2018-07-24 19:31:43 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Grocy\Controllers;
|
|
|
|
|
|
2020-08-29 12:05:32 +02:00
|
|
|
use Grocy\Controllers\Users\User;
|
|
|
|
|
|
2018-07-24 19:31:43 +02:00
|
|
|
class UsersApiController extends BaseApiController
|
|
|
|
|
{
|
2020-08-31 20:40:31 +02:00
|
|
|
public function AddPermission(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
2018-07-24 19:31:43 +02:00
|
|
|
{
|
2020-09-01 21:29:47 +02:00
|
|
|
try
|
|
|
|
|
{
|
2020-08-31 20:40:31 +02:00
|
|
|
User::checkPermission($request, User::PERMISSION_ADMIN);
|
2020-10-14 22:49:29 +02:00
|
|
|
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
|
2018-07-24 19:31:43 +02:00
|
|
|
|
2020-08-31 20:40:31 +02:00
|
|
|
$this->getDatabase()->user_permissions()->createRow([
|
|
|
|
|
'user_id' => $args['userId'],
|
|
|
|
|
'permission_id' => $requestBody['permission_id']
|
|
|
|
|
])->save();
|
|
|
|
|
return $this->EmptyApiResponse($response);
|
|
|
|
|
}
|
|
|
|
|
catch (\Slim\Exception\HttpSpecializedException $ex)
|
2018-07-25 19:28:15 +02:00
|
|
|
{
|
2020-08-31 20:40:31 +02:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage(), $ex->getCode());
|
2018-07-25 19:28:15 +02:00
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
2019-01-19 14:51:51 +01:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
2018-07-25 19:28:15 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-11 17:42:03 +01:00
|
|
|
public function CreateUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
2018-07-24 19:31:43 +02:00
|
|
|
{
|
2020-08-29 18:31:28 +02:00
|
|
|
User::checkPermission($request, User::PERMISSION_USERS_CREATE);
|
2020-10-14 22:49:29 +02:00
|
|
|
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
|
2018-07-24 19:31:43 +02:00
|
|
|
|
|
|
|
|
try
|
|
|
|
|
{
|
2019-01-05 20:39:22 +01:00
|
|
|
if ($requestBody === null)
|
|
|
|
|
{
|
|
|
|
|
throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-20 22:08:50 +01:00
|
|
|
$this->getUsersService()->CreateUser($requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password'], $requestBody['picture_file_name']);
|
2019-01-19 14:51:51 +01:00
|
|
|
return $this->EmptyApiResponse($response);
|
2018-07-24 19:31:43 +02:00
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
2019-01-19 14:51:51 +01:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
2018-07-24 19:31:43 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-11 17:42:03 +01:00
|
|
|
public function DeleteUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
2018-07-24 19:31:43 +02:00
|
|
|
{
|
2020-08-29 18:31:28 +02:00
|
|
|
User::checkPermission($request, User::PERMISSION_USERS_EDIT);
|
2020-08-29 16:41:27 +02:00
|
|
|
try
|
2018-07-24 19:31:43 +02:00
|
|
|
{
|
2020-03-01 23:47:47 +07:00
|
|
|
$this->getUsersService()->DeleteUser($args['userId']);
|
2019-01-19 14:51:51 +01:00
|
|
|
return $this->EmptyApiResponse($response);
|
2018-07-24 19:31:43 +02:00
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
2019-01-19 14:51:51 +01:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
2018-07-24 19:31:43 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-11 17:42:03 +01:00
|
|
|
public function EditUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
2018-07-24 19:31:43 +02:00
|
|
|
{
|
2020-08-31 20:40:31 +02:00
|
|
|
if ($args['userId'] == GROCY_USER_ID)
|
|
|
|
|
{
|
2020-08-29 18:31:28 +02:00
|
|
|
User::checkPermission($request, User::PERMISSION_USERS_EDIT_SELF);
|
2020-08-31 20:40:31 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2020-08-29 18:31:28 +02:00
|
|
|
User::checkPermission($request, User::PERMISSION_USERS_EDIT);
|
2020-08-29 16:41:27 +02:00
|
|
|
}
|
2020-08-31 20:40:31 +02:00
|
|
|
|
2020-10-14 22:49:29 +02:00
|
|
|
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
|
2018-07-24 19:31:43 +02:00
|
|
|
|
|
|
|
|
try
|
|
|
|
|
{
|
2020-12-20 22:08:50 +01:00
|
|
|
$this->getUsersService()->EditUser($args['userId'], $requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password'], $requestBody['picture_file_name']);
|
2019-01-19 14:51:51 +01:00
|
|
|
return $this->EmptyApiResponse($response);
|
2018-07-24 19:31:43 +02:00
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
2019-01-19 14:51:51 +01:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
2018-07-24 19:31:43 +02:00
|
|
|
}
|
|
|
|
|
}
|
2018-09-30 10:47:56 +02:00
|
|
|
|
2020-08-31 20:40:31 +02:00
|
|
|
public function GetUserSetting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
2020-04-13 10:35:20 +02:00
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
2020-08-31 20:40:31 +02:00
|
|
|
$value = $this->getUsersService()->GetUserSetting(GROCY_USER_ID, $args['settingKey']);
|
|
|
|
|
return $this->ApiResponse($response, ['value' => $value]);
|
2020-04-13 10:35:20 +02:00
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
|
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-31 20:40:31 +02:00
|
|
|
public function GetUserSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
2018-09-30 10:47:56 +02:00
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
