mirror of https://github.com/itflow-org/itflow
API Tidy
- Remove old client ID queries, these are now built into the API keys. If a key has access to all clients, a client ID can be provided in the query. - Small fixes to assets URI lookup - Add read endpoint for vendors
This commit is contained in:
wrongecho
parent
2e202df3ff
commit
f3e9c9c867
|
|
@ -12,42 +12,36 @@ if (isset($_GET['asset_id'])) {
|
|||
|
||||
} elseif (isset($_GET['asset_type'])) {
|
||||
// Asset query via type
|
||||
|
||||
$type = mysqli_real_escape_string($mysqli, ucfirst($_GET['asset_type']));
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['asset_name'])) {
|
||||
// Asset query via name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['asset_serial'])) {
|
||||
// Asset query via serial
|
||||
|
||||
$serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Asset query via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['asset_mac'])) {
|
||||
// Asset query via mac
|
||||
|
||||
$mac = mysqli_real_escape_string($mysqli, $_GET['asset_mac']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 WHERE interface_mac = '$mac' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['asset_uri'])) {
|
||||
// Asset query via mac
|
||||
|
||||
$mac = mysqli_real_escape_string($mysqli, $_GET['asset_uri']);
|
||||
// Asset query via uri
|
||||
$uri = mysqli_real_escape_string($mysqli, $_GET['asset_uri']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_uri = '$uri' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
}
|
||||
// All assets
|
||||
else {
|
||||
} elseif (isset($_GET['asset_uri_2'])) {
|
||||
// Asset query via uri2
|
||||
$uri2 = mysqli_real_escape_string($mysqli, $_GET['asset_uri']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_uri_2 = '$uri2' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
}else {
|
||||
// All assets (by client ID or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 WHERE asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -12,18 +12,11 @@ if (isset($_GET['certificate_id'])) {
|
|||
|
||||
} elseif (isset($_GET['certificate_name'])) {
|
||||
// Certificate by name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Certificate via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} else {
|
||||
// All certificates
|
||||
|
||||
// All certificates (by client ID or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -4,21 +4,13 @@ require_once '../validate_api_key.php';
|
|||
|
||||
require_once '../require_get_method.php';
|
||||
|
||||
|
||||
// Specific client via ID (single)
|
||||
if (isset($_GET['client_id'])) {
|
||||
$id = intval($_GET['client_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id'");
|
||||
|
||||
} elseif (isset($_GET['client_name'])) {
|
||||
// Specific client via name (single)
|
||||
|
||||
// Specific client via name (single)
|
||||
if (isset($_GET['client_name'])) {
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['client_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id'");
|
||||
|
||||
} else {
|
||||
// All clients
|
||||
|
||||
// All clients (by client ID if given, or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -12,19 +12,16 @@ if (isset($_GET['contact_id'])) {
|
|||
|
||||
} elseif (isset($_GET['contact_email'])) {
|
||||
// Specific contact via email (single)
|
||||
|
||||
$email = mysqli_real_escape_string($mysqli, $_GET['contact_email']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id'");
|
||||
|
||||
} elseif (isset($_GET['contact_phone_or_mobile'])) {
|
||||
// Specific contact via phone number or mobile (single)
|
||||
|
||||
$phone_or_mob = mysqli_real_escape_string($mysqli, $_GET['contact_phone_or_mobile']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_mobile = '$phone_or_mob' OR contact_phone = '$phone_or_mob' AND contact_client_id LIKE '$client_id' LIMIT 1");
|
||||
|
||||
} else {
|
||||
// All contacts
|
||||
|
||||
// All contacts (by client ID, or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -10,12 +10,8 @@ if (isset($_GET['document_id'])) {
|
|||
$id = intval($_GET['document_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id'");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Documents via client ID (multiple)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' AND document_archived_at IS NULL");
|
||||
|
||||
} else {
|
||||
// All documents
|
||||
// All documents (by client ID if given, or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -12,18 +12,11 @@ if (isset($_GET['domain_id'])) {
|
|||
|
||||
} elseif (isset($_GET['domain_name'])) {
|
||||
// Domain by name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Domain via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} else {
|
||||
// All domains
|
||||
|
||||
// All domains (by client ID or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,13 +7,11 @@ require_once '../require_get_method.php';
|
|||
|
||||
if (isset($_GET['invoice_id'])) {
|
||||
// Invoice via ID (single)
|
||||
|
||||
$id = intval($_GET['invoice_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id'");
|
||||
|
||||
} else {
|
||||
// All invoices
|
||||
|
||||
// All invoices (by client ID if given, or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,13 +7,11 @@ require_once '../require_get_method.php';
|
|||
|
||||
if (isset($_GET['location_id'])) {
|
||||
// Location via ID (single)
|
||||
|
||||
$id = intval($_GET['location_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_id = '$id' AND location_client_id LIKE '$client_id'");
|
||||
|
||||
} else {
|
||||
// All locations
|
||||
|
||||
// All locations (by client ID if given, or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id LIKE '$client_id' ORDER BY location_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -12,18 +12,11 @@ if (isset($_GET['network_id'])) {
|
|||
|
||||
} elseif (isset($_GET['network_name'])) {
|
||||
// Network by name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Network via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} else {
|
||||
// All networks
|
||||
|
||||
// All networks (by client ID or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -9,13 +9,11 @@ require_once '../require_get_method.php';
|
|||
|
||||
if (isset($_GET['product_id']) && $client_id == "%") {
|
||||
// product via ID (single)
|
||||
|
||||
$id = intval($_GET['product_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id'");
|
||||
|
||||
} elseif ($client_id == "%") {
|
||||
// All products
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM products ORDER BY product_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,13 +7,11 @@ require_once '../require_get_method.php';
|
|||
|
||||
if (isset($_GET['quote_id'])) {
|
||||
// quote via ID (single)
|
||||
|
||||
$id = intval($_GET['quote_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id'");
|
||||
|
||||
} else {
|
||||
// All quotes
|
||||
|
||||
// All quotes (by client ID if given, or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -12,30 +12,21 @@ if (isset($_GET['software_id'])) {
|
|||
|
||||
} elseif (isset($_GET['software_key'])) {
|
||||
// Specific software via key
|
||||
|
||||
$key = mysqli_real_escape_string($mysqli, $_GET['software_license']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['software_name'])) {
|
||||
// Software by name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['software_type'])) {
|
||||
// Software via type
|
||||
|
||||
$type = intval($_GET['software_type']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Software via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} else {
|
||||
// All software(s)
|
||||
|
||||
// All software(s) (by client ID if given, or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -8,11 +8,15 @@ require_once '../require_get_method.php';
|
|||
// Specific ticket via ID (single)
|
||||
if (isset($_GET['ticket_id'])) {
|
||||
$id = intval($_GET['ticket_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id'");
|
||||
$sql = mysqli_query(
|
||||
$mysqli,
|
||||
"SELECT * FROM tickets
|
||||
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
|
||||
WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id'"
|
||||
);
|
||||
|
||||
} else {
|
||||
// All tickets
|
||||
|
||||
// All tickets (by client ID if given, or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_get_method.php';
|
||||
|
||||
// Specific vendor via their ID (single)
|
||||
if (isset($_GET['vendor_id'])) {
|
||||
$id = intval($_GET['vendor_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_id = '$id' AND vendor_client_id LIKE '$client_id'");
|
||||
|
||||
} else {
|
||||
// All Vendors (by client ID or all in general if key permits)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id LIKE '$client_id' ORDER BY vendor_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once "../read_output.php";
|
||||
|
||||
Loading…
Reference in New Issue