Commit 6e102fa0 authored by poslovitch's avatar poslovitch
Browse files

Added Get User (admin only) route

parent 783bc27f
......@@ -240,6 +240,50 @@ $app->post('/api/users', function( Request $request, Response $response){
}
});
/**
* Get User : admin only (see documentation)
*/
$app->get('/api/users/{username}', function( Request $request, Response $response){
$username = $request->getAttribute('username');
$token = get_token_infos($request);
if (!$token->admin) {
// response : 403 : not Found
$response->getBody()->write('{"error": {"msg": "Access denied."}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(403);
}
$dbconn = new DB\DBConnection();
// Check user exists in database
try {
$db = $dbconn->connect();
// query
$sql = "SELECT * FROM users WHERE (username='" . $username . "')";
$stmt = $db->query( $sql );
$users = $stmt->fetchAll( PDO::FETCH_OBJ );
$db = null; // clear db object
// Check if the user does not exist
if (sizeof($users) != 1) {
// response : 404 : not Found
$response->getBody()->write('{"error": {"msg": "Could not find user."}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(404);
}
$user = $users[0];
}
catch( PDOException $e ) {
echo $e;
// response : 500 : PDO Error (DB)
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(500);
}
$response->getBody()->write(json_encode($user));
return $response->withHeader('Content-Type', 'application/json')->withStatus(200);
});
/**
* Function which parse token, decode user infos from this token and Throws
* UnauthenticatedException if Authentication Issue.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment