public function __invoke(Request $request, Response $response, $next) { $parser = new RequestParser($request); $data = $parser->getData(); $session_key = $username = $password = null; if (!empty($data['session_key'])) { $session_key = $data['session_key']; } if (!empty($data['username'])) { $username = $data['username']; } if (!empty($data['password'])) { $password = $data['password']; } if (!is_null($session_key)) { $session = SessionRepository::getSessionByKey($session_key); if (is_null($session)) { $new_response = $response->withStatus(401); $new_response->getBody()->write("Unauthorized: Invalid session key"); return $new_response; } $request->session = $session; $response = $next($request, $response); return $response; } if (is_null($username) || is_null($password)) { $new_response = $response->withStatus(401); $new_response->getBody()->write("Unauthorized: Must supply (session_key) or (username and password)"); return $new_response; } $user = UserRepository::getUserByUsernameAndPassword($username, $password); if (is_null($user)) { $new_response = $response->withStatus(401); $new_response->getBody()->write("Unauthorized: Invalid credentials"); return $new_response; } $session = new Session(); $session->setUser($user); $response = $next($request, $response); return $response; }
$app->post("/role/save", $save_role); $get_role_privileges = function (Request $request, Response $response) { $parser = new RequestParser($request); $data = $parser->getData(); if (empty($data['role_id'])) { /* $new_response = $response->withStatus( 400 ); $new_response->getBody()->write( "Must supply role id" ); return $new_response; */ $privileges = UserRepository::getAllPrivileges(); } else { $privileges = UserRepository::getPrivilegesForRoleId($data['role_id']); } $response->getBody()->write(json_encode($privileges)); return $privileges; }; $app->get("/role/privileges", $get_role_privileges); $save_role_privileges = function (Request $request, Response $response) { $parser = new RequestParser($request); $data = $parser->getData(); if (empty($data['role_id']) || empty($data['privilege_ids'])) { $new_response = $response->withStatus(400); $new_response->getBody()->write("Must supply role_id and privilege_ids"); return $new_response; } $count = UserRepository::saveRolePrivilegeRelationships($data['role_id'], $data['privilege_ids']); $response->getBody()->write("Saved {$count} relationships"); return $response; }; $app->post("/role/privileges", $save_role_privileges);