moved different api calls
This commit is contained in:
28
pub/api/v1/portal-management/configure/index.php
Normal file
28
pub/api/v1/portal-management/configure/index.php
Normal file
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
use api\classes\API_portalsettings;
|
||||
|
||||
session_start();
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_portalsettings.php';
|
||||
|
||||
$API_portalsettings = new API_portalsettings();
|
||||
|
||||
if ($API_portalsettings->request_method === 'PUT') {
|
||||
|
||||
# Edit the portal settings of the platform
|
||||
|
||||
$API_portalsettings->checkPermissions('admin-portalsettings', 'RW');
|
||||
|
||||
$requiredFields = [
|
||||
'portal_uuid' => ['type' => 'uuid'],
|
||||
'portal_name' => ['type' => 'string'],
|
||||
'portal_provider_name' => ['type' => 'string'],
|
||||
'admin_auth_methods' => ['type' => 'string']
|
||||
];
|
||||
|
||||
$API_portalsettings->validateData($requiredFields);
|
||||
|
||||
# Update the permission
|
||||
$API_portalsettings->updatePortalSettings();
|
||||
|
||||
}
|
||||
46
pub/api/v1/portal-management/group-permissions/index.php
Normal file
46
pub/api/v1/portal-management/group-permissions/index.php
Normal file
@@ -0,0 +1,46 @@
|
||||
<?php
|
||||
|
||||
use api\classes\API_permissions;
|
||||
use api\classes\API_usergroups;
|
||||
|
||||
session_start();
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_usergroups.php';
|
||||
|
||||
$API_permissions = new API_permissions();
|
||||
$API_usergroups = new API_usergroups();
|
||||
|
||||
if ($API_permissions->request_method === 'GET') {
|
||||
# to be made, get all the access-rights and implement the builder
|
||||
|
||||
} elseif ($API_permissions->request_method === 'PUT') {
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
$API_permissions->return_url = false;
|
||||
|
||||
$API_permissions->checkPermissions('admin-access-control-permissions', 'RW');
|
||||
|
||||
$requiredFields = [
|
||||
'permission_uuid' => ['type' => 'uuid'],
|
||||
'user_group_uuid' => ['type' => 'uuid'],
|
||||
'permission_value' => ['type' => 'enum', 'values' => ['NA', 'RO', 'RW']],
|
||||
];
|
||||
|
||||
$API_permissions->validateData($requiredFields);
|
||||
|
||||
# check if the permission exists
|
||||
$_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
|
||||
$API_permissions->getPermission();
|
||||
|
||||
# check if the user_group_uuid exists
|
||||
$_GET['builder'] = [1 => ['where' => [0 => 'user_group_uuid', 1 => $API_permissions->data['user_group_uuid']]]];
|
||||
$user_group = $API_usergroups->getUsergroup();
|
||||
|
||||
# if the user updating the permissions is in a lower group (higher group weight number) prevent them for doing so to prevent
