<?php

use api\classes\API_permissions;

session_start();

require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';

$API_permissions = new API_permissions();

if ($API_permissions->request_method === 'GET') {

    # Retrieve all the permissions a user and return them.
    $API_permissions->checkPermissions('admin-access-control-permissions', 'RO');

    $requiredFields = [];
    $optionalFields = [
        'permission_uuid' => ['type' => 'uuid'],
        'permission_name' => ['type' => 'string'],
        'permission_slugify' => ['type' => 'slugify'],
        'permission_description' => ['type' => 'string'],
        'permission_create_timestamp' => ['type' => 'timestamp'],
        'permission_modified_timestamp' => ['type' => 'timestamp']
    ];
    $API_permissions->validateData($requiredFields, $optionalFields);
    $permissions = $API_permissions->getPermission();

    $API_permissions->apiOutput($code = 200, ['success' => $permissions], 'permission_retrieved');

} elseif ($API_permissions->request_method === 'POST') {

    # Only superuser can create permission due to fact that the backend needs programming when setting a permission

    if (!$API_permissions->isSuperuser()) {
        $API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
    }

    $requiredFields = [
        'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
        'permission_slugify' => ['type' => 'slugify', 'min' => 6, 'max' => 255],
        'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
        'module_uuid' => ['type' => 'uuid'],
    ];

    $API_permissions->validateData($requiredFields);
    $API_permissions->createPermission();

} elseif ($API_permissions->request_method === 'PUT') {

    # Update the permission name and description
    $API_permissions->checkPermissions('admin-access-control-permissions', 'RW');

    $requiredFields = [
        'permission_uuid' => ['type' => 'uuid'],
        'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
        'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
        'module_uuid' => ['type' => 'uuid'],
    ];
    $API_permissions->validateData($requiredFields);

    # check if the permission exists
    $_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
    $API_permissions->getPermission();

    # Update the permission
    $API_permissions->updatePermission();

} elseif ($API_permissions->request_method === 'DELETE') {

    # Only superuser can delete permission due to fact that the backend needs programming when setting a permission
    if (!$API_permissions->isSuperuser()) {
        $API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
    }

    # when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
    $API_permissions->return_url = false;

    $requiredFields = ['permission_uuid' => ['type' => 'uuid']];
    $API_permissions->validateData($requiredFields);

    # check if the permission exists
    $_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
    $API_permissions->getPermission();

    # delete permission
    $API_permissions->deletePermission();
}