From b040fe95a47f99362b49b4f62d81bf8b6f420962 Mon Sep 17 00:00:00 2001
From: Korina Cordero <cordero.korina@gmail.com>
Date: Wed, 14 Jul 2021 07:20:49 +0000
Subject: [PATCH] Modify WarrantyController. #591

---
 src/Controller/ResqAPI/WarrantyController.php | 150 +++++-------------
 1 file changed, 39 insertions(+), 111 deletions(-)

diff --git a/src/Controller/ResqAPI/WarrantyController.php b/src/Controller/ResqAPI/WarrantyController.php
index 10c17a14..f20ac15c 100644
--- a/src/Controller/ResqAPI/WarrantyController.php
+++ b/src/Controller/ResqAPI/WarrantyController.php
@@ -72,14 +72,15 @@ class WarrantyController extends APIController
 
         $user_id = $mobile_user->getID();
 
+        // prepare logging data
+        $action = 'create';
+        $source = WarrantySource::MOBILE;
         $log_data = [
             'plate_number' => $req->request->get('plate_num'),
             'first_name' => $req->request->get('first_name'),
             'last_name' => $req->request->get('last_name'),
             'date_purchase' => $req->request->get('date_purchase'),
         ];
-        $action = 'create';
-        $source = WarrantySource::MOBILE;
 
         $msg = $this->checkRequiredParameters($req, $required_params);
         if ($msg)
@@ -105,25 +106,31 @@ class WarrantyController extends APIController
 
     public function warrantyCheck($serial, EntityManagerInterface $em, Request $req, MobileAPIHandler $mah)
     {
-        // check required parameters and api key
+        $this->denyAccessUnlessGranted('mobile_warranty.check', null, 'No access.');
+
+        // check required parameters
         $required_params = [];
-        $res = $this->checkParamsAndKey($req, $em, $required_params);
-        if ($res->isError())
-            return $res->getReturnResponse();
+        $msg = $this->checkRequiredParameters($req, $required_params);
+        if ($msg)
+            return new APIResponse(false, $msg);
+
+        // get capi user to link to mobile user
+        $user_id = $this->getUser()->getID();
+
+        // get mobile user
+        $mobile_user = $mah->findMobileUser($user_id);
+
+        if ($mobile_user == null)
+            return new APIResponse(false, 'No mobile user found.');
 
         // check if warranty serial is there
         $warr_serial = $em->getRepository(WarrantySerial::class)->find($serial);
+        if ($warr_serial == null)
+            return new APIResponse(false, 'Invalid warranty serial code');
+
         $warr = $em->getRepository(Warranty::class)->findOneBy(['serial' => $serial]);
         $batt = null;
         $is_registered = false;
-
-        if ($warr_serial == null)
-        {
-            $res->setError(true)
-                ->setErrorMessage('Invalid warranty serial code.');
-            return $res->getReturnResponse();
-        }
-
         $today = new DateTime();
 
         // if we have a warranty entry for the serial already
@@ -134,7 +141,7 @@ class WarrantyController extends APIController
             $is_customer_warranty = false;
 
             // check if the warranty is registered to a car owned by the customer
-            $cust = $this->session->getCustomer();
+            $cust = $mobile_user->getCustomer();
             $is_customer_warranty = $this->checkCustomerPlateNumber($warr_plate, $cust);
 
             // null mobile number should be blank string instead
@@ -277,17 +284,26 @@ class WarrantyController extends APIController
             ],
         ];
 
-        $res->setData($data);
-
-        return $res->getReturnResponse();
+        return new APIResponse(true, 'Warranty checked', $data);
     }
 
     public function activateWarranty(Request $req, EntityManagerInterface $em)
     {
+        $this->denyAccessUnlessGranted('mobile_warranty.activate', null, 'No access.');
+
         $required_params = ['plate_number'];
-        $res = $this->checkParamsAndKey($req, $em, $required_params);
-        if ($res->isError())
-            return $res->getReturnResponse();
+        $msg = $this->checkRequiredParameters($req, $required_params);
+        if ($msg)
+            return new APIResponse(false, $msg);
+
+        // get capi user to link to mobile user
+        $user_id = $this->getUser()->getID();
+
+        // get mobile user
+        $mobile_user = $mah->findMobileUser($user_id);
+
+        if ($mobile_user == null)
+            return new APIResponse(false, 'No mobile user found.');
 
         $plate_number = $req->request->get('plate_number');
 
@@ -297,11 +313,7 @@ class WarrantyController extends APIController
 
         // check if warranty_results is empty
         if (empty($warranty_results))
-        {
-            $res->setError(true)
-                ->setErrorMessage('No warranty found for plate number');
-            return $res->getReturnResponse();
-        }
+            return new APIResponse(false, 'No warranty found for plate number');
 
         // activate all entries
         foreach ($warranty_results as $warranty)
@@ -311,7 +323,7 @@ class WarrantyController extends APIController
 
         $em->flush();
 
-        return $res->getReturnResponse();
+        return new APIResponse(true, 'Warranty activated');
     }
 
     protected function handlePictureUpload($file, $target_dir, $serial, $name)
@@ -518,88 +530,4 @@ class WarrantyController extends APIController
 
         return false;
     }
-
-    // TODO: since we broke the functions into separate files, we need
-    // to figure out how to make this accessible to all ResqAPI controllers
-    protected function checkParamsAndKey(Request $req, $em, $params)
-    {
-        // TODO: depends on what we decide to return
-        // returns APIResult object
-        $res = new APIResult();
-
-        // check for api_key in query string
-        $api_key = $req->query->get('api_key');
-        if (empty($api_key))
-        {
-            $res->setError(true)
-                ->setErrorMessage('Missing API key');
-            return $res;
-        }
-
-        // check missing parameters
-        $missing = $this->checkMissingParameters($req, $params);
-        if (count($missing) > 0)
-        {
-            $miss_string = implode(', ', $missing);
-            $res->setError(true)
-                ->setErrorMessage('Missing parameter(s): ' . $miss_string);
-            return $res;
-        }
-
-        // check api key
-        $mobile_user = $this->checkAPIKey($em, $req->query->get('api_key'));
-        if ($mobile_user == null)
-        {
-            $res->setError(true)
-                ->setErrorMessage('Invalid API Key');
-            return $res;
-        }
-
-        // store session
-        $this->session = $sess;
-
-        return $res;
-    }
-
-    // TODO: this might not be needed if we use APIController's checkRequiredParameters
-    // or we put this into a service?
-    protected function checkMissingParameters(Request $req, $params = [])
-    {
-        $missing = [];
-
-        // check if parameters are there
-        foreach ($params as $param)
-        {
-            if ($req->getMethod() == 'GET')
-            {
-                $check = $req->query->get($param);
-                if (empty($check))
-                    $missing[] = $param;
-            }
-            else if ($req->getMethod() == 'POST')
-            {
-                $check = $req->request->get($param);
-                if (empty($check))
-                    $missing[] = $param;
-            }
-            else
-                return $params;
-        }
-
-        return $missing;
-    }
-
-    // TODO: type hint entity manager
-    // TODO: since we broke the functions into separate files, we need
-    // to figure out how to make this accessible to all ResqAPI controllers
-    protected function checkAPIKey($em, $api_key)
-    {
-        // find the api key (session id)
-        // TODO: user validation needs to be changed
-        $m_user = $em->getRepository(MobileUser::class)->find($api_key);
-        if ($m_user == null)
-            return null;
-
-        return $m_user;
-    }
 }