|
||||
# Privilege escalation.
|
||||
if ($user_group[0]['user_group_weight'] < $_SESSION['user']['user_group_weight']) {
|
||||
$API_permissions->apiOutput(405, ['error' => 'You are not allowed to update this user since you are in a lower group']);
|
||||
}
|
||||
|
||||
# Update the permission
|
||||
$API_permissions->updateAccessRights();
|
||||
}
|
||||
43
pub/api/v1/portal-management/mail/configure/index.php
Normal file
43
pub/api/v1/portal-management/mail/configure/index.php
Normal file
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
use api\classes\API_mailsettings;
|
||||
|
||||
session_start();
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_mailsettings.php';
|
||||
|
||||
$API_mailsettings = new API_mailsettings();
|
||||
|
||||
if ($API_mailsettings->request_method === 'PUT') {
|
||||
# Edit the mailsettings of the platform
|
||||
|
||||
$API_mailsettings->checkPermissions('admin-mailsettings', 'RW');
|
||||
|
||||
$requiredFields = [
|
||||
'portal_uuid' => ['type' => 'uuid'],
|
||||
'mail_from_name' => ['type' => 'string'],
|
||||
'mail_from_address' => ['type' => 'email'],
|
||||
'mail_smtp_host' => ['type' => 'string'],
|
||||
'mail_smtp_secure' => ['type' => 'enum', 'values' => ['tls', 'ssl', 'no']],
|
||||
'mail_smtp_port' => ['type' => 'int', 'min' => 4, 'max' => 65535],
|
||||
'mail_smtp_auth' => ['type' => 'boolean'],
|
||||
'mail_smtp_user' => ['type' => 'string'],
|
||||
'mail_smtp_pass' => ['type' => 'string']
|
||||
];
|
||||
# check if the password is changed
|
||||
$updatePassword = str_contains($API_mailsettings->postedData['mail_smtp_pass'], '******') ? false : true;
|
||||
if ($updatePassword) {
|
||||
if (strlen($API_mailsettings->postedData['mail_smtp_pass']) < 12) {
|
||||
$API_mailsettings->apiOutput(400, ['error' => 'Password too short']);
|
||||
}
|
||||
|
||||
if (preg_match('/^(.)\1{5,}$/', $API_mailsettings->postedData['mail_smtp_pass'])) {
|
||||
$API_mailsettings->apiOutput(400, ['error' => 'Password insecure']);
|
||||
}
|
||||
}
|
||||
|
||||
$API_mailsettings->validateData($requiredFields);
|
||||
|
||||
# Update the permission
|
||||
$API_mailsettings->updateMailSettings($updatePassword);
|
||||
|
||||
}
|
||||
89
pub/api/v1/portal-management/permissions/index.php
Normal file
89
pub/api/v1/portal-management/permissions/index.php
Normal file
@@ -0,0 +1,89 @@
|
||||
<?php
|
||||
|
||||
use api\classes\API_permissions;
|
||||
|
||||
session_start();
|
||||
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
|
||||
|
||||
$API_permissions = new API_permissions();
|
||||
|
||||
if ($API_permissions->request_method === 'GET') {
|
||||
|
||||
# Retrieve all the permissions a user and return them.
|
||||
$API_permissions->checkPermissions('admin-access-control-permissions', 'RO');
|
||||
|
||||
$requiredFields = [];
|
||||
$optionalFields = [
|
||||
'permission_uuid' => ['type' => 'uuid'],
|
||||
'permission_name' => ['type' => 'string'],
|
||||
'permission_slugify' => ['type' => 'slugify'],
|
||||
'permission_description' => ['type' => 'string'],
|
||||
'permission_create_timestamp' => ['type' => 'timestamp'],
|
||||
'permission_modified_timestamp' => ['type' => 'timestamp']
|
||||
];
|
||||
$API_permissions->validateData($requiredFields, $optionalFields);
|
||||
$permissions = $API_permissions->getPermission();
|
||||
|
||||
$API_permissions->apiOutput($code = 200, ['success' => $permissions], 'permission_retrieved');
|
||||
|
||||
} elseif ($API_permissions->request_method === 'POST') {
|
||||
|
||||
# Only superuser can create permission due to fact that the backend needs programming when setting a permission
|
||||
|
||||
if (!$API_permissions->isSuperuser()) {
|
||||
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
|
||||
}
|
||||
|
||||
$requiredFields = [
|
||||
'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
|
||||
'permission_slugify' => ['type' => 'slugify', 'min' => 6, 'max' => 255],
|
||||
'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
