Better endpoint to move transactions.

2025-09-04 19:53:44 +00:00 · 2021-08-10 18:43:21 +02:00
parent 840316d4e4
commit 8e104a62ae
9 changed files with 339 additions and 6 deletions
--- a/app/Api/V1/Controllers/Data/Bulk/AccountController.php
+++ b/app/Api/V1/Controllers/Data/Bulk/AccountController.php
@@ -12,11 +12,16 @@ use Illuminate\Http\JsonResponse;

 /**
 * Class AccountController
+ *
+ * @deprecated
 */
 class AccountController extends Controller
 {
    private AccountRepositoryInterface $repository;

+    /**
+     *
+     */
    public function __construct()
    {
        parent::__construct();
@@ -37,8 +42,8 @@ class AccountController extends Controller
     */
    public function moveTransactions(MoveTransactionsRequest $request): JsonResponse
    {
-        $accountIds  = $request->getAll();
-        $original    = $this->repository->find($accountIds['original_account']);
+        $accountIds = $request->getAll();
+        $original = $this->repository->find($accountIds['original_account']);
        $destination = $this->repository->find($accountIds['destination_account']);

        /** @var AccountDestroyService $service */
--- a/app/Api/V1/Controllers/Data/Bulk/TransactionController.php
+++ b/app/Api/V1/Controllers/Data/Bulk/TransactionController.php
@@ -0,0 +1,75 @@
+<?php
+
+namespace FireflyIII\Api\V1\Controllers\Data\Bulk;
+
+use FireflyIII\Api\V1\Controllers\Controller;
+use FireflyIII\Api\V1\Requests\Data\Bulk\TransactionRequest;
+use FireflyIII\Repositories\Account\AccountRepositoryInterface;
+use FireflyIII\Services\Internal\Destroy\AccountDestroyService;
+use Illuminate\Http\JsonResponse;
+
+/**
+ * Class TransactionController
+ *
+ * Endpoint to update transactions by submitting
+ * (optional) a "where" clause and an "update"
+ * clause.
+ *
+ * Because this is a security nightmare waiting to happen validation
+ * is pretty strict.
+ */
+class TransactionController extends Controller
+{
+    private AccountRepositoryInterface $repository;
+
+    /**
+     *
+     */
+    public function __construct()
+    {
+        parent::__construct();
+        $this->middleware(
+            function ($request, $next) {
+                $this->repository = app(AccountRepositoryInterface::class);
+                $this->repository->setUser(auth()->user());
+
+                return $next($request);
+            }
+        );
+    }
+
+    /**
+     * @param TransactionRequest $request
+     *
+     * @return JsonResponse
+     */
+    public function update(TransactionRequest $request): JsonResponse
+    {
+        $query  = $request->getAll();
+        $params = $query['query'];
+        // this deserves better code, but for now a loop of basic if-statements
+        // to respond to what is in the $query.
+        // this is OK because only one thing can be in the query at the moment.
+        if ($this->updatesTransactionAccount($params)) {
+            $original    = $this->repository->find((int)$params['where']['source_account_id']);
+            $destination = $this->repository->find((int)$params['update']['destination_account_id']);
+
+            /** @var AccountDestroyService $service */
+            $service = app(AccountDestroyService::class);
+            $service->moveTransactions($original, $destination);
+        }
+
+        return response()->json([], 204);
+    }
+
+    /**
+     * @param array $params
+     *
+     * @return bool
+     */
+    private function updatesTransactionAccount(array $params): bool
+    {
+        return array_key_exists('source_account_id', $params['where']) && array_key_exists('destination_account_id', $params['update']);
+    }
+
+}