BMSVieira
diff --git a/‎README.md‎
Lines changed: 312 additions & 144 deletions b/‎README.md‎
Lines changed: 312 additions & 144 deletions
diff --git a/‎ost_wbs/classes/class.department.php‎
Lines changed: 11 additions & 2 deletions b/‎ost_wbs/classes/class.department.php‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎ost_wbs/classes/class.faq.php‎
Lines changed: 10 additions & 2 deletions b/‎ost_wbs/classes/class.faq.php‎
Lines changed: 10 additions & 2 deletions
diff --git a/‎ost_wbs/classes/class.helper.php‎
Lines changed: 26 additions & 1 deletion b/‎ost_wbs/classes/class.helper.php‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎ost_wbs/classes/class.key.php‎
Lines changed: 3 additions & 0 deletions b/‎ost_wbs/classes/class.key.php‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎ost_wbs/classes/class.sla.php‎
Lines changed: 164 additions & 3 deletions b/‎ost_wbs/classes/class.sla.php‎
Lines changed: 164 additions & 3 deletions
@@ -3,6 +3,10 @@ class Department
 {
         public function all($parameters)
         {
+            // Check Request method
+            $validRequests = array("GET");
+            Helper::validRequest($validRequests);
+                       
             // Connect Database
             $Dbobj = new DBConnection(); 
             $mysqli = $Dbobj->getDBConnect();
@@ -11,8 +15,9 @@ public function all($parameters)
                 // Sorte by Date
                 case "creationDate":
 
-                    $startDate = Helper::getFormatedDate($parameters["parameters"][0], "start");
-                    $endDate = Helper::getFormatedDate($parameters["parameters"][0], "end");
+                    // Get Start&End Date
+                    $startDate = $parameters['parameters']['start_date'];
+                    $endDate = $parameters['parameters']['end_date'];
 
                     // Query
                     $getDepartment = $mysqli->query("SELECT * FROM ".TABLE_PREFIX."department WHERE ".TABLE_PREFIX."department.created >= '$startDate' and ".TABLE_PREFIX."department.created <= '$endDate'");
@@ -57,6 +62,10 @@ public function all($parameters)
         public function specific($parameters)
         {
 
+            // Check Request method
+            $validRequests = array("GET");
+            Helper::validRequest($validRequests);
+            
             // Connect Database
             $Dbobj = new DBConnection(); 
             $mysqli = $Dbobj->getDBConnect();
 
@@ -5,6 +5,10 @@ class Faq
 
     public function all($parameters)
     {
+        // Check Request method
+        $validRequests = array("GET");
+        Helper::validRequest($validRequests);
+
         // Connect Database
         $Dbobj = new DBConnection(); 
         $mysqli = $Dbobj->getDBConnect();
@@ -36,7 +40,7 @@ public function all($parameters)
 
         foreach ($result as $key=>$category) {
 
-            if ($result[$key]['faqs'] = $this->specific(['parameters'=>[0=>$category['id']]],TRUE) )
+            if ($result[$key]['faqs'] = $this->specific(['parameters'=>["id"=>$category['id']]],TRUE) )
             {
 
             } else {
@@ -75,10 +79,14 @@ public function all($parameters)
 
     public function specific($parameters,$exception = FALSE)
     {
+        // Check Request method
+        $validRequests = array("GET");
+        Helper::validRequest($validRequests);
+
         // Connect Database
         $Dbobj = new DBConnection(); 
         $mysqli = $Dbobj->getDBConnect();
-        $cID = $parameters["parameters"][0];
+        $cID = $parameters["parameters"]["id"];
 
         // Query
         $getFaq = $mysqli->query("SELECT * FROM ".TABLE_PREFIX."faq WHERE category_id = " . $cID . " AND ispublished = 1");
 
@@ -17,7 +17,7 @@ public function checkTicketStatus($ticketstatus)
         return true;
     }
 
-    	// Get formated date from string
+    // Get formated date from string
     public function getFormatedDate($fullstring, $condition)
     {
 
@@ -35,6 +35,31 @@ public function getFormatedDate($fullstring, $condition)
     	} 
 
     	return $result;
+    } 
 
+    // Check if request method is valid
+    public function validRequest($method){
+        if(!in_array($_SERVER['REQUEST_METHOD'], $method)){
+            throw new Exception($_SERVER['REQUEST_METHOD']." is not a valid request method");
+        }     
+    } 
+
+    // Check permissions 
+    public function checkPermission(){
+        if(CANCREATE == 0){ throw new Exception("Error! Your API Key is READ ONLY, it is no allowed to make any action.");}  
+    } 
+
+    // Get last ID
+    public function get_last_id($table, $field)
+    {
+        // Connect Database
+        $Dbobj = new DBConnection(); 
+        $mysqli = $Dbobj->getDBConnect();
+
+        // Get last inserted ID
+        $getLastId = $mysqli->query("SELECT ".$field." FROM ".TABLE_PREFIX."".$table." ORDER BY ".$field." DESC LIMIT 1");
+        $printLastId = $getLastId->fetch_object();
+
+        return $printLastId->$field;
     }    
 }
@@ -30,6 +30,9 @@ function OAuth($key)
         if(!$this->farray["isactive"] || APIKEY_RESTRICT && $this->farray["ipaddr"] != $_SERVER['REMOTE_ADDR'])
             throw new Exception("API key not found/active or source IP not authorized");
 
+        define('CANCREATE', $this->farray["can_create_tickets"]); // Can create
+        define('CANEXECUTE', $this->farray["can_exec_cron"]);   // Can execute
+
     } 
 
     function cancreate()
 
@@ -3,6 +3,10 @@ class Sla
 {
         public function all($parameters)
         {
+            // Check Request method
+            $validRequests = array("GET");
+            Helper::validRequest($validRequests);
+
             // Connect Database
             $Dbobj = new DBConnection(); 
             $mysqli = $Dbobj->getDBConnect();
@@ -11,8 +15,9 @@ public function all($parameters)
                 // Sorte by Date
                 case "creationDate":
 
-                    $startDate = Helper::getFormatedDate($parameters["parameters"][0], "start");
-                    $endDate = Helper::getFormatedDate($parameters["parameters"][0], "end");
+                    // Get Start&End Date
+                    $startDate = $parameters['parameters']['start_date'];
+                    $endDate = $parameters['parameters']['end_date'];
 
                     // Query
                     $getSla = $mysqli->query("SELECT * FROM ".TABLE_PREFIX."sla WHERE ".TABLE_PREFIX."sla.created >= '$startDate' and ".TABLE_PREFIX."sla.created <= '$endDate'");
@@ -59,7 +64,7 @@ public function specific($parameters)
             // Connect Database
             $Dbobj = new DBConnection(); 
             $mysqli = $Dbobj->getDBConnect();
-            $uID = $parameters["parameters"][0];
+            $uID = $parameters["parameters"]["id"];
 
