public function __invoke(Request $request, Response $response, $next)
{
$parser = new RequestParser($request);
$data = $parser->getData();
$session_key = $username = $password = null;
if (!empty($data['session_key'])) {
$session_key = $data['session_key'];
}
if (!empty($data['username'])) {
$username = $data['username'];
}
if (!empty($data['password'])) {
$password = $data['password'];
}
if (!is_null($session_key)) {
$session = SessionRepository::getSessionByKey($session_key);
if (is_null($session)) {
$new_response = $response->withStatus(401);
$new_response->getBody()->write("Unauthorized: Invalid session key");
return $new_response;
}
$request->session = $session;
$response = $next($request, $response);
return $response;
}
if (is_null($username) || is_null($password)) {
$new_response = $response->withStatus(401);
$new_response->getBody()->write("Unauthorized: Must supply (session_key) or (username and password)");
return $new_response;
}
$user = UserRepository::getUserByUsernameAndPassword($username, $password);
if (is_null($user)) {
$new_response = $response->withStatus(401);
$new_response->getBody()->write("Unauthorized: Invalid credentials");
return $new_response;
}
$session = new Session();
$session->setUser($user);
$response = $next($request, $response);
return $response;
}
$app->post("/role/save", $save_role);
$get_role_privileges = function (Request $request, Response $response) {
$parser = new RequestParser($request);
$data = $parser->getData();
if (empty($data['role_id'])) {
/*
$new_response = $response->withStatus( 400 );
$new_response->getBody()->write( "Must supply role id" );
return $new_response;
*/
$privileges = UserRepository::getAllPrivileges();
} else {
$privileges = UserRepository::getPrivilegesForRoleId($data['role_id']);
}
$response->getBody()->write(json_encode($privileges));
return $privileges;
};
$app->get("/role/privileges", $get_role_privileges);
$save_role_privileges = function (Request $request, Response $response) {
$parser = new RequestParser($request);
$data = $parser->getData();
if (empty($data['role_id']) || empty($data['privilege_ids'])) {
$new_response = $response->withStatus(400);
$new_response->getBody()->write("Must supply role_id and privilege_ids");
return $new_response;
}
$count = UserRepository::saveRolePrivilegeRelationships($data['role_id'], $data['privilege_ids']);
$response->getBody()->write("Saved {$count} relationships");
return $response;
};
$app->post("/role/privileges", $save_role_privileges);
