public function create()
{
$user = $this->session->get_user();
if (!$user->is_admin()) {
throw new Lib\Exceptions\UnauthorizedException();
}
$args = $this->request->args;
$name = Validate::plaintext($args['name']);
$price = Validate::udouble($args['price']);
$quantity = Validate::uint($args['quantity']);
$image_url = Validate::image_url($args['image_url']);
$product = Product::create($name, $price, $quantity, $image_url);
$this->response->set_header(Lib\Response::HTTP_CREATED);
$this->response->set('product', $product);
}
public function hackable_create()
{
$args = $this->request->args;
$token = $_COOKIE['user_token'];
$user = User::retrieve_by_token(Validate::token($token));
$username = $user->username;
$total = Validate::udouble($args['total']);
$products = $args['products'];
foreach ($products as $id => $quantity) {
Product::decrease_quantity(Validate::uint($id), Validate::uint($quantity));
}
$order = Order::create($username, $total);
$this->response->set_header(Lib\Response::HTTP_CREATED);
$this->response->set('order', $order);
}