/** * @api {post} /managers/:idUser/transfer Transfer Content by Manager * @apiName Transfer Content by Manager * @apiGroup Manager * @apiHeader (Header) {String} X_Authorization Authorization value. * @apiParam (url Parameter) {Number} idUser User unique ID. * @apiParam {Number} idBin Bin's unique ID. * @apiParam {Number} qty qty to transfer. * @apiParam {Number} idUser User's unique ID. The change will apply to this user. * * @apiError 400 Input Invalid. This will happen if the param is missing or not the valid format. * @apiError 404 Not found. This will happen if the bin id/user id/course id/sale id is not in our system. * @apiError 401 Not authorized. This will happen if the header value is not attached. * @apiError 403 The user is not a manager yet. * * */ public static function transContent($idUser) { $app = \Slim\Slim::getInstance(); $request = $app->request->post(); $validata = $app->validata; $validator = $validata::key('idBin', $validata::digit()->notEmpty())->key('qty', $validata::digit()->notEmpty())->key('idUser', $validata::digit()->notEmpty()); if (!$validator->validate($request)) { $app->halt("400", json_encode("Input Invalid")); } if (!GroupController::isManagerOfAdmin($request['idUser'], $idUser)) { $app->halt("403", json_encode("Permission denied.")); } $bin_id = $request['idBin']; $bin = Manager_Bin::where('id', '=', $bin_id)->lockForUpdate()->first(); if (!$bin) { $app->halt("404", json_encode("manager content record does not exist")); } if ($bin->user_id != $idUser) { $app->halt("401"); } if ($bin->quantity < $request['qty']) { $app->halt("404", json_encode("No available seat found.")); } $bin->quantity = $bin->quantity - $request['qty']; $bin->save(); $new_bin = self::addToBin($bin->course_sale_id, $request['qty'], $request['idUser'], $bin->expiration_dt); $bin->transferOut()->attach($new_bin, array('sender_id' => $idUser, 'receiver_id' => $request['idUser'], 'course_sale_id' => $bin->course_sale_id, 'quantity' => $request['qty'])); }