 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/.cursor-server/data/User/History/-4a6e4ce0/ |
<?php
/**
* Documents API Endpoint
* Handles document management operations
*/
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
// Handle preflight OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
require_once '../config/config.php';
require_once '../auth/Auth.php';
require_once '../models/Document.php';
require_once '../config/database.php';
$auth = new Auth();
$database = new Database();
$db = $database->getConnection();
$documentModel = new Document($db);
$method = $_SERVER['REQUEST_METHOD'];
$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$pathParts = explode('/', trim($path, '/'));
// Get document ID from URL if present
$documentId = isset($pathParts[2]) ? $pathParts[2] : null;
try {
switch ($method) {
case 'GET':
if ($documentId) {
// Get specific document
if (!$auth->isLoggedIn()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
if ($documentModel->findById($documentId)) {
$currentUser = $auth->getCurrentUser();
// Check if user has access to this document
if ($documentModel->userId !== $currentUser['id'] && !$auth->isAdmin()) {
http_response_code(403);
echo json_encode(['error' => 'Forbidden']);
exit;
}
echo json_encode([
'success' => true,
'document' => $documentModel
]);
} else {
http_response_code(404);
echo json_encode(['error' => 'Document not found']);
}
} else {
// Get documents with filters
if (!$auth->isLoggedIn()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
$currentUser = $auth->getCurrentUser();
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
$limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 20;
$filters = [];
// Apply user-specific filters
$filters['userId'] = $currentUser['id'];
// Apply additional filters
if (isset($_GET['caseId'])) {
$filters['caseId'] = $_GET['caseId'];
}
if (isset($_GET['category'])) {
$filters['category'] = $_GET['category'];
}
if (isset($_GET['isPublic'])) {
$filters['isPublic'] = (bool)$_GET['isPublic'];
}
if (isset($_GET['status'])) {
$filters['status'] = $_GET['status'];
}
if (isset($_GET['search'])) {
$filters['search'] = $_GET['search'];
}
// Get public documents if requested
if (isset($_GET['public']) && $_GET['public'] === 'true') {
unset($filters['userId']);
$filters['isPublic'] = true;
$filters['status'] = 'ACTIVE';
}
$documents = $documentModel->getByUserId($currentUser['id'], $page, $limit);
$total = $documentModel->count($filters);
echo json_encode([
'success' => true,
'documents' => $documents,
'pagination' => [
'page' => $page,
'limit' => $limit,
'total' => $total,
'pages' => ceil($total / $limit)
]
]);
}
break;
case 'POST':
// Create new document
if (!$auth->isLoggedIn()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
$input = json_decode(file_get_contents('php://input'), true);
if (!$input) {
$input = $_POST;
}
$currentUser = $auth->getCurrentUser();
// Set required fields
$documentModel->title = $input['title'] ?? '';
$documentModel->description = $input['description'] ?? '';
$documentModel->fileUrl = $input['fileUrl'] ?? '';
$documentModel->fileName = $input['fileName'] ?? '';
$documentModel->fileSize = $input['fileSize'] ?? 0;
$documentModel->fileType = $input['fileType'] ?? '';
$documentModel->userId = $currentUser['id'];
$documentModel->caseId = $input['caseId'] ?? null;
$documentModel->isPublic = $input['isPublic'] ?? false;
$documentModel->version = 1;
$documentModel->tags = $input['tags'] ?? [];
$documentModel->category = $input['category'] ?? 'OTHER';
$documentModel->status = $input['status'] ?? 'ACTIVE';
// Validation
if (empty($documentModel->title) || empty($documentModel->fileUrl)) {
http_response_code(400);
echo json_encode(['error' => 'Title and file URL are required']);
exit;
}
if ($documentModel->create()) {
http_response_code(201);
echo json_encode([
'success' => true,
'message' => 'Document created successfully',
'document' => $documentModel
]);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to create document']);
}
break;
case 'PUT':
// Update document
if (!$auth->isLoggedIn()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
if (!$documentId) {
http_response_code(400);
echo json_encode(['error' => 'Document ID is required']);
exit;
}
if ($documentModel->findById($documentId)) {
$currentUser = $auth->getCurrentUser();
// Check if user has access to this document
if ($documentModel->userId !== $currentUser['id'] && !$auth->isAdmin()) {
http_response_code(403);
echo json_encode(['error' => 'Forbidden']);
exit;
}
$input = json_decode(file_get_contents('php://input'), true);
if (!$input) {
$input = $_POST;
}
// Update allowed fields
$allowedFields = [
'title', 'description', 'isPublic', 'tags', 'category', 'status'
];
foreach ($allowedFields as $field) {
if (isset($input[$field])) {
$documentModel->$field = $input[$field];
}
}
if ($documentModel->update()) {
echo json_encode([
'success' => true,
'message' => 'Document updated successfully'
]);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to update document']);
}
} else {
http_response_code(404);
echo json_encode(['error' => 'Document not found']);
}
break;
case 'DELETE':
// Delete document
if (!$auth->isLoggedIn()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
if (!$documentId) {
http_response_code(400);
echo json_encode(['error' => 'Document ID is required']);
exit;
}
if ($documentModel->findById($documentId)) {
$currentUser = $auth->getCurrentUser();
// Check if user has access to this document
if ($documentModel->userId !== $currentUser['id'] && !$auth->isAdmin()) {
http_response_code(403);
echo json_encode(['error' => 'Forbidden']);
exit;
}
if ($documentModel->delete()) {
echo json_encode([
'success' => true,
'message' => 'Document deleted successfully'
]);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to delete document']);
}
} else {
http_response_code(404);
echo json_encode(['error' => 'Document not found']);
}
break;
default:
http_response_code(405);
echo json_encode(['error' => 'Method not allowed']);
break;
}
} catch (Exception $e) {
http_response_code(500);
echo json_encode([
'error' => 'Internal server error',
'message' => $e->getMessage()
]);
}
?>