meteo/Sentri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fac4255c329608423e196a3e1f4862a0022516f4
Sentri/pub/api/v1/permissions/index.php
Meteo 768cf78b57 v1.0 Initial commit of project
2026-01-01 10:54:18 +01:00

87 lines
3.4 KiB
PHP
Raw Blame History

<?php
use api\classes\API_permissions;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
$API_permissions = new API_permissions();
if ($API_permissions->request_method === 'GET') {
# Retrieve all the permissions a user and return them.
$API_permissions->checkPermissions('admin-access-control-permissions', 'RO');
$requiredFields = [];
$optionalFields = [
'permission_uuid' => ['type' => 'uuid'],
'permission_name' => ['type' => 'string'],
'permission_slugify' => ['type' => 'slugify'],
'permission_description' => ['type' => 'string'],
'permission_create_timestamp' => ['type' => 'timestamp'],
'permission_modified_timestamp' => ['type' => 'timestamp']
];
$API_permissions->validateData($requiredFields, $optionalFields);
$permissions = $API_permissions->getPermission();
$API_permissions->apiOutput($code = 200, ['success' => $permissions], 'permission_created');
} elseif ($API_permissions->request_method === 'POST') {
# Only superuser can create permission due to fact that the backend needs programming when setting a permission
if (!$API_permissions->isSuperuser()) {
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$requiredFields = [
'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
'permission_slugify' => ['type' => 'slugify', 'min' => 6, 'max' => 255],
'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
'module_uuid' => ['type' => 'uuid'],
];
$API_permissions->validateData($requiredFields);
$API_permissions->createPermission();
} elseif ($API_permissions->request_method === 'PUT') {
# Update the permission name and description
$API_permissions->checkPermissions('admin-access-control-permissions', 'RW');
$requiredFields = [
'permission_uuid' => ['type' => 'uuid'],
'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
'module_uuid' => ['type' => 'uuid'],
];
$API_permissions->validateData($requiredFields);
# check if the permission exists
$_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
$API_permissions->getPermission();
# Update the permission
$API_permissions->updatePermission();
} elseif ($API_permissions->request_method === 'DELETE') {
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
if (!$API_permissions->isSuperuser()) {
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_permissions->return_url = false;
$requiredFields = ['permission_uuid' => ['type' => 'uuid']];
$API_permissions->validateData($requiredFields);
# check if the permission exists
$_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
$API_permissions->getPermission();
# delete permission
$API_permissions->deletePermission();
}
Reference in New Issue View Git Blame Copy Permalink