false, 'error' => 'Missing server_id']); exit; } // Verify user is in server $stmt = db()->prepare("SELECT * FROM server_members WHERE server_id = ? AND user_id = ?"); $stmt->execute([$server_id, $user_id]); if (!$stmt->fetch()) { echo json_encode(['success' => false, 'error' => 'Access denied']); exit; } $stmt = db()->prepare("SELECT * FROM roles WHERE server_id = ? ORDER BY position DESC"); $stmt->execute([$server_id]); $roles = $stmt->fetchAll(); // Fetch members and their roles $stmt = db()->prepare(" SELECT u.id, u.username, u.avatar_url, GROUP_CONCAT(r.id) as role_ids, GROUP_CONCAT(r.name) as role_names, (SELECT r2.color FROM roles r2 JOIN user_roles ur2 ON r2.id = ur2.role_id WHERE ur2.user_id = u.id AND r2.server_id = ? ORDER BY r2.position DESC LIMIT 1) as role_color, (SELECT r2.icon_url FROM roles r2 JOIN user_roles ur2 ON r2.id = ur2.role_id WHERE ur2.user_id = u.id AND r2.server_id = ? ORDER BY r2.position DESC LIMIT 1) as role_icon FROM users u JOIN server_members sm ON u.id = sm.user_id LEFT JOIN user_roles ur ON u.id = ur.user_id LEFT JOIN roles r ON ur.role_id = r.id AND r.server_id = ? WHERE sm.server_id = ? GROUP BY u.id "); $stmt->execute([$server_id, $server_id, $server_id, $server_id]); $members = $stmt->fetchAll(); echo json_encode([ 'success' => true, 'roles' => $roles, 'members' => $members, 'permissions_list' => [ ['value' => 1, 'name' => 'View Channels'], ['value' => 2, 'name' => 'Send Messages'], ['value' => 4, 'name' => 'Manage Messages'], ['value' => 8, 'name' => 'Manage Channels'], ['value' => 16, 'name' => 'Manage Server'], ['value' => 32, 'name' => 'Administrator'] ] ]); exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $action = $data['action'] ?? ''; $server_id = $data['server_id'] ?? 0; // Permissions check: Owner or MANAGE_SERVER $stmt = db()->prepare("SELECT owner_id FROM servers WHERE id = ?"); $stmt->execute([$server_id]); $server = $stmt->fetch(); $is_owner = ($server && $server['owner_id'] == $user_id); $can_manage = Permissions::hasPermission($user_id, $server_id, Permissions::MANAGE_SERVER) || Permissions::hasPermission($user_id, $server_id, Permissions::ADMINISTRATOR); if (!$is_owner && !$can_manage) { echo json_encode(['success' => false, 'error' => 'Unauthorized']); exit; } if ($action === 'create') { $name = $data['name'] ?? 'New Role'; $color = $data['color'] ?? '#99aab5'; $perms = $data['permissions'] ?? 0; $stmt = db()->prepare("INSERT INTO roles (server_id, name, color, permissions) VALUES (?, ?, ?, ?)"); $stmt->execute([$server_id, $name, $color, $perms]); echo json_encode(['success' => true, 'role_id' => db()->lastInsertId()]); } elseif ($action === 'update') { $role_id = $data['id'] ?? 0; $name = $data['name'] ?? ''; $color = $data['color'] ?? ''; $icon_url = $data['icon_url'] ?? null; $perms = $data['permissions'] ?? 0; $stmt = db()->prepare("UPDATE roles SET name = ?, color = ?, icon_url = ?, permissions = ? WHERE id = ? AND server_id = ?"); $stmt->execute([$name, $color, $icon_url, $perms, $role_id, $server_id]); echo json_encode(['success' => true]); } elseif ($action === 'delete') { $role_id = $data['id'] ?? 0; $stmt = db()->prepare("DELETE FROM roles WHERE id = ? AND server_id = ?"); $stmt->execute([$role_id, $server_id]); echo json_encode(['success' => true]); } elseif ($action === 'assign') { $target_user_id = $data['user_id'] ?? 0; $role_id = $data['role_id'] ?? 0; // Verify role belongs to server $stmt = db()->prepare("SELECT id FROM roles WHERE id = ? AND server_id = ?"); $stmt->execute([$role_id, $server_id]); if (!$stmt->fetch()) { echo json_encode(['success' => false, 'error' => 'Invalid role']); exit; } $stmt = db()->prepare("INSERT IGNORE INTO user_roles (user_id, role_id) VALUES (?, ?)"); $stmt->execute([$target_user_id, $role_id]); echo json_encode(['success' => true]); } elseif ($action === 'unassign') { $target_user_id = $data['user_id'] ?? 0; $role_id = $data['role_id'] ?? 0; $stmt = db()->prepare("DELETE ur FROM user_roles ur JOIN roles r ON ur.role_id = r.id WHERE ur.user_id = ? AND ur.role_id = ? AND r.server_id = ?"); $stmt->execute([$target_user_id, $role_id, $server_id]); echo json_encode(['success' => true]); } elseif ($action === 'reorder') { $orders = $data['orders'] ?? []; foreach ($orders as $order) { $stmt = db()->prepare("UPDATE roles SET position = ? WHERE id = ? AND server_id = ?"); $stmt->execute([$order['position'], $order['id'], $server_id]); } echo json_encode(['success' => true]); } elseif ($action === 'set_user_roles') { $target_user_id = $data['user_id'] ?? 0; $role_ids = $data['role_ids'] ?? []; // Begin transaction $db = db(); $db->beginTransaction(); try { // Remove all existing roles for this user in this server $stmt = $db->prepare("DELETE ur FROM user_roles ur JOIN roles r ON ur.role_id = r.id WHERE ur.user_id = ? AND r.server_id = ?"); $stmt->execute([$target_user_id, $server_id]); // Add new roles if (!empty($role_ids)) { $stmt = $db->prepare("INSERT INTO user_roles (user_id, role_id) VALUES (?, ?)"); foreach ($role_ids as $rid) { // Verify role belongs to server $check = $db->prepare("SELECT id FROM roles WHERE id = ? AND server_id = ?"); $check->execute([$rid, $server_id]); if ($check->fetch()) { $stmt->execute([$target_user_id, $rid]); } } } $db->commit(); echo json_encode(['success' => true]); } catch (Exception $e) { $db->rollBack(); echo json_encode(['success' => false, 'error' => $e->getMessage()]); } } exit; }