/** * @url GET useremail/{userId} */ protected function getUserEmail($userId) { if (\TTO::getRole() == 'admin') { $response = new \stdClass(); return \TTO::getUserEmail($userId); } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url PUT {orderId} */ protected function postApproveOrder($orderId) { if (\TTO::getRole() == 'admin') { $statement = 'UPDATE `order` SET status = :status WHERE orderId = :orderId'; $bind = array('orderId' => $orderId, 'status' => 'approve'); $count = \Db::execute($statement, $bind); \TTOMail::createAndSendAdmin('Admin approved an order', json_encode($bind)); \TTOMail::createAndSend(ADMINEMAIL, \TTO::getUserEmail($userId), 'Admin have approved your order', 'Please check on the system'); if ($count > 0) { $statement = 'SELECT coin + bonus FROM `order` WHERE orderId = :orderId'; $bind = array('orderId' => $orderId); $coin = \Db::getValue($statement, $bind); $statement = 'UPDATE user SET coin = coin + :coin WHERE userId = :userId'; $bind = array('userId' => $userId, 'coin' => $coin); $count = \Db::execute($statement, $bind); } else { throw new RestException(500, 'Approve Error !!!'); } } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }