From 07626669dad962856e52dddeacb1a9f000f93150 Mon Sep 17 00:00:00 2001 From: Jascha Sticher Date: Wed, 5 May 2021 13:46:14 +0200 Subject: [PATCH 1/2] Test API Endpoint for users --- app/Auth/UserRepo.php | 8 ++++ .../Controllers/Api/UserApiController.php | 42 +++++++++++++++++++ routes/api.php | 2 + 3 files changed, 52 insertions(+) create mode 100644 app/Http/Controllers/Api/UserApiController.php diff --git a/app/Auth/UserRepo.php b/app/Auth/UserRepo.php index e437ff1e3..89d5ba4b7 100644 --- a/app/Auth/UserRepo.php +++ b/app/Auth/UserRepo.php @@ -61,6 +61,14 @@ class UserRepo return User::query()->with('roles', 'avatar')->orderBy('name', 'asc')->get(); } + /** + * Get all users as Builder for API + */ + public function getUsersBuilder(): Builder + { + $query = User::query()->select(['*']); + return $query; + } /** * Get all the users with their permissions in a paginated format. */ diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php new file mode 100644 index 000000000..e8b98525d --- /dev/null +++ b/app/Http/Controllers/Api/UserApiController.php @@ -0,0 +1,42 @@ + [ +# ], +# 'update' => [ +# ], +# ]; + + public function __construct(User $user, UserRepo $userRepo) + { + $this->user = $user; + $this->userRepo = $userRepo; + } + + /** + * Get a listing of pages visible to the user. + */ + public function list() + { + $users = $this->userRepo->getUsersBuilder(); + + return $this->apiListingResponse($users, [ + 'id', 'name', 'slug', + 'email', 'created_at', 'updated_at', + ]); + } +} diff --git a/routes/api.php b/routes/api.php index 44643d6d4..0a9f99f50 100644 --- a/routes/api.php +++ b/routes/api.php @@ -44,3 +44,5 @@ Route::post('shelves', 'BookshelfApiController@create'); Route::get('shelves/{id}', 'BookshelfApiController@read'); Route::put('shelves/{id}', 'BookshelfApiController@update'); Route::delete('shelves/{id}', 'BookshelfApiController@delete'); + +Route::get('users', 'UserApiController@list'); From 4cbd1a9eb526bcd5fe5d9446dbf27c5813042678 Mon Sep 17 00:00:00 2001 From: Jascha Sticher Date: Thu, 6 May 2021 11:10:49 +0200 Subject: [PATCH 2/2] Extend /users API endpoint * add /users/{id} to get a single user * add variable to print fields that are otherwise hidden (e.g. email) --- app/Api/ListingResponseBuilder.php | 5 +++- app/Auth/UserRepo.php | 6 +++-- app/Http/Controllers/Api/ApiController.php | 5 ++-- .../Controllers/Api/UserApiController.php | 27 ++++++++++++++++--- routes/api.php | 1 + 5 files changed, 35 insertions(+), 9 deletions(-) diff --git a/app/Api/ListingResponseBuilder.php b/app/Api/ListingResponseBuilder.php index df4cb8bf1..06802808e 100644 --- a/app/Api/ListingResponseBuilder.php +++ b/app/Api/ListingResponseBuilder.php @@ -10,6 +10,7 @@ class ListingResponseBuilder protected $query; protected $request; protected $fields; + protected $hiddenFields; protected $filterOperators = [ 'eq' => '=', @@ -24,11 +25,12 @@ class ListingResponseBuilder /** * ListingResponseBuilder constructor. */ - public function __construct(Builder $query, Request $request, array $fields) + public function __construct(Builder $query, Request $request, array $fields, array $hiddenFields ) { $this->query = $query; $this->request = $request; $this->fields = $fields; + $this->hiddenFields = $hiddenFields; } /** @@ -40,6 +42,7 @@ class ListingResponseBuilder $total = $filteredQuery->count(); $data = $this->fetchData($filteredQuery); + $data = $data->makeVisible($this->hiddenFields); return response()->json([ 'data' => $data, diff --git a/app/Auth/UserRepo.php b/app/Auth/UserRepo.php index 89d5ba4b7..4444c734c 100644 --- a/app/Auth/UserRepo.php +++ b/app/Auth/UserRepo.php @@ -64,9 +64,11 @@ class UserRepo /** * Get all users as Builder for API */ - public function getUsersBuilder(): Builder + public function getUsersBuilder(int $id = null ) : Builder { - $query = User::query()->select(['*']); + $query = User::query()->select(['*']) + ->withLastActivityAt() + ->with(['roles', 'avatar']); return $query; } /** diff --git a/app/Http/Controllers/Api/ApiController.php b/app/Http/Controllers/Api/ApiController.php index f143ea5cd..5eb8b1e3d 100644 --- a/app/Http/Controllers/Api/ApiController.php +++ b/app/Http/Controllers/Api/ApiController.php @@ -9,14 +9,15 @@ abstract class ApiController extends Controller { protected $rules = []; + protected $printHidden = []; /** * Provide a paginated listing JSON response in a standard format * taking into account any pagination parameters passed by the user. */ - protected function apiListingResponse(Builder $query, array $fields): JsonResponse + protected function apiListingResponse(Builder $query, array $fields, array $protectedFieldsToPrint = []): JsonResponse { - $listing = new ListingResponseBuilder($query, request(), $fields); + $listing = new ListingResponseBuilder($query, request(), $fields, $protectedFieldsToPrint); return $listing->toResponse(); } diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php index e8b98525d..328241a83 100644 --- a/app/Http/Controllers/Api/UserApiController.php +++ b/app/Http/Controllers/Api/UserApiController.php @@ -13,6 +13,10 @@ class UserApiController extends ApiController protected $user; protected $userRepo; + protected $printHidden = [ + 'email', 'created_at', 'updated_at', 'last_activity_at' + ]; + # TBD: Endpoints to create / update users # protected $rules = [ # 'create' => [ @@ -28,15 +32,30 @@ class UserApiController extends ApiController } /** - * Get a listing of pages visible to the user. + * Get a listing of users */ public function list() { + $this->checkPermission('users-manage'); + $users = $this->userRepo->getUsersBuilder(); return $this->apiListingResponse($users, [ - 'id', 'name', 'slug', - 'email', 'created_at', 'updated_at', - ]); + 'id', 'name', 'slug', 'email', + 'created_at', 'updated_at', 'last_activity_at', + ], $this->printHidden); + } + + /** + * View the details of a single user + */ + public function read(string $id) + { + $this->checkPermission('users-manage'); + + $singleUser = $this->userRepo->getById($id); + $singleUser = $singleUser->makeVisible($this->printHidden); + + return response()->json($singleUser); } } diff --git a/routes/api.php b/routes/api.php index 0a9f99f50..063fbd72a 100644 --- a/routes/api.php +++ b/routes/api.php @@ -46,3 +46,4 @@ Route::put('shelves/{id}', 'BookshelfApiController@update'); Route::delete('shelves/{id}', 'BookshelfApiController@delete'); Route::get('users', 'UserApiController@list'); +Route::get('users/{id}', 'UserApiController@read');