Separated the functionality of school selection from the pages, implemented it in the API

This commit is contained in:
jacob 2010-10-27 16:40:17 +00:00
parent f1b9123835
commit d0d3c7b7c4
6 changed files with 103 additions and 42 deletions

60
api.php
View File

@ -26,14 +26,13 @@ include "common.inc.php";
require_once("account.inc.php");
require_once("user.inc.php");
require_once("schedule.inc.php");
/* FIXME!!! Unremark before committing
if($_SERVER['HTTPS']!="on") {
$ret['status']="error";
$ret['error']="SSL is required for API access, please access the API over https";
echo json_encode($ret);
exit;
}
*/
$request=explode("/",$_GET['request']);
$ret=array();
@ -500,11 +499,11 @@ switch($request[0]) {
}
break;
/* APIDOC: user/edit
description(edit user information for current conference)
post(user array)
return(user array)
*/
/* APIDOC: user/edit
description(edit user information for current conference)
post(user array)
return(user array)
*/
case "edit":
if($origu=user_load($_SESSION['users_id'])) {
$u=json_decode($_POST['user']);
@ -535,6 +534,30 @@ switch($request[0]) {
$ret['error']="Error loading user in order to edit";
}
break;
/* APIDOC: user/connect_to_school
description(connects the current users teacher role to the specified school using the school's access code)
post(schools_id integer, accesscode varchar(16))
return(school array)
*/
case 'connect_to_school':
if($u = user_load($_SESSION['users_id'])) {
$schoolId = mysql_real_escape_string($_POST['schools_id']);
$accesscode = mysql_real_escape_string($_POST['accesscode']);
if(user_set_school($u, $schoolId, $accesscode)){
$ret['status'] = "ok";
$ret['school'] = mysql_fetch_assoc(mysql_query("SELECT school, phone, fax, address, city, province_code AS province, postalcode FROM schools WHERE id = $schoolId"));
}else{
$ret['status'] = "error";
$ret['error'] = "Error matching schools_id and accesscode";
}
}else{
$ret['status'] = "error";
$ret['error'] = "Error loading user";
}
break;
}
break;
@ -674,6 +697,18 @@ switch($request[0]) {
}
break;
case 'school':
switch($request[1]){
/* APIDOC: school/list
description(list schools)
return(schools array)
*/
case 'list':
$ret['schools'] = get_schools($conference['id']);
$ret['status'] = 'ok';
break;
}
default:
$ret['status']="error";
$ret['error']="invalid API command ({$request[0]})";
@ -681,11 +716,6 @@ switch($request[0]) {
}
echo json_encode($ret);
/* APIDOC: school/list
notimplemented
description(list schools)
return(schools array)
*/
/* APIDOC: account/edit
notimplemented
@ -694,11 +724,5 @@ echo json_encode($ret);
return(account array)
*/
/* APIDOC: user/connect_teacher_to_school
notimplemented
description(connects the current users teacher role to the specified school usign the schools access code)
post(schools_id integer, accesscode varchar(16))
return(school array)
*/
?>

View File

@ -808,7 +808,6 @@ function get_timeslots($conferenceId){
}
// a convenience function for getting the special awards that are relevant to the specified conference.
// separated because it's used in a couple of spots
function get_special_awards($conferenceId){
$returnval = array();
$q = mysql_query("SELECT award_awards.id,
@ -830,3 +829,23 @@ function get_special_awards($conferenceId){
return $returnval;
}
// a convenience function for getting a list of schools that are relevant to the specified conference
function get_schools($conferenceId){
$data = array();
$returnval = array();
$q = mysql_query("SELECT MAX(id) AS id,school,city FROM schools GROUP BY school, city");
while($record = mysql_fetch_assoc($q)) $data[] = $record;
$prevRecord = null;
for($n = 0; $n < count($data); $n++){
$record = $data[$n];
$title = $data[$n]['school'];
if(array_key_exists($n + 1, $data) && $data[$n + 1]['school'] == $title){
$title .= " ({$record['city']})";
}else if($prevRecord != null && $prevRecord['school'] == $title){
$title .= " ({$record['city']})";
}
$returnval[$record['id']] = $title;
$prevRecord = $record;
}
return $returnval;
}

