Add user/view API

Change user_load() to explicitly load specific values instead of all values, as there's now some fields that need to be deleted but we cant delete them yet...
This commit is contained in:
james 2010-10-01 19:28:26 +00:00
parent 9db042fc10
commit 895bcc36e2
2 changed files with 95 additions and 10 deletions

48
api.php
View File

@ -421,7 +421,48 @@ switch($request[0]) {
break; break;
} }
break; break;
case 'user':
$chk=api_user_auth_required();
if($chk['status']!="ok") {
$ret['status']="error";
$ret['error']=$chk['error'];
break;
}
require_once("so_teams.inc.php");
switch($request[1]) {
/* APIDOC: user/view
description(view user information for current conference)
return(user array)
*/
case "view":
if($u=user_load($_SESSION['users_id'])) {
unset($u['orig']);
unset($u['types']);
unset($u['username']);
unset($u['password']);
unset($u['year']);
unset($u['access_admin']);
unset($u['access_config']);
unset($u['access_super']);
$ret['status']="ok";
$ret['user']=$u;
}
else {
$ret['status']="error";
$ret['error']="Error loading user";
}
break;
}
/* APIDOC: user/edit
notimplemented
description(edit user information for current conference)
post(user array)
return(user array)
*/
break;
default: default:
$ret['status']="error"; $ret['status']="error";
$ret['error']="Invalid API command ({$request[0]})"; $ret['error']="Invalid API command ({$request[0]})";
@ -442,12 +483,7 @@ echo json_encode($ret);
return(account array) return(account array)
*/ */
/* APIDOC: user/edit
notimplemented
description(edit user information for current conference)
post(user array)
return(user array)
*/
/* APIDOC: user/connect_teacher_to_school /* APIDOC: user/connect_teacher_to_school
notimplemented notimplemented

View File

@ -39,7 +39,50 @@ function user_valid_role($role)
function user_load($users_id, $accounts_id = false) function user_load($users_id, $accounts_id = false)
{ {
/* Load user, join accounts so we also load the email, superuser flag */ /* Load user, join accounts so we also load the email, superuser flag */
$query = "SELECT users.* FROM users JOIN accounts ON accounts.id=users.accounts_id WHERE "; //hand-code the list here because we dont want all the old stuff that hasnt been removed yet like username/password access_*, etc.
$query = "SELECT users.id,
users.accounts_id,
users.conferences_id,
users.salutation,
users.firstname,
users.lastname,
users.sex,
users.phonehome,
users.phonework,
users.phonecell,
users.fax,
users.organization,
users.birthdate,
users.lang,
users.created,
users.lastlogin,
users.address,
users.address2,
users.city,
users.province,
users.postalcode,
users.firstaid,
users.cpr,
users.fairs_id,
users.years_school,
users.years_regional,
users.years_national,
users.willing_chair,
users.special_award_only,
users.cat_prefs,
users.div_prefs,
users.divsub_prefs,
users.languages,
users.highest_psd,
users.expertise_other,
users.sponsors_id,
users.primary,
users.position,
users.primary,
users.schools_id,
users.grade,
accounts.email
FROM users JOIN accounts ON accounts.id=users.accounts_id WHERE ";
if($accounts_id != false) { if($accounts_id != false) {
$accounts_id = intval($accounts_id); $accounts_id = intval($accounts_id);
$query .= "`users`.`accounts_id`='$accounts_id' LIMIT 1"; $query .= "`users`.`accounts_id`='$accounts_id' LIMIT 1";
@ -48,6 +91,7 @@ function user_load($users_id, $accounts_id = false)
$query .= " `users`.`id`='$id'"; $query .= " `users`.`id`='$id'";
} }
$q=mysql_query($query); $q=mysql_query($query);
echo mysql_error();
if(mysql_num_rows($q) == 0) if(mysql_num_rows($q) == 0)
return false; return false;
@ -64,11 +108,9 @@ function user_load($users_id, $accounts_id = false)
$u['accounts_id'] = intval($u['accounts_id']); $u['accounts_id'] = intval($u['accounts_id']);
$u['year'] = intval($u['year']); $u['year'] = intval($u['year']);
/* Get roles, and active/complete status for each role */ /* Get roles, and active/complete status for each role */
$query = "SELECT user_roles.*,roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id={$u['id']}"; $query = "SELECT user_roles.roles_id, user_roles.active, user_roles.complete, roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id={$u['id']}";
$q = mysql_query($query); $q = mysql_query($query);
$u['roles'] = array(); $u['roles'] = array();
while(($roledata = mysql_fetch_assoc($q))) { while(($roledata = mysql_fetch_assoc($q))) {
$u['roles'][$roledata['type']] = $roledata; $u['roles'][$roledata['type']] = $roledata;
@ -101,6 +143,13 @@ function user_load($users_id, $accounts_id = false)
$u['emailrecipient']=""; $u['emailrecipient']="";
} }
/* we dont want them thinking they can change the email, so dont include it here,
its part of the account, not the user, this way they still get the 'emailrecipient'
convenience variable, not not the email itself, for that, they need to access
the account. */
unset($u['email']);
foreach(array_keys($u['roles']) as $r) { foreach(array_keys($u['roles']) as $r) {
/* Do the load routines inline, the explosion of user roles /* Do the load routines inline, the explosion of user roles
* means it's just silly to have a different function for each * means it's just silly to have a different function for each