89 lines
2.9 KiB
PHP
89 lines
2.9 KiB
PHP
<?php
|
|
|
|
require_once __DIR__ . '/../includes/api_bootstrap.php';
|
|
require_once __DIR__ . '/../includes/expense_helpers.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
sendJson(['success' => false, 'error' => 'Method not allowed'], 405);
|
|
}
|
|
|
|
$people = normalizePeopleList(readJsonFile('people.json'));
|
|
$actor = requireActivePerson($people);
|
|
if (($actor['role'] ?? '') !== ROLE_HEAD || !isHohVerified()) {
|
|
sendJson(['success' => false, 'error' => 'Only a verified Head of household can record expenses'], 403);
|
|
}
|
|
|
|
$creatorId = (string) ($actor['id'] ?? '');
|
|
|
|
$body = readJsonBody();
|
|
$title = isset($body['title']) ? trim((string) $body['title']) : '';
|
|
$description = isset($body['description']) ? trim((string) $body['description']) : '';
|
|
$date = isset($body['date']) ? trim((string) $body['date']) : '';
|
|
$assigneeId = isset($body['assignee_id']) ? trim((string) $body['assignee_id']) : '';
|
|
|
|
if ($title === '') {
|
|
sendJson(['success' => false, 'error' => 'Title is required'], 400);
|
|
}
|
|
if ($date === '' || !preg_match('/^\d{4}-\d{2}-\d{2}$/', $date)) {
|
|
sendJson(['success' => false, 'error' => 'date must be YYYY-MM-DD'], 400);
|
|
}
|
|
if ($assigneeId === '') {
|
|
sendJson(['success' => false, 'error' => 'assignee_id is required'], 400);
|
|
}
|
|
|
|
$valRaw = $body['value'] ?? null;
|
|
if (!is_numeric($valRaw)) {
|
|
sendJson(['success' => false, 'error' => 'value must be a number'], 400);
|
|
}
|
|
$value = round((float) $valRaw, 2);
|
|
if ($value <= 0) {
|
|
sendJson(['success' => false, 'error' => 'value must be greater than zero'], 400);
|
|
}
|
|
|
|
$targetIdx = null;
|
|
foreach ($people as $i => $p) {
|
|
if (($p['id'] ?? '') === $assigneeId) {
|
|
$targetIdx = $i;
|
|
break;
|
|
}
|
|
}
|
|
if ($targetIdx === null) {
|
|
sendJson(['success' => false, 'error' => 'Assignee not found'], 400);
|
|
}
|
|
|
|
$bal = $people[$targetIdx]['currency_balance'] ?? 0;
|
|
$bal = is_numeric($bal) ? (float) $bal : 0.0;
|
|
if ($bal < $value) {
|
|
sendJson([
|
|
'success' => false,
|
|
'error' => 'Insufficient balance: has ' . number_format($bal, 2, '.', '') . ', expense is ' . number_format($value, 2, '.', ''),
|
|
], 400);
|
|
}
|
|
|
|
$people[$targetIdx]['currency_balance'] = round($bal - $value, 2);
|
|
|
|
$expense = [
|
|
'id' => bin2hex(random_bytes(8)),
|
|
'title' => $title,
|
|
'description' => $description,
|
|
'date' => $date,
|
|
'value' => $value,
|
|
'assignee_id' => $assigneeId,
|
|
'created_at' => gmdate('c'),
|
|
'created_by' => $creatorId,
|
|
];
|
|
|
|
$expenses = normalizeExpensesList(readJsonFile('expenses.json'));
|
|
$expenses[] = $expense;
|
|
|
|
if (!writeJsonFile('people.json', $people)) {
|
|
sendJson(['success' => false, 'error' => 'Failed to update balance'], 500);
|
|
}
|
|
if (!writeJsonFile('expenses.json', $expenses)) {
|
|
$people[$targetIdx]['currency_balance'] = $bal;
|
|
writeJsonFile('people.json', $people);
|
|
sendJson(['success' => false, 'error' => 'Failed to save expense; balance was not changed'], 500);
|
|
}
|
|
|
|
sendJson(['success' => true, 'expense' => $expense, 'new_balance' => $people[$targetIdx]['currency_balance']]);
|