/** * (non-PHPdoc) * @see PartKeepr\Service.RestfulService::update() */ public function update() { $this->requireParameter("id"); $stockEntry = StockEntry::loadById($this->getParameter("id")); if (!SessionManager::getCurrentSession()->getUser()->isAdmin() && !(SessionManager::getCurrentSession()->getUser() && $stockEntry->getUser() && SessionManager::getCurrentSession()->getUser()->getId() == $stockEntry->getUser()->getId())) { throw new \Exception("Permission denied"); } /* It's not allowed to edit a price for a removal */ if (!$stockEntry->isRemoval()) { $stockEntry->setPrice(abs($this->getParameter("price"))); } /** * Only an admin user may correct the in&out stock levels */ if (SessionManager::getCurrentSession()->getUser()->isAdmin()) { if ($this->getParameter("direction") == "out") { $stockEntry->setStockLevel(-abs($this->getParameter("stockLevel"))); } else { $stockEntry->setStockLevel($this->getParameter("stockLevel")); } } if (SessionManager::getCurrentSession()->getUser()->isAdmin()) { try { $stockEntry->setUser(User::loadById($this->getParameter("user_id"))); } catch (\Exception $e) { $stockEntry->setUser(null); } } $stockEntry->setComment($this->getParameter("comment")); PartKeepr::getEM()->flush(); return array("data" => $stockEntry->serialize()); }