88 lines
2.6 KiB
PHP
Executable File
88 lines
2.6 KiB
PHP
Executable File
<?php
|
|
/**
|
|
* API para crear un nuevo usuario
|
|
*/
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
require_once __DIR__ . '/../../../shared/utils/helpers.php';
|
|
require_once __DIR__ . '/../../../shared/auth/jwt.php';
|
|
require_once __DIR__ . '/../../../shared/database/connection.php';
|
|
|
|
// Verificar autenticación
|
|
$userData = JWTAuth::requireAuth();
|
|
|
|
// Verificar que sea Admin
|
|
if ($userData->rol !== 'Admin') {
|
|
http_response_code(403);
|
|
echo json_encode(['success' => false, 'error' => 'Acceso denegado. Se requieren permisos de Administrador.']);
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
http_response_code(405);
|
|
echo json_encode(['success' => false, 'error' => 'Método no permitido']);
|
|
exit;
|
|
}
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (empty($data['username']) || empty($data['password']) || empty($data['rol_id'])) {
|
|
http_response_code(400);
|
|
echo json_encode(['success' => false, 'error' => 'Faltan datos obligatorios']);
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$db = getDB();
|
|
|
|
// Verificar si el usuario ya existe
|
|
$stmt = $db->prepare("SELECT id FROM usuarios WHERE username = ?");
|
|
$stmt->execute([$data['username']]);
|
|
if ($stmt->fetch()) {
|
|
http_response_code(400);
|
|
echo json_encode(['success' => false, 'error' => 'El nombre de usuario ya existe']);
|
|
exit;
|
|
}
|
|
|
|
$db->beginTransaction();
|
|
|
|
// Crear usuario
|
|
$stmt = $db->prepare("
|
|
INSERT INTO usuarios (username, password, email, rol_id, fecha_creacion)
|
|
VALUES (?, ?, ?, ?, NOW())
|
|
");
|
|
|
|
// Hash password (MD5 como se usa actualmente en el sistema, aunque se recomienda bcrypt/argon2)
|
|
// Nota: El sistema actual usa MD5 según login.php: if (md5($password) === $user['password'])
|
|
$passwordHash = md5($data['password']);
|
|
|
|
$stmt->execute([
|
|
$data['username'],
|
|
$passwordHash,
|
|
$data['email'] ?? null,
|
|
$data['rol_id']
|
|
]);
|
|
|
|
$userId = $db->lastInsertId();
|
|
|
|
// Asignar permisos si se enviaron
|
|
if (!empty($data['permisos']) && is_array($data['permisos'])) {
|
|
$stmtPerm = $db->prepare("INSERT INTO usuarios_permisos (usuario_id, permiso_id) VALUES (?, ?)");
|
|
foreach ($data['permisos'] as $permisoId) {
|
|
$stmtPerm->execute([$userId, $permisoId]);
|
|
}
|
|
}
|
|
|
|
$db->commit();
|
|
|
|
echo json_encode(['success' => true, 'message' => 'Usuario creado correctamente']);
|
|
|
|
} catch (Exception $e) {
|
|
if ($db->inTransaction()) {
|
|
$db->rollBack();
|
|
}
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'error' => 'Error al crear usuario: ' . $e->getMessage()]);
|
|
}
|