perm_update

1. <?php
2.  
3. /*
4.  
5. This file is subject to the terms and conditions defined in
6. file 'LICENSE', which is part of this source code package.
7.  
8. © 2022 OtteIT s.r.o.
9. All Rights Reserved.
10.  
11. Author: Vilem Otte <dev@otte.cz>
12.  
13. */
14.  
15. /**
16.  * Update single permission record - specific record will get role and level updated
17.  *
18.  * @param int Reference (Required), Permission record ID - id
19.  * @param string String (Required), Permission role - role
20.  * @param int Integer (Required), Permission level - level
21.  *
22.  * @return string JSON, result (HTTP result code), error (in case of failure)
23.  */
24.  
25. header("Access-Control-Allow-Origin: *");
26. header("Content-Type: application/json; charset=UTF-8");
27. header("Access-Control-Allow-Methods: POST");
28. header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
29.  
30. require_once(__DIR__."/../db.php");
31. require_once(__DIR__."/../util.php");
32. require_once(__DIR__."/permission.php");
33. require_once(__DIR__."/../session/session.php");
34. require_once(__DIR__."/../auth/auth.php");
35.  
36. // Session set up
37. $auth = new Auth();
38. $session = new Session();
39.  
40. $data = json_decode(file_get_contents("php://input"));
41.  
42. // Payload requirements
43. $payloadError = Util::PayloadCheck($data, "id", "role", "level");
44. if ($payloadError != false)
45. {
46.     http_response_code(200);
47.     echo json_encode(array("result" => 500, "error" => $payloadError));
48.  
49.     exit();
50. }
51.  
52. // Connect to database, attach to session
53. $db = new Database();
54. $session->SetDB($db);
55.  
56. // Require user authentication
57. $auth_id = $session->GetUserID($auth);
58. if ($auth_id != null)
59. {
60.     // Check permission
61.     $permission = new Permission($db);
62.     $permissionCheck = $permission->Check($auth_id, "permission", Permission::WRITE);
63.  
64.     if ($permissionCheck == true)
65.     {
66.         // Permission check success - update record  
67.         $permission->id = $data->id;
68.         $permission->role = $data->role;
69.         $permission->level = $data->level;
70.  
71.         $result = $permission->Update();
72.  
73.         if ($result != null)
74.         {
75.             // Successfully updated record
76.             http_response_code(200);
77.             echo json_encode(array("result" => 200));
78.         }
79.         else
80.         {
81.             // DB Error during record creation
82.             http_response_code(200);
83.             echo json_encode(array("result" => 500, "error" => $db->GetLastError()));
84.         }
85.     }
86.     else if ($permissionCheck === false)
87.     {
88.         // Permission check failure
89.         http_response_code(200);
90.         echo json_encode(array("result" => 401, "error" => "Unauthorized: Permission level too low."));
91.     }
92.     else
93.     {
94.         // DB Error during permission check
95.         http_response_code(200);
96.         echo json_encode(array("result" => 500, "error" => $db->GetLastError()));
97.     }
98. }
99. else
100. {
101.     // User unauthorized
102.     http_response_code(200);
103.     echo json_encode(array("result" => 401, "error" => "Unauthorized."));
104. }
105.  
106. // Close database connection
107. $db->Disconnect();
108.  
109. ?>
110.