v1.0 Initial commit of project

pub/api/v1/permissions/index.php

@@ -0,0 +1,87 @@
+<?php
+
+use api\classes\API_permissions;
+
+session_start();
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
+
+$API_permissions = new API_permissions();
+
+if ($API_permissions->request_method === 'GET') {
+
+    # Retrieve all the permissions a user and return them.
+    $API_permissions->checkPermissions('admin-access-control-permissions', 'RO');
+
+    $requiredFields = [];
+    $optionalFields = [
+        'permission_uuid' => ['type' => 'uuid'],
+        'permission_name' => ['type' => 'string'],
+        'permission_slugify' => ['type' => 'slugify'],
+        'permission_description' => ['type' => 'string'],
+        'permission_create_timestamp' => ['type' => 'timestamp'],
+        'permission_modified_timestamp' => ['type' => 'timestamp']
+    ];
+    $API_permissions->validateData($requiredFields, $optionalFields);
+    $permissions = $API_permissions->getPermission();
+
+    $API_permissions->apiOutput($code = 200, ['success' => $permissions], 'permission_created');
+
+} elseif ($API_permissions->request_method === 'POST') {
+
+    # Only superuser can create permission due to fact that the backend needs programming when setting a permission
+
+    if (!$API_permissions->isSuperuser()) {
+        $API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
+    }
+
+    $requiredFields = [
+        'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
+        'permission_slugify' => ['type' => 'slugify', 'min' => 6, 'max' => 255],
+        'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
+        'module_uuid' => ['type' => 'uuid'],
+    ];
+
+    $API_permissions->validateData($requiredFields);
+    $API_permissions->createPermission();
+
+} elseif ($API_permissions->request_method === 'PUT') {
+
+    # Update the permission name and description
+    $API_permissions->checkPermissions('admin-access-control-permissions', 'RW');
+
+    $requiredFields = [
+        'permission_uuid' => ['type' => 'uuid'],
+        'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
+        'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
+        'module_uuid' => ['type' => 'uuid'],
+    ];
+    $API_permissions->validateData($requiredFields);
+
+    # check if the permission exists
+    $_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
+    $API_permissions->getPermission();
+
+    # Update the permission
+    $API_permissions->updatePermission();
+
+} elseif ($API_permissions->request_method === 'DELETE') {
+
+    # Only superuser can delete permission due to fact that the backend needs programming when setting a permission
+    if (!$API_permissions->isSuperuser()) {
+        $API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
+    }
+
+    # when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
+    $API_permissions->return_url = false;
+
+    $requiredFields = ['permission_uuid' => ['type' => 'uuid']];
+    $API_permissions->validateData($requiredFields);
+
+    # check if the permission exists
+    $_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
+    $API_permissions->getPermission();
+
+    # delete permission
+    $API_permissions->deletePermission();
+}