File: src/Http/Controllers/UserController.php

Recommend this page to a friend!
  Classes of Thierry Feuzeu  >  Polr Restful API  >  src/Http/Controllers/UserController.php  >  Download  
File: src/Http/Controllers/UserController.php
Role: Class source
Content type: text/plain
Description: Class source
Class: Polr Restful API
Provide an API for the Polr URL shortener service
Author: By
Last change:
Date: 3 years ago
Size: 12,224 bytes
 

Contents

Class file image Download
<?php
namespace Lagdo\Polr\Api\Http\Controllers;

use Illuminate\Http\Request;

use App\Http\Controllers\Controller;
use App\Factories\UserFactory;
use App\Models\User;
use App\Helpers\CryptoHelper;
use Lagdo\Polr\Api\Helpers\UserHelper;
use Lagdo\Polr\Api\Helpers\ResponseHelper;

use Yajra\Datatables\Facades\Datatables;

class UserController extends Controller
{
    /**
     * @api {get} /users Get Users
     * @apiDescription Fetch a paginated list of users. The input parameters are those of the Datatables library.
     * @apiName GetUsers
     * @apiGroup Users
     * 
     * @apiParam {Integer} [draw]           The draw option.
     * @apiParam {Object} [columns]         The table columns.
     * @apiParam {Object} [order]           The data ordering.
     * @apiParam {Integer} [start]          The data offset.
     * @apiParam {Integer} [length]         The data count.
     * @apiParam {Object} [search]          The search options.
     *
     * @apiSuccess {String} message         The response message.
     * @apiSuccess {Object} settings        The Polr instance config options.
     * @apiSuccess {Object} result          The user list.
     *
     * @apiError (Error 401) {Object} AccessDenied           The user does not have permission to list users.
     */
    public function getUsers(Request $request)
    {
        if(!UserHelper::userIsAdmin($request->user))
        {
            return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to get users.', 401);
        }

        $users = User::select(['username', 'email', 'created_at', 'active',
            'api_key', 'api_active', 'api_quota', 'role', 'id']);
        $datatables = Datatables::of($users)->make(true);
        
        return ResponseHelper::make(json_decode($datatables->content()));
    }

    /**
     * @api {get} /users/:id Get a User
     * @apiDescription Get the user with the given id
     * @apiName GetUser
     * @apiGroup Users
     *
     * @apiParam {String} key               The user API key.
     *
     * @apiSuccess {String} message         The response message.
     * @apiSuccess {Object} settings        The Polr instance config options.
     * @apiSuccess {Object} result          The user data.
     *
     * @apiError (Error 401) {Object} AccessDenied           The user does not have permission to get users.
     * @apiError (Error 404) {Object} NotFound               Unable to find a user with the given id.
     * @apiError (Error 400) {Object} MissingParameters      There is a missing or invalid parameter.
     */
    public function getUser(Request $request, $user_id)
    {
        if(!UserHelper::userIsAdmin($request->user))
        {
            return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to get users.', 401);
        }

        $validator = \Validator::make(['id' => $user_id], [
            'id' => 'required|numeric',
        ]);
        if ($validator->fails())
        {
            return ResponseHelper::make('MISSING_PARAMETERS', 'Invalid or missing parameters.', 400);
        }

        $user = UserHelper::getUserById($user_id);
        if (!$user)
        {
            return ResponseHelper::make('NOT_FOUND', 'User not found.', 404);
        }
        
        return ResponseHelper::make($user);
    }

    /**
     * @api {put} /users/:id Update a user
     * @apiDescription Update the user with the given id.
     * @apiName UpdateUser
     * @apiGroup Users
     *
     * @apiParam {String} key               The user API key.
     * @apiParam {String} [role]            The new role.
     * @apiParam {String} [status]          The user status change: enable, disable or toggle.
     *
     * @apiSuccess {String} message         The response message.
     * @apiSuccess {Object} settings        The Polr instance config options.
     * @apiSuccess {Object} result          The updated user data.
     *
     * @apiError (Error 401) {Object} AccessDenied           The user does not have permission to edit the user.
     * @apiError (Error 404) {Object} NotFound               Unable to find a user with the given id.
     * @apiError (Error 400) {Object} MissingParameters      There is a missing or invalid parameter.
     */
    public function updateUser(Request $request, $user_id)
    {
        if(!UserHelper::userIsAdmin($request->user))
        {
            return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to edit users.', 401);
        }

        // At least one of the user properties must be present in the input data
        $request->merge(['id' => $user_id]);
        $validator = \Validator::make($request->all(), [
            'id' => 'required|numeric',
        	'role' => 'required_without_all:status|between:1,16|alpha_num',
            'status' => 'required_without_all:role|in:enable,disable,toggle',
        ]);
        if ($validator->fails())
        {
            return ResponseHelper::make('MISSING_PARAMETERS', 'Invalid or missing parameters.', 400);
        }

        $user = UserHelper::getUserById($user_id);
        if (!$user)
        {
            return ResponseHelper::make('NOT_FOUND', 'User not found.', 404);
        }

        if($request->has('role'))
        {
            $role = trim($request->input('role'));
            if($role == 'default')
            {
                $role = '';
            }
            $user->role = $role;
        }
        if($request->has('status'))
        {
            $status = $request->input('status');
            switch($status)
            {
            case 'enable':
                $user->active = 1;
                break;
            case 'disable':
                $user->active = 0;
                break;
            case 'toggle':
            default:
                $user->active = ($user->active ? 0 : 1);
                break;
            }
        }

