Fix API

2024-07-19 13:05:21 +02:00
parent 88f535a1ed
commit 156d277e77
10 changed files with 229 additions and 71 deletions
@@ -0,0 +1,90 @@
+<?php
+
+$method = $_SERVER['REQUEST_METHOD'];
+$params = PathParams::get();
+
+if (empty($params[2])) {
+  return Response::api("Missing param", 500);
+}
+
+switch ($method) {
+  case "GET":
+    if (Auth::hasPermission("read")) return get($params[2]);
+    break;
+  case "POST":
+    if (Auth::hasPermission("write")) return post($params[2]);
+    break;
+  case "DELETE":
+    if (Auth::hasPermission("write")) return delete($params[2]);
+    break;
+  default:
+    return Response::api("$method not supported", 500);
+}
+
+return Response::api("Not allowed", 401);
+
+function get($id)
+{
+  $db = Database::getInstance();
+
+  $query =
+    "SELECT
+      *
+    FROM
+      Users
+    WHERE
+      ID = :ID";
+
+  $stmt = $db->prepare($query);
+  $stmt->bindValue(":ID", $id);
+  $stmt->execute();
+
+  Response::api($stmt->fetchAll());
+}
+
+function post($id)
+{
+
+  $db = Database::getInstance();
+
+  $query =
+    "UPDATE
+      Users
+    SET
+      FirstName = :FIRST, LastName = :LAST
+    WHERE
+      ID = :ID";
+
+  $_POST = json_decode(file_get_contents('php://input'), true);
+
+  try {
+    $stmt = $db->prepare($query);
+    $stmt->bindValue(":FIRST", $_POST["firstName"]);
+    $stmt->bindValue(":LAST", $_POST["lastName"]);
+    $stmt->bindValue(":ID", $id);
+
+    Response::api($stmt->execute());
+  } catch (Exception $e) {
+    Response::api($e->getMessage(), 500);
+  }
+}
+
+function delete($id)
+{
+  $db = Database::getInstance();
+
+  $query =
+    "DELETE FROM
+      Users
+    WHERE
+      ID = :ID";
+
+  try {
+    $stmt = $db->prepare($query);
+    $stmt->bindValue(":ID", $id);
+
+    Response::api($stmt->execute());
+  } catch (Exception $e) {
+    Response::api($e->getMessage(), 500);
+  }
+}