46 lines
1.5 KiB
PHP
46 lines
1.5 KiB
PHP
<?php
|
|
/**
|
|
* Delete/Cancel Payment Request (Admin/Accountant)
|
|
* POST /api/v1/payments/delete
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Core\Database;
|
|
use App\Middleware\AuthMiddleware;
|
|
|
|
try {
|
|
$decoded = AuthMiddleware::check();
|
|
$db = Database::getInstance();
|
|
$tenantId = $decoded['tenant_id'];
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
$paymentId = $data['payment_id'] ?? null;
|
|
|
|
if (!$paymentId) {
|
|
json_error('معرف طلب الدفع مطلوب.', 422);
|
|
}
|
|
|
|
// Only allow deleting PENDING requests
|
|
$stmt = $db->prepare("SELECT id FROM payment_requests WHERE id = ? AND tenant_id = ? AND status = 'pending'");
|
|
$stmt->execute([$paymentId, $tenantId]);
|
|
$payment = $stmt->fetch();
|
|
|
|
if (!$payment) {
|
|
json_error('لا يمكن حذف هذا الطلب (قد يكون مقبولاً بالفعل أو غير موجود).', 404);
|
|
}
|
|
|
|
$stmt = $db->prepare("DELETE FROM payment_requests WHERE id = ? AND tenant_id = ?");
|
|
$stmt->execute([$paymentId, $tenantId]);
|
|
|
|
// Log deletion
|
|
$logStmt = $db->prepare("INSERT INTO audit_logs (tenant_id, user_id, action, entity_type, entity_id) VALUES (?, ?, 'payment.deleted', 'payment', ?)");
|
|
$logStmt->execute([$tenantId, $decoded['user_id'], $paymentId]);
|
|
|
|
json_success([], 'تم إلغاء طلب الدفع بنجاح.');
|
|
|
|
} catch (\Throwable $e) {
|
|
error_log("Payment Delete Error: " . $e->getMessage());
|
|
json_error('حدث خطأ أثناء حذف طلب الدفع.', 500);
|
|
}
|