prepare("
|
||||
SELECT 1
|
||||
FROM user_schools us
|
||||
JOIN schools s ON s.id = us.school_id
|
||||
WHERE us.user_id = ?
|
||||
AND us.school_id = ?
|
||||
AND us.status = 'active'
|
||||
AND s.status = 'active'
|
||||
LIMIT 1
|
||||
");
|
||||
$chk->execute([$iduserlogin, $school_id]);
|
||||
|
||||
if (!$chk->fetchColumn()) {
|
||||
http_response_code(403);
|
||||
echo json_encode(['success' => false, 'message' => 'Forbidden: user not allowed for this school']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// --- Defaults (same as your include) ---
|
||||
$defaults = [
|
||||
'portal_purchases_enabled' => 1,
|
||||
'allowed_product_types' => 'subscription,carnet,drop_in',
|
||||
'payment_methods' => 'manual',
|
||||
'currency_code' => 'EUR',
|
||||
'enable_notifications' => 1,
|
||||
'allow_freeze_global' => 1,
|
||||
'freeze_max_days_global' => 30,
|
||||
'auto_propagate_on_purchase' => 1,
|
||||
'allow_full_access_rebooking' => 1,
|
||||
// Add here any other defaults you want to guarantee
|
||||
];
|
||||
|
||||
// --- Load settings row ---
|
||||
$stmt = $pdo->prepare("
|
||||
SELECT *
|
||||
FROM school_settings
|
||||
WHERE school_id = ?
|
||||
LIMIT 1
|
||||
");
|
||||
$stmt->execute([$school_id]);
|
||||
$settings = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if (!$settings) {
|
||||
// Create row with defaults (only school_id is required by your schema)
|
||||
$ins = $pdo->prepare("INSERT INTO school_settings (school_id) VALUES (?)");
|
||||
$ins->execute([$school_id]);
|
||||
|
||||
// Reload
|
||||
$stmt = $pdo->prepare("SELECT * FROM school_settings WHERE school_id = ? LIMIT 1");
|
||||
$stmt->execute([$school_id]);
|
||||
$settings = $stmt->fetch(PDO::FETCH_ASSOC) ?: [];
|
||||
}
|
||||
|
||||
// Merge defaults (fallback for NULL / missing fields)
|
||||
$schoolSettings = array_merge($defaults, $settings);
|
||||
|
||||
// Ensure arrays
|
||||
$paymentMethods = array_values(array_filter(array_map('trim', explode(',', (string)($schoolSettings['payment_methods'] ?? '')))));
|
||||
$productTypes = array_values(array_filter(array_map('trim', explode(',', (string)($schoolSettings['allowed_product_types'] ?? '')))));
|
||||
|
||||
$schoolSettings['payment_methods_array'] = $paymentMethods;
|
||||
$schoolSettings['allowed_product_types_array'] = $productTypes;
|
||||
|
||||
// Optional: cast some known int flags to int (helps Flutter)
|
||||
foreach (
|
||||
[
|
||||
'portal_purchases_enabled',
|
||||
'enable_notifications',
|
||||
'allow_freeze_global',
|
||||
'freeze_max_days_global',
|
||||
'auto_propagate_on_purchase',
|
||||
'allow_full_access_rebooking'
|
||||
] as $k
|
||||
) {
|
||||
if (isset($schoolSettings[$k])) {
|
||||
$schoolSettings[$k] = is_numeric($schoolSettings[$k]) ? (int)$schoolSettings[$k] : $schoolSettings[$k];
|
||||
}
|
||||
}
|
||||
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'school_id' => $school_id,
|
||||
'settings' => $schoolSettings
|
||||
], JSON_UNESCAPED_UNICODE);
|
||||
} catch (Throwable $e) {
|
||||
http_response_code(500);
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Server error.',
|
||||
'error' => $e->getMessage()
|
||||
]);
|
||||
}
|
||||
Reference in New Issue
Block a user