Added project mentor management to the api, and functions for testing it

2011-02-21 19:42:13 +00:00 · 2011-02-21 19:42:13 +00:00 · f22dfb3c93
commit f22dfb3c93
parent e06eb7dbd8
3 changed files with 239 additions and 27 deletions
--- a/api.php
+++ b/api.php
@ -989,27 +989,82 @@ switch($request[0]) {
 			case 'mentor':
 				switch($request[2]){
 					/*	APIDOC: project/mentor/add
-						description(add a project mentor - not yet implemented)
+						post(registrations_id integer)
+						description(add a project mentor)
 					*/
 					case 'add':
-						$ret['status'] = "error";
-						$ret['error'] = $_GET['request'] . " functionality not yet implemented";
+						if(!array_key_exists('registrations_id', $_POST)){
+							$ret['status'] = "error";
+							$ret['error'] = 'registrations_id parameter required';
+							break;
+						}
+
+						$result = addMentor($_POST['registrations_id']);
+						if(is_array($result)){
+							$ret['status'] = 'ok';
+							$ret['mentor'] = $result;
+						}else{
+							$ret['status'] = 'error';
+							$ret['error'] = $result;
+						}
 					break;

-					/*	APIDOC: project/mentor/add
-						description(remove a project mentor - not yet implemented)
+					/*	APIDOC: project/mentor/edit
+						post(mentor object)
+						description(edit a project mentor)
+					*/
+					case 'edit':
+						if(!array_key_exists('mentor', $_POST)){
+							$ret['status'] = "error";
+							$ret['error'] = "mentor object parameter required";
+							break;
+						}
+						$result = saveMentorData(json_decode($_POST['mentor']));
+						if($result == 'ok'){
+							$ret['status'] = 'ok';
+						}else{
+							$ret['status'] = 'error';
+							$ret['error'] = $result;
+						}
+					break;
+
+					/*	APIDOC: project/mentor/remove
+						post(id integer)
+						description(remove a project mentor with the specified id)
 					*/
 					case 'remove':
-						$ret['status'] = "error";
-						$ret['error'] = $_GET['request'] . " functionality not yet implemented";
+						if(!array_key_exists('id', $_POST)){
+							$ret['status'] = "error";
+							$ret['error'] = "mentor id parameter required";
+							break;
+						}
+						$result = removeMentor($_POST['id']);
+						if($result == 'ok'){
+							$ret['status'] = 'ok';
+						}else{
+							$ret['status'] = 'error';
+							$ret['error'] = $result;
+						}
 					break;

-					/*	APIDOC: project/mentor/add
-						description(list project mentors - not yet implemented)
+					/*	APIDOC: project/mentor/view
+						post(registrations_id integer)
+						description(list project mentors)
 					*/
-					case 'list':
-						$ret['status'] = "error";
-						$ret['error'] = $_GET['request'] . " functionality not yet implemented";
+					case 'view':
+						if(!array_key_exists('registrations_id', $_POST)){
+							$ret['status'] = "error";
+							$ret['error'] = 'registrations_id parameter required';
+							break;
+						}
+						$result = getMentors($_POST['registrations_id']);
+						if(is_array($result)){
+							$ret['status'] = 'ok';
+							$ret['mentors'] = $result;
+						}else{
+							$ret['status'] = "error";
+							$ret['error'] = $result;
+						}
 					break;

 					default:
--- a/register_participants.inc.php
+++ b/register_participants.inc.php
@ -516,6 +516,9 @@ function computeRegistrationFee($regid)
 New functionality split off for API purposes
 ******************************************************************************/

+/** Hmm - perhaps these sholud be split into separate files ...
+This section is for project/registration related functions **/
+
 function saveProjectData($data){
 	global $conference, $config;
 	$requiredFields = array('project_id', 'summary', 'title', 'projectdivisions_id', 'language', 'req_table', 'req_electricity', 'summary');
@ -812,4 +815,137 @@ function removeProject($registrations_id){
 	return 'ok';
 }

+/********
+More functions split off for API purposes - these ones for managing mentors
+*******/
+
+/** create a mentor that is tied to a particular registration **/
+function addMentor($registrations_id){
+	global $conference;
+	//verify that the registrations id is a valid one:
+	$registrations_id = mysql_real_escape_string($registrations_id);
+	//echo "query = SELECT COUNT(*) AS tally FROM users WHERE id = " . $_SESSION['users_id'] . " AND registrations_id = " . $registrations_id . "<br/>";
+	$q = mysql_fetch_assoc(mysql_query("SELECT COUNT(*) AS tally FROM users WHERE id = " . $_SESSION['users_id'] . " AND registrations_id = " . $registrations_id));
+	if($q['tally'] != 1){
+		return "register_participants.inc.php::addMentor -> invalid registrations id";
+	}
+
+	// ok, let's go ahead and create a mentor
+	mysql_query("INSERT INTO mentors (registrations_id, conferences_id) VALUES($registrations_id, {$conference['id']})");
+	if(mysql_error()){
+		return "register_participants.inc.php::addMentor -> " . mysql_error();
+	}
+
+	// and now we can return an array that is the empty record for the mentor
+	$fields = 'id, registrations_id, firstname, lastname, email, phone, organization, position, description, conferences_id';
+	$mentorId = mysql_insert_id();
+	$q = mysql_query("SELECT $fields FROM mentors WHERE id = $mentorId");
+	if(mysql_error()){
+		return "register_participants.inc.php::addMentor -> " . mysql_error();
+	}
+
+	return mysql_fetch_array($q);
+}
+
+// find out if the specified user is allowed to edit the specified mentor.  returns a boolean answer
+function userCanEditMentor($userId, $mentorId){
+	// All necessary fields are there, now let's see if the record exists.
+	$row = mysql_fetch_assoc(mysql_query("SELECT registrations_id FROM mentors WHERE id = $mentorId"));
+	if(!$row){
+		return false;
+	}
+	$regId = $row['registrations_id'];
+
+	// Is this user connected to the same registration as this mentor?
+	$row = mysql_fetch_assoc(mysql_query("SELECT registrations_id FROM users WHERE id = $userId"));
+	if($row['registrations_id'] != $regId){
+		return false;
+	}
+	return true;
+}
+
+// return a list of fields that should be included in the mentor array
+function getMentorFields(){
+	return array(
+		'id', 'registrations_id', 
+		'firstname', 'lastname', 
+		'email', 'phone', 
+		'organization', 'position', 
+		'description', 
+	);
+}
+
+// take the passed array of data and save it to the corresponding record in the mentors table
+function saveMentorData($data){
+	// Make sure all of the required fields have been included.
+	$missingFields = array();
+	$fields = getMentorFields();
+	foreach($fields as $key){
+		if(array_key_exists($key, $data)){
+			// might as well make 'em sql safe while we're here
+			$data[$key] = mysql_real_escape_string($data[$key]);
+		}else{
+			$missingFields[] = $key;
+		}
+	}
+	if(count($missingFields) != 0){
+		return "register_participants.inc.php::saveMentorData -> mentor object missing fields: " . implode(', ', $missingFields);
+	}
+
+	if(!userCanEditMentor($_SESSION['users_id'], $data['id'])){
+		return "register_participants.inc.php::saveMentorData -> current user not associated with the specified mentor";
+	}
+
+	// Ok, everything checks out.  Let's go ahead and update the record.
+	$query = "UPDATE mentors SET ";
+	$queryParts = array();
+	foreach($fields as $key){
+		if($key == 'id') continue;
+		$queryParts[] = "`$key` = '{$data[$key]}' ";
+	}
+	$query .= implode(',', $queryParts);
+	$query .= "WHERE id = " . $data['id'];
+	mysql_query($query);
+
+	if(mysql_error()){
+		return "register_participants.inc.php::saveMentorData -> " . mysql_error();
+	}
+
+	return 'ok';
+}
+
+// delete the mentor whith the specified id
+function removeMentor($mentorId){
+	$mentorId = intval($mentorId);
+	if(!userCanEditMentor($_SESSION['users_id'], $mentorId)){
+		return "register_participants.inc.php::removeMentor -> current user not associated with the specified mentor";
+	}
+
+	mysql_query("DELETE FROM mentors WHERE id = $mentorId");
+	if(mysql_error()){
+		return "register_participants.inc.php::removeMentor -> " . mysql_error();
+	}
+
+	return 'ok';
+}
+
+// get a list of all mentors associated with the specified registration
+function getMentors($registrations_id){
+	// Is this user connected to the same registration as this mentor?
+	$row = mysql_fetch_assoc(mysql_query("SELECT registrations_id FROM users WHERE id = " . $_SESSION['users_id']));
+	if($row['registrations_id'] != $registrations_id){
+		return "register_participants.inc.php::getMentors -> current user not associated with the specified registration id";
+	}
+
+	$fields = getMentorFields();
+	$query = mysql_query("SELECT `" . implode('`,`', $fields) . "` FROM mentors WHERE registrations_id = $registrations_id");
+	if(mysql_error()){
+		return "register_participants.inc.php::getMentors -> " . mysql_error();
+	}
+	$returnval = array();
+	while($row = mysql_fetch_assoc($query)){
+		$returnval[] = $row;
+	}
+	return $returnval;
+}	
 ?>
--- a/testapi.php
+++ b/testapi.php
@ -55,7 +55,9 @@ include "common.inc.php";
 		return false;
 	}
 </script>
-
+<style type="text/css">
+	div.subset {margin: 2em}
+</style>
 </head>
 <body>

@ -110,23 +112,42 @@ email address: <input type="text" name="email"></input><br/>

 <!-- ******************************************** -->
 <h2>Project related commands</h2>
+<div class="subset">

-<h3>Start a new project</h3>
-<a href="api/project/add">start a new project</a><br/>
+	<h3>Start a new project</h3>
+	<a href="api/project/add">start a new project</a><br/>
+	<h3>Join a project</h3>
+	<form method = "post" action = "api/project/join">
+	<label>project e-mail address:<input type="text" name="email"></input></label><br/>
+	<label>registration number:<input type="text" name="registration_number"></input></label><br/>
+	<input type="submit" value="Join"></input>
+	</form>

-<h3>Join a project</h3>
-<form method = "post" action = "api/project/join">
-<label>project e-mail address:<input type="text" name="email"></input></label><br/>
-<label>registration number:<input type="text" name="registration_number"></input></label><br/>
-<input type="submit" value="Join"></input>
-</form>
-
-<h3>Leave a project</h3>
-<form method ="post" action = "api/project/remove">
-<label>registration id:<input type="text" name="registrations_id"></input></label><br/>
-<input type="submit" value="Leave"></input>
-</form>
+	<h3>Leave a project</h3>
+	<form method ="post" action = "api/project/remove">