public RawTransferData GetTransferFromId(int transferId) { RawTransferData output = new RawTransferData(); try { using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand cmd = new SqlCommand("SELECT transfer_id, transfer_type_id, transfer_status_id, account_from, account_to, amount FROM transfers WHERE transfer_id = @transferId;", conn); cmd.Parameters.AddWithValue("@transferId", transferId); SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { output.TransferId = Convert.ToInt32(reader["transfer_id"]); output.TransferTypeId = Convert.ToInt32(reader["transfer_type_id"]); output.TransferStatusId = Convert.ToInt32(reader["transfer_status_id"]); output.AccountFrom = Convert.ToInt32(reader["account_from"]); output.AccountTo = Convert.ToInt32(reader["account_to"]); output.Amount = Convert.ToDecimal(reader["amount"]); } } } catch (Exception) { throw; } return(output); }
public ActionResult ApproveRequest(TransferNumber transferNumber) { //gets user id for current user int userId = userDAO.GetUser(User.Identity.Name).UserId; //gets account from current user's id Account userAccount = accountDAO.GetAccountFromUserId(userId); //gets balance for current user's account decimal accountBalance = userAccount.Balance; //creates transfer object for base data of transfer i.e. just ids for types, accounts, no names RawTransferData transfer = transferDAO.GetTransferFromId(transferNumber.TransferId); //gets amount of transfer from transfer object decimal transferAmount = transfer.Amount; //gets account for recipient from account number Account recipientAccount = accountDAO.GetAccountFromAccountNumber(transfer.AccountTo); //checks to prevent user from approving request they made if (transfer.AccountTo == userAccount.AccountId) { return(BadRequest("You cannot approve a request to your own account.")); } //checks to make sure person approving has enough money in account to send if (accountBalance >= transferAmount) { bool reduceSuccess = transferDAO.ReduceBalance(transferAmount, userId); if (!reduceSuccess) { return(StatusCode(500, "Unable to withdraw funds / server issue.")); } bool increaseSuccess = transferDAO.IncreaseBalance(transferAmount, recipientAccount.UserId); if (!increaseSuccess) { return(StatusCode(500, "Unable to add funds / server issue.")); } //updates transfer status from "pending" to "approved" bool createTransferSuccess = transferDAO.UpdateRequest(transferNumber.TransferId, 2); if (!createTransferSuccess) { return(StatusCode(500, "Unable to record transaction / server issue.")); } //if successful, returns status 200 to client w/ message return(Ok("Request Approved, transfer successful.")); } else { return(BadRequest("Insufficient funds.")); } }