142 lines
5.8 KiB
PHP
142 lines
5.8 KiB
PHP
<?php
|
|
defined($security_key) or exit;
|
|
|
|
//------------------------------------------
|
|
// User Role Assignments
|
|
//------------------------------------------
|
|
//Connect to DB
|
|
$pdo = dbConnect($dbname);
|
|
|
|
//CONTENT FROM API (POST)
|
|
$post_content = json_decode($input,true);
|
|
|
|
//SET PARAMETERS FOR QUERY
|
|
$id = $post_content['rowID'] ?? '';
|
|
$date = date('Y-m-d H:i:s');
|
|
|
|
//------------------------------------------
|
|
// BATCH UPDATE - Update all roles for a user
|
|
//------------------------------------------
|
|
if (isset($post_content['batch_update']) && isset($post_content['user_id']) && isAllowed('user',$profile,$permission,'U') === 1){
|
|
$user_id = $post_content['user_id'];
|
|
$selected_roles = $post_content['roles'] ?? [];
|
|
|
|
//Get currently assigned active roles
|
|
$stmt = $pdo->prepare('SELECT role_id, rowID FROM user_role_assignments WHERE user_id = ? AND is_active = 1');
|
|
$stmt->execute([$user_id]);
|
|
$current_roles = [];
|
|
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
|
|
$current_roles[$row['role_id']] = $row['rowID'];
|
|
}
|
|
|
|
//Remove roles that are no longer selected (soft delete)
|
|
foreach ($current_roles as $role_id => $assignment_id){
|
|
if (!in_array($role_id, $selected_roles)){
|
|
$stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 0, updatedby = ?, updated = ? WHERE rowID = ?');
|
|
$stmt->execute([$username, $date, $assignment_id]);
|
|
}
|
|
}
|
|
|
|
//Add new roles that are selected but not currently assigned
|
|
foreach ($selected_roles as $role_id){
|
|
if (!array_key_exists($role_id, $current_roles)){
|
|
//Check if this user-role combination existed before (inactive)
|
|
$stmt = $pdo->prepare('SELECT rowID FROM user_role_assignments WHERE user_id = ? AND role_id = ? AND is_active = 0 LIMIT 1');
|
|
$stmt->execute([$user_id, $role_id]);
|
|
$existing = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($existing){
|
|
//Reactivate existing assignment
|
|
$stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 1, assigned_by = ?, assigned_at = ?, updatedby = ?, updated = ? WHERE rowID = ?');
|
|
$stmt->execute([$username, $date, $username, $date, $$username]);
|
|
} else {
|
|
//Create new assignment
|
|
$stmt = $pdo->prepare('INSERT INTO user_role_assignments (user_id, role_id, is_active, assigned_by, assigned_at, created, createdby) VALUES (?, ?, 1, ?, ?, ?, ?)');
|
|
$stmt->execute([$user_id, $role_id, $username, $date, $date, $username]);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
//------------------------------------------
|
|
// SINGLE OPERATIONS (for backward compatibility or direct API calls)
|
|
//------------------------------------------
|
|
else {
|
|
$command = ($id == '')? 'insert' : 'update';
|
|
if (isset($post_content['delete'])){$command = 'delete';}
|
|
|
|
//CREATE EMPTY STRINGS
|
|
$clause = '';
|
|
$clause_insert ='';
|
|
$input_insert = '';
|
|
$execute_input = [];
|
|
$criterias = [];
|
|
|
|
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
|
|
if ($command == 'update'){
|
|
$post_content['updatedby'] = $username;
|
|
$post_content['updated'] = $date;
|
|
}
|
|
elseif ($command == 'insert'){
|
|
$post_content['created'] = $date;
|
|
$post_content['createdby'] = $username;
|
|
$post_content['assigned_by'] = $username;
|
|
$post_content['assigned_at'] = $date;
|
|
}
|
|
|
|
//CREAT NEW ARRAY AND MAP TO CLAUSE
|
|
if(isset($post_content) && $post_content!=''){
|
|
foreach ($post_content as $key => $var){
|
|
if ($key == 'submit' || $key == 'rowID' || $key == 'delete' || $key == 'batch_update' || str_contains($key, 'old_')){
|
|
//do nothing
|
|
}
|
|
else {
|
|
$criterias[$key] = $var;
|
|
$clause .= ' , '.$key.' = ?';
|
|
$clause_insert .= ' , '.$key.'';
|
|
$input_insert .= ', ?';
|
|
$execute_input[]= $var;
|
|
}
|
|
}
|
|
}
|
|
|
|
//CLEAN UP INPUT
|
|
$clause = substr($clause, 2);
|
|
$clause_insert = substr($clause_insert, 2);
|
|
$input_insert = substr($input_insert, 1);
|
|
|
|
//QUERY AND VERIFY ALLOWED
|
|
if ($command == 'update' && isAllowed('user',$profile,$permission,'U') === 1){
|
|
$sql = 'UPDATE user_role_assignments SET '.$clause.' WHERE rowID = ?';
|
|
$execute_input[] = $id;
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute($execute_input);
|
|
}
|
|
elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1){
|
|
//Check if this user-role combination already exists (including inactive ones)
|
|
$stmt = $pdo->prepare('SELECT rowID, is_active FROM user_role_assignments WHERE user_id = ? AND role_id = ? LIMIT 1');
|
|
$stmt->execute([$post_content['user_id'], $post_content['role_id']]);
|
|
$existing = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($existing){
|
|
//If exists but inactive, reactivate it
|
|
if ($existing['is_active'] == 0){
|
|
$stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 1, assigned_by = ?, assigned_at = ?, updatedby = ?, updated = ? WHERE rowID = ?');
|
|
$stmt->execute([$username, $date, $username, $date, $existing['rowID']]);
|
|
}
|
|
//If already active, do nothing (or could throw an error)
|
|
} else {
|
|
//Insert new assignment
|
|
$sql = 'INSERT INTO user_role_assignments ('.$clause_insert.') VALUES ('.$input_insert.')';
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute($execute_input);
|
|
}
|
|
}
|
|
elseif ($command == 'delete' && isAllowed('user',$profile,$permission,'D') === 1){
|
|
//Soft delete by setting is_active to 0
|
|
$stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 0, updatedby = ?, updated = ? WHERE rowID = ?');
|
|
$stmt->execute([$username, $date, $id]);
|
|
}
|
|
}
|
|
|
|
?>
|