55 lines
1006 B
PHP
55 lines
1006 B
PHP
<?php
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
switch ($method) {
|
|
case "GET":
|
|
if (Auth::hasPermission("read")) return get();
|
|
break;
|
|
case "PUT":
|
|
if (Auth::hasPermission("write")) return put();
|
|
break;
|
|
default:
|
|
return Response::api("$method not supported", 500);
|
|
}
|
|
|
|
return Response::api("Not allowed", 401);
|
|
|
|
function get()
|
|
{
|
|
$db = Database::getInstance();
|
|
|
|
$query =
|
|
"SELECT
|
|
*
|
|
FROM
|
|
Users";
|
|
|
|
$stmt = $db->prepare($query);
|
|
$stmt->execute();
|
|
|
|
Response::api($stmt->fetchAll());
|
|
}
|
|
|
|
function put()
|
|
{
|
|
$db = Database::getInstance();
|
|
|
|
$_PUT = json_decode(file_get_contents('php://input'), true);
|
|
|
|
$query =
|
|
"INSERT INTO
|
|
Users(FirstName, LastName, Token)
|
|
VALUES(:FIRST, :LAST, UUID())";
|
|
|
|
try {
|
|
$stmt = $db->prepare($query);
|
|
$stmt->bindValue(":FIRST", $_PUT["firstName"]);
|
|
$stmt->bindValue(":LAST", $_PUT["lastName"]);
|
|
|
|
Response::api($stmt->execute());
|
|
} catch (Exception $e) {
|
|
Response::api($e->getMessage(), 500);
|
|
}
|
|
}
|