|
||||
'module_uuid' => ['type' => 'uuid'],
|
||||
];
|
||||
|
||||
$API_permissions->validateData($requiredFields);
|
||||
$API_permissions->createPermission();
|
||||
|
||||
} elseif ($API_permissions->request_method === 'PUT') {
|
||||
|
||||
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
|
||||
if (!$API_permissions->isSuperuser()) {
|
||||
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
|
||||
}
|
||||
|
||||
$requiredFields = [
|
||||
'permission_uuid' => ['type' => 'uuid'],
|
||||
'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
|
||||
'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
|
||||
'module_uuid' => ['type' => 'uuid'],
|
||||
];
|
||||
$API_permissions->validateData($requiredFields);
|
||||
|
||||
# check if the permission exists
|
||||
$_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
|
||||
$API_permissions->getPermission();
|
||||
|
||||
# Update the permission
|
||||
$API_permissions->updatePermission();
|
||||
|
||||
} elseif ($API_permissions->request_method === 'DELETE') {
|
||||
|
||||
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
|
||||
if (!$API_permissions->isSuperuser()) {
|
||||
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
|
||||
}
|
||||
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
$API_permissions->return_url = false;
|
||||
|
||||
$requiredFields = ['permission_uuid' => ['type' => 'uuid']];
|
||||
$API_permissions->validateData($requiredFields);
|
||||
|
||||
# check if the permission exists
|
||||
$_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
|
||||
$API_permissions->getPermission();
|
||||
|
||||
# delete permission
|
||||
$API_permissions->deletePermission();
|
||||
}
|
||||
67
pub/api/v1/portal-management/user-groups/index.php
Normal file
67
pub/api/v1/portal-management/user-groups/index.php
Normal file
@@ -0,0 +1,67 @@
|
||||
<?php
|
||||
|
||||
use api\classes\API_usergroups;
|
||||
|
||||
session_start();
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_usergroups.php';
|
||||
|
||||
|
||||
$API_usergroups = new API_usergroups();
|
||||
|
||||
if ($API_usergroups->request_method === 'GET') {
|
||||
|
||||
# GET a user group(s)
|
||||
|
||||
} elseif ($API_usergroups->request_method === 'POST') {
|
||||
|
||||
# Create a new user group
|
||||
|
||||
$API_usergroups->checkPermissions('admin-access-control-user-groups', 'RW');
|
||||
|
||||
$requiredFields = [
|
||||
'user_group_name' => ['type' => 'string'],
|
||||
'user_group_slugify' => ['type' => 'slugify'],
|
||||
'user_group_weight' => ['type' => 'int'],
|
||||
'user_group_type' => ['type' => 'enum', 'values' => ['admin', 'user']],
|
||||
];
|
||||
|
||||
$API_usergroups->validateData($requiredFields);
|
||||
|
||||
# superuser group is a fixed group name for the superuser
|
||||
if ($API_usergroups->data['user_group_name'] === 'superuser' || $API_usergroups->data['user_group_slugify'] === 'superuser') {
|
||||
$API_usergroups->apiOutput(400, ['error' => 'superuser group cannot be created'], 'cannot_add_superuser_group');
|
||||
}
|
||||
|
||||
$API_usergroups->createUsergroups();
|
||||
|
||||
|
||||
} elseif ($API_usergroups->request_method === 'PUT') {
|
||||
|
||||
# Update a user group
|
||||
|
||||
$requiredFields = [
|
||||
'user_group_uuid' => ['type' => 'uuid'],
|
||||
'user_group_name' => ['type' => 'string'],
|
||||
'user_group_weight' => ['type' => 'int'],
|
||||
];
|
||||
|
||||
$API_usergroups->validateData($requiredFields);
|
||||
|
||||
$API_usergroups->updateUserGroup();
|
||||
|
||||
} elseif ($API_usergroups->request_method === 'DELETE') {
|
||||
|
||||
# Delete a user group
|
||||
|
||||
$API_usergroups->checkPermissions('admin-access-control-user-groups', 'RW');
|
||||
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
$API_usergroups->return_url = false;
|
||||
|
||||
$requiredFields = ['user_group_uuid' => ['type' => 'uuid']];
|
||||
|
||||
$API_usergroups->validateData($requiredFields);
