From 84ab9db2a0ecf2f3edc5a9a37780e47ddc89e14b Mon Sep 17 00:00:00 2001
From: Patrick Alvin Alcala <patrick_alv@yahoo.com>
Date: Tue, 7 Oct 2025 11:47:09 +0800
Subject: [PATCH] Added check access

---
 backend/main.go | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/backend/main.go b/backend/main.go
index a8b103d..645f722 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -698,6 +698,33 @@ func connect() {
 
 	})
 
+	router.GET("/api/:method/:data/:data2", func(c *gin.Context) {
+		var result string
+		method := c.Param("method")
+		data := c.Param("data")
+		data2 := c.Param("data2")
+
+		c.Writer.Header().Set("X-XSS-Protection", "1; mode=block")
+		c.Writer.Header().Set("X-Content-Type-Options", "nosniff")
+		c.Writer.Header().Set("X-DNS-Prefetch-Control", "off")
+		c.Writer.Header().Set("X-Frame-Options", "DENY")
+		c.Writer.Header().Set("X-Download-Options", "noopen")
+		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+
+		switch method {
+		case "check-access":
+			err = db.QueryRow("SELECT COUNT(accessid) AS result FROM access a JOIN ref_access ra ON a.ref_accessid = ra.ref_accessid AND ra.access = ? and employeeid = ?", data, data2).Scan(&result)
+			if err != nil {
+				c.AbortWithError(http.StatusBadRequest, err)
+				c.String(http.StatusBadRequest, err.Error())
+				return
+			}
+			c.JSON(http.StatusOK, gin.H{
+				"result": result,
+			})
+		}
+	})
+
 	router.POST("/api/post-newstatus-electrical", func(c *gin.Context) {
 		type RegistrationData struct {
 			Data  int    `json:"data"`