Commit baaf7a46 authored by CUNY Florian's avatar CUNY Florian
Browse files

Added PUT /api/users/me (Modify Me (Connected User))

Still needs some slight tweaks
parent e3a817a4
......@@ -8,7 +8,7 @@ use Psr\Http\Message\ResponseInterface as Response;
/**
* Get Me (Connected User) (see documentation)
*/
$app->get('/api/users/me', function( Request $request, Response $response){
$app->get('/api/users/me', function( Request $request, Response $response) {
$token = get_token_infos($request);
try {
......@@ -16,7 +16,7 @@ $app->get('/api/users/me', function( Request $request, Response $response){
$db = $dbconn->connect();
// query
$sql = "SELECT * FROM users WHERE (username='" . $token->username . "' AND first_name='" . $token->first_name . "')";
$sql = "SELECT * FROM users WHERE (username='" . $token->username . "')";
$stmt = $db->query( $sql );
$user = $stmt->fetchAll( PDO::FETCH_OBJ )[0];
$db = null; // clear db object
......@@ -32,6 +32,87 @@ $app->get('/api/users/me', function( Request $request, Response $response){
return $response->withHeader('Content-Type', 'application/json')->withStatus(200);
});
/**
* Modify Me (Connected User) - (see documentation)
*/
$app->put('/api/users/me', function( Request $request, Response $response) {
$token = get_token_infos($request);
$dbconn = new DB\DBConnection();
// Check user exists in database
try {
$db = $dbconn->connect();
// query
$sql = "SELECT * FROM users WHERE (username='" . $token->username . "')";
$stmt = $db->query( $sql );
$users = $stmt->fetchAll( PDO::FETCH_OBJ );
$db = null; // clear db object
// Check if the user does not exist
if (sizeof($users) != 1) {
// response : 404 : not Found
$response->getBody()->write('{"error": {"msg": "Could not find user."}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(404);
}
$user = $users[0];
}
catch( PDOException $e ) {
echo $e;
// response : 500 : PDO Error (DB)
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(500);
}
// The user exists
// Prevent the user from modyfing their id or username
if (array_key_exists("id", $request->getParsedBody()) || array_key_exists("username", $request->getParsedBody())) {
// response : 400 : Bad Request
$response->getBody()->write('{"error": {"msg": "Cannot modify ID or Username"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
}
// Prevent having an empty array
if (sizeof($request->getParsedBody()) == 0) {
// response : 400 : Bad Request
$response->getBody()->write('{"error": {"msg": "No changes were requested"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
}
// On forge la requête sql
$sql = "UPDATE users SET";
if (array_key_exists("first_name", $request->getParsedBody())) {
$sql = $sql . " first_name='" . $request->getParsedBody()["first_name"] . "',"; //FIXME: les virgules ou les espaces?
}
if (array_key_exists("last_name", $request->getParsedBody())) {
$sql = $sql . " last_name='" . $request->getParsedBody()["last_name"] . "'";
}
if (array_key_exists("password", $request->getParsedBody())) {
$sql = $sql . " password='" . $request->getParsedBody()["password"] . "'";
}
$sql = $sql . " WHERE (id='" . $user->id . "')";
// Apply the change
try {
echo $sql; //FIXME: get rid of this when the concatenation for the sql query is fixeds
$db = $dbconn->connect();
$stmt = $db->query( $sql );
$db = null; // clear db object
}
catch( PDOException $e ) {
echo $e;
// response : 500 : PDO Error (DB)
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(500);
}
// response : 200 : OK
return $response->withHeader('Content-Type', 'application/json')->withStatus(200);
});
/**
* Get All Users : admin only (see documentation)
*/
......@@ -104,4 +185,4 @@ function get_token_infos(Request $request){
else{
throw new Auth\UnauthenticatedException("Unable to find Authorization Header");
}
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment