Add user role management functionality with CRUD operations and permissions handling

- Created user_role.php for viewing and editing user roles and their permissions.
- Implemented inline editing for role details and permissions.
- Added user_role_manage.php for creating and managing user roles.
- Introduced user_roles.php for listing all user roles with pagination and filtering options.
- Integrated API calls for fetching and updating role data and permissions.
- Enhanced user interface with success messages and navigation controls.

api/v2/post/report_builder.php

@@ -0,0 +1,124 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Report Builder - POST Endpoints
+//------------------------------------------
+
+// Set content type to JSON
+header('Content-Type: application/json');
+
+// Connect to DB
+$pdo = dbConnect($dbname);
+
+// Parse input data
+$data = json_decode($input, true);
+$action = strtolower($data['action'] ?? '');
+
+/**
+ * Security check: Only allow SELECT queries
+ */
+function isSelectQuery($query) {
+    $query = trim($query);
+    $query = preg_replace('/\s+/', ' ', $query); // Normalize whitespace
+
+    // Only allow SELECT queries
+    if (!preg_match('/^SELECT\s/i', $query)) {
+        return false;
+    }
+
+    // Block dangerous keywords that could be used for injection
+    $dangerousPatterns = [
+        '/;\s*DROP\s/i',
+        '/;\s*DELETE\s/i',
+        '/;\s*UPDATE\s/i',
+        '/;\s*INSERT\s/i',
+        '/;\s*CREATE\s/i',
+        '/;\s*ALTER\s/i',
+        '/;\s*TRUNCATE\s/i',
+        '/INTO\s+OUTFILE\s/i',
+        '/LOAD_FILE\s*\(/i',
+        '/SLEEP\s*\(/i',
+        '/BENCHMARK\s*\(/i',
+    ];
+
+    foreach ($dangerousPatterns as $pattern) {
+        if (preg_match($pattern, $query)) {
+            return false;
+        }
+    }
+
+    return true;
+}
+
+/**
+ * Execute a SELECT query
+ */
+if ($action === 'executequery') {
+    $query = $data['query'] ?? '';
+
+    if (empty($query)) {
+        http_response_code(400);
+        $messages = json_encode([
+            'success' => false,
+            'message' => 'Query parameter is required'
+        ], JSON_UNESCAPED_UNICODE);
+    }
+    // Security check: only allow SELECT queries
+    elseif (!isSelectQuery($query)) {
+        http_response_code(400);
+        $messages = json_encode([
+            'success' => false,
+            'message' => 'Only SELECT queries are allowed'
+        ], JSON_UNESCAPED_UNICODE);
+    } else {
+        try {
+            // Execute the query
+            $stmt = $pdo->query($query);
+
+            // Fetch all results
+            $results = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+            // Get row count
+            $rowCount = count($results);
+
+            // Limit results to prevent memory issues
+            $maxResults = 5000;
+            if ($rowCount > $maxResults) {
+                $results = array_slice($results, 0, $maxResults);
+                $message = "Query executed successfully. Showing first $maxResults of $rowCount rows.";
+            } else {
+                $message = "Query executed successfully. $rowCount rows returned.";
+            }
+
+            $messages = json_encode([
+                'success' => true,
+                'results' => $results,
+                'rowCount' => $rowCount,
+                'message' => $message
+            ], JSON_UNESCAPED_UNICODE);
+
+        } catch (PDOException $e) {
+            http_response_code(400);
+            $messages = json_encode([
+                'success' => false,
+                'message' => 'Query execution failed: ' . $e->getMessage()
+            ], JSON_UNESCAPED_UNICODE);
+        }
+    }
+}
+
+/**
+ * Invalid or missing action
+ */
+else {
+    http_response_code(400);
+    $messages = json_encode([
+        'success' => false,
+        'message' => 'Invalid or missing action parameter'
+    ], JSON_UNESCAPED_UNICODE);
+}
+
+// Send results
+echo $messages;
+?>