|
||||
|
||||
# Delete the device from the database.
|
||||
$API_usergroups->deleteUsergroup();
|
||||
}
|
||||
89
pub/api/v1/portal-management/users/index.php
Normal file
89
pub/api/v1/portal-management/users/index.php
Normal file
@@ -0,0 +1,89 @@
|
||||
<?php
|
||||
|
||||
use api\classes\API_users;
|
||||
|
||||
session_start();
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
|
||||
|
||||
$API_users = new API_users();
|
||||
|
||||
if ($API_users->request_method === 'GET') {
|
||||
#echo json_encode($api->getAllUsers());
|
||||
|
||||
|
||||
} elseif ($API_users->request_method === 'POST') {
|
||||
# create a new user
|
||||
$API_users->checkPermissions('admin-access-admins', 'RW');
|
||||
|
||||
$requiredFields = [
|
||||
'user_group_uuid' => ['type' => 'uuid'],
|
||||
'user_email' => ['type' => 'email'],
|
||||
'user_first_name' => ['type' => 'string'],
|
||||
'user_last_name' => ['type' => 'string'],
|
||||
'user_full_name' => ['type' => 'string'],
|
||||
'user_phone_number' => ['type' => 'string'],
|
||||
'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
|
||||
'user_password' => ['type' => 'string'],
|
||||
'user_pref_language' => ['type' => 'string'],
|
||||
'user_password_reset_token' => ['type' => 'string'],
|
||||
'user_password_reset_expires' => ['type' => 'int'],
|
||||
];
|
||||
|
||||
# The user will need to verify their email, the password field cannot be NULL so set an random password for now till the user resets it on when verifing there email
|
||||
$random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64));
|
||||
$user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]);
|
||||
$API_users->postedData['user_password'] = $user_password;
|
||||
|
||||
$API_users->postedData['user_full_name'] = trim($_POST['user_first_name'] . ' ' . $_POST['user_last_name']);
|
||||
$API_users->postedData['user_pref_language'] = $_POST['user_pref_language'] ?? 'en';
|
||||
|
||||
# Password reset token that will be send to the newly created user
|
||||
$API_users->postedData['user_password_reset_token'] = bin2hex(random_bytes(32));
|
||||
$API_users->postedData['user_password_reset_expires'] = time() + 86400;
|
||||
|
||||
$API_users->validateData($requiredFields);
|
||||
$API_users->createUser();
|
||||
|
||||
} elseif ($API_users->request_method === 'PUT') {
|
||||
|
||||
# Edit a user
|
||||
$API_users->checkPermissions('admin-access-admins', 'RW');
|
||||
|
||||
$requiredFields = [
|
||||
'user_uuid' => ['type' => 'uuid'],
|
||||
'user_group_uuid' => ['type' => 'uuid'],
|
||||
'user_email' => ['type' => 'email'],
|
||||
'user_first_name' => ['type' => 'string'],
|
||||
'user_last_name' => ['type' => 'string'],
|
||||
'user_full_name' => ['type' => 'string'],
|
||||
'user_phone_number' => ['type' => 'string'],
|
||||
'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
|
||||
'user_pref_language' => ['type' => 'string'],
|
||||
'user_stompable' => ['type' => 'boolean']
|
||||
];
|
||||
|
||||
$API_users->postedData['user_full_name'] = trim($_POST['user_first_name'] . ' ' . $_POST['user_last_name']);
|
||||
$API_users->postedData['user_pref_language'] = $_POST['user_pref_language'] ?? 'en';
|
||||
$API_users->postedData['user_stompable'] = (bool)$_POST['user_stompable'];
|
||||
|
||||
|
||||
$API_users->validateData($requiredFields);
|
||||
|
||||
|
||||
$API_users->updateUser();
|
||||
|
||||
} elseif ($API_users->request_method === 'DELETE') {
|
||||
|
||||
|
||||
$API_users->return_url = false;
|
||||
|
||||
$API_users->checkPermissions('admin-access-admins', 'RW');
|
||||
$requiredFields = [
|
||||
'user_uuid' => ['type' => 'uuid'],
|
||||
];
|
||||
|
||||
|
||||
$API_users->validateData($requiredFields);
|
||||
|
||||
$API_users->deleteUser();
|
||||
}
|
||||
Reference in New Issue
Block a user