87 lines
3.2 KiB
PHP
87 lines
3.2 KiB
PHP
<?php
|
|
require_once 'auth/session.php';
|
|
requireLogin();
|
|
|
|
$user_id = $_SESSION['user_id'];
|
|
$data = json_decode(file_get_contents('php://input'), true) ?? $_POST;
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
|
$server_id = $_GET['server_id'] ?? 0;
|
|
$stmt = db()->prepare("SELECT * FROM roles WHERE server_id = ? ORDER BY position DESC");
|
|
$stmt->execute([$server_id]);
|
|
echo json_encode(['success' => true, 'roles' => $stmt->fetchAll()]);
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$server_id = $data['server_id'] ?? 0;
|
|
$action = $data['action'] ?? 'create';
|
|
|
|
// Check if user is owner of server
|
|
$stmt = db()->prepare("SELECT owner_id FROM servers WHERE id = ?");
|
|
$stmt->execute([$server_id]);
|
|
$server = $stmt->fetch();
|
|
if (!$server || $server['owner_id'] != $user_id) {
|
|
echo json_encode(['success' => false, 'error' => 'Unauthorized']);
|
|
exit;
|
|
}
|
|
|
|
if ($action === 'create') {
|
|
$name = $data['name'] ?? 'New Role';
|
|
$color = $data['color'] ?? '#99aab5';
|
|
$stmt = db()->prepare("INSERT INTO roles (server_id, name, color) VALUES (?, ?, ?)");
|
|
$stmt->execute([$server_id, $name, $color]);
|
|
echo json_encode(['success' => true, 'role_id' => db()->lastInsertId()]);
|
|
} elseif ($action === 'assign') {
|
|
$target_user_id = $data['user_id'] ?? 0;
|
|
$role_id = $data['role_id'] ?? 0;
|
|
$stmt = db()->prepare("INSERT IGNORE INTO user_roles (user_id, role_id) VALUES (?, ?)");
|
|
$stmt->execute([$target_user_id, $role_id]);
|
|
echo json_encode(['success' => true]);
|
|
} elseif ($action === 'unassign') {
|
|
$target_user_id = $data['user_id'] ?? 0;
|
|
$role_id = $data['role_id'] ?? 0;
|
|
$stmt = db()->prepare("DELETE FROM user_roles WHERE user_id = ? AND role_id = ?");
|
|
$stmt->execute([$target_user_id, $role_id]);
|
|
echo json_encode(['success' => true]);
|
|
}
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
|
|
$role_id = $data['id'] ?? 0;
|
|
$name = $data['name'] ?? '';
|
|
$color = $data['color'] ?? '';
|
|
$permissions = $data['permissions'] ?? null;
|
|
|
|
// Check server ownership via role
|
|
$stmt = db()->prepare("SELECT s.owner_id FROM servers s JOIN roles r ON s.id = r.server_id WHERE r.id = ?");
|
|
$stmt->execute([$role_id]);
|
|
$server = $stmt->fetch();
|
|
|
|
if ($server && $server['owner_id'] == $user_id) {
|
|
$stmt = db()->prepare("UPDATE roles SET name = ?, color = ?, permissions = ? WHERE id = ?");
|
|
$stmt->execute([$name, $color, $permissions, $role_id]);
|
|
echo json_encode(['success' => true]);
|
|
} else {
|
|
echo json_encode(['success' => false, 'error' => 'Unauthorized']);
|
|
}
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
|
|
$role_id = $data['id'] ?? 0;
|
|
$stmt = db()->prepare("SELECT s.owner_id FROM servers s JOIN roles r ON s.id = r.server_id WHERE r.id = ?");
|
|
$stmt->execute([$role_id]);
|
|
$server = $stmt->fetch();
|
|
|
|
if ($server && $server['owner_id'] == $user_id) {
|
|
$stmt = db()->prepare("DELETE FROM roles WHERE id = ?");
|
|
$stmt->execute([$role_id]);
|
|
echo json_encode(['success' => true]);
|
|
} else {
|
|
echo json_encode(['success' => false, 'error' => 'Unauthorized']);
|
|
}
|
|
exit;
|
|
}
|