Added Modify Shopping List

app/apiroutes/shoppinglists.php

@@ -144,23 +144,26 @@ $app->get('/api/shoppinglists/{shoppinglistid}', function (Request $request, Res
         $dbconn = new DB\DBConnection();
         $db = $dbconn->connect();
 
-        $sql = "SELECT * FROM shoppinglists WHERE id = '" . $sl_id . "'";
+        $sql = "SELECT * FROM shoppinglists WHERE id = '$sl_id' AND username='$token->username'";
         $stmt = $db->query($sql);
         $shoppinglists = $stmt->fetchAll(PDO::FETCH_OBJ);
 
-        if ($shoppinglists) {
-            foreach ($shoppinglists as $shoppinglist) {
-                $articles = get_articles($shoppinglist->id);
-
-                foreach ($articles as $article) {
-                    if (!empty($mean_nutriscore)) {
-                        $mean_nutriscore += $article["nutriscore"];
-                    } else {
-                        $mean_nutriscore = $article["nutriscore"];
-                    }
-                    $shoppinglist->mean_nutriscore = $mean_nutriscore/sizeof($articles);
-                }
+        if (sizeof($shoppinglists) != 1) {
+            // response : 404 : Not found
+            $response->getBody()->write('{"error": {"msg": "Could not find requested shopping list"}}');
+            return $response->withHeader('Content-Type', 'application/json')->withStatus(404);
+        }
+        $shoppinglist = $shoppinglists[0];
+
+        $articles = get_articles($shoppinglist->id);
+
+        foreach ($articles as $article) {
+            if (!empty($mean_nutriscore)) {
+                $mean_nutriscore += $article["nutriscore"];
+            } else {
+                $mean_nutriscore = $article["nutriscore"];
             }
+            $shoppinglist->mean_nutriscore = $mean_nutriscore/sizeof($articles);
         }
         $db = null;
         $response->getBody()->write(json_encode($shoppinglist));
@@ -171,3 +174,41 @@ $app->get('/api/shoppinglists/{shoppinglistid}', function (Request $request, Res
         return $response->withHeader('Content-Type', 'application/json')->withStatus(500);
     }
 });
+
+$app->put('/api/shoppinglists/{shoppinglistid}', function (Request $request, Response $response) {
+    $token = get_token_infos($request);
+    $sl_id = $request->getAttribute('shoppinglistid');
+
+    try {
+        $dbconn = new DB\DBConnection();
+        $db = $dbconn->connect();
+
+        $sql = "SELECT * FROM shoppinglists WHERE id = '$sl_id' AND username='$token->username'";
+        $stmt = $db->query($sql);
+        $shoppinglists = $stmt->fetchAll(PDO::FETCH_OBJ);
+
+        if (sizeof($shoppinglists) != 1) {
+            // response : 404 : Not found
+            $response->getBody()->write('{"error": {"msg": "Could not find requested shopping list"}}');
+            return $response->withHeader('Content-Type', 'application/json')->withStatus(404);
+        }
+        $shoppinglist = $shoppinglists[0];
+        
+        $params = $request->getParsedBody();
+
+        // now we get the fields to change
+        if (array_key_exists('title', $params)) {
+            $db->query("UPDATE shoppinglists SET `title`='" . $params['title'] . "' WHERE id='$sl_id'");
+        }
+        if (array_key_exists('purchase_date', $params)) {
+            $db->query("UPDATE shoppinglists SET `purchase_date`='" . $params['purchase_date'] . "' WHERE id='$sl_id'");
+        }
+
+        $db = null;
+        return $response->withHeader('Content-Type', 'application/json')->withStatus(200);
+    } catch (PDOException $e) {
+        // response : 500 : PDO Error (DB)
+        $response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
+        return $response->withHeader('Content-Type', 'application/json')->withStatus(500);
+    }
+});
\ No newline at end of file