2020-08-31 20:40:31 +02:00
|
|
|
return $this->ApiResponse($response, $this->getUsersService()->GetUserSettings(GROCY_USER_ID));
|
2018-09-30 10:47:56 +02:00
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
2019-01-19 14:51:51 +01:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
2018-09-30 10:47:56 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-31 20:40:31 +02:00
|
|
|
public function GetUsers(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
2018-09-30 10:47:56 +02:00
|
|
|
{
|
2020-08-31 20:40:31 +02:00
|
|
|
User::checkPermission($request, User::PERMISSION_USERS_READ);
|
2018-09-30 10:47:56 +02:00
|
|
|
try
|
|
|
|
|
{
|
2020-09-01 19:59:40 +02:00
|
|
|
return $this->FilteredApiResponse($response, $this->getUsersService()->GetUsersAsDto(), $request->getQueryParams());
|
2018-09-30 10:47:56 +02:00
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
2019-01-19 14:51:51 +01:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
2018-09-30 10:47:56 +02:00
|
|
|
}
|
2020-08-29 16:41:27 +02:00
|
|
|
}
|
|
|
|
|
|
2020-12-09 21:16:49 +01:00
|
|
|
public function CurrentUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
return $this->ApiResponse($response, $this->getUsersService()->GetUsersAsDto()->where('id', GROCY_USER_ID));
|
|
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
|
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
public function ListPermissions(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
|
|
|
{
|
2020-09-01 21:29:47 +02:00
|
|
|
try
|
|
|
|
|
{
|
2020-08-29 16:41:27 +02:00
|
|
|
User::checkPermission($request, User::PERMISSION_ADMIN);
|
|
|
|
|
|
2020-09-01 21:29:47 +02:00
|
|
|
return $this->ApiResponse(
|
|
|
|
|
$response,
|
2020-11-14 21:26:16 +01:00
|
|
|
$this->getDatabase()->user_permissions()->where('user_id', $args['userId'])
|
2020-08-29 16:41:27 +02:00
|
|
|
);
|
2020-08-31 20:40:31 +02:00
|
|
|
}
|
|
|
|
|
catch (\Slim\Exception\HttpSpecializedException $ex)
|
|
|
|
|
{
|
2020-08-29 16:41:27 +02:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage(), $ex->getCode());
|
2020-08-31 20:40:31 +02:00
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
2020-08-29 16:41:27 +02:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function SetPermissions(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
|
|
|
{
|
2020-09-01 21:29:47 +02:00
|
|
|
try
|
|
|
|
|
{
|
2020-08-29 16:41:27 +02:00
|
|
|
User::checkPermission($request, User::PERMISSION_ADMIN);
|
2020-12-07 19:48:33 +01:00
|
|
|
|
|
|
|
|
$requestBody = $request->getParsedBody();
|
2020-08-29 16:41:27 +02:00
|
|
|
$db = $this->getDatabase();
|
|
|
|
|
$db->user_permissions()
|
|
|
|
|
->where('user_id', $args['userId'])
|
|
|
|
|
->delete();
|
|
|
|
|
|
|
|
|
|
$perms = [];
|
2020-12-07 19:48:33 +01:00
|
|
|
if (GROCY_MODE === 'demo' || GROCY_MODE === 'prerelease')
|
2020-08-31 20:40:31 +02:00
|
|
|
{
|
2020-12-07 19:48:33 +01:00
|
|
|
// For demo mode always all users have and keep the ADMIN permission
|
2020-08-31 20:40:31 +02:00
|
|
|
$perms[] = [
|
2020-08-29 16:41:27 +02:00
|
|
|
'user_id' => $args['userId'],
|
2020-12-07 19:48:33 +01:00
|
|
|
'permission_id' => 1
|
2020-08-31 20:40:31 +02:00
|
|
|
];
|
2020-08-29 16:41:27 +02:00
|
|
|
}
|
2020-12-07 19:48:33 +01:00
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
foreach ($requestBody['permissions'] as $perm_id)
|
|
|
|
|
{
|
|
|
|
|
$perms[] = [
|
|
|
|
|
'user_id' => $args['userId'],
|
|
|
|
|
'permission_id' => $perm_id
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-08-29 16:41:27 +02:00
|
|
|
$db->insert('user_permissions', $perms, 'batch');
|
|
|
|
|
|
|
|
|
|
return $this->EmptyApiResponse($response);
|
2020-08-31 20:40:31 +02:00
|
|
|
}
|
|
|
|
|
catch (\Slim\Exception\HttpSpecializedException $ex)
|
|
|
|
|
{
|
2020-08-29 16:41:27 +02:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage(), $ex->getCode());
|
2020-08-31 20:40:31 +02:00
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
|
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function SetUserSetting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
2020-10-14 22:49:29 +02:00
|
|
|
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
|
2020-08-31 20:40:31 +02:00
|
|
|
|
|
|
|
|
$value = $this->getUsersService()->SetUserSetting(GROCY_USER_ID, $args['settingKey'], $requestBody['value']);
|
|
|
|
|
return $this->EmptyApiResponse($response);
|
|
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
2020-08-29 16:41:27 +02:00
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-08-31 20:40:31 +02:00
|
|
|
|
2020-12-16 18:18:03 +01:00
|
|
|
public function DeleteUserSetting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
$value = $this->getUsersService()->DeleteUserSetting(GROCY_USER_ID, $args['settingKey']);
|
|
|
|
|
return $this->EmptyApiResponse($response);
|
|
|
|
|
}
|
|
|
|
|
catch (\Exception $ex)
|
|
|
|
|
{
|
|
|
|
|
return $this->GenericErrorResponse($response, $ex->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-07-24 19:31:43 +02:00
|
|
|
}
|
