From 67151e93714a496a61fc72463f5af19165f506e4 Mon Sep 17 00:00:00 2001
From: mahdahar <89adham@gmail.com>
Date: Tue, 10 Jun 2025 10:54:16 +0700
Subject: [PATCH] request filter added

---
 README.md                  | 11 -----------
 app/Controllers/API_TM.php | 39 ++++++++++++++++++++++++++------------
 2 files changed, 27 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index a79bea8..e69de29 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +0,0 @@
-buat rule cmod-rest
--order baru
--klo ref baru > ok
--klo ref dan mr+nama sama -> ok
--klo ref sama cek mr dan nama beda di lis -> (kirim error balik)
--order tambahan
--ref sama , cek mr dan nama pasien harus sama + status receive di lis = 0 > ok
--kalo mr dan nama beda atau receive = 1 -> tolak (kirim error balik)
--order cancel
--klo ref sama status cancel=1 dan status receive di lis = 0 - ok
--klo ref sama sattus cancel=1 dan status receive di lis = 1 - tolak (kirim error balik
\ No newline at end of file
diff --git a/app/Controllers/API_TM.php b/app/Controllers/API_TM.php
index 2d2f9d6..36f1e54 100644
--- a/app/Controllers/API_TM.php
+++ b/app/Controllers/API_TM.php
@@ -114,10 +114,10 @@ class API_TM extends ResourceController {
 		$bw = $qant['weight'];
 		$bh = $qant['height'];
 		
-		$sql = "select PATID from cmod.dbo.CM_TM_PATIENTS where PATNUMBER='$rm'";		
+		$sql = "select PATID, FIRSTNAME, LASTNAME from cmod.dbo.CM_TM_PATIENTS where PATNUMBER='$rm'";		
 		$query = $db->query($sql);
 		$result = $query->getResultArray();
-		if(isset($result[0])) { $patid = $result[0]['PATID']; }
+		if(isset($result[0])) { $patid = $result[0]['PATID']; $rfirstname = $result[0]['FIRSTNAME']; $rlastname = $result[0]['LASTNAME']; }
 		else { $patid = ''; }
 
 		$sql = "select REQID, PATID from cmod.dbo.CM_TM_REQUESTS where REFFID='$reffid'";
@@ -128,14 +128,24 @@ class API_TM extends ResourceController {
 
 		//echo "$patid<br/>$reqid - $rpatid";
 
+		//check receive
+		$sql = "select recv=case when exists (select * from PADMA.dbo.SP_TUBES where SP_ACCESSNUMBER='5061004820' and TUBESTATUS=4) then 1 else 0 end;";
+		$query = $db->query($sql);
+		$result = $query->getResultArray();
+		$recv = $result[0]['recv'];
+
 		// check data patient
-		if($patid == '') { // new patient 
+		if($patid == '') { // new patient
 			$sql = "INSERT INTO cmod.dbo.CM_TM_PATIENTS (PATNUMBER, FIRSTNAME, LASTNAME, BIRTHDATE, SEX, PHONE ) VALUES ('$rm', '$firstname', '$lastname', '$dob', '$sex', '$phone' )"; 
 			$db->query($sql); $patid = $db->insertID();
 		} else { // existing patient
-			if($rpatid == $patid ) { // if patient is the same
-				$sql = "UPDATE cmod.dbo.CM_TM_PATIENTS SET FIRSTNAME='$firstname', LASTNAME='$lastname', BIRTHDATE='$dob', SEX='$sex', PHONE='$phone' where PATID='$patid'"; 
-				$db->query($sql);
+			if($rpatid == $patid && $rfirstname==$firstname && $rlastname == $lastname ) { // if patient is the same
+				if($recv == 0) {
+					$sql = "UPDATE cmod.dbo.CM_TM_PATIENTS SET FIRSTNAME='$firstname', LASTNAME='$lastname', BIRTHDATE='$dob', SEX='$sex', PHONE='$phone' where PATID='$patid'"; 
+					$db->query($sql);
+				} else {
+					return $this->failForbidden('Error. Sample already received, cannot update patient data. ');
+				}
 			} else {
 				return $this->failForbidden('Error. Invalid patient data.');
 			}
@@ -145,12 +155,17 @@ class API_TM extends ResourceController {
 			if( $reqid == '' ) { // new request
 				$sql = "INSERT INTO cmod.dbo.CM_TM_REQUESTS (REFFID, REQNUMBER, REQDATE, AGENT, DOC, LOC, PATID, COMPANY, LOGDATE, BW, BH, VISITDESC, VISITTYPE, REQSTATUS) 
 					VALUES ('$reffid', '$visitnum', '$visitdt', '$agentname', '$doc', '$loc', '$patid', '$company', '$createdt', '$bw', '$bh', '$visitdesc', '$visittype', '$reqstatus' )"; 
-				$db->query($sql); $reqid = $db->insertID();
-			} else { // existing request
-				$sql = "UPDATE cmod.dbo.CM_TM_REQUESTS SET REQNUMBER='$visitnum', REQDATE='$visitdt', AGENT='$agentname', DOC='$doc', LOC='$loc', PATID='$patid', 
-					COMPANY='$company',LOGDATE='$createdt', BW='$bw', BH='$bh', VISITDESC='$visitdesc', VISITTYPE='$visittype', REQSTATUS='$reqstatus'
-					where REQID='$reqid'"; 
 				$db->query($sql);
+			} else { // existing request
+				
+				if($recv == 0) {
+					$sql = "UPDATE cmod.dbo.CM_TM_REQUESTS SET REQNUMBER='$visitnum', REQDATE='$visitdt', AGENT='$agentname', DOC='$doc', LOC='$loc', PATID='$patid', 
+						COMPANY='$company',LOGDATE='$createdt', BW='$bw', BH='$bh', VISITDESC='$visitdesc', VISITTYPE='$visittype', REQSTATUS='$reqstatus'
+						where REQID='$reqid'"; 
+					$db->query($sql);
+				} else {
+					return $this->failForbidden('Error. Sample already received, cannot update request data. ');
+				}
 			}
 		} 
 		
@@ -178,7 +193,7 @@ class API_TM extends ResourceController {
 		$db->query($sql);
 		
 		//sendORM
-		//$this->orm($reqid);
+		$this->orm($reqid);
 		
 		return $this->respond(201);
 	}