        $user->save();

        return ResponseHelper::make($user);
    }

    /**
     * @api {put} /users/:id/api Change API Settings
     * @apiDescription Change the API Settings of the user with the given id.
     * @apiName ChangeAPI
     * @apiGroup Users
     *
     * @apiParam {String} key               The user API key.
     * @apiParam {String} [quota]           The new API quota.
     * @apiParam {String} [status]          The API access change: enable, disable or toggle.
     *
     * @apiSuccess {String} message         The response message.
     * @apiSuccess {Object} settings        The Polr instance config options.
     * @apiSuccess {Object} result          The updated user data.
     *
     * @apiError (Error 401) {Object} AccessDenied           The user does not have permission to edit the user.
     * @apiError (Error 404) {Object} NotFound               Unable to find a user with the given id.
     * @apiError (Error 400) {Object} MissingParameters      There is a missing or invalid parameter.
     */
    public function updateApi(Request $request, $user_id)
    {
        if(!UserHelper::userIsAdmin($request->user))
        {
            return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to edit users.', 401);
        }

        // At least one of the user properties must be present in the input data
        $request->merge(['id' => $user_id]);
        $validator = \Validator::make($request->all(), [
            'id' => 'required|numeric',
        	'quota' => 'required_without_all:status|numeric',
            'status' => 'required_without_all:quota|in:enable,disable,toggle',
        ]);
        if ($validator->fails())
        {
            return ResponseHelper::make('MISSING_PARAMETERS', 'Invalid or missing parameters.', 400);
        }

        $user = UserHelper::getUserById($user_id);
        if (!$user)
        {
            return ResponseHelper::make('NOT_FOUND', 'User not found.', 404);
        }

        if($request->has('quota'))
        {
            $user->api_quota = $request->input('quota');
        }
        if($request->has('status'))
        {
            $status = $request->input('status');
            switch($status)
            {
                case 'enable':
                    $user->api_active = 1;
                    break;
                case 'disable':
                    $user->api_active = 0;
                    break;
                case 'toggle':
                default:
                    $user->api_active = ($user->api_active ? 0 : 1);
                    break;
            }
        }

        $user->save();

        return ResponseHelper::make($user);
    }

    /**
     * @api {post} /users/:id/api Generate Key
     * @apiDescription Generate a new API access key for the user with the given id.
     * @apiName GenerateKey
     * @apiGroup Users
     *
     * @apiParam {String} key               The user API key.
     *
     * @apiSuccess {String} message         The response message.
     * @apiSuccess {Object} settings        The Polr instance config options.
     * @apiSuccess {Mixed} result           The updated user data.
     *
     * @apiError (Error 401) {Object} AccessDenied           The user does not have permission to edit the user.
     * @apiError (Error 404) {Object} NotFound               Unable to find a user with the given id.
     * @apiError (Error 400) {Object} MissingParameters      There is a missing or invalid parameter.
     */
    public function generateNewKey(Request $request, $user_id)
    {
        $validator = \Validator::make(['id' => $user_id], [
            'id' => 'required|numeric',
        ]);
        if ($validator->fails())
        {
            return ResponseHelper::make('MISSING_PARAMETERS', 'Invalid or missing parameters.', 400);
        }

        $user = UserHelper::getUserById($user_id);
        if (!$user)
        {
            return ResponseHelper::make('NOT_FOUND', 'User not found.', 404);
        }

        if(!UserHelper::userIsAdmin($request->user))
        {
            // If user is attempting to reset another user's API key, ensure they are an admin
            if($user->username != $request->user->username)
            {
                return ResponseHelper::make('ACCESS_DENIED',
                    'You do not have permission to generate API key for another user.', 401);
            }
            // User is attempting to reset own key, ensure that user is permitted to access the API
            if(!$user->api_active)
            {
                return ResponseHelper::make('ACCESS_DENIED',
                    'You do not have permission generate API key without access to the API.', 401);
            }
        }

        $new_api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH'));
        $user->api_key = $new_api_key;
        $user->save();

        return ResponseHelper::make($user);
    }

    /*public function addNewUser(Request $request)
    {
        if(!UserHelper::userIsAdmin($request->user))
        {
            return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to create users.', 401);
        }

        $ip = $request->input('ip');
        $username = $request->input('username');
        $user_password = $request->input('user_password');
        $user_email = $request->input('user_email');
        $user_role = $request->input('user_role');

        UserFactory::createUser($username, $user_email, $user_password, 1, $ip, false, 0, $user_role);

        return ResponseHelper::make();
    }

    public function deleteUser(Request $request, $user_id)
    {
        if(!UserHelper::userIsAdmin($request->user))
        {
            return ResponseHelper::make('ACCESS_DENIED', 'You do not have permission to delete users.', 401);
        }

        $validator = \Validator::make(['id' => $user_id], [
            'id' => 'required|numeric',
        ]);
        if ($validator->fails())
        {
            return ResponseHelper::make('MISSING_PARAMETERS', 'Invalid or missing parameters.', 400);
        }

        $user = UserHelper::getUserById($user_id);
        if (!$user)
        {
            return ResponseHelper::make('NOT_FOUND', 'User not found.', 404);
        }

        $user->delete();

        return ResponseHelper::make();
    }*/
}
For more information send a message to info at phpclasses dot org.