View File

@ -128,6 +128,17 @@ foreach($roles AS $role=>$r) {
}?>
<input type="submit" value="List Registration Fields for Selected Roles">
</form>
<h1>Schools</h1>
<a href="api/school/list">School Listing</a><br/>
<form method="post" action="api/user/connect_to_school">
<input type="text" size=4 name="schools_id">
<input type="text" size=6 name="accesscode">
<input type="submit" value="Set user's school">
</form>
<h1>Session Variables</h1>
<?
echo json_encode($_SESSION);

View File

@ -284,7 +284,10 @@ function user_get_role_fields($role){
$fields = array('sponsors_id','primary','position','notes');
break;
case 'teacher':
$fields = array();
$fields = array('schools_id');
break;
case 'principal':
$fields = array('schools_id');
break;
case 'volunteer':
$fields = array('languages');
@ -599,7 +602,7 @@ function user_save(&$u)
'willing_chair','special_award_only',
'cat_prefs','div_prefs','divsub_prefs',
'expertise_other','languages', 'highest_psd');
$fields_for_role['student'] = array('schools_id');
// $fields_for_role['student'] = array('schools_id');
$fields_for_role['fair'] = array('fairs_id');
$fields_for_role['sponsor'] = array('sponsors_id','primary','position');
$fields_for_role['teacher'] = array();
@ -935,6 +938,21 @@ function user_add_role_allowed(&$u, $role)
return true;
}
// Set the user's school to the one specifed. Verifying the school code is needed
// here, as it will be called from both the web interface and the API.
// returns true on success, false otherwise
function user_set_school($u, $schoolId, $schoolCode){
$returnval = false;
// make sure the id and code match
$tally = mysql_result(mysql_query("SELECT COUNT(*) FROM schools WHERE id = $schoolId AND accesscode = '$schoolCode'"), 0);
if($tally == 1){
if(mysql_query("UPDATE users SET schools_id = $schoolId WHERE id = " . $u['id'])){
$u['schools_id'] = $schoolId;
$returnval = true;
}
}
return $returnval;
}
// Add a role for a user.
// now just a skin on top of account_add_role

View File

@ -131,6 +131,7 @@ $tabs = array( 'fairinfo' => array(
'label' => 'Time Avail.',
'types' => array('judge'),
'file' => 'judge_availability.php',
'disabled' => 'true'
),
'judgesa' => array(
'label' => 'Special Awards',

View File

@ -41,15 +41,9 @@ if(array_key_exists('action', $_POST)){
case 'submit_code':
$code = mysql_real_escape_string($_POST['code']);
$school = mysql_real_escape_string($_POST['school']);
$query = "SELECT * FROM schools WHERE id = $school AND accesscode = '$code'";
$data = mysql_fetch_assoc(mysql_query($query));
if(is_array($data)){
$query = "UPDATE users SET schools_id = $school WHERE id = $edit_id";
if(mysql_query($query)){
// we successfully updated the school for this user. Now send the info back to papulate the page
$schoolData = mysql_fetch_assoc(mysql_query("SELECT school, address, city, province_code, postalcode, phone FROM schools WHERE id='$school'"));
echo "schoolInfo = '" . implode("<br/>", $schoolData) . "';";
}
if(user_set_school($u, $school, $code)){
$schoolData = mysql_fetch_assoc(mysql_query("SELECT school, address, city, province_code, postalcode, phone FROM schools WHERE id='$school'"));
echo "schoolInfo = '" . implode("<br/>", $schoolData) . "';";
}
break;
default:
@ -86,7 +80,7 @@ $translations = array(
$('#instructions').html("<?=$translations['incorrect'];?>");
}
}
}
);
}
</script>
@ -114,22 +108,16 @@ echo "</td><td>";
// build a select box for them to pick out a school
echo '<select id="schoolId">';
$query = "SELECT MAX(id) AS id,school,city FROM schools GROUP BY school, city";
$q = mysql_query($query);
$prev="somethingthatdoesnotexist";
echo "<option value=\"\">".i18n("Choose a school")."</option>\n";
while($r=mysql_fetch_object($q)){
if($r->school == $schoolData['school']){
$schoolList = get_schools($conference['id']);
foreach($schoolList as $id => $school){
if($school == $schoolData['school']){
$sel= "selected=\"selected\"";
}else{
$sel= "";
}
if($r->school==$prev)
echo "<option $sel value=\"$r->id\">$r->school ($r->city)</option>\n";
else
echo "<option $sel value=\"$r->id\">$r->school</option>\n";
$prev=$r->school;
}
echo "<option $sel value=\"$id\">$school</option>";
}
echo "</select>";
echo "</td></tr>";
echo "<tr><td>";