diff --git a/app/Api/ListingResponseBuilder.php b/app/Api/ListingResponseBuilder.php index df4cb8bf1..06802808e 100644 --- a/app/Api/ListingResponseBuilder.php +++ b/app/Api/ListingResponseBuilder.php @@ -10,6 +10,7 @@ class ListingResponseBuilder protected $query; protected $request; protected $fields; + protected $hiddenFields; protected $filterOperators = [ 'eq' => '=', @@ -24,11 +25,12 @@ class ListingResponseBuilder /** * ListingResponseBuilder constructor. */ - public function __construct(Builder $query, Request $request, array $fields) + public function __construct(Builder $query, Request $request, array $fields, array $hiddenFields ) { $this->query = $query; $this->request = $request; $this->fields = $fields; + $this->hiddenFields = $hiddenFields; } /** @@ -40,6 +42,7 @@ class ListingResponseBuilder $total = $filteredQuery->count(); $data = $this->fetchData($filteredQuery); + $data = $data->makeVisible($this->hiddenFields); return response()->json([ 'data' => $data, diff --git a/app/Auth/UserRepo.php b/app/Auth/UserRepo.php index 89d5ba4b7..4444c734c 100644 --- a/app/Auth/UserRepo.php +++ b/app/Auth/UserRepo.php @@ -64,9 +64,11 @@ class UserRepo /** * Get all users as Builder for API */ - public function getUsersBuilder(): Builder + public function getUsersBuilder(int $id = null ) : Builder { - $query = User::query()->select(['*']); + $query = User::query()->select(['*']) + ->withLastActivityAt() + ->with(['roles', 'avatar']); return $query; } /** diff --git a/app/Http/Controllers/Api/ApiController.php b/app/Http/Controllers/Api/ApiController.php index f143ea5cd..5eb8b1e3d 100644 --- a/app/Http/Controllers/Api/ApiController.php +++ b/app/Http/Controllers/Api/ApiController.php @@ -9,14 +9,15 @@ abstract class ApiController extends Controller { protected $rules = []; + protected $printHidden = []; /** * Provide a paginated listing JSON response in a standard format * taking into account any pagination parameters passed by the user. */ - protected function apiListingResponse(Builder $query, array $fields): JsonResponse + protected function apiListingResponse(Builder $query, array $fields, array $protectedFieldsToPrint = []): JsonResponse { - $listing = new ListingResponseBuilder($query, request(), $fields); + $listing = new ListingResponseBuilder($query, request(), $fields, $protectedFieldsToPrint); return $listing->toResponse(); } diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php index e8b98525d..328241a83 100644 --- a/app/Http/Controllers/Api/UserApiController.php +++ b/app/Http/Controllers/Api/UserApiController.php @@ -13,6 +13,10 @@ class UserApiController extends ApiController protected $user; protected $userRepo; + protected $printHidden = [ + 'email', 'created_at', 'updated_at', 'last_activity_at' + ]; + # TBD: Endpoints to create / update users # protected $rules = [ # 'create' => [ @@ -28,15 +32,30 @@ class UserApiController extends ApiController } /** - * Get a listing of pages visible to the user. + * Get a listing of users */ public function list() { + $this->checkPermission('users-manage'); + $users = $this->userRepo->getUsersBuilder(); return $this->apiListingResponse($users, [ - 'id', 'name', 'slug', - 'email', 'created_at', 'updated_at', - ]); + 'id', 'name', 'slug', 'email', + 'created_at', 'updated_at', 'last_activity_at', + ], $this->printHidden); + } + + /** + * View the details of a single user + */ + public function read(string $id) + { + $this->checkPermission('users-manage'); + + $singleUser = $this->userRepo->getById($id); + $singleUser = $singleUser->makeVisible($this->printHidden); + + return response()->json($singleUser); } } diff --git a/routes/api.php b/routes/api.php index 0a9f99f50..063fbd72a 100644 --- a/routes/api.php +++ b/routes/api.php @@ -46,3 +46,4 @@ Route::put('shelves/{id}', 'BookshelfApiController@update'); Route::delete('shelves/{id}', 'BookshelfApiController@delete'); Route::get('users', 'UserApiController@list'); +Route::get('users/{id}', 'UserApiController@read');