]> BookStack Code Mirror - bookstack/commitdiff
Extend /users API endpoint 2734/head
authorJascha Sticher <redacted>
Thu, 6 May 2021 09:10:49 +0000 (11:10 +0200)
committerJascha Sticher <redacted>
Thu, 6 May 2021 09:20:08 +0000 (11:20 +0200)
* add /users/{id} to get a single user
* add variable to print fields that are otherwise hidden (e.g. email)

app/Api/ListingResponseBuilder.php
app/Auth/UserRepo.php
app/Http/Controllers/Api/ApiController.php
app/Http/Controllers/Api/UserApiController.php
routes/api.php

index df4cb8bf1ae98904622a7cc2fbaa6770f197604a..06802808ef5b1757a828d7884ff474c3f9965ba2 100644 (file)
@@ -10,6 +10,7 @@ class ListingResponseBuilder
     protected $query;
     protected $request;
     protected $fields;
+    protected $hiddenFields;
 
     protected $filterOperators = [
         'eq'   => '=',
@@ -24,11 +25,12 @@ class ListingResponseBuilder
     /**
      * ListingResponseBuilder constructor.
      */
-    public function __construct(Builder $query, Request $request, array $fields)
+    public function __construct(Builder $query, Request $request, array $fields, array $hiddenFields )
     {
         $this->query = $query;
         $this->request = $request;
         $this->fields = $fields;
+        $this->hiddenFields = $hiddenFields;
     }
 
     /**
@@ -40,6 +42,7 @@ class ListingResponseBuilder
 
         $total = $filteredQuery->count();
         $data = $this->fetchData($filteredQuery);
+        $data = $data->makeVisible($this->hiddenFields);
 
         return response()->json([
             'data' => $data,
index 89d5ba4b754cc435f6e3562c6667eb84c0d25375..4444c734c35077a557fcdfe8daf8664b082bfe3d 100644 (file)
@@ -64,9 +64,11 @@ class UserRepo
     /**
      * Get all users as Builder for API
      */
-    public function getUsersBuilder(): Builder
+    public function getUsersBuilder(int $id = null ) : Builder
     {
-        $query = User::query()->select(['*']);
+        $query = User::query()->select(['*'])
+            ->withLastActivityAt()
+            ->with(['roles', 'avatar']);
         return $query;
     }
     /**
index f143ea5cd50a3d33f9a66ae58464a71b8bf9066c..5eb8b1e3d286f0f82ce23b41362b1dbd557f7507 100644 (file)
@@ -9,14 +9,15 @@ abstract class ApiController extends Controller
 {
 
     protected $rules = [];
+    protected $printHidden = [];
 
     /**
      * Provide a paginated listing JSON response in a standard format
      * taking into account any pagination parameters passed by the user.
      */
-    protected function apiListingResponse(Builder $query, array $fields): JsonResponse
+    protected function apiListingResponse(Builder $query, array $fields, array $protectedFieldsToPrint = []): JsonResponse
     {
-        $listing = new ListingResponseBuilder($query, request(), $fields);
+        $listing = new ListingResponseBuilder($query, request(), $fields, $protectedFieldsToPrint);
         return $listing->toResponse();
     }
 
index e8b98525dd2008009e660404e48701eb43ccf678..328241a8310052887d26df46aa561cfa2ee548af 100644 (file)
@@ -13,6 +13,10 @@ class UserApiController extends ApiController
     protected $user;
     protected $userRepo;
 
+    protected $printHidden = [
+        'email', 'created_at', 'updated_at', 'last_activity_at'
+    ];
+
 # TBD: Endpoints to create / update users
 #     protected $rules = [
 #         'create' => [
@@ -28,15 +32,30 @@ class UserApiController extends ApiController
     }
 
     /**
-     * Get a listing of pages visible to the user.
+     * Get a listing of users
      */
     public function list()
     {
+        $this->checkPermission('users-manage');
+
         $users = $this->userRepo->getUsersBuilder();
 
         return $this->apiListingResponse($users, [
-            'id', 'name', 'slug',
-            'email', 'created_at', 'updated_at',
-        ]);
+            'id', 'name', 'slug', 'email',
+            'created_at', 'updated_at', 'last_activity_at',
+        ], $this->printHidden);
+    }
+
+    /**
+     * View the details of a single user
+     */
+    public function read(string $id)
+    {
+        $this->checkPermission('users-manage');
+
+        $singleUser = $this->userRepo->getById($id);
+        $singleUser = $singleUser->makeVisible($this->printHidden);
+
+        return response()->json($singleUser);
     }
 }
index 0a9f99f5029887ddc98e8b56f4007e5031c2cb92..063fbd72a964889a460f82fa6b8bc37040746b7f 100644 (file)
@@ -46,3 +46,4 @@ Route::put('shelves/{id}', 'BookshelfApiController@update');
 Route::delete('shelves/{id}', 'BookshelfApiController@delete');
 
 Route::get('users', 'UserApiController@list');
+Route::get('users/{id}', 'UserApiController@read');
Morty Proxy This is a proxified and sanitized view of the page, visit original site.