PHP Classes

File: src/Http/Controllers/UserController.php

Recommend this page to a friend!
  Classes of Thierry Feuzeu   Polr Restful API   src/Http/Controllers/UserController.php   Download  
File: src/Http/Controllers/UserController.php
Role: Class source
Content type: text/plain
Description: Class source
Class: Polr Restful API
Provide an API for the Polr URL shortener service
Author: By
Last change:
Date: 6 years ago
Size: 12,224 bytes
 

Contents

Class file image Download
<?php namespace Lagdo\Polr\Api\Http\Controllers; use Illuminate\Http\Request; use App\Http\Controllers\Controller; use App\Factories\UserFactory; use App\Models\User; use App\Helpers\CryptoHelper; use Lagdo\Polr\Api\Helpers\UserHelper; use Lagdo\Polr\Api\Helpers\ResponseHelper; use Yajra\Datatables\Facades\Datatables; class UserController extends Controller { /** * @api {get} /users Get Users * @apiDescription Fetch a paginated list of users. The input parameters are those of the Datatables library. * @apiName GetUsers * @apiGroup Users * * @apiParam {Integer} [draw] The draw option. * @apiParam {Object} [columns] The table columns. * @apiParam {Object} [order] The data ordering. * @apiParam {Integer} [start] The data offset. * @apiParam {Integer} [length] The data count. * @apiParam {Object} [search] The search options. * * @apiSuccess {String} message The response message. * @apiSuccess {Object} settings The Polr instance config options. * @apiSuccess {Object} result The user list. * * @apiError (Error 401) {Object} AccessDenied The user does not have permission to list users. */ public function getUsers(Request $request) { if(!UserHelper::userIsAdmin($request->user)) { return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to get users.', 401); } $users = User::select(['username', 'email', 'created_at', 'active', 'api_key', 'api_active', 'api_quota', 'role', 'id']); $datatables = Datatables::of($users)->make(true); return ResponseHelper::make(json_decode($datatables->content())); } /** * @api {get} /users/:id Get a User * @apiDescription Get the user with the given id * @apiName GetUser * @apiGroup Users * * @apiParam {String} key The user API key. * * @apiSuccess {String} message The response message. * @apiSuccess {Object} settings The Polr instance config options. * @apiSuccess {Object} result The user data. * * @apiError (Error 401) {Object} AccessDenied The user does not have permission to get users. * @apiError (Error 404) {Object} NotFound Unable to find a user with the given id. * @apiError (Error 400) {Object} MissingParameters There is a missing or invalid parameter. */ public function getUser(Request $request, $user_id) { if(!UserHelper::userIsAdmin($request->user)) { return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to get users.', 401); } $validator = \Validator::make(['id' => $user_id], [ 'id' => 'required|numeric', ]); if ($validator->fails()) { return ResponseHelper::make('MISSING_PARAMETERS', 'Invalid or missing parameters.', 400); } $user = UserHelper::getUserById($user_id); if (!$user) { return ResponseHelper::make('NOT_FOUND', 'User not found.', 404); } return ResponseHelper::make($user); } /** * @api {put} /users/:id Update a user * @apiDescription Update the user with the given id. * @apiName UpdateUser * @apiGroup Users * * @apiParam {String} key The user API key. * @apiParam {String} [role] The new role. * @apiParam {String} [status] The user status change: enable, disable or toggle. * * @apiSuccess {String} message The response message. * @apiSuccess {Object} settings The Polr instance config options. * @apiSuccess {Object} result The updated user data. * * @apiError (Error 401) {Object} AccessDenied The user does not have permission to edit the user. * @apiError (Error 404) {Object} NotFound Unable to find a user with the given id. * @apiError (Error 400) {Object} MissingParameters There is a missing or invalid parameter. */ public function updateUser(Request $request, $user_id) { if(!UserHelper::userIsAdmin($request->user)) { return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to edit users.', 401); } // At least one of the user properties must be present in the input data $request->merge(['id' => $user_id]); $validator = \Validator::make($request->all(), [ 'id' => 'required|numeric', 'role' => 'required_without_all:status|between:1,16|alpha_num', 'status' => 'required_without_all:role|in:enable,disable,toggle', ]); if ($validator->fails()) { return ResponseHelper::make('MISSING_PARAMETERS', 'Invalid or missing parameters.', 400); } $user = UserHelper::getUserById($user_id); if (!$user) { return ResponseHelper::make('NOT_FOUND', 'User not found.', 404); } if($request->has('role')) { $role = trim($request->input('role')); if($role == 'default') { $role = ''; } $user->role = $role; } if($request->has('status')) { $status = $request->input('status'); switch($status) { case 'enable': $user->active = 1; break; case 'disable': $user->active = 0; break; case 'toggle': default: $user->active = ($user->active ? 