diff --git a/config/api_acl.yaml b/config/api_acl.yaml index 54363f6f..b104892c 100644 --- a/config/api_acl.yaml +++ b/config/api_acl.yaml @@ -68,8 +68,12 @@ access_keys: - id: dealer.list label: List - - id: mobile_customer - label: Mobile Customer + - id: mobile_user + label: Mobile User acls: - - id: mobile_customer.register - label: Register Mobile Customer + - id: mobile_user.register + label: Register Mobile User + - id: mobile_user.confirm.number + label: Confirm Number + - id: mobile_user.validate.code + label: Validate Code diff --git a/src/Controller/ResqAPI/CustomerController.php b/src/Controller/ResqAPI/CustomerController.php index 0cbdd37d..ceb66e17 100644 --- a/src/Controller/ResqAPI/CustomerController.php +++ b/src/Controller/ResqAPI/CustomerController.php @@ -13,11 +13,14 @@ use Catalyst\APIBundle\Controller\APIController; use Catalyst\APIBundle\Response\APIResponse; use App\Entity\MobileUser; +use App\Entity\Customer; use App\Service\RisingTideGateway; use Catalyst\APIBundle\Access\Generator as ACLGenerator; +use DateTime; + class CustomerController extends APIController { protected $acl_gen; @@ -29,7 +32,8 @@ class CustomerController extends APIController public function register(Request $req, EntityManagerInterface $em) { - // no need for access for register + $this->denyAccessUnlessGranted('mobile_user.register', null, 'No access.'); + // confirm parameters $required_params = [ 'phone_model', @@ -38,6 +42,7 @@ class CustomerController extends APIController 'phone_id' ]; + // check required parameters $msg = $this->checkRequiredParameters($req, $required_params); if ($msg) return new APIResponse(false, $msg); @@ -100,47 +105,54 @@ class CustomerController extends APIController public function confirmNumber(RisingTideGateway $rt, Request $req, EntityManagerInterface $em) { + $this->denyAccessUnlessGranted('mobile_user.confirm.number', null, 'No access.'); + // check parameters $required_params = [ 'phone_number', ]; - // check required parameters and api key - $res = $this->checkParamsAndKey($req, $em, $required_params); - if ($res->isError()) - return $res->getReturnResponse(); + // check required parameters + $msg = $this->checkRequiredParameters($req, $required_params); + if ($msg) + return new APIResponse(false, $msg); + + // get mobile user + $user_id = $this->getUser()->getID(); + $mobile_user = $this->findMobileUser($user_id, $em); + + if ($mobile_user == null) + return new APIResponse(false, 'No mobile user found.'); // phone number $phone_number = $req->request->get('phone_number'); // get otp_mode from .env $dotenv = new Dotenv(); - $dotenv->loadEnv(__DIR__.'/../../.env'); + $dotenv->loadEnv(__DIR__.'/../../../.env'); $otp_mode = $_ENV['OTP_MODE']; // check for hardcoded phone number for app store testing - if ($phone_number == '639991112233') + if ($phone_number == '9221111111') { $code = '123456'; - // TODO: mobile session no longer exists, use mobile_user - $this->session->setConfirmCode($code) + $mobile_user->setConfirmCode($code) ->setPhoneNumber($phone_number); $em->flush(); - return $res->getReturnResponse(); + return new APIResponse(true, 'Number confirmed.'); } // check if otp_mode is test if ($otp_mode == 'test') { $code = '123456'; - // TODO: mobile session no longer exists, use mobile_user - $this->session->setConfirmCode($code) + $mobile_user->setConfirmCode($code) ->setPhoneNumber($phone_number); $em->flush(); - return $res->getReturnResponse(); + return new APIResponse(true, 'Number confirmed.'); } // TODO: spam protection @@ -149,8 +161,7 @@ class CustomerController extends APIController // generate code and save $code = $this->generateConfirmCode(); - // TODO: mobile session no longer exists, use mobile_user - $this->session->setConfirmCode($code) + $mobile_user->setConfirmCode($code) ->setPhoneNumber($phone_number); $em->flush(); @@ -161,58 +172,61 @@ class CustomerController extends APIController } // response - return $res->getReturnResponse(); + return new APIResponse(true, 'Number confirmed.'); } - // TODO: needs to be modified for mobile user public function validateCode(Request $req, EntityManagerInterface $em) { + $this->denyAccessUnlessGranted('mobile_user.validate.code', null, 'No access.'); + // check parameters $required_params = [ 'code', ]; - // check required parameters and api key - $res = $this->checkParamsAndKey($req, $em, $required_params); - if ($res->isError()) - return $res->getReturnResponse(); + // check required parameters + $msg = $this->checkRequiredParameters($req, $required_params); + if ($msg) + return new APIResponse(false, $msg); + + // get mobile user + $user_id = $this->getUser()->getID(); + $mobile_user = $this->findMobileUser($user_id, $em); + + if ($mobile_user == null) + return new APIResponse(false, 'No mobile user found.'); // code is wrong $code = $req->request->get('code'); - if ($this->session->getConfirmCode() != $code) - { - $res->setError(true) - ->setErrorMessage('Wrong confirm code'); - return $res->getReturnResponse(); - } + if ($mobile_user->getConfirmCode() != $code) + return new APIResponse(false, 'Wrong confirm code'); // set confirm date $date = new DateTime(); - $this->session->setDateConfirmed($date) + $mobile_user->setDateConfirmed($date) ->setConfirmed(); - // TODO: check if we have the number registered before and merge - $dupe_sess = $this->findNumberSession($this->session->getPhoneNumber()); - if ($dupe_sess != null) + $dupe_user = $this->findNumberMobileUser($mobile_user->getPhoneNumber(), $em); + if ($dupe_user != null) { - $dupe_cust = $dupe_sess->getCustomer(); - $this->session->setCustomer($dupe_cust); + $dupe_cust = $dupe_user->getCustomer(); + $mobile_user->setCustomer($dupe_cust); } // TODO: check if mobile matches mobile of customer - $customer = $this->findCustomerByNumber($this->session->getPhoneNumber()); + $customer = $this->findCustomerByNumber($mobile_user->getPhoneNumber(), $em); if ($customer != null) { // TODO: if there is a dupe_sess, do we need to check if // dupe_cust is the same as the customer we found? - $this->session->setCustomer($customer); + $mobile_user->setCustomer($customer); } $em->flush(); // response - return $res->getReturnResponse(); + return new APIResponse(true, 'Code validated'); } // TODO: needs to be modified for mobile user @@ -475,11 +489,51 @@ class CustomerController extends APIController protected function findMobileUser($user_id, $em) { - $mobile_user = $em->getRepository(MobileUser::class)->findBy(['capi_user_id' => $user_id]); + $mobile_user = $em->getRepository(MobileUser::class)->findOneBy(['capi_user_id' => $user_id]); return $mobile_user; } + // TODO: find session customer by phone number + protected function findNumberMobileUser($number, $em) + { + $query = $em->getRepository(MobileUser::class)->createQueryBuilder('s') + ->where('s.phone_number = :number') + ->andWhere('s.customer is not null') + ->andWhere('s.confirm_flag = 1') + ->setParameter('number', $number) + ->setMaxResults(1) + ->getQuery(); + + // we just need one + $res = $query->getOneOrNullResult(); + + return $res; + } + + protected function findCustomerByNumber($number, $em) + { + $customers = $em->getRepository(Customer::class)->findBy(['phone_mobile' => $number]); + + // find the customer with the most number of cars + $car_count = 0; + $cust = null; + + foreach($customers as $customer) + { + $vehicles = $customer->getVehicles(); + if (count($vehicles) > $car_count) + { + $car_count = count($vehicles); + + // "save" customer object + $cust = $customer; + } + } + + return $cust; + } + // TODO: this might not be needed if we use APIController's checkRequiredParameters // or we put this into a service? protected function checkMissingParameters(Request $req, $params = [])