forked from science-ation/science-ation
Add user/view API
Change user_load() to explicitly load specific values instead of all values, as there's now some fields that need to be deleted but we cant delete them yet...
This commit is contained in:
james
parent
9db042fc10
commit
895bcc36e2
48
api.php
48
api.php
@ -421,7 +421,48 @@ switch($request[0]) {
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case 'user':
|
||||
$chk=api_user_auth_required();
|
||||
if($chk['status']!="ok") {
|
||||
$ret['status']="error";
|
||||
$ret['error']=$chk['error'];
|
||||
break;
|
||||
}
|
||||
|
||||
require_once("so_teams.inc.php");
|
||||
switch($request[1]) {
|
||||
/* APIDOC: user/view
|
||||
description(view user information for current conference)
|
||||
return(user array)
|
||||
*/
|
||||
case "view":
|
||||
if($u=user_load($_SESSION['users_id'])) {
|
||||
unset($u['orig']);
|
||||
unset($u['types']);
|
||||
unset($u['username']);
|
||||
unset($u['password']);
|
||||
unset($u['year']);
|
||||
unset($u['access_admin']);
|
||||
unset($u['access_config']);
|
||||
unset($u['access_super']);
|
||||
$ret['status']="ok";
|
||||
$ret['user']=$u;
|
||||
}
|
||||
else {
|
||||
$ret['status']="error";
|
||||
$ret['error']="Error loading user";
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
/* APIDOC: user/edit
|
||||
notimplemented
|
||||
description(edit user information for current conference)
|
||||
post(user array)
|
||||
return(user array)
|
||||
*/
|
||||
|
||||
break;
|
||||
default:
|
||||
$ret['status']="error";
|
||||
$ret['error']="Invalid API command ({$request[0]})";
|
||||
@ -442,12 +483,7 @@ echo json_encode($ret);
|
||||
return(account array)
|
||||
*/
|
||||
|
||||
/* APIDOC: user/edit
|
||||
notimplemented
|
||||
description(edit user information for current conference)
|
||||
post(user array)
|
||||
return(user array)
|
||||
*/
|
||||
|
||||
|
||||
/* APIDOC: user/connect_teacher_to_school
|
||||
notimplemented
|
||||
|
||||
57
user.inc.php
57
user.inc.php
@ -39,7 +39,50 @@ function user_valid_role($role)
|
||||
function user_load($users_id, $accounts_id = false)
|
||||
{
|
||||
/* Load user, join accounts so we also load the email, superuser flag */
|
||||
$query = "SELECT users.* FROM users JOIN accounts ON accounts.id=users.accounts_id WHERE ";
|
||||
//hand-code the list here because we dont want all the old stuff that hasnt been removed yet like username/password access_*, etc.
|
||||
$query = "SELECT users.id,
|
||||
users.accounts_id,
|
||||
users.conferences_id,
|
||||
users.salutation,
|
||||
users.firstname,
|
||||
users.lastname,
|
||||
users.sex,
|
||||
users.phonehome,
|
||||
users.phonework,
|
||||
users.phonecell,
|
||||
users.fax,
|
||||
users.organization,
|
||||
users.birthdate,
|
||||
users.lang,
|
||||
users.created,
|
||||
users.lastlogin,
|
||||
users.address,
|
||||
users.address2,
|
||||
users.city,
|
||||
users.province,
|
||||
users.postalcode,
|
||||
users.firstaid,
|
||||
users.cpr,
|
||||
users.fairs_id,
|
||||
users.years_school,
|
||||
users.years_regional,
|
||||
users.years_national,
|
||||
users.willing_chair,
|
||||
users.special_award_only,
|
||||
users.cat_prefs,
|
||||
users.div_prefs,
|
||||
users.divsub_prefs,
|
||||
users.languages,
|
||||
users.highest_psd,
|
||||
users.expertise_other,
|
||||
users.sponsors_id,
|
||||
users.primary,
|
||||
users.position,
|
||||
users.primary,
|
||||
users.schools_id,
|
||||
users.grade,
|
||||
accounts.email
|
||||
FROM users JOIN accounts ON accounts.id=users.accounts_id WHERE ";
|
||||
if($accounts_id != false) {
|
||||
$accounts_id = intval($accounts_id);
|
||||
$query .= "`users`.`accounts_id`='$accounts_id' LIMIT 1";
|
||||
@ -48,6 +91,7 @@ function user_load($users_id, $accounts_id = false)
|
||||
$query .= " `users`.`id`='$id'";
|
||||
}
|
||||
$q=mysql_query($query);
|
||||
echo mysql_error();
|
||||
if(mysql_num_rows($q) == 0)
|
||||
return false;
|
||||
|
||||
@ -63,12 +107,10 @@ function user_load($users_id, $accounts_id = false)
|
||||
$u['id'] = intval($u['id']);
|
||||
$u['accounts_id'] = intval($u['accounts_id']);
|
||||
$u['year'] = intval($u['year']);
|
||||
|
||||
|
||||
/* Get roles, and active/complete status for each role */
|
||||
$query = "SELECT user_roles.*,roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id={$u['id']}";
|
||||
$query = "SELECT user_roles.roles_id, user_roles.active, user_roles.complete, roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id={$u['id']}";
|
||||
$q = mysql_query($query);
|
||||
|
||||
$u['roles'] = array();
|
||||
while(($roledata = mysql_fetch_assoc($q))) {
|
||||
$u['roles'][$roledata['type']] = $roledata;
|
||||
@ -101,6 +143,13 @@ function user_load($users_id, $accounts_id = false)
|
||||
$u['emailrecipient']="";
|
||||
}
|
||||
|
||||
/* we dont want them thinking they can change the email, so dont include it here,
|
||||
its part of the account, not the user, this way they still get the 'emailrecipient'
|
||||
convenience variable, not not the email itself, for that, they need to access
|
||||
the account. */
|
||||
unset($u['email']);
|
||||
|
||||
|
||||
foreach(array_keys($u['roles']) as $r) {
|
||||
/* Do the load routines inline, the explosion of user roles
|
||||
* means it's just silly to have a different function for each
|
||||
|
||||
Loading…
Reference in New Issue
Block a user