public RawTransferData GetTransferFromId(int transferId)
{
RawTransferData output = new RawTransferData();
try
{
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand("SELECT transfer_id, transfer_type_id, transfer_status_id, account_from, account_to, amount FROM transfers WHERE transfer_id = @transferId;", conn);
cmd.Parameters.AddWithValue("@transferId", transferId);
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
output.TransferId = Convert.ToInt32(reader["transfer_id"]);
output.TransferTypeId = Convert.ToInt32(reader["transfer_type_id"]);
output.TransferStatusId = Convert.ToInt32(reader["transfer_status_id"]);
output.AccountFrom = Convert.ToInt32(reader["account_from"]);
output.AccountTo = Convert.ToInt32(reader["account_to"]);
output.Amount = Convert.ToDecimal(reader["amount"]);
}
}
}
catch (Exception)
{
throw;
}
return(output);
}
public ActionResult ApproveRequest(TransferNumber transferNumber)
{
//gets user id for current user
int userId = userDAO.GetUser(User.Identity.Name).UserId;
//gets account from current user's id
Account userAccount = accountDAO.GetAccountFromUserId(userId);
//gets balance for current user's account
decimal accountBalance = userAccount.Balance;
//creates transfer object for base data of transfer i.e. just ids for types, accounts, no names
RawTransferData transfer = transferDAO.GetTransferFromId(transferNumber.TransferId);
//gets amount of transfer from transfer object
decimal transferAmount = transfer.Amount;
//gets account for recipient from account number
Account recipientAccount = accountDAO.GetAccountFromAccountNumber(transfer.AccountTo);
//checks to prevent user from approving request they made
if (transfer.AccountTo == userAccount.AccountId)
{
return(BadRequest("You cannot approve a request to your own account."));
}
//checks to make sure person approving has enough money in account to send
if (accountBalance >= transferAmount)
{
bool reduceSuccess = transferDAO.ReduceBalance(transferAmount, userId);
if (!reduceSuccess)
{
return(StatusCode(500, "Unable to withdraw funds / server issue."));
}
bool increaseSuccess = transferDAO.IncreaseBalance(transferAmount, recipientAccount.UserId);
if (!increaseSuccess)
{
return(StatusCode(500, "Unable to add funds / server issue."));
}
//updates transfer status from "pending" to "approved"
bool createTransferSuccess = transferDAO.UpdateRequest(transferNumber.TransferId, 2);
if (!createTransferSuccess)
{
return(StatusCode(500, "Unable to record transaction / server issue."));
}
//if successful, returns status 200 to client w/ message
return(Ok("Request Approved, transfer successful."));
}
else
{
return(BadRequest("Insufficient funds."));
}
}
