removed legacy files
This commit is contained in:
@ -7,7 +7,7 @@
|
||||
* GET ?clients=1 -> list of clients assigned to the authenticated coach
|
||||
* POST -> submit interview answers for a client (coach / supervisor / admin).
|
||||
* Re-posting the same clientCode + questionnaireID updates answers in place (re-edit).
|
||||
* Mobile clients encrypt answers at rest on device; POST body is plaintext JSON over HTTPS.
|
||||
* Sensitive POST/GET ?clients=1 bodies use encrypted payloads (HKDF from Bearer token).
|
||||
*/
|
||||
|
||||
// Public app UI catalog for the login screen (no token, no PII).
|
||||
@ -23,7 +23,7 @@ $tokenRec = require_valid_token();
|
||||
if ($method === 'POST') {
|
||||
require_role(['admin', 'supervisor', 'coach'], $tokenRec);
|
||||
|
||||
$body = read_json_body();
|
||||
$body = read_encrypted_json_body($tokenRec['_token']);
|
||||
require_fields($body, ['questionnaireID', 'clientCode', 'answers']);
|
||||
|
||||
$qnID = trim($body['questionnaireID']);
|
||||
@ -259,7 +259,7 @@ if ($fetchClients) {
|
||||
}, $clientCodes);
|
||||
|
||||
qdb_discard($tmpDb, $lockFp);
|
||||
json_success(['coachID' => $coachID, 'clients' => $clients]);
|
||||
json_success_sensitive(['coachID' => $coachID, 'clients' => $clients], $tokenRec['_token']);
|
||||
}
|
||||
|
||||
if ($qnID) {
|
||||
|
||||
Reference in New Issue
Block a user