Add asset API delete endpoint

2022-05-01 10:30:04 +01:00 · 2022-05-01 10:30:04 +01:00 · 69c1fc6cae
parent eee7c0b204
commit 69c1fc6cae
3 changed files with 51 additions and 1 deletions
--- a/api/v1/assets/delete.php
+++ b/api/v1/assets/delete.php
@ -0,0 +1,28 @@
+<?php
+require('../validate_api_key.php');
+
+require('../require_post_method.php');
+
+// Parse ID
+$asset_id = intval($_POST['asset_id']);
+
+// Default
+$delete_count = FALSE;
+
+if(!empty($asset_id)){
+  $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
+  $asset_name = $row['asset_name'];
+
+  $delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
+
+  // Check delete & get affected rows
+  if($delete_sql && !empty($asset_name)){
+    $delete_count = mysqli_affected_rows($mysqli);
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
+  }
+}
+
+// Output
+include('../delete_output.php');
--- a/api/v1/delete_output.php
+++ b/api/v1/delete_output.php
@ -0,0 +1,23 @@
+<?php
+
+/*
+ * API - delete_output.php
+ * Included on calls to delete.php endpoints
+ * Returns success/failure messages
+ */
+
+// Check if delete query was successful
+if(isset($delete_count) && is_numeric($delete_count) && $delete_count > 0){
+  // Insert successful
+  $return_arr['success'] = "True";
+  $return_arr['count'] = $delete_count;
+}
+
+// Query returned false: something went wrong, or it was declined due to required variables missing
+else{
+  $return_arr['success'] = "False";
+  $return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";
+}
+
+echo json_encode($return_arr);
+exit();
--- a/api/v1/require_post_method.php
+++ b/api/v1/require_post_method.php
@ -10,6 +10,5 @@ if($_SERVER['REQUEST_METHOD'] !== "POST"){
 // Client ID must be specific for INSERT/UPDATE/DELETE queries
 // If this API key allows any client, set $client_id to the one specified, else leave it
 if($client_id == 0){
-  //
  $client_id = intval($_POST['client_id']);
 }