             // set query
             $getSla = $mysqli->query("SELECT * FROM ".TABLE_PREFIX."sla WHERE ".TABLE_PREFIX."sla.id = '$uID'");
@@ -93,5 +98,161 @@ public function specific($parameters)
             // Return values
             return $returnArray;  
         }
+
+
+        public function add($parameters)
+        {
+
+            // Check Permission
+            Helper::checkPermission();
+
+            // Check Request method
+            $validRequests = array("POST", "PUT");
+            Helper::validRequest($validRequests);
+
+            // Expected parameters
+            $expectedParameters = array("name", "flags", "grace_period", "schedule_id", "notes");
+
+            // Check if all paremeters are correct
+            self::checkRequest($parameters, $expectedParameters);
+
+                // Check if row already exists
+                if($this->checkExists('name', $parameters["parameters"]['name'])) { throw new Exception("Item Already exists"); }
+
+                // Prepare query
+                $paramOrder = "";
+                $valuesOrder = "";
+
+                foreach ($parameters["parameters"] as $key => $value) { 
+
+                    // Parameters order
+                    $paramOrder = $paramOrder.",".$key; 
+                    // Values order
+                    if(is_numeric($value)) { $valuesOrder = $valuesOrder.",".$value."";  } else { $valuesOrder = $valuesOrder.",'".$value."'";}
+                }
+
+                // Remove first comma
+                $paramOrder = substr($paramOrder, 1);
+                $valuesOrder = substr($valuesOrder, 1);
+
+                // final Query
+                $addQuery = "INSERT INTO ".TABLE_PREFIX."sla ";
+                $addQuery .= "(".$paramOrder.", created, updated)";
+                $addQuery .= "VALUES(".$valuesOrder.", now(), now())"; 
+
+                // Send query to be executed
+                return $this->execQuery($addQuery);        
+
+        }
+
+        public function delete($parameters)
+        {
+
+            // Check Permission
+            Helper::checkPermission();
+
+            // Check Request method
+            $validRequests = array("DELETE");
+            Helper::validRequest($validRequests);
+
+            // Expected parameters
+            $expectedParameters = array("id");
+
+            // Check if all paremeters are correct
+            self::checkRequest($parameters, $expectedParameters);
+
+                // Prepare query
+                $paramOrder = "";
+                $valuesOrder = "";
+
+                if($this->checkExists('id', $parameters["parameters"]['id']) == 0) { throw new Exception("Item does not exist."); }
+
+                foreach ($parameters["parameters"] as $key => $value) { 
+
+                    // Parameters order
+                    $paramOrder = $paramOrder.",".$key; 
+                    // Values order
+                    if(is_numeric($value)) { $valuesOrder = $valuesOrder.",".$value."";  } else { $valuesOrder = $valuesOrder.",'".$value."'";}
+                }
+
+                // Remove first comma
+                $paramOrder = substr($paramOrder, 1);
+                $valuesOrder = substr($valuesOrder, 1);
+
+                // final Query
+                $addQuery = "DELETE FROM ".TABLE_PREFIX."sla ";
+                $addQuery .= "WHERE id= ".$valuesOrder;
+
+                // Send query to be executed
+                return $this->execQuery($addQuery);
+
+        }
+
+        public function checkRequest($parameters, $expectedParameters)
+        {
+
+            // Error array 
+            $errors = array();
+
+            // Check if parameters is an array
+            if(gettype($parameters["parameters"]) == 'array'){
+
+                // Check for empty fields
+                foreach ($expectedParameters as $key => $value) {
+                    if(empty($parameters["parameters"][$value])) {
+                        array_push($errors,"Empty or Incorrect fields were given.");
+                    }
+                }
+
+                // Check for unkown or unexpected fields
+                foreach ($parameters["parameters"] as $key => $value) {
+                    if (!in_array($key, $expectedParameters)) {
+                        array_push($errors,"Unexpectec fields given.");
+                    }
+                }
+
+                // If no errors, continue
+                if(count($errors) > 0){
+                    throw new Exception("Empty or Incorrect fields were given, read documentation for more info."); 
+                } 
+
+            } else {
+                throw new Exception("Parameters must be an array.");    
+            }
+
+        }
+
+        private function checkExists($field, $value)
+        {
+
+            // Connect Database
+            $Dbobj = new DBConnection(); 
+            $mysqli = $Dbobj->getDBConnect();
+
+            // Check if already exists
+            $checkExists = $mysqli->query("SELECT * FROM ".TABLE_PREFIX."sla WHERE ".TABLE_PREFIX."sla.".$field." = '".$value."'");
+            $numRows = $checkExists->num_rows;
+
+            return $numRows;
+
+        }
+
+        private function execQuery($string)
+        {
+            // Connect Database
+            $Dbobj = new DBConnection(); 
+            $mysqli = $Dbobj->getDBConnect();
+
+            // Check if already exists
+            $insertRecord = $mysqli->query($string);
+
+            if($insertRecord)
+            {
+                return "Success! Row 1 affected.";
+            } else {
+                throw new Exception("Something went wrong.");    
+            }
+        }
+
 }
 ?>
Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,9 @@ function OAuth($key)`
`30`	`30`	`if(!$this->farray["isactive"] \|\| APIKEY_RESTRICT && $this->farray["ipaddr"] != $_SERVER['REMOTE_ADDR'])`
`31`	`31`	`throw new Exception("API key not found/active or source IP not authorized");`
`32`	`32`
	`33`	`+ define('CANCREATE', $this->farray["can_create_tickets"]); // Can create`
	`34`	`+ define('CANEXECUTE', $this->farray["can_exec_cron"]); // Can execute`
	`35`	`+`
`33`	`36`	`}`
`34`	`37`
`35`	`38`	`function cancreate()`