Fix update possible on chunks

The class specific available methods where ignored (shared.inc.php), causing the
 UPDATE call to be available. The updateObject function was also not guarded,
 allowing this error to execute the updateObject.

 - Guard all updateObject functions when required
 - Ensure taskwrappers announces the available actions.

src/inc/apiv2/agentstats.routes.php

@@ -45,6 +45,10 @@ protected function createObject($QUERY): int {
       return -1;
     }
 
+    public function updateObject(object $object, array $data, array $mappedFeatures, array $processed = []): void {
+      assert(False, "AgentStats cannot be updated via API");
+    }
+
     protected function deleteObject(object $object): void {
       Factory::getAgentStatFactory()->delete($object);
     }

src/inc/apiv2/chunks.routes.php

@@ -48,6 +48,10 @@ protected function createObject($QUERY): int {
       return -1;
     }
 
+    public function updateObject(object $object, array $data, array $mappedFeatures, array $processed = []): void {
+      assert(False, "Chunks cannot be updated via API");
+    }
+
     protected function deleteObject(object $object): void {
       /* Dummy code to implement abstract functions */
       assert(False, "Chunks cannot be deleted via API");

src/inc/apiv2/configsections.routes.php

@@ -46,12 +46,18 @@ public function getFormFields(): array {
 
     protected function createObject($QUERY): int {
        /* Dummy code to implement abstract functions */
-       assert(False, "Configs cannot be created via API");
+       assert(False, "ConfigSections cannot be created via API");
        return -1;
     }
 
+    public function updateObject(object $object, array $data, array $mappedFeatures, array $processed = []): void {
+      assert(False, "ConfigSections cannot be updated via API");
+    }
+
     protected function deleteObject(object $object): void {
       /* Dummy code to implement abstract functions */
-      assert(False, "Configs cannot be deleted via API");
+      assert(False, "ConfigSections cannot be deleted via API");
     }
-}
+}
+
+ConfigSectionAPI::register($app);

src/inc/apiv2/hashes.routes.php

@@ -44,14 +44,17 @@ public function getFormFields(): array {
 
     protected function createObject($QUERY): int {
       /* Dummy code to implement abstract functions */
-      assert(False, "Chunks cannot be created via API");
+      assert(False, "Hashes cannot be created via API");
       return -1;
     }
 
+    public function updateObject(object $object, array $data, array $mappedFeatures, array $processed = []): void {
+       assert(False, "Hashes cannot be updated via API");
+    }
 
     protected function deleteObject(object $object): void {
       /* Dummy code to implement abstract functions */
-      assert(False, "Chunks cannot be deleted via API");
+      assert(False, "Hashes cannot be deleted via API");
     }
 }
 

src/inc/apiv2/healthcheckagents.routes.php

@@ -49,6 +49,10 @@ protected function createObject($QUERY): int {
        return -1;
     }
 
+    public function updateObject(object $object, array $data, array $mappedFeatures, array $processed = []): void {
+      assert(False, "HealthCheckAgents cannot be updated via API");
+   }
+
     protected function deleteObject(object $object): void {
       /* Dummy code to implement abstract functions */
       assert(False, "HealthCheckAgents cannot be deleted via API");

src/inc/apiv2/shared.inc.php

@@ -235,7 +235,7 @@ final protected function getUser()
                                                    // src/inc/defines/agents.php
                                                    AgentBinary::PERM_CREATE, AgentBinary::PERM_READ, AgentBinary::PERM_UPDATE, AgentBinary::PERM_DELETE),
 
-    DAccessControl::SERVER_CONFIG_ACCESS => array(Config::PERM_CREATE, Config::PERM_READ, Config::PERM_UPDATE, Config::PERM_DELETE, 
+    DAccessControl::SERVER_CONFIG_ACCESS => array(Config::PERM_CREATE, Config::PERM_READ, Config::PERM_UPDATE, Config::PERM_DELETE,
                                                   ConfigSection::PERM_CREATE, ConfigSection::PERM_READ, ConfigSection::PERM_UPDATE, ConfigSection::PERM_DELETE,
                                                   // src/inc/defines/preprocessor.php
                                                   Preprocessor::PERM_CREATE, Preprocessor::PERM_READ, Preprocessor::PERM_UPDATE, Preprocessor::PERM_DELETE,
@@ -1156,7 +1156,7 @@ static public function register($app): void
       return $response;
     });
 
-    $available_methods = self::getAvailableMethods();
+    $available_methods = $me::getAvailableMethods();
 
     if (in_array("GET", $available_methods)) {
       $app->get($baseUri, $me . ':get')->setname($me . ':get');

src/inc/apiv2/speeds.routes.php

@@ -53,6 +53,10 @@ protected function createObject($QUERY): int {
       return -1;
    }
 
+   public function updateObject(object $object, array $data, array $mappedFeatures, array $processed = []): void {
+    assert(False, "Speeds cannot be updated via API");
+   }
+
    protected function deleteObject(object $object): void {
      assert(False, "Speeds cannot be deleted via API");
    }

src/inc/apiv2/taskwrappers.routes.php

@@ -21,6 +21,10 @@ public static function getBaseUri(): string {
       return "/api/v2/ui/taskwrappers";
     }
 
+    public static function getAvailableMethods(): array {
+      return ['GET'];
+    }
+
     public static function getDBAclass(): string {
       return TaskWrapper::class;
     }    
@@ -52,6 +56,10 @@ protected function createObject($QUERY): int {
       return -1;
     }
 
+    public function updateObject(object $object, array $data, array $mappedFeatures, array $processed = []): void {
+      assert(False, "TaskWrappers cannot be updated via API");
+    }
+
     protected function deleteObject(object $object): void {
       assert(False, "TaskWrappers cannot be deleted via API");
     }