0 : 1); break; } } $user->save(); return ResponseHelper::make($user); } /** * @api {put} /users/:id/api Change API Settings * @apiDescription Change the API Settings of the user with the given id. * @apiName ChangeAPI * @apiGroup Users * * @apiParam {String} key The user API key. * @apiParam {String} [quota] The new API quota. * @apiParam {String} [status] The API access change: enable, disable or toggle. * * @apiSuccess {String} message The response message. * @apiSuccess {Object} settings The Polr instance config options. * @apiSuccess {Object} result The updated user data. * * @apiError (Error 401) {Object} AccessDenied The user does not have permission to edit the user. * @apiError (Error 404) {Object} NotFound Unable to find a user with the given id. * @apiError (Error 400) {Object} MissingParameters There is a missing or invalid parameter. */ public function updateApi(Request $request, $user_id) { if(!UserHelper::userIsAdmin($request->user)) { return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to edit users.', 401); } // At least one of the user properties must be present in the input data $request->merge(['id' => $user_id]); $validator = \Validator::make($request->all(), [ 'id' => 'required|numeric', 'quota' => 'required_without_all:status|numeric', 'status' => 'required_without_all:quota|in:enable,disable,toggle', ]); if ($validator->fails()) { return ResponseHelper::make('MISSING_PARAMETERS', 'Invalid or missing parameters.', 400); } $user = UserHelper::getUserById($user_id); if (!$user) { return ResponseHelper::make('NOT_FOUND', 'User not found.', 404); } if($request->has('quota')) { $user->api_quota = $request->input('quota'); } if($request->has('status')) { $status = $request->input('status'); switch($status) { case 'enable': $user->api_active = 1; break; case 'disable': $user->api_active = 0; break; case 'toggle': default: $user->api_active = ($user->api_active ? 0 : 1); break; } } $user->save(); return ResponseHelper::make($user); } /** * @api {post} /users/:id/api Generate Key * @apiDescription Generate a new API access key for the user with the given id. * @apiName GenerateKey * @apiGroup Users * * @apiParam {String} key The user API key. * * @apiSuccess {String} message The response message. * @apiSuccess {Object} settings The Polr instance config options. * @apiSuccess {Mixed} result The updated user data. * * @apiError (Error 401) {Object} AccessDenied The user does not have permission to edit the user. * @apiError (Error 404) {Object} NotFound Unable to find a user with the given id. * @apiError (Error 400) {Object} MissingParameters There is a missing or invalid parameter. */ public function generateNewKey(Request $request, $user_id) { $validator = \Validator::make(['id' => $user_id], [ 'id' => 'required|numeric', ]); if ($validator->fails()) { return ResponseHelper::make('MISSING_PARAMETERS', 'Invalid or missing parameters.', 400); } $user = UserHelper::getUserById($user_id); if (!$user) { return ResponseHelper::make('NOT_FOUND', 'User not found.', 404); } if(!UserHelper::userIsAdmin($request->user)) { // If user is attempting to reset another user's API key, ensure they are an admin if($user->username != $request->user->username) { return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to generate API key for another user.', 401); } // User is attempting to reset own key, ensure that user is permitted to access the API if(!$user->api_active) { return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission generate API key without access to the API.', 401); } } $new_api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH')); $user->api_key = $new_api_key; $user->save(); return ResponseHelper::make($user); } /*public function addNewUser(Request $request) { if(!UserHelper::userIsAdmin($request->user)) { return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to create users.', 401); } $ip = $request->input('ip'); $username = $request->input('username'); $user_password = $request->input('user_password'); $user_email = $request->input('user_email'); $user_role = $request->input('user_role'); UserFactory::createUser($username, $user_email, $user_password, 1, $ip, false, 0, $user_role); return ResponseHelper::make(); } public function deleteUser(Request $request, $user_id) { if(!UserHelper::userIsAdmin($request->user)) { return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to delete users.', 401); } $validator = \Validator::make(['id' => $user_id], [ 'id' => 'required|numeric', ]); if ($validator->fails()) { return ResponseHelper::make('MISSING_PARAMETERS', 'Invalid or missing parameters.', 400); } $user = UserHelper::getUserById($user_id); if (!$user) { return ResponseHelper::make('NOT_FOUND', 'User not found.', 404); } $user->delete(); return ResponseHelper::make(); }*/ }