bhitch
/
PDQ


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
							<?php
require_once __DIR__ . '/../lib/identity.php';
require_once __DIR__ . '/../lib/jobs.php';

[$actor, $vendor_id] = resolve_request_actor();
$pdo = db();

$job_id = (int) ($_POST['job_id'] ?? 0);
$action = $_POST['action'] ?? '';
$column = $_POST['column'] ?? '';
$value  = $_POST['value']  ?? '';

if ($job_id <= 0) {
    http_response_code(400);
    echo 'Bad job_id';
    return;
}

$stmt = $pdo->prepare('SELECT * FROM jobs WHERE id = ?');
$stmt->execute([$job_id]);
$job = $stmt->fetch();
if (!$job) {
    http_response_code(404);
    echo 'Job not found';
    return;
}

// Vendor-side requests are scoped to their own jobs.
if ($actor !== 'ICG' && (int) $job['vendor_id'] !== $vendor_id) {
    http_response_code(403);
    echo 'Wrong vendor';
    return;
}

// --- Button-driven state transitions ---
if ($action !== '') {
    $allowed = [
        'acknowledge'    => ['ack',    '',          ['vendor']],
        'mark_finished'  => ['status', 'Finished',  ['vendor']],
        'mark_shipped'   => ['status', 'Shipped',   ['vendor']],
        'mark_received'  => ['status', 'Received',  ['ICG']],
    ];
    if (!isset($allowed[$action])) {
        http_response_code(400);
        echo 'Unknown action';
        return;
    }
    [$col, $new, $roles] = $allowed[$action];
    $role = $actor === 'ICG' ? 'ICG' : 'vendor';
    if (!in_array($role, $roles, true)) {
        http_response_code(403);
        echo 'Action not allowed for this role';
        return;
    }
    apply_job_change($job, $col, $new, $actor);
    echo 'Success';
    return;
}

// --- Field edits (ICG only) ---
if ($actor !== 'ICG') {
    http_response_code(403);
    echo 'Edits restricted to ICG';
    return;
}

$editable = ['job', 'material', 'description', 'qty', 'due_date'];
if (!in_array($column, $editable, true)) {
    http_response_code(400);
    echo 'Unknown column';
    return;
}

$value = trim($value);

if ($column === 'qty') {
    if ($value === '' || !is_numeric($value)) {
        http_response_code(400);
        echo 'Qty must be a number';
        return;
    }
    $value = (string) (int) $value;
} elseif ($column === 'due_date') {
    $value = parse_due_date($value);
}

apply_job_change($job, $column, $value, $actor);
echo 'Success';