pguzman
8c047f5b28
Each prayer in the library has an optional default_bead_type (small/large/ crucifix). Standard prayers get sensible defaults: Our Father=large, Hail Mary=small, Sign of Cross=crucifix, Divine Mercy beads accordingly. In the sequence, each step card shows a bead selector (—/○/●/✝) so users can override the default per step. Adding a prayer pre-fills its default. Bead library icon hints (○●✝) appear on prayer cards in the library. Modal now includes a Bead selector for creating/editing prayers. Remove the separate Bead Markers library section — beads live on prayers. build_slides: prayer steps with bead_type now get a real bead_index so the ring advances correctly during presentation. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
160 lines
6.0 KiB
PHP
160 lines
6.0 KiB
PHP
<?php
|
|
/**
|
|
* api/builder_session.php — Save or update a custom builder session.
|
|
* Requires superuser+.
|
|
*
|
|
* POST — create or update session + steps
|
|
* Body JSON: {
|
|
* id? : int (existing session ID for update)
|
|
* name : string
|
|
* is_public : bool
|
|
* subject_name? : string
|
|
* subject_pronoun? : 'he'|'she'
|
|
* subject_dates? : string
|
|
* steps : [{prayer_id, attribution}, ...]
|
|
* }
|
|
*/
|
|
require_once __DIR__ . '/../config/db.php';
|
|
require_once __DIR__ . '/../includes/auth.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
function json_err(string $msg, int $code = 400): never {
|
|
http_response_code($code);
|
|
echo json_encode(['error' => $msg]);
|
|
exit;
|
|
}
|
|
|
|
require_auth();
|
|
if (!has_role('superuser')) json_err('Access denied', 403);
|
|
|
|
$pdo = get_pdo();
|
|
$user = current_user();
|
|
$uid = (int)$user['id'];
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') json_err('Method not allowed', 405);
|
|
|
|
$body = json_decode(file_get_contents('php://input'), true);
|
|
if (!$body) json_err('Invalid JSON');
|
|
|
|
$name = trim($body['name'] ?? '');
|
|
$is_public = (int)!empty($body['is_public']);
|
|
$subject_name = trim($body['subject_name'] ?? '');
|
|
$subject_pronoun = in_array($body['subject_pronoun'] ?? '', ['he','she']) ? $body['subject_pronoun'] : 'he';
|
|
$subject_dates = trim($body['subject_dates'] ?? '');
|
|
$steps = $body['steps'] ?? [];
|
|
$session_id = (int)($body['id'] ?? 0);
|
|
|
|
if ($name === '') json_err('Session name is required');
|
|
if (empty($steps)) json_err('Add at least one prayer to your sequence');
|
|
|
|
$valid_attributions = ['leader_all', 'leader_only', 'all_only', 'none'];
|
|
$valid_bead_types = ['small', 'large', 'crucifix'];
|
|
|
|
// Validate steps and collect prayer IDs to verify
|
|
$prayer_ids = [];
|
|
foreach ($steps as $i => $step) {
|
|
$type = $step['step_type'] ?? 'prayer';
|
|
if ($type === 'bead') {
|
|
if (!in_array($step['bead_type'] ?? '', $valid_bead_types)) {
|
|
json_err("Invalid bead type on step " . ($i + 1));
|
|
}
|
|
} else {
|
|
$pid = (int)($step['prayer_id'] ?? 0);
|
|
$att = $step['attribution'] ?? 'leader_all';
|
|
$bt = $step['bead_type'] ?? null;
|
|
if (!$pid) json_err("Step " . ($i + 1) . " is missing a prayer");
|
|
if (!in_array($att, $valid_attributions)) json_err("Invalid attribution on step " . ($i + 1));
|
|
if ($bt !== null && !in_array($bt, $valid_bead_types)) json_err("Invalid bead type on step " . ($i + 1));
|
|
$prayer_ids[] = $pid;
|
|
}
|
|
}
|
|
|
|
// Verify all prayer_ids exist and are accessible
|
|
if (!empty($prayer_ids)) {
|
|
$prayer_ids = array_unique($prayer_ids);
|
|
$in_placeholders = implode(',', array_fill(0, count($prayer_ids), '?'));
|
|
$valid_stmt = $pdo->prepare("
|
|
SELECT id FROM custom_prayers
|
|
WHERE id IN ($in_placeholders)
|
|
AND (is_global = 1 OR created_by = ?)
