Make admin
This commit is contained in:
parent
ae31f57ee0
commit
b1061e67ac
49
exam/api/Users/Permissions/Permissions.php
Normal file
49
exam/api/Users/Permissions/Permissions.php
Normal file
@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
namespace Api\Users\Permissions;
|
||||
|
||||
use Exception;
|
||||
use Khofmann\Api\Api;
|
||||
use Khofmann\Input\Input;
|
||||
use Khofmann\Models\User\User;
|
||||
use Khofmann\Response\Response;
|
||||
use Khofmann\ApiError\ApiError;
|
||||
use Khofmann\Request\Request;
|
||||
|
||||
/**
|
||||
* User permissions route handlers
|
||||
*/
|
||||
class Permissions extends Api
|
||||
{
|
||||
/**
|
||||
* Permissions PATCH handler
|
||||
*
|
||||
* Sets user admin or not.
|
||||
*
|
||||
* Returns updated user.
|
||||
*
|
||||
* @param mixed $id User ID
|
||||
*
|
||||
* @throws 404 User not found
|
||||
* @throws 500 Failed to update user permissions
|
||||
*/
|
||||
public function patch($id): void
|
||||
{
|
||||
// Fetch all inputs.
|
||||
$isAdmin = Input::post("isAdmin");
|
||||
|
||||
// Try and update user image.
|
||||
// Throw errors according to situation.
|
||||
try {
|
||||
Response::json(User::getByID($id)->updatePermissions($isAdmin));
|
||||
} catch (Exception $err) {
|
||||
switch ($err->getMessage()) {
|
||||
case "NotFound":
|
||||
throw ApiError::notFound("user");
|
||||
default:
|
||||
// Due to how the failed field is handled, it's ApiError is inside the models update
|
||||
throw $err;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -640,6 +640,57 @@ paths:
|
||||
}
|
||||
tags:
|
||||
- User
|
||||
/users/{id}/permissions:
|
||||
post:
|
||||
summary: Update user permissions
|
||||
description: Update user permissions with ID.
|
||||
security:
|
||||
- BasicAuth: [isAdmin]
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
description: User ID
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
format: int14
|
||||
requestBody:
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/UserPermissionsUpdateRequest"
|
||||
responses:
|
||||
200:
|
||||
description: Success.
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/UserResponse"
|
||||
404:
|
||||
description: User not found.
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/NotFoundResponse"
|
||||
examples:
|
||||
User not found:
|
||||
value: { "code": "NotFound", "entity": "user" }
|
||||
500:
|
||||
description: Update failed.
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/FailedUpdateResponse"
|
||||
examples:
|
||||
Failed username:
|
||||
value:
|
||||
{
|
||||
"code": "FailedUpdate",
|
||||
"fields": ["isAdmin"],
|
||||
"reasons": ["string"],
|
||||
}
|
||||
tags:
|
||||
- User
|
||||
/users/{id}/posts:
|
||||
get:
|
||||
summary: Get user posts
|
||||
@ -816,6 +867,11 @@ components:
|
||||
type: string
|
||||
email:
|
||||
type: string
|
||||
UserPermissionsUpdateRequest:
|
||||
type: object
|
||||
properties:
|
||||
isAdmin:
|
||||
type: boolean
|
||||
UserImageUpdateRequest:
|
||||
type: object
|
||||
properties:
|
||||
|
||||
File diff suppressed because one or more lines are too long
@ -425,7 +425,7 @@ class User implements JsonSerializable
|
||||
}
|
||||
|
||||
/**
|
||||
* Update post
|
||||
* Update user
|
||||
*
|
||||
* Does nothing if new all fields are empty
|
||||
*
|
||||
@ -515,7 +515,7 @@ class User implements JsonSerializable
|
||||
}
|
||||
|
||||
/**
|
||||
* Update post
|
||||
* Update user
|
||||
*
|
||||
* Does nothing if all fields are empty
|
||||
*
|
||||
@ -600,6 +600,56 @@ class User implements JsonSerializable
|
||||
return User::getByID($this->id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Update user
|
||||
*
|
||||
* Does nothing if new all fields are empty
|
||||
*
|
||||
* @param ?bool $isAdmin Admin permission
|
||||
*
|
||||
* @throws Failed Failed to update admin status
|
||||
*/
|
||||
public function updatePermissions(?bool $isAdmin): User
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
// Make sure we do all changes or none
|
||||
$db->beginTransaction();
|
||||
|
||||
$failed = [];
|
||||
$reasons = [];
|
||||
if (isset($isAdmin)) {
|
||||
$stmt = $db->prepare("UPDATE egb_benutzer SET isadmin = :ADM WHERE id = :ID");
|
||||
$stmt->bindValue(":ADM", $isAdmin);
|
||||
$stmt->bindValue(":ID", $this->id);
|
||||
try {
|
||||
if (!$stmt->execute()) {
|
||||
array_push($failed, "username");
|
||||
array_push($reasons, "generic");
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
array_push($failed, "username");
|
||||
if ($e->getCode() === "23000") {
|
||||
$pdoErr = $stmt->errorInfo()[1];
|
||||
if ($pdoErr === 1062) array_push($reasons, "Duplicate");
|
||||
else array_push($reasons, "SQL: $pdoErr");
|
||||
} else array_push($reasons, "{$e->getCode()}");
|
||||
}
|
||||
}
|
||||
|
||||
if (count($failed) > 0) {
|
||||
// We failed, go back
|
||||
$db->rollBack();
|
||||
|
||||
throw ApiError::failedUpdate($failed, $reasons);
|
||||
}
|
||||
|
||||
// Commit the changes
|
||||
$db->commit();
|
||||
|
||||
return User::getByID($this->id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete user and image
|
||||
*
|
||||
|
||||
@ -78,6 +78,8 @@ SimpleRouter::group(["middleware" => Khofmann\Auth\AdminAuth::class], function (
|
||||
SimpleRouter::patch("/users/{id}", [Api\Users\Users::class, "patch"]);
|
||||
// Update image
|
||||
SimpleRouter::post("/users/{id}/image", [Api\Users\Image\Image::class, "post"]);
|
||||
// Update permissions
|
||||
SimpleRouter::patch("/users/{id}/permissions", [Api\Users\Permissions\Permissions::class, "patch"]);
|
||||
// Delete user
|
||||
SimpleRouter::delete("/users/{id}", [Api\Users\Users::class, "delete"]);
|
||||
// Delete post
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user