adding documents

backend/api/index.php

@@ -64,6 +64,9 @@ try {
         case 'links':
             handleLinks($method, $id, $db);
             break;
+        case 'documents':
+            handleDocuments($method, $id, $db);
+            break;
         case 'shapes':
             handleShapes($method, $id, $db);
             break;
@@ -447,6 +450,115 @@ function handleLinks($method, $id, $db) {
     }
 }
 
+function handleDocuments($method, $id, $db) {
+    $username = $_SESSION['neptune_username'] ?? 'Unknown';
+    switch ($method) {
+        case 'GET':
+            if ($id) {
+                $stmt = $db->prepare("
+                    SELECT d.*, t.name AS team_name, t.color AS team_color
+                    FROM documents d JOIN teams t ON d.team_id = t.id
+                    WHERE d.id = ?
+                ");
+                $stmt->execute([$id]);
+                echo json_encode($stmt->fetch(PDO::FETCH_ASSOC));
+            } else {
+                $teamFilter = $_GET['team_id'] ?? null;
+                $typeFilter = $_GET['doc_type'] ?? null;
+                $sql = "
+                    SELECT d.*, t.name AS team_name, t.color AS team_color
+                    FROM documents d JOIN teams t ON d.team_id = t.id
+                ";
+                $params = [];
+                $conditions = [];
+                if ($teamFilter) {
+                    $conditions[] = "d.team_id = ?";
+                    $params[] = $teamFilter;
+                }
+                if ($typeFilter) {
+                    $conditions[] = "d.doc_type = ?";
+                    $params[] = $typeFilter;
+                }
+                if ($conditions) $sql .= " WHERE " . implode(' AND ', $conditions);
+                $sql .= " ORDER BY d.occurred_at DESC";
+                $stmt = $db->prepare($sql);
+                $stmt->execute($params);
+                echo json_encode($stmt->fetchAll(PDO::FETCH_ASSOC));
+            }
+            break;
+        case 'POST':
+            $data = json_decode(file_get_contents('php://input'), true);
+            $stmt = $db->prepare("
+                INSERT INTO documents (doc_type, team_id, title, content, occurred_at)
+                VALUES (?, ?, ?, ?, ?)
+            ");
+            $stmt->execute([
+                $data['doc_type'],
+                $data['team_id'],
+                $data['title'],
+                $data['content'] ?? '',
+                $data['occurred_at'] ?? date('Y-m-d H:i:s')
+            ]);
+            $docId = $db->lastInsertId();
+            // Also create a timeline event for this document
+            $teamId = $data['team_id'];
+            $docType = $data['doc_type'];
+            $typeLabels = ['deployment' => 'Deployment', 'attack' => 'Attack', 'incident-report' => 'Incident Report', 'remediation' => 'Remediation', 'exercise' => 'Exercise'];
+            $typeLabel = $typeLabels[$docType] ?? ucfirst($docType);
+            $eventTitle = $typeLabel . ': ' . $data['title'];
+            $eventDesc = $username . ' created document "' . $data['title'] . '" (' . $typeLabel . ')';
+            $stmt2 = $db->prepare("
+                INSERT INTO events (team_id, title, description, severity, event_type, occurred_at)
+                VALUES (?, ?, ?, 'info', 'document', ?)
+            ");
+            $stmt2->execute([$teamId, $eventTitle, $eventDesc, $data['occurred_at'] ?? date('Y-m-d H:i:s')]);
+            echo json_encode(['id' => $docId]);
+            break;
+        case 'PUT':
+            if ($id) {
+                $data = json_decode(file_get_contents('php://input'), true);
+                $fields = [];
+                $params = [];
+                foreach (['doc_type','team_id','title','content','occurred_at'] as $f) {
+                    if (isset($data[$f])) {
+                        $fields[] = "$f = ?";
+                        $params[] = $data[$f];
+                    }
+                }
+                if ($fields) {
+                    $params[] = $id;
+                    $stmt = $db->prepare("UPDATE documents SET " . implode(', ', $fields) . " WHERE id = ?");
+                    $stmt->execute($params);
+                    // Create a timeline event for the edit
+                    if (isset($data['title']) || isset($data['doc_type'])) {
+                        $docType = $data['doc_type'] ?? '';
+                        $docTitle = $data['title'] ?? '';
+                        $teamId = $data['team_id'] ?? null;
+                        if ($teamId) {
+                            $typeLabels = ['deployment' => 'Deployment', 'attack' => 'Attack', 'incident-report' => 'Incident Report', 'remediation' => 'Remediation', 'exercise' => 'Exercise'];
+                            $typeLabel = $typeLabels[$docType] ?? ucfirst($docType);
+                            $eventTitle = 'Updated ' . $typeLabel . ': ' . $docTitle;
+                            $eventDesc = $username . ' updated document "' . $docTitle . '" (' . $typeLabel . ')';
+                            $stmt2 = $db->prepare("
+                                INSERT INTO events (team_id, title, description, severity, event_type, occurred_at)
+                                VALUES (?, ?, ?, 'info', 'document', ?)
+                            ");
+                            $stmt2->execute([$teamId, $eventTitle, $eventDesc, date('Y-m-d H:i:s')]);
+                        }
+                    }
+                }
+                echo json_encode(['updated' => true]);
+            }
+            break;
+        case 'DELETE':
+            if ($id) {
+                $db->prepare("DELETE FROM documents WHERE id = ?")->execute([$id]);
+                echo json_encode(['deleted' => true]);
+            }
+            break;
+    }
+}
+
 function handleShapes($method, $id, $db) {
     switch ($method) {
         case 'GET':