request_method === 'GET') { # GET a user group(s) } elseif ($API_usergroups->request_method === 'POST') { # Create a new user group $API_usergroups->checkPermissions('admin-access-control-user-groups', 'RW'); $requiredFields = [ 'user_group_name' => ['type' => 'string'], 'user_group_slugify' => ['type' => 'slugify'], 'user_group_weight' => ['type' => 'int'], 'user_group_type' => ['type' => 'enum', 'values' => ['admin', 'user']], ]; $API_usergroups->validateData($requiredFields); # superuser group is a fixed group name for the superuser if ($API_usergroups->data['user_group_name'] === 'superuser' || $API_usergroups->data['user_group_slugify'] === 'superuser') { $API_usergroups->apiOutput(400, ['error' => 'superuser group cannot be created'], 'cannot_add_superuser_group'); } $API_usergroups->createUsergroups(); } elseif ($API_usergroups->request_method === 'PUT') { # Update a user group $requiredFields = [ 'user_group_uuid' => ['type' => 'uuid'], 'user_group_name' => ['type' => 'string'], 'user_group_weight' => ['type' => 'int'], ]; $API_usergroups->validateData($requiredFields); $API_usergroups->updateUserGroup(); } elseif ($API_usergroups->request_method === 'DELETE') { # Delete a user group $API_usergroups->checkPermissions('admin-access-control-user-groups', 'RW'); # when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection $API_usergroups->return_url = false; $requiredFields = ['user_group_uuid' => ['type' => 'uuid']]; $API_usergroups->validateData($requiredFields); # Delete the device from the database. $API_usergroups->deleteUsergroup(); }