 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/lavocat.quebec/private_html/php-migration/api/ |
<?php
/**
* Cases API Endpoint
* Migrated from Next.js API routes
*/
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
// Handle preflight OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
require_once '../config/config.php';
require_once '../auth/Auth.php';
require_once '../models/LegalCase.php';
require_once '../config/database.php';
$auth = new Auth();
$database = new Database();
$db = $database->getConnection();
$caseModel = new LegalCase($db);
$method = $_SERVER['REQUEST_METHOD'];
$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$pathParts = explode('/', trim($path, '/'));
// Get case ID from URL if present
$caseId = isset($pathParts[2]) ? $pathParts[2] : null;
try {
switch ($method) {
case 'GET':
if ($caseId) {
// Get specific case
if (!$auth->isLoggedIn()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
if ($caseModel->findById($caseId)) {
$currentUser = $auth->getCurrentUser();
// Check if user has access to this case
if ($caseModel->clientId !== $currentUser['id'] &&
$caseModel->lawyerId !== $currentUser['id'] &&
!$auth->isAdmin()) {
http_response_code(403);
echo json_encode(['error' => 'Forbidden']);
exit;
}
echo json_encode([
'success' => true,
'case' => $caseModel
]);
} else {
http_response_code(404);
echo json_encode(['error' => 'Case not found']);
}
} else {
// Get cases with filters
if (!$auth->isLoggedIn()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
$currentUser = $auth->getCurrentUser();
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
$limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 10;
$filters = [];
// Apply user-specific filters
if ($currentUser['role'] === 'LAWYER' || $currentUser['role'] === 'ADMIN' || $currentUser['role'] === 'SUPER_ADMIN') {
$filters['lawyerId'] = $currentUser['id'];
} else {
$filters['clientId'] = $currentUser['id'];
}
// Apply additional filters
if (isset($_GET['status'])) {
$filters['status'] = $_GET['status'];
}
if (isset($_GET['isPublic'])) {
$filters['isPublic'] = (bool)$_GET['isPublic'];
}
if (isset($_GET['isArchived'])) {
$filters['isArchived'] = (bool)$_GET['isArchived'];
}
if (isset($_GET['search'])) {
$filters['search'] = $_GET['search'];
}
// Get public cases if requested
if (isset($_GET['public']) && $_GET['public'] === 'true') {
unset($filters['lawyerId']);
unset($filters['clientId']);
$filters['isPublic'] = true;
$filters['isArchived'] = false;
}
$cases = $caseModel->getPublicCases($page, $limit, $filters);
$total = $caseModel->count($filters);
echo json_encode([
'success' => true,
'cases' => $cases,
'pagination' => [
'page' => $page,
'limit' => $limit,
'total' => $total,
'pages' => ceil($total / $limit)
]
]);
}
break;
case 'POST':
// Create new case
if (!$auth->isLoggedIn()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
$input = json_decode(file_get_contents('php://input'), true);
if (!$input) {
$input = $_POST;
}
$currentUser = $auth->getCurrentUser();
// Set required fields
$caseModel->title = $input['title'] ?? '';
$caseModel->description = $input['description'] ?? '';
$caseModel->status = $input['status'] ?? 'OPEN';
$caseModel->priority = $input['priority'] ?? 'MEDIUM';
$caseModel->category = $input['category'] ?? '';
$caseModel->clientId = $input['clientId'] ?? $currentUser['id'];
$caseModel->lawyerId = $input['lawyerId'] ?? null;
$caseModel->lawFirmId = $input['lawFirmId'] ?? null;
$caseModel->dueDate = $input['dueDate'] ?? null;
$caseModel->estimatedHours = $input['estimatedHours'] ?? null;
$caseModel->hourlyRate = $input['hourlyRate'] ?? null;
$caseModel->caseNumber = $input['caseNumber'] ?? null;
$caseModel->court = $input['court'] ?? null;
$caseModel->judge = $input['judge'] ?? null;
$caseModel->opposingParty = $input['opposingParty'] ?? null;
$caseModel->opposingLawyer = $input['opposingLawyer'] ?? null;
$caseModel->caseType = $input['caseType'] ?? null;
$caseModel->jurisdiction = $input['jurisdiction'] ?? null;
$caseModel->filingDate = $input['filingDate'] ?? null;
$caseModel->hearingDate = $input['hearingDate'] ?? null;
$caseModel->settlementAmount = $input['settlementAmount'] ?? null;
$caseModel->outcome = $input['outcome'] ?? null;
$caseModel->notes = $input['notes'] ?? null;
$caseModel->documents = $input['documents'] ?? [];
$caseModel->tags = $input['tags'] ?? [];
$caseModel->isPublic = $input['isPublic'] ?? false;
$caseModel->isArchived = false;
// Validation
if (empty($caseModel->title)) {
http_response_code(400);
echo json_encode(['error' => 'Title is required']);
exit;
}
if ($caseModel->create()) {
http_response_code(201);
echo json_encode([
'success' => true,
'message' => 'Case created successfully',
'case' => $caseModel
]);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to create case']);
}
break;
case 'PUT':
// Update case
if (!$auth->isLoggedIn()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
if (!$caseId) {
http_response_code(400);
echo json_encode(['error' => 'Case ID is required']);
exit;
}
if ($caseModel->findById($caseId)) {
$currentUser = $auth->getCurrentUser();
// Check if user has access to this case
if ($caseModel->clientId !== $currentUser['id'] &&
$caseModel->lawyerId !== $currentUser['id'] &&
!$auth->isAdmin()) {
http_response_code(403);
echo json_encode(['error' => 'Forbidden']);
exit;
}
$input = json_decode(file_get_contents('php://input'), true);
if (!$input) {
$input = $_POST;
}
// Update allowed fields
$allowedFields = [
'title', 'description', 'status', 'priority', 'category',
'lawyerId', 'lawFirmId', 'dueDate', 'estimatedHours', 'actualHours',
'hourlyRate', 'totalCost', 'caseNumber', 'court', 'judge',
'opposingParty', 'opposingLawyer', 'caseType', 'jurisdiction',
'filingDate', 'hearingDate', 'settlementAmount', 'outcome',
'notes', 'documents', 'tags', 'isPublic', 'isArchived'
];
foreach ($allowedFields as $field) {
if (isset($input[$field])) {
$caseModel->$field = $input[$field];
}
}
if ($caseModel->update()) {
echo json_encode([
'success' => true,
'message' => 'Case updated successfully'
]);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to update case']);
}
} else {
http_response_code(404);
echo json_encode(['error' => 'Case not found']);
}
break;
case 'DELETE':
// Delete case
if (!$auth->isLoggedIn()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
if (!$caseId) {
http_response_code(400);
echo json_encode(['error' => 'Case ID is required']);
exit;
}
if ($caseModel->findById($caseId)) {
$currentUser = $auth->getCurrentUser();
// Check if user has access to this case
if ($caseModel->clientId !== $currentUser['id'] &&
$caseModel->lawyerId !== $currentUser['id'] &&
!$auth->isAdmin()) {
http_response_code(403);
echo json_encode(['error' => 'Forbidden']);
exit;
}
if ($caseModel->delete()) {
echo json_encode([
'success' => true,
'message' => 'Case deleted successfully'
]);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to delete case']);
}
} else {
http_response_code(404);
echo json_encode(['error' => 'Case not found']);
}
break;
default:
http_response_code(405);
echo json_encode(['error' => 'Method not allowed']);
break;
}
} catch (Exception $e) {
http_response_code(500);
echo json_encode([
'error' => 'Internal server error',
'message' => $e->getMessage()
]);
}
?>