161 lines
6.6 KiB
PHP
161 lines
6.6 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../db/config.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
function sendJsonResponse($data, $statusCode = 200) {
|
|
http_response_code($statusCode);
|
|
echo json_encode($data);
|
|
exit();
|
|
}
|
|
|
|
// Basic API Key check (for demonstration purposes)
|
|
// In a real application, use a more robust authentication mechanism (e.g., OAuth2, JWT)
|
|
function checkApiKey() {
|
|
$headers = getallheaders();
|
|
$apiKey = $headers['X-Api-Key'] ?? '';
|
|
|
|
// Replace 'YOUR_SECRET_API_KEY' with a strong, secret API key
|
|
// This should ideally be stored in an environment variable or secure configuration
|
|
if ($apiKey !== 'YOUR_SECRET_API_KEY') {
|
|
sendJsonResponse(['error' => 'Unauthorized', 'message' => 'Invalid API Key.'], 401);
|
|
}
|
|
}
|
|
|
|
checkApiKey();
|
|
|
|
$pdo = db();
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
switch ($method) {
|
|
case 'GET':
|
|
if (isset($_GET['id'])) {
|
|
// Get single project
|
|
$id = $_GET['id'];
|
|
try {
|
|
$stmt = $pdo->prepare("SELECT p.*, c.name as company_name FROM projects p JOIN companies c ON p.company_id = c.id WHERE p.id = :id");
|
|
$stmt->execute(['id' => $id]);
|
|
$project = $stmt->fetch();
|
|
if ($project) {
|
|
sendJsonResponse($project);
|
|
} else {
|
|
sendJsonResponse(['error' => 'Not Found', 'message' => 'Project not found.'], 404);
|
|
}
|
|
} catch (PDOException $e) {
|
|
sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
|
|
}
|
|
} else if (isset($_GET['company_id'])) {
|
|
// Get projects by company
|
|
$company_id = $_GET['company_id'];
|
|
try {
|
|
$stmt = $pdo->prepare("SELECT p.*, c.name as company_name FROM projects p JOIN companies c ON p.company_id = c.id WHERE p.company_id = :company_id ORDER BY p.name");
|
|
$stmt->execute(['company_id' => $company_id]);
|
|
$projects = $stmt->fetchAll();
|
|
sendJsonResponse($projects);
|
|
} catch (PDOException $e) {
|
|
sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
|
|
}
|
|
}
|
|
else {
|
|
// Get all projects
|
|
try {
|
|
$stmt = $pdo->query("SELECT p.*, c.name as company_name FROM projects p JOIN companies c ON p.company_id = c.id ORDER BY p.name");
|
|
$projects = $stmt->fetchAll();
|
|
sendJsonResponse($projects);
|
|
} catch (PDOException $e) {
|
|
sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
|
|
}
|
|
}
|
|
break;
|
|
|
|
case 'POST':
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
if (!$data || empty($data['company_id']) || empty($data['name'])) {
|
|
sendJsonResponse(['error' => 'Bad Request', 'message' => 'Company ID and Project Name are required.'], 400);
|
|
}
|
|
|
|
$company_id = $data['company_id'];
|
|
$name = $data['name'];
|
|
$description = $data['description'] ?? null;
|
|
$status = $data['status'] ?? 'active';
|
|
$start_date = $data['start_date'] ?? null;
|
|
$end_date = $data['end_date'] ?? null;
|
|
|
|
try {
|
|
$stmt = $pdo->prepare("INSERT INTO projects (company_id, name, description, status, start_date, end_date) VALUES (:company_id, :name, :description, :status, :start_date, :end_date)");
|
|
$stmt->execute([
|
|
'company_id' => $company_id,
|
|
'name' => $name,
|
|
'description' => $description,
|
|
'status' => $status,
|
|
'start_date' => $start_date,
|
|
'end_date' => $end_date
|
|
]);
|
|
sendJsonResponse(['message' => 'Project created successfully', 'id' => $pdo->lastInsertId()], 201);
|
|
} catch (PDOException $e) {
|
|
sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
|
|
}
|
|
break;
|
|
|
|
case 'PUT':
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
if (!isset($_GET['id'])) {
|
|
sendJsonResponse(['error' => 'Bad Request', 'message' => 'Project ID is required for update.'], 400);
|
|
}
|
|
if (!$data || empty($data['company_id']) || empty($data['name'])) {
|
|
sendJsonResponse(['error' => 'Bad Request', 'message' => 'Company ID and Project Name are required.'], 400);
|
|
}
|
|
|
|
$id = $_GET['id'];
|
|
$company_id = $data['company_id'];
|
|
$name = $data['name'];
|
|
$description = $data['description'] ?? null;
|
|
$status = $data['status'] ?? 'active';
|
|
$start_date = $data['start_date'] ?? null;
|
|
$end_date = $data['end_date'] ?? null;
|
|
|
|
try {
|
|
$stmt = $pdo->prepare("UPDATE projects SET company_id = :company_id, name = :name, description = :description, status = :status, start_date = :start_date, end_date = :end_date WHERE id = :id");
|
|
$stmt->execute([
|
|
'company_id' => $company_id,
|
|
'name' => $name,
|
|
'description' => $description,
|
|
'status' => $status,
|
|
'start_date' => $start_date,
|
|
'end_date' => $end_date,
|
|
'id' => $id
|
|
]);
|
|
if ($stmt->rowCount() > 0) {
|
|
sendJsonResponse(['message' => 'Project updated successfully.']);
|
|
} else {
|
|
sendJsonResponse(['error' => 'Not Found', 'message' => 'Project not found or no changes made.'], 404);
|
|
}
|
|
} catch (PDOException $e) {
|
|
sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
|
|
}
|
|
break;
|
|
|
|
case 'DELETE':
|
|
if (!isset($_GET['id'])) {
|
|
sendJsonResponse(['error' => 'Bad Request', 'message' => 'Project ID is required for deletion.'], 400);
|
|
}
|
|
$id = $_GET['id'];
|
|
|
|
try {
|
|
$stmt = $pdo->prepare("DELETE FROM projects WHERE id = :id");
|
|
$stmt->execute(['id' => $id]);
|
|
if ($stmt->rowCount() > 0) {
|
|
sendJsonResponse(['message' => 'Project deleted successfully.']);
|
|
} else {
|
|
sendJsonResponse(['error' => 'Not Found', 'message' => 'Project not found.'], 404);
|
|
}
|
|
} catch (PDOException $e) {
|
|
sendJsonResponse(['error' => 'Database Error', 'message' => $e->getMessage()], 500);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
sendJsonResponse(['error' => 'Method Not Allowed', 'message' => '' . $method . ' method is not supported.'], 405);
|
|
break;
|
|
}
|