<?php
defined($security_key) or exit;

//------------------------------------------
// User Role Assignments
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);

//------------------------------------------
//NEW ARRAY
//------------------------------------------
$criterias = [];
$user_permissions = [];

//------------------------------------------
//Check for $_GET variables and build up clause
//------------------------------------------
if(isset($get_content) && $get_content!=''){
    //GET VARIABLES FROM URL
    $requests = explode("&", $get_content);
    //Check for keys and values
    foreach ($requests as $y){
        $v = explode("=", $y);
        //INCLUDE VARIABLES IN ARRAY
        $criterias[$v[0]] = $v[1];
    }
}

$user_key = $criterias['userkey'] ?? null;

if (!$user_key) {
    http_response_code(400);
    exit(json_encode(['error_code' => 'API_INPUT_1','error' => 'user_key is required']));
}

//GET USER_DATA
$stmt = $pdo->prepare('SELECT * FROM users WHERE userkey = ?');
$stmt->execute([$user_key]);

if ($stmt->rowCount() == 1) {
    //Get results
    $user_data = $stmt->fetch();

    //GET DATA
    $user_permissions['id'] = $user_data['id'];
    $user_permissions['email'] = $user_data['email'];
    $user_permissions['partnerhierarchy'] = $user_data['partnerhierarchy']; //clean;
    $user_permissions['permission'] = userRights($user_data['view']);
    $user_permissions['profile'] = getProfile($user_data['settings'],userRights($user_data['view']));

    //NEW DATA REPLACING PROFILE AND LATER PERMISSION ABOVE
    $user_permissions['permissions'] = getUserPermissions($pdo, $user_data['id']);

    if (!$user_permissions['permissions']) {
        http_response_code(404);
        exit(json_encode(['error_code' => 'API_NOT_FOUND','error' => 'No permissions found']));
    }

    //+++++++++++++++++++++++++++++++++++++++++++
    //Return as JSON
    //+++++++++++++++++++++++++++++++++++++++++++
    echo json_encode($user_permissions);
}
else {
    http_response_code(404);
    exit(json_encode(['error_code' => 'API_NOT_FOUND','error' => 'User not found']));
}

?>