From 6568394aeb796b2bf54d7c445851bdc19d5aa167 Mon Sep 17 00:00:00 2001
From: Frank Schubert <fronk@fronk.at>
Date: Wed, 19 Jul 2023 11:44:16 +0200
Subject: [PATCH] Added check for preorderType in address and campaign to api

---
 application/Api/v1/PreorderApicontroller.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/application/Api/v1/PreorderApicontroller.php b/application/Api/v1/PreorderApicontroller.php
index d5aa5440f..12892eb8d 100644
--- a/application/Api/v1/PreorderApicontroller.php
+++ b/application/Api/v1/PreorderApicontroller.php
@@ -535,6 +535,24 @@ class PreorderApicontroller extends mfBaseApicontroller {
       return mfResponse::Forbidden(['message' => "Bestellung in diesem Netzgebiet/Cluster nicht erlaubt"]);
     }
     
+    // check for allowed PreorderType in address
+    $allowed_freigabe = json_decode($address->freigabe);
+    if(!is_array($allowed_freigabe) || !count($allowed_freigabe)) {
+      return mfResponse::Forbidden(['message' => "Adresse (noch) nicht bestellbar"]);
+    }
+    if(!in_array($type, $allowed_freigabe)) {
+      return mfResponse::Forbidden(['message' => "Adresse (noch) nicht bestellbar"]);
+    }
+    
+    // check for allowed PreorderType in campaign
+    $allowed_campaigntypes = $this->campaign->types;
+    if(!is_array($allowed_campaigntypes) || !count($allowed_campaigntypes)) {
+      return mfResponse::Forbidden(['message' => "PreorderType not allowed"]);
+    }
+    if(!array_key_exists($type, $allowed_campaigntypes)) {
+      return mfResponse::Forbidden(['message' => "PreorderType not allowed"]);
+    }
+    
     /* 
      * build fields
      */