diff --git a/exam/api/docs/index.css b/exam/api/docs/index.css
index 88cb00c..e69de29 100644
--- a/exam/api/docs/index.css
+++ b/exam/api/docs/index.css
@@ -1,3 +0,0 @@
-body {
- background-color: red;
-}
\ No newline at end of file
diff --git a/exam/api/docs/index.html b/exam/api/docs/index.html
index 68a3df6..f787ab6 100644
--- a/exam/api/docs/index.html
+++ b/exam/api/docs/index.html
@@ -3,7 +3,7 @@
- Calculator
+ API Docs
diff --git a/exam/api/users/index.php b/exam/api/users/index.php
index 5cc4ccb..4d6cc01 100644
--- a/exam/api/users/index.php
+++ b/exam/api/users/index.php
@@ -4,11 +4,23 @@ $method = $_SERVER['REQUEST_METHOD'];
switch ($method) {
case "GET":
- return get();
+ if (Auth::hasPermission("read")) return get();
+ break;
+ case "PUT":
+ if (Auth::hasPermission("write")) return put();
+ break;
+ case "POST":
+ if (Auth::hasPermission("write")) return post();
+ break;
+ case "DELETE":
+ if (Auth::hasPermission("write")) return delete();
+ break;
default:
return Response::api("$method not supported", 500);
}
+return Response::api("Not allowed", 401);
+
function get()
{
$db = Database::getInstance();
@@ -17,10 +29,80 @@ function get()
"SELECT
*
FROM
- egb_benutzer";
+ Users";
$stmt = $db->prepare($query);
$stmt->execute();
Response::api($stmt->fetchAll());
}
+
+function put()
+{
+ $db = Database::getInstance();
+
+ $_PUT = json_decode(file_get_contents('php://input'), true);
+
+ $query =
+ "INSERT INTO
+ Users(FirstName, LastName, Token)
+ VALUES(:FIRST, :LAST, UUID())";
+
+ try {
+ $stmt = $db->prepare($query);
+ $stmt->bindValue(":FIRST", $_PUT["firstName"]);
+ $stmt->bindValue(":LAST", $_PUT["lastName"]);
+
+ Response::api($stmt->execute());
+ } catch (Exception $e) {
+ Response::api($e->getMessage(), 500);
+ }
+}
+
+function post()
+{
+ $db = Database::getInstance();
+
+ $query =
+ "UPDATE
+ Users
+ SET
+ FirstName = :FIRST, LastName = :LAST
+ WHERE
+ ID = :ID";
+
+ $_POST = json_decode(file_get_contents('php://input'), true);
+
+ try {
+ $stmt = $db->prepare($query);
+ $stmt->bindValue(":FIRST", $_POST["firstName"]);
+ $stmt->bindValue(":LAST", $_POST["lastName"]);
+ $stmt->bindValue(":ID", $_POST["ID"]);
+
+ Response::api($stmt->execute());
+ } catch (Exception $e) {
+ Response::api($e->getMessage(), 500);
+ }
+}
+
+function delete()
+{
+ $db = Database::getInstance();
+
+ $_DELETE = json_decode(file_get_contents('php://input'), true);
+
+ $query =
+ "DELETE FROM
+ Users
+ WHERE
+ ID = :ID";
+
+ try {
+ $stmt = $db->prepare($query);
+ $stmt->bindValue(":ID", $_DELETE["ID"]);
+
+ Response::api($stmt->execute());
+ } catch (Exception $e) {
+ Response::api($e->getMessage(), 500);
+ }
+}
diff --git a/exam/app/app.php b/exam/app/app.php
index b4ad6bb..6aa994d 100644
--- a/exam/app/app.php
+++ b/exam/app/app.php
@@ -1,6 +1,8 @@
prepare($query);
+ $stmt->bindValue(":TOKEN", $token);
+ $stmt->execute();
+ $perms = $stmt->fetchAll(PDO::FETCH_COLUMN, 0);
+
+ return in_array($required, $perms);
+ }
+}