Make admin

exam/api/Users/Permissions/Permissions.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace Api\Users\Permissions;
+
+use Exception;
+use Khofmann\Api\Api;
+use Khofmann\Input\Input;
+use Khofmann\Models\User\User;
+use Khofmann\Response\Response;
+use Khofmann\ApiError\ApiError;
+use Khofmann\Request\Request;
+
+/**
+ * User permissions route handlers
+ */
+class Permissions extends Api
+{
+  /**
+   * Permissions PATCH handler
+   *
+   * Sets user admin or not.
+   *
+   * Returns updated user.
+   *
+   * @param mixed $id User ID
+   *
+   * @throws 404 User not found
+   * @throws 500 Failed to update user permissions
+   */
+  public function patch($id): void
+  {
+    // Fetch all inputs.
+    $isAdmin = Input::post("isAdmin");
+
+    // Try and update user image.
+    // Throw errors according to situation.
+    try {
+      Response::json(User::getByID($id)->updatePermissions($isAdmin));
+    } catch (Exception $err) {
+      switch ($err->getMessage()) {
+        case "NotFound":
+          throw ApiError::notFound("user");
+        default:
+          // Due to how the failed field is handled, it's ApiError is inside the models update
+          throw $err;
+      }
+    }
+  }
+}

exam/api/docs/api.yaml

@@ -640,6 +640,57 @@ paths:
                     }
       tags:
         - User
+  /users/{id}/permissions:
+    post:
+      summary: Update user permissions
+      description: Update user permissions with ID.
+      security:
+        - BasicAuth: [isAdmin]
+      parameters:
+        - name: id
+          in: path
+          description: User ID
+          required: true
+          schema:
+            type: integer
+            format: int14
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/UserPermissionsUpdateRequest"
+      responses:
+        200:
+          description: Success.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/UserResponse"
+        404:
+          description: User not found.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/NotFoundResponse"
+              examples:
+                User not found:
+                  value: { "code": "NotFound", "entity": "user" }
+        500:
+          description: Update failed.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/FailedUpdateResponse"
+              examples:
+                Failed username:
+                  value:
+                    {
+                      "code": "FailedUpdate",
+                      "fields": ["isAdmin"],
+                      "reasons": ["string"],
+                    }
+      tags:
+        - User
   /users/{id}/posts:
     get:
       summary: Get user posts
@@ -816,6 +867,11 @@ components:
           type: string
         email:
           type: string
+    UserPermissionsUpdateRequest:
+      type: object
+      properties:
+        isAdmin:
+          type: boolean
     UserImageUpdateRequest:
       type: object
       properties:

exam/classes/Models/User/User.php

@@ -425,7 +425,7 @@ class User implements JsonSerializable
   }
 
   /**
-   * Update post
+   * Update user
    *
    * Does nothing if new all fields are empty
    *
@@ -515,7 +515,7 @@ class User implements JsonSerializable
   }
 
   /**
-   * Update post
+   * Update user
    *
    * Does nothing if all fields are empty
    *
@@ -600,6 +600,56 @@ class User implements JsonSerializable
     return User::getByID($this->id);
   }
 
+  /**
+   * Update user
+   *
+   * Does nothing if new all fields are empty
+   *
+   * @param ?bool $isAdmin Admin permission
+   *
+   * @throws Failed Failed to update admin status
+   */
+  public function updatePermissions(?bool $isAdmin): User
+  {
+    $db = Database::getInstance();
+
+    // Make sure we do all changes or none
+    $db->beginTransaction();
+
+    $failed = [];
+    $reasons = [];
+    if (isset($isAdmin)) {
+      $stmt = $db->prepare("UPDATE egb_benutzer SET isadmin = :ADM WHERE id = :ID");
+      $stmt->bindValue(":ADM", $isAdmin);
+      $stmt->bindValue(":ID", $this->id);
+      try {
+        if (!$stmt->execute()) {
+          array_push($failed, "username");
+          array_push($reasons, "generic");
+        }
+      } catch (Exception $e) {
+        array_push($failed, "username");
+        if ($e->getCode() === "23000") {
+          $pdoErr = $stmt->errorInfo()[1];
+          if ($pdoErr === 1062) array_push($reasons, "Duplicate");
+          else array_push($reasons, "SQL: $pdoErr");
+        } else array_push($reasons, "{$e->getCode()}");
+      }
+    }
+
+    if (count($failed) > 0) {
+      // We failed, go back
+      $db->rollBack();
+
+      throw ApiError::failedUpdate($failed, $reasons);
+    }
+
+    // Commit the changes
+    $db->commit();
+
+    return User::getByID($this->id);
+  }
+
   /**
    * Delete user and image
    *

exam/routes/routes.php

@@ -78,6 +78,8 @@ SimpleRouter::group(["middleware" => Khofmann\Auth\AdminAuth::class], function (
   SimpleRouter::patch("/users/{id}", [Api\Users\Users::class, "patch"]);
   // Update image
   SimpleRouter::post("/users/{id}/image", [Api\Users\Image\Image::class, "post"]);
+  // Update permissions
+  SimpleRouter::patch("/users/{id}/permissions", [Api\Users\Permissions\Permissions::class, "patch"]);
   // Delete user
   SimpleRouter::delete("/users/{id}", [Api\Users\Users::class, "delete"]);
   // Delete post