Jared Vititoe
d2a8c73e2c
- Add CacheHelper for file-based caching with TTL support - Add Database helper for centralized connection management - Update WorkflowModel to cache status transitions (10 min TTL) - Update UserPreferencesModel to cache user prefs (5 min TTL) - Update manage_workflows.php to clear cache on changes - Update get_users.php to use Database helper (example migration) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
158 lines
5.4 KiB
PHP
158 lines
5.4 KiB
PHP
<?php
|
|
/**
|
|
* Workflow/Status Transitions Management API
|
|
* CRUD operations for status_transitions table
|
|
*/
|
|
|
|
ini_set('display_errors', 0);
|
|
error_reporting(E_ALL);
|
|
|
|
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
|
|
require_once dirname(__DIR__) . '/models/WorkflowModel.php';
|
|
RateLimitMiddleware::apply('api');
|
|
|
|
try {
|
|
require_once dirname(__DIR__) . '/config/config.php';
|
|
|
|
// Check authentication
|
|
session_start();
|
|
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
|
|
http_response_code(401);
|
|
echo json_encode(['success' => false, 'error' => 'Authentication required']);
|
|
exit;
|
|
}
|
|
|
|
// Check admin privileges
|
|
if (!$_SESSION['user']['is_admin']) {
|
|
http_response_code(403);
|
|
echo json_encode(['success' => false, 'error' => 'Admin privileges required']);
|
|
exit;
|
|
}
|
|
|
|
// CSRF Protection for write operations
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
|
|
require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
|
|
$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
|
|
if (!CsrfMiddleware::validateToken($csrfToken)) {
|
|
http_response_code(403);
|
|
echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
$conn = new mysqli(
|
|
$GLOBALS['config']['DB_HOST'],
|
|
$GLOBALS['config']['DB_USER'],
|
|
$GLOBALS['config']['DB_PASS'],
|
|
$GLOBALS['config']['DB_NAME']
|
|
);
|
|
|
|
if ($conn->connect_error) {
|
|
throw new Exception("Database connection failed");
|
|
}
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
|
|
|
|
switch ($method) {
|
|
case 'GET':
|
|
if ($id) {
|
|
// Get single transition
|
|
$stmt = $conn->prepare("SELECT * FROM status_transitions WHERE transition_id = ?");
|
|
$stmt->bind_param('i', $id);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
$transition = $result->fetch_assoc();
|
|
$stmt->close();
|
|
echo json_encode(['success' => true, 'transition' => $transition]);
|
|
} else {
|
|
// Get all transitions
|
|
$result = $conn->query("SELECT * FROM status_transitions ORDER BY from_status, to_status");
|
|
$transitions = [];
|
|
while ($row = $result->fetch_assoc()) {
|
|
$transitions[] = $row;
|
|
}
|
|
echo json_encode(['success' => true, 'transitions' => $transitions]);
|
|
}
|
|
break;
|
|
|
|
case 'POST':
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
$stmt = $conn->prepare("INSERT INTO status_transitions (from_status, to_status, requires_comment, requires_admin, is_active)
|
|
VALUES (?, ?, ?, ?, ?)");
|
|
$stmt->bind_param('ssiii',
|
|
$data['from_status'],
|
|
$data['to_status'],
|
|
$data['requires_comment'] ?? 0,
|
|
$data['requires_admin'] ?? 0,
|
|
$data['is_active'] ?? 1
|
|
);
|
|
|
|
if ($stmt->execute()) {
|
|
WorkflowModel::clearCache(); // Clear workflow cache
|
|
echo json_encode(['success' => true, 'transition_id' => $conn->insert_id]);
|
|
} else {
|
|
echo json_encode(['success' => false, 'error' => $stmt->error]);
|
|
}
|
|
$stmt->close();
|
|
break;
|
|
|
|
case 'PUT':
|
|
if (!$id) {
|
|
echo json_encode(['success' => false, 'error' => 'ID required']);
|
|
exit;
|
|
}
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
$stmt = $conn->prepare("UPDATE status_transitions SET
|
|
from_status = ?, to_status = ?, requires_comment = ?, requires_admin = ?, is_active = ?
|
|
WHERE transition_id = ?");
|
|
$stmt->bind_param('ssiiii',
|
|
$data['from_status'],
|
|
$data['to_status'],
|
|
$data['requires_comment'] ?? 0,
|
|
$data['requires_admin'] ?? 0,
|
|
$data['is_active'] ?? 1,
|
|
$id
|
|
);
|
|
|
|
$success = $stmt->execute();
|
|
if ($success) {
|
|
WorkflowModel::clearCache(); // Clear workflow cache
|
|
}
|
|
echo json_encode(['success' => $success]);
|
|
$stmt->close();
|
|
break;
|
|
|
|
case 'DELETE':
|
|
if (!$id) {
|
|
echo json_encode(['success' => false, 'error' => 'ID required']);
|
|
exit;
|
|
}
|
|
|
|
$stmt = $conn->prepare("DELETE FROM status_transitions WHERE transition_id = ?");
|
|
$stmt->bind_param('i', $id);
|
|
$success = $stmt->execute();
|
|
if ($success) {
|
|
WorkflowModel::clearCache(); // Clear workflow cache
|
|
}
|
|
echo json_encode(['success' => $success]);
|
|
$stmt->close();
|
|
break;
|
|
|
|
default:
|
|
http_response_code(405);
|
|
echo json_encode(['success' => false, 'error' => 'Method not allowed']);
|
|
}
|
|
|
|
$conn->close();
|
|
|
|
} catch (Exception $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'error' => $e->getMessage()]);
|
|
}
|