Files
Sentri/pub/api/v1/portal-management/permissions/index.php
2026-06-15 15:20:33 +02:00

76 lines
3.0 KiB
PHP

<?php
use api\classes\API_permissions;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
$API_permissions = new API_permissions();
if ($API_permissions->request_method === 'GET') {
$API_permissions->checkPermissions('admin-access-control-permissions', 'RO');
$permissions = $API_permissions->getPermission();
$API_permissions->apiOutput($code = 200, ['success' => $permissions], 'permission_retrieved');
} elseif ($API_permissions->request_method === 'POST') {
# Only superuser can create permission due to fact that the backend needs programming when setting a permission
if (!$API_permissions->isSuperuser()) {
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$requiredFields = [
'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
'permission_slugify' => ['type' => 'slugify', 'min' => 6, 'max' => 255],
'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
'module_uuid' => ['type' => 'uuid'],
];
$API_permissions->validateData($requiredFields);
$API_permissions->createPermission();
} elseif ($API_permissions->request_method === 'PUT') {
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
if (!$API_permissions->isSuperuser()) {
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$requiredFields = [
'permission_uuid' => ['type' => 'uuid'],
'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
'module_uuid' => ['type' => 'uuid'],
];
$API_permissions->validateData($requiredFields);
# check if the permission exists
$_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
$API_permissions->getPermission();
# Update the permission
$API_permissions->updatePermission();
} elseif ($API_permissions->request_method === 'DELETE') {
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
if (!$API_permissions->isSuperuser()) {
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
# when called from the frontend will not be forwarding to a url since when it's called from the frontend it doesn't need a redirection
$API_permissions->return_url = false;
$requiredFields = ['permission_uuid' => ['type' => 'uuid']];
$API_permissions->validateData($requiredFields);
# check if the permission exists
$_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
$API_permissions->getPermission();
# delete permission
$API_permissions->deletePermission();
}