API - Documents

- Add create and update methods
itflow-org · Nov 5, 2023 · 573eaf1 · 573eaf1
1 parent a31c012
commit 573eaf1
Show file tree

Hide file tree

Showing 4 changed files with 142 additions and 2 deletions.
diff --git a/api/v1/documents/create.php b/api/v1/documents/create.php
@@ -0,0 +1,34 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse info
+require_once 'document_model.php';
+
+// Default
+$insert_id = false;
+
+if (!empty($name) && !(empty($content))) {
+
+    // Create document
+    $insert_sql = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 0, document_folder_id = $folder, document_created_by = 0, document_client_id = $client_id");
+
+    // Check insert & get insert ID
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Update field document_parent to be the same id as document ID as this is the only version of the document.
+        mysqli_query($mysqli,"UPDATE documents SET document_parent = $insert_id WHERE document_id = $insert_id");
+
+        //Logging
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Document', log_action = 'Create', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created document $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
+    }
+
+}
+
+
+// Output
+require_once '../create_output.php';
diff --git a/api/v1/documents/document_model.php b/api/v1/documents/document_model.php
@@ -0,0 +1,43 @@
+<?php
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['document_name'])) {
+    $name = sanitizeInput($_POST['document_name']);
+} elseif (isset($document_row) && isset($document_row['document_name'])) {
+    $name = $document_row['document_name'];
+} else {
+    $name = '';
+}
+
+if (isset($_POST['document_description'])) {
+    $description = sanitizeInput($_POST['document_description']);
+} elseif (isset($document_row) && isset($document_row['document_description'])) {
+    $description = $document_row['document_description'];
+} else {
+    $description = '';
+}
+
+if (isset($_POST['document_content'])) {
+    $content = mysqli_real_escape_string($mysqli, $_POST['document_content']);
+} elseif (isset($document_row) && isset($document_row['document_content'])) {
+    $content = $document_row['document_content'];
+} else {
+    $content = '';
+}
+
+// Raw content (used for FULL INDEX searching)
+if (isset($_POST['document_content'])) {
+    $content_raw = sanitizeInput($_POST['document_name'] . $_POST['document_description'] . " " . str_replace("<", " <", $_POST['document_content']));
+} elseif (isset($document_row) && isset($document_row['document_content_raw'])) {
+    $content_raw = $document_row['document_content_raw'];
+} else {
+    $content_raw = '';
+}
+
+if (isset($_POST['document_folder_id'])) {
+    $folder = intval($_POST['document_content']);
+} elseif (isset($document_row) && isset($document_row['document_folder_id'])) {
+    $folder = intval($document_row['document_folder_id']);
+} else {
+    $folder = 0;
+}
diff --git a/api/v1/documents/read.php b/api/v1/documents/read.php
@@ -7,13 +7,15 @@
 
 if (isset($_GET['document_id'])) {
     // Document via ID (single)
-
     $id = intval($_GET['document_id']);
     $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id'");
 
+} elseif (isset($_GET['client_id'])) {
+    // Documents via client ID (multiple)
+    $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' AND document_archived_at IS NULL");
+
 } else {
     // All documents
-
     $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
 }
 

diff --git a/api/v1/documents/update.php b/api/v1/documents/update.php
@@ -0,0 +1,61 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$document_id = intval($_POST['document_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($document_id)) {
+
+    $document_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$document_id' AND document_client_id = $client_id LIMIT 1"));
+
+    // Variable assignment from POST - assigning the current database value if a value is not provided
+    require_once 'document_model.php';
+
+    // Documents are a little weird as we update them by *inserting* a new document row
+    $update_insert_sql = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 0, document_folder_id = $folder, document_created_by = 0, document_client_id = $client_id");
+
+    // Check insert & get insert ID
+    if ($update_insert_sql) {
+        $insert_id = $new_document_id = mysqli_insert_id($mysqli);
+
+        // Update the parent ID of the new document to match its new document ID
+        mysqli_query($mysqli,"UPDATE documents SET document_parent = $new_document_id WHERE document_id = $new_document_id");
+
+        // Link all existing links with old document with new document
+        mysqli_query($mysqli,"UPDATE documents SET document_parent = $new_document_id, document_archived_at = NOW() WHERE document_parent = $document_id");
+
+        // Update Links to the new parent document:-
+        // Document files
+        mysqli_query($mysqli,"UPDATE document_files SET document_id = $new_document_id WHERE document_id = $document_id");
+
+        // Contact documents
+        mysqli_query($mysqli,"UPDATE contact_documents SET document_id = $new_document_id WHERE document_id = $document_id");
+
+        // Asset documents
+        mysqli_query($mysqli,"UPDATE asset_documents SET document_id = $new_document_id WHERE document_id = $document_id");
+
+        // Software documents
+        mysqli_query($mysqli,"UPDATE software_documents SET document_id = $new_document_id WHERE document_id = $document_id");
+
+        // Vendor documents
+        mysqli_query($mysqli,"UPDATE vendor_documents SET document_id = $new_document_id WHERE document_id = $document_id");
+
+        //Logging
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Document', log_action = 'Modify', log_description = '$name via API ($api_key_name) previous version was kept', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Edited document $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
+
+        // Override update count to 1 for API to report a success (as we inserted a document, not "updated" an existing row)
+        $update_count = 1;
+    }
+
+}
+
+
+// Output
+require_once '../update_output.php';