revoked access to website for coaches, added web-specific tokens

This commit is contained in:
2026-05-26 15:49:19 +02:00
parent 7671c9f329
commit 2181d1731e
36 changed files with 129 additions and 41 deletions

View File

@ -4,7 +4,7 @@ require_once __DIR__ . '/../db_init.php';
header('Content-Type: application/json; charset=UTF-8');
$tokenRec = require_valid_token();
$tokenRec = require_valid_token_web();
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {

View File

@ -4,8 +4,7 @@ require_once __DIR__ . '/../db_init.php';
header('Content-Type: application/json; charset=UTF-8');
$tokenRec = require_valid_token();
require_role(['admin', 'supervisor'], $tokenRec);
$tokenRec = require_valid_token_web();
$callerRole = $tokenRec['role'];
$callerEntityID = $tokenRec['entityID'] ?? '';

View File

@ -2,7 +2,7 @@
require_once __DIR__ . '/../common.php';
require_once __DIR__ . '/../db_init.php';
$tokenRec = require_valid_token();
$tokenRec = require_valid_token_web();
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
header('Content-Type: application/json; charset=UTF-8');

View File

@ -11,7 +11,7 @@ require_once __DIR__ . '/../lib/validate.php';
// CORS
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-QDB-Client');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(204);

View File

@ -4,7 +4,7 @@ require_once __DIR__ . '/../db_init.php';
header('Content-Type: application/json; charset=UTF-8');
$tokenRec = require_valid_token();
$tokenRec = require_valid_token_web();
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {

View File

@ -4,7 +4,7 @@ require_once __DIR__ . '/../db_init.php';
header('Content-Type: application/json; charset=UTF-8');
$tokenRec = require_valid_token();
$tokenRec = require_valid_token_web();
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {

View File

@ -4,7 +4,7 @@ require_once __DIR__ . '/../db_init.php';
header('Content-Type: application/json; charset=UTF-8');
$tokenRec = require_valid_token();
$tokenRec = require_valid_token_web();
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
http_response_code(405);

View File

@ -4,7 +4,7 @@ require_once __DIR__ . '/../db_init.php';
header('Content-Type: application/json; charset=UTF-8');
$tokenRec = require_valid_token();
$tokenRec = require_valid_token_web();
$method = $_SERVER['REQUEST_METHOD'];
$validTypes = ['question', 'answer_option', 'string', 'language'];

View File

@ -4,8 +4,7 @@ require_once __DIR__ . '/../db_init.php';
header('Content-Type: application/json; charset=UTF-8');
$tokenRec = require_valid_token();
require_role(['admin', 'supervisor'], $tokenRec);
$tokenRec = require_valid_token_web();
$callerRole = $tokenRec['role'];
$callerEntityID = $tokenRec['entityID'] ?? '';