PHP-Course/exam/api/user/index.php

<?php

$method = $_SERVER['REQUEST_METHOD'];
$params = PathParams::get();

if (empty($params[2])) {
  return Response::api("Missing param", 500);
}

switch ($method) {
  case "GET":
    if (Auth::hasPermission("read")) return get($params[2]);
    break;
  case "POST":
    if (Auth::hasPermission("write")) return post($params[2]);
    break;
  case "DELETE":
    if (Auth::hasPermission("write")) return delete($params[2]);
    break;
  default:
    return Response::api("$method not supported", 500);
}

return Response::api("Not allowed", 401);

function get($id)
{
  $db = Database::getInstance();

  $query =
    "SELECT
      *
    FROM
      Users
    WHERE
      ID = :ID";

  $stmt = $db->prepare($query);
  $stmt->bindValue(":ID", $id);
  $stmt->execute();

  Response::api($stmt->fetchAll());
}

function post($id)
{

  $db = Database::getInstance();

  $query =
    "UPDATE
      Users
    SET
      FirstName = :FIRST, LastName = :LAST
    WHERE
      ID = :ID";

  $_POST = json_decode(file_get_contents('php://input'), true);

  try {
    $stmt = $db->prepare($query);
    $stmt->bindValue(":FIRST", $_POST["firstName"]);
    $stmt->bindValue(":LAST", $_POST["lastName"]);
    $stmt->bindValue(":ID", $id);

    Response::api($stmt->execute());
  } catch (Exception $e) {
    Response::api($e->getMessage(), 500);
  }
}

function delete($id)
{
  $db = Database::getInstance();

  $query =
    "DELETE FROM
      Users
    WHERE
      ID = :ID";

  try {
    $stmt = $db->prepare($query);
    $stmt->bindValue(":ID", $id);

    Response::api($stmt->execute());
  } catch (Exception $e) {
    Response::api($e->getMessage(), 500);
  }
}