Add create asset functionality to API

2026-02-28 10:54:52 +00:00 · 2022-02-27 16:09:21 +00:00
parent 90f62cecaa
commit 4b077cf6e0
5 changed files with 172 additions and 68 deletions
--- a/api/v1/assets/create.php
+++ b/api/v1/assets/create.php
@@ -0,0 +1,55 @@
+<?php
+require('../validate_api_key.php');
+
+if($_SERVER['REQUEST_METHOD'] !== "POST"){
+  header("HTTP/1.1 405 Method Not Allowed");
+  $return_arr['success'] = "False";
+  $return_arr['message'] = "Can only send POST requests to this endpoint.";
+  echo json_encode($return_arr);
+  exit();
+}
+
+// Parse info
+$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
+$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
+$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
+$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
+$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
+$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
+$ip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
+$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
+$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
+if(empty($purchase_date)){
+  $purchase_date = "0000-00-00";
+}
+$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
+if(empty($warranty_expire)){
+  $warranty_expire = "0000-00-00";
+}
+$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['install_date'])));
+if(empty($install_date)){
+  $install_date = "0000-00-00";
+}
+$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
+$meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
+$location = intval($_POST['location']);
+$vendor = intval($_POST['vendor']);
+$contact = intval($_POST['contact']);
+$network = intval($_POST['network']);
+$client_id = intval(json_decode($_POST['client_id']));
+
+if(!empty($name)){
+  // Insert into Database
+  $insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
+  if($insert_sql){
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API', log_created_at = NOW(), company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API', log_created_at = NOW(), company_id = $company_id");
+  }
+}
+else{
+  $insert_sql = FALSE;
+}
+
+// Output
+include('../create_output.php');