diff --git a/api/index.php b/api/index.php index 7aafb61..0bbe5d7 100644 --- a/api/index.php +++ b/api/index.php @@ -5,6 +5,7 @@ header('Content-Type: application/json'); require_once __DIR__ . "/../required.php"; require_once __DIR__ . "/../machine.php"; +require_once __DIR__ . "/../roles.php"; $VARS; if ($_SERVER['REQUEST_METHOD'] === 'POST') { @@ -13,14 +14,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $VARS = $_GET; } -if (!$database->has('apikeys', ['key' => $VARS['key']])) { - http_response_code(403); - die('{"status": "ERROR", "message": "Invalid API key. Access denied."}'); -} - function sendError($type, $msg = "An error occurred.") { $code = 404; switch ($type) { + case "invalidapikey": + $code = 403; + $msg = "Invalid API key. Access denied."; + break; + case "nopermission": + $code = 403; + $msg = "You don't have permission to do that."; + break; case "nomachineid": $code = 400; $msg = "No machine ID sent."; @@ -36,9 +40,33 @@ function sendError($type, $msg = "An error occurred.") { ])); } +if (!$database->has('apikeys', ['key' => $VARS['key']])) { + sendError("invalidapikey"); +} + +function dieWithoutRole($roleid) { + global $VARS; + $roles = []; + if (is_array($roleid)) { + $roles = $roleid; + } else { + $roles = [$roleid]; + } + $hasrole = false; + foreach ($roles as $r) { + if (Roles::has($VARS['key'], $r)) { + $hasrole = true; + } + } + if (!$hasrole) { + sendError("nopermission"); + } +} + switch ($VARS['action']) { /* Get info */ case "getmachineinfo": + dieWithoutRole(Roles::ROLE_VIEWBYID); if (empty($VARS['id'])) { sendError("nomachineid"); } @@ -51,6 +79,7 @@ switch ($VARS['action']) { } break; case "getmachinehistory": + dieWithoutRole(Roles::ROLE_VIEWBYID); if (empty($VARS['id'])) { sendError("nomachineid"); } @@ -63,6 +92,7 @@ switch ($VARS['action']) { } break; case "getmachinecomponents": + dieWithoutRole(Roles::ROLE_VIEWBYID); if (empty($VARS['id'])) { sendError("nomachineid"); } @@ -84,6 +114,7 @@ switch ($VARS['action']) { /* Save info */ case "addmachine": + dieWithoutRole(Roles::ROLE_ADDEDIT); if (empty($VARS['id'])) { sendError("nomachineid"); } @@ -114,6 +145,9 @@ switch ($VARS['action']) { sendError("", "Machine price must be a number and 0 < price < 10000."); } } + if (!empty($VARS['os'])) { + $data['os'] = $VARS['os']; + } $database->insert('machines', $data); if ($database->error()[1] != 0) { @@ -122,6 +156,7 @@ switch ($VARS['action']) { exit(json_encode(["status" => "OK"])); break; case "addhistory": + dieWithoutRole([Roles::ROLE_ADDEDIT, Roles::ROLE_ADDHIST]); if (empty($VARS['id'])) { sendError("nomachineid"); } @@ -134,6 +169,7 @@ switch ($VARS['action']) { } break; case "addcomponent": + dieWithoutRole(Roles::ROLE_ADDEDIT); if (empty($VARS['id'])) { sendError("nomachineid"); } diff --git a/database.mwb b/database.mwb index faa20ce..f890662 100644 Binary files a/database.mwb and b/database.mwb differ diff --git a/machine.php b/machine.php index a2a6204..bb84b7d 100644 --- a/machine.php +++ b/machine.php @@ -11,7 +11,7 @@ class Machine { global $database; if ($database->has('machines', ['machineid' => $machineid])) { $this->machineid = $machineid; - $this->machine = $database->get('machines', ['machineid', 'notes', 'model', 'condition', 'price'], ['machineid' => $machineid]); + $this->machine = $database->get('machines', ['machineid', 'notes', 'model', 'condition', 'price', 'os'], ['machineid' => $machineid]); $this->history = $database->select('history', ['[>]event_types' => 'eventid'], ['historyid', 'date', 'eventname', 'notes'], ['machineid' => $machineid]); $this->components = $database->select('components', ['[>]component_types' => 'typeid'], ['compid', 'serial', 'typename', 'tested', 'notes', 'capacity', 'model'], ['machineid' => $machineid]); } else { @@ -35,6 +35,9 @@ class Machine { if (!empty($this->machine['price'])) { $info['price'] = $this->machine['price']; } + if (!empty($this->machine['os'])) { + $info['os'] = $this->machine['os']; + } $info['notes'] = $this->machine['notes']; return $info; } diff --git a/roles.php b/roles.php new file mode 100644 index 0000000..6e4aa19 --- /dev/null +++ b/roles.php @@ -0,0 +1,39 @@ +has('permissions', ["AND" => ['apikey' => $apikey, 'roleid' => $roleid]]) === true; + } + + public static function add($apikey, $roleid) { + global $database; + if (!$database->has('apikeys', ['apikey' => $apikey])) { + throw new Exception("No such API key found."); + } + if (!$database->has('roles', ['roleid' => $roleid])) { + throw new Exception("No such role ID found."); + } + if (!$database->has('permissions', ["AND" => ['apikey' => $apikey, 'roleid' => $roleid]])) { + $database->insert('permissions', ['apikey' => $apikey, 'roleid' => $roleid]); + } + } + + public static function remove($apikey, $roleid) { + global $database; + if (!$database->has('apikeys', ['apikey' => $apikey])) { + throw new Exception("No such API key found."); + } + if (!$database->has('roles', ['roleid' => $roleid])) { + throw new Exception("No such role ID found."); + } + $database->delete('permissions', ["AND" => ['apikey' => $apikey, 'roleid' => $roleid]]); + } + +} diff --git a/routes/info.php b/routes/info.php index 3b0f2bb..0623935 100644 --- a/routes/info.php +++ b/routes/info.php @@ -54,7 +54,10 @@ } break; case "price": - $echo = "Sale Value: $" . number_format($val * 1.0, 2); + $echo = "Est. Value: $" . number_format($val * 1.0, 2); + break; + case "os": + $echo = "Operating System: " . htmlspecialchars($val); break; case "notes": $echo = "
" . htmlspecialchars($val) . "
";