Use a function in a different Symfony controller to confirm input?

I have ReturnRequestController.php, which allows a customer to return a product on an order. I pass the variables order_number and sku to the controller via an API call (URL with values embedded in it). As long as the values passed aren't 0, then I return a JSON response saying success. All of that works fine.

btw, the API URL looks like this:

https://dev.mysite.com/account/return_request/?order_number=27652&qm_sku=24&options=chartreuse&qty=3&email=billy@gibbons.com

Select allOpen in new window

What I need... I need to make sure the order number and the sku actually belong together (the sku is on the order) and the order belongs to the customer ID who submitted the request (I do have the customer ID available to me already in the ReturnRequestController.php).

There is a public function called GetCustomerOrder outside of ReturnRequestController.php, in a file called DbAzure.php. That function is shown below, and the function in ReturnRequestController.php is shown below that. Is there a way to use function GetCustomerOrder from DbAzure.php inside another function (index) in a different file (ReturnRequestController.php) which will check to make sure the order number coming in via the API URL is an order that customer placed, AND that the sku in the API URL is on that order?

In DbAzure.php:

    public function getCustomerOrder($om_customer_id, $order_number) {
       $query = "SELECT o.OrderNumber,
                        o.SourceOrderNumber,
                        o.OrderDate,
                        o.BalanceDue,
                        o.Name,
                        o.Company,
                        o.Email,
                        o.Address,
                        o.Address2,
                        o.City,
                        o.State,
                        o.Zip,
                        o.Country,
                        o.Phone,
                        o.ShipName,
                        o.ShipCompany,
                        o.ShipAddress,
                        o.ShipAddress2,
                        o.ShipCity,
                        o.ShipState,
                        o.ShipZip,
                        o.ShipCountry,
                        o.ShipPhone,
                        o.ShipOn,
                        o.Approved,
                        o.Cancelled,
                        o.FinalProductTotal,
                        o.FinalTaxTotal,
                        o.FinalShippingTotal,
                        o.FinalGrandTotal,
                        o.NumItems,
                        sc.Label AS OrderStatus
                 FROM dbo.Orders o
                 LEFT JOIN dbo.Order_Profile p ON p.OrderNumber = o.OrderNumber
                 LEFT JOIN dbo.Order_Status_Codes sc ON sc.Code = p.Order_Status_Code
                 WHERE o.CustomerID = ".intval($om_customer_id)." AND o.OrderNumber = ".intval($order_number);
       $result = $this->doSelectOne($query);

       $order = array('OrderNumber'          => $result['OrderNumber'],
       	              'WebOrderID'           => $result['SourceOrderNumber'],
       	              'OrderDate'            => $result['OrderDate'],
       	              'ProcessedDate'        => "",  //????????
       	              'OrderStatus'          => $result['OrderStatus'],
       	              'ShippingMethod'       => "", //???
       	              'OrderTotal'           => $result['FinalGrandTotal'],
       	              'PONumber'             => "",
       	              'Approved'             => false, //????????????????????????
       	              'Cancelled'            => ($result['Cancelled'] == 1),
       	              'Tracking'             => false,
       	              'HasInvoice'           => false,
       	              'total_qty'            => $result['NumItems'],
       	              'HasOrderConfirmation' => false,
       	              'order_details'        => array()
       	             );
       $shipping_address = array('name'         => $result['ShipName'],
       	                         'company_name' => $result['ShipCompany'],
       	                         'address1'     => $result['ShipAddress'],
       	                         'address2'     => $result['ShipAddress2'],
       	                         'city'         => $result['ShipCity'],
       	                         'state'        => $result['ShipState'],
       	                         'postal_code'  => $result['ShipZip'],
       	                         'country_name' => $result['ShipCountry']);
       $order['shipping_address'] = $shipping_address;

       $query = "SELECT OrderNumber,
                        SKU,
                        Product,
                        PricePerUnit AS Price,
                        QuantityOrdered AS qty,
                        DateShipped,
                        Returnable,
                        ItemNumber
                 FROM dbo.[Order Details]
                 WHERE OrderNumber = ".intval($order_number)." AND Adjustment = 0 AND (type <> 'P' OR type IS NULL)
                 ORDER BY ItemNumber";
                 
       $results = $this->doSelect($query);
       foreach($results AS $row) {
       	  $order['order_details'][$row['ItemNumber']] = $row;
       }
       return $order;      	
    }

Select allOpen in new window

In ReturnRequestController.php

    public function indexAction()
    {

       $request_result = array('success' => false);
         if($this->container->get('security.context')->isGranted('IS_AUTHENTICATED_FULLY')){  
          $user = $this->container->get('security.context')->getToken()->getUser();
          $em = $this->getDoctrine()->getEntityManager();
          $dbAzure = new DbAzure();
          $request = $this->getRequest();
          
          $om_customer_id = $user->getCustomer()->getOmCustomerId();
          $order_number = $request->get('order_number');
          $qm_sku = intval($request->get('qm_sku'));
          $options = $request->get('options');
          $qty = intval($request->get('qty'));
          $email = $request->get('email');
          $id = intval($request->get('id'));

         if($om_customer_id <= 0 || $order_number <=0 || $qm_sku <=0 || $qty <=0) {
               $ret = array('success' => false,
             	            'error'   => "Input not valid");
               $code = 500;
                 return new JsonResponse( $ret, $code );

         } else {

            $success = $dbAzure->submitReturnRequest($order_number, $qm_sku, $options, $qty);
          
          $fullname = $user->getFirstName()." ".$user->getLastName();
          $subject = "Return Request for OM Order Number ".$order_number."";
          
          $message = \Swift_Message::newInstance()
                 ->setSubject($subject)
                 ->setFrom(array($email => $fullname))
                 ->setTo(array("me@me.com")) 
                 ->setContentType( 'text/html' )
                    ->setBody(
                        $this->renderView(
                            'QuickMedicalMyAccountBundle:ReturnRequest:emailRequestProductReturn.html.twig',
                            array('fullname' => $fullname,
                            	  'om_customer_id' => $om_customer_id,
                            	  'qm_sku' => $qm_sku,
                            	  'email' => $email)
                        )
                    );
          $this->get('mailer')->send($message);

         }  

          $ret = array('success' => true,
                       'id'      => $success);
          $code = 200;
       } else {
          $ret = array('success' => false,
             	       'error'   => "Not logged in");
          $code = 500;
       }
       
       return new JsonResponse( $ret, $code );
       
    }

Select allOpen in new window