Commit d1b41f2a authored by poslovitch's avatar poslovitch
Browse files

Add User

parent b8ceaea1
......@@ -167,6 +167,79 @@ $app->get('/api/users', function( Request $request, Response $response){
}
});
/**
* Add User : admin only (see documentation)
*/
$app->post('/api/users', function( Request $request, Response $response){
$token = get_token_infos($request);
try {
if (!$token->admin) {
throw new Auth\UnauthorizedException("Service only available for admin user !");
}
$form = $request->getParsedBody();
// Prevent providing an id
if (array_key_exists("id", $form)) {
// response : 400 : Bad Request
$response->getBody()->write('{"error": {"msg": "Cannot provide ID"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
}
if (!array_key_exists("username", $form) ||
!array_key_exists("first_name", $form) ||
!array_key_exists("last_name", $form) ||
!array_key_exists("password", $form)) {
// if any of these are not specified
// response : 400 : Bad Request
$response->getBody()->write('{"error": {"msg": "Please provide username, first_name, last_name and password"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
}
$username = $form['username'];
$firstName = $form['first_name'];
$lastName = $form['last_name'];
$password = $form['password'];
$sql = "INSERT INTO users (`first_name`, `last_name`, `username`, `password`)
VALUES ('" . $firstName . "', '" . $lastName . "', '" . $username . "', '" . $password . "');";
// Apply the change
try {
//connect to DB
$dbconn = new DB\DBConnection();
$db = $dbconn->connect();
$stmt = $db->query( $sql );
$db = null; // clear db object
}
catch( PDOException $e ) {
echo $e;
// response : 500 : PDO Error (DB)
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(500);
}
// response : 200 : OK
return $response->withHeader('Content-Type', 'application/json')->withStatus(200);
}
catch (Auth\UnauthenticatedException $e) {
//response : 401 : catch UnauthenticatedException : Authentication Error
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(401);
}
catch (Auth\UnauthorizedException $e) {
//response : 403 : catch UnauthorizedException : User Rights Access Denied Error
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(403);
}
catch (Exception $e) {
// Response 500 : Error
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(500);
}
});
/**
* Function which parse token, decode user infos from this token and Throws
* UnauthenticatedException if Authentication Issue.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment