Merge branch 'api-endpoint-users' into users_api

2022-02-03 11:38:55 +00:00 · 2022-02-03 11:38:55 +00:00 · 8d7febe482
parent 9d15688a43 4cbd1a9eb5
commit 8d7febe482
5 changed files with 81 additions and 3 deletions
--- a/app/Api/ListingResponseBuilder.php
+++ b/app/Api/ListingResponseBuilder.php
@ -11,6 +11,7 @@ class ListingResponseBuilder
    protected $query;
    protected $request;
    protected $fields;
+    protected $hiddenFields;

    protected $filterOperators = [
        'eq'   => '=',
@ -25,11 +26,12 @@ class ListingResponseBuilder
    /**
     * ListingResponseBuilder constructor.
     */
-    public function __construct(Builder $query, Request $request, array $fields)
+    public function __construct(Builder $query, Request $request, array $fields, array $hiddenFields )
    {
        $this->query = $query;
        $this->request = $request;
        $this->fields = $fields;
+        $this->hiddenFields = $hiddenFields;
    }

    /**
@ -41,6 +43,7 @@ class ListingResponseBuilder

        $total = $filteredQuery->count();
        $data = $this->fetchData($filteredQuery);
+        $data = $data->makeVisible($this->hiddenFields);

        return response()->json([
            'data'  => $data,
--- a/app/Auth/UserRepo.php
+++ b/app/Auth/UserRepo.php
@ -60,6 +60,16 @@ class UserRepo
        return User::query()->with('roles', 'avatar')->orderBy('name', 'asc')->get();
    }

+    /**
+     * Get all users as Builder for API
+     */
+    public function getUsersBuilder(int $id = null ) : Builder
+    {
+        $query = User::query()->select(['*'])
+            ->withLastActivityAt()
+            ->with(['roles', 'avatar']);
+        return $query;
+    }
    /**
     * Get all the users with their permissions in a paginated format.
     * Note: Due to the use of email search this should only be used when
--- a/app/Http/Controllers/Api/ApiController.php
+++ b/app/Http/Controllers/Api/ApiController.php
@ -10,14 +10,15 @@ use Illuminate\Http\JsonResponse;
 abstract class ApiController extends Controller
 {
    protected $rules = [];
+    protected $printHidden = [];

    /**
     * Provide a paginated listing JSON response in a standard format
     * taking into account any pagination parameters passed by the user.
     */
-    protected function apiListingResponse(Builder $query, array $fields): JsonResponse
+    protected function apiListingResponse(Builder $query, array $fields, array $protectedFieldsToPrint = []): JsonResponse
    {
-        $listing = new ListingResponseBuilder($query, request(), $fields);
+        $listing = new ListingResponseBuilder($query, request(), $fields, $protectedFieldsToPrint);

        return $listing->toResponse();
    }
--- a/app/Http/Controllers/Api/UserApiController.php
+++ b/app/Http/Controllers/Api/UserApiController.php
@ -0,0 +1,61 @@
+<?php
+
+namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Exceptions\PermissionsException;
+use BookStack\Auth\User;
+use BookStack\Auth\UserRepo;
+use Exception;
+use Illuminate\Http\Request;
+
+class UserApiController extends ApiController
+{
+    protected $user;
+    protected $userRepo;
+
+    protected $printHidden = [
+        'email', 'created_at', 'updated_at', 'last_activity_at'
+    ];
+
+# TBD: Endpoints to create / update users
+#     protected $rules = [
+#         'create' => [
+#         ],
+#         'update' => [
+#         ],
+#     ];
+
+    public function __construct(User $user, UserRepo $userRepo)
+    {
+        $this->user = $user;
+        $this->userRepo = $userRepo;
+    }
+
+    /**
+     * Get a listing of users
+     */
+    public function list()
+    {
+        $this->checkPermission('users-manage');
+
+        $users = $this->userRepo->getUsersBuilder();
+
+        return $this->apiListingResponse($users, [
+            'id', 'name', 'slug', 'email',
+            'created_at', 'updated_at', 'last_activity_at',
+        ], $this->printHidden);
+    }
+
+    /**
+     * View the details of a single user
+     */
+    public function read(string $id)
+    {
+        $this->checkPermission('users-manage');
+
+        $singleUser = $this->userRepo->getById($id);
+        $singleUser = $singleUser->makeVisible($this->printHidden);
+
+        return response()->json($singleUser);
+    }
+}
--- a/routes/api.php
+++ b/routes/api.php
@ -65,3 +65,6 @@ Route::post('shelves', [BookshelfApiController::class, 'create']);
 Route::get('shelves/{id}', [BookshelfApiController::class, 'read']);
 Route::put('shelves/{id}', [BookshelfApiController::class, 'update']);
 Route::delete('shelves/{id}', [BookshelfApiController::class, 'delete']);
+
+Route::get('users', 'UserApiController@list');
+Route::get('users/{id}', 'UserApiController@read');