Sentri/pub/api/classes/API_permissions.php

<?php

namespace api\classes;

use api\classes\API;

require_once 'API.php';

class API_permissions extends API
{
    public function getPermission($returnBoolean = false)
    {
        list($query, $types, $params) = $this->buildDynamicQuery('vc_permissions');

        $items = $this->generalGetFunction($query, $types, $params, $returnBoolean, 'Permission');

        return $items;
    }

    public function deletePermission()
    {
        $query = "DELETE FROM vc_permissions WHERE permission_uuid = ?";
        $stmt = $this->prepareStatement($query);
        $stmt->bind_param('s', $this->data['permission_uuid']);
        if ($this->executeStatement($stmt)) {
            $this->apiOutput(200, ['success' => 'Permission deleted successfully.']);
        }
    }

    public function createPermission()
    {
        # Check if permission slugify already exists
        $result = $this->getPermissionSlugify();
        if ($result->num_rows > 0) {
            $this->apiOutput(409, ['error' => 'Permission slugify already exists'], 'item_already_exists!');
        }

        $query = "INSERT INTO vc_permissions (permission_uuid, permission_name, permission_slugify, permission_description, permission_create_timestamp, module_uuid) VALUES (UUID(), ?, ?, ?, ?, ?)";
        $stmt = $this->prepareStatement($query);
        $stmt->bind_param('sssis', $this->data['permission_name'], $this->data['permission_slugify'], $this->data['permission_description'], time(), $this->data['module_uuid']);
        $this->executeStatement($stmt);
        $stmt->close();

        $result = $this->getPermissionSlugify();
        if ($result->num_rows === 0) {
            $this->apiOutput(500, ['error' => 'Something went wrong creating the platform on the server.'], 'error_contact_support');
        }

        $permission_data = $result->fetch_assoc();

        # Get all the groups so we can create the permissions for the group
        $user_groups = array();
        $sql = "SELECT * FROM vc_user_groups";
        $stmt = $this->conn->query($sql);
        while ($user_group = $stmt->fetch_assoc()) {
            array_push($user_groups, $user_group);
        }

        # Update all the groups with the newly added permission
        foreach ($user_groups as $user_group) {
            $query = "INSERT INTO vc_user_group_permissions_portal (permission_uuid, user_group_uuid, permission_value) VALUES (?, ?, ?)";
            $permission_value = 'NA';
            if ($user_group['user_group_name'] == 'superuser') {
                $permission_value = 'RW';
            }
            $stmt = $this->prepareStatement($query);
            $stmt->bind_param("sss", $permission_data['permission_uuid'], $user_group['user_group_uuid'], $permission_value);
            $this->executeStatement($stmt);
            $stmt->close();
        }

        $this->apiOutput(200, ['success' => $permission_data], 'item_added');
    }

    public function getPermissionSlugify()
    {
        $query = "SELECT * FROM vc_permissions WHERE permission_slugify = ?";
        $stmt = $this->prepareStatement($query);
        $stmt->bind_param("s", $this->data['permission_slugify']);
        $this->executeStatement($stmt);
        return $stmt->get_result();
    }

    public function updatePermission()
    {
        $query = "UPDATE vc_permissions SET permission_name = ?, permission_description = ?, permission_modified_timestamp = ?, module_uuid = ? WHERE permission_uuid = ?";
        $stmt = $this->prepareStatement($query);
        $stmt->bind_param('ssiss', $this->data['permission_name'], $this->data['permission_description'], time(), $this->data['module_uuid'], $this->data['permission_uuid']);
        if ($this->executeStatement($stmt)) {
            $this->apiOutput(200, ['success' => 'Permission updated successfully.']);
        }
    }

    public function updateAccessRights()
    {
        $query = "UPDATE vc_user_group_permissions_portal SET permission_value = ? WHERE permission_uuid = ? AND user_group_uuid = ?";
        $stmt = $this->prepareStatement($query);
        $stmt->bind_param('sss', $this->data['permission_value'], $this->data['permission_uuid'], $this->data['user_group_uuid']);
        if ($this->executeStatement($stmt)) {
            $this->apiOutput(200, ['success' => 'Access rights changed successfully.']);
        }
    }

    public function getPermissionRights()
    {
        $query = "SELECT * FROM vc_permissions 
                    INNER JOIN vc_user_group_permissions_portal ON vc_permissions.permission_uuid = vc_user_group_permissions_portal.permission_uuid
                    INNER JOIN vc_user_groups ON vc_user_group_permissions_portal.user_group_uuid = vc_user_groups.user_group_uuid
                    WHERE vc_permissions.permission_uuid = ? ORDER BY vc_user_groups.user_group_weight ASC";
        $stmt = $this->prepareStatement($query);
        $stmt->bind_param('s', $this->data['permission_uuid']);
        $this->executeStatement($stmt);

        $result = $stmt->get_result();
        $access_rights = [];

        while ($row = $result->fetch_assoc()) {
            $access_rights[] = $row;
        }

        return $access_rights;
    }
}