|
|
");
|
|
$valid_stmt->execute([...$prayer_ids, $uid]);
|
|
$valid_ids = array_column($valid_stmt->fetchAll(), 'id');
|
|
foreach ($prayer_ids as $pid) {
|
|
if (!in_array((string)$pid, array_map('strval', $valid_ids))) {
|
|
json_err("Prayer ID {$pid} not found or not accessible");
|
|
}
|
|
}
|
|
}
|
|
|
|
$pdo->beginTransaction();
|
|
try {
|
|
if ($session_id > 0) {
|
|
// Update existing session — verify ownership
|
|
$owner_stmt = $pdo->prepare("SELECT user_id FROM sessions WHERE id = ? AND occasion = 'custom'");
|
|
$owner_stmt->execute([$session_id]);
|
|
$existing = $owner_stmt->fetch();
|
|
if (!$existing) json_err('Session not found', 404);
|
|
if (!has_role('admin') && (int)$existing['user_id'] !== $uid) json_err('Access denied', 403);
|
|
|
|
$slug = unique_slug($name, $uid, 'sessions', $session_id);
|
|
$pdo->prepare("
|
|
UPDATE sessions
|
|
SET name=?, is_public=?, subject_name=?, subject_pronoun=?, subject_dates=?,
|
|
slug=?, updated_at=NOW()
|
|
WHERE id=?
|
|
")->execute([$name, $is_public, $subject_name ?: null, $subject_pronoun, $subject_dates ?: null, $slug, $session_id]);
|
|
|
|
// Replace all steps
|
|
$pdo->prepare("DELETE FROM builder_steps WHERE session_id = ?")->execute([$session_id]);
|
|
} else {
|
|
// Check rosary limit
|
|
if (!can_create_rosary($uid, (int)$user['rosary_limit'])) {
|
|
json_err('You have reached your rosary limit. Contact an administrator.');
|
|
}
|
|
$slug = unique_slug($name, $uid);
|
|
$pdo->prepare("
|
|
INSERT INTO sessions
|
|
(user_id, is_public, slug, name, occasion, mystery_set,
|
|
subject_name, subject_pronoun, subject_dates)
|
|
VALUES (?, ?, ?, ?, 'custom', 'custom', ?, ?, ?)
|
|
")->execute([$uid, $is_public, $slug, $name, $subject_name ?: null, $subject_pronoun, $subject_dates ?: null]);
|
|
$session_id = (int)$pdo->lastInsertId();
|
|
}
|
|
|
|
// Insert steps
|
|
$step_stmt = $pdo->prepare(
|
|
"INSERT INTO builder_steps (session_id, step_type, bead_type, step_order, prayer_id, attribution)
|
|
VALUES (?, ?, ?, ?, ?, ?)"
|
|
);
|
|
foreach ($steps as $order => $step) {
|
|
$type = $step['step_type'] ?? 'prayer';
|
|
if ($type === 'bead') {
|
|
$step_stmt->execute([$session_id, 'bead', $step['bead_type'], $order, null, 'none']);
|
|
} else {
|
|
$bt = in_array($step['bead_type'] ?? null, ['small','large','crucifix']) ? $step['bead_type'] : null;
|
|
$step_stmt->execute([$session_id, 'prayer', $bt, $order, (int)$step['prayer_id'], $step['attribution']]);
|
|
}
|
|
}
|
|
|
|
$pdo->commit();
|
|
|
|
// Return session URL
|
|
$user_row = $pdo->prepare("SELECT username FROM users WHERE id = ?");
|
|
$user_row->execute([$uid]);
|
|
$username = $user_row->fetchColumn();
|
|
$present_url = BASE_URL . '/' . rawurlencode($username) . '/' . rawurlencode($slug);
|
|
|
|
echo json_encode([
|
|
'saved' => true,
|
|
'session_id' => $session_id,
|
|
'slug' => $slug,
|
|
'present_url' => $present_url,
|
|
'edit_url' => BASE_URL . '/admin/builder.php?id=' . $session_id,
|
|
]);
|
|
} catch (Throwable $e) {
|
|
$pdo->rollBack();
|
|
json_err('Save failed: ' . $e->getMessage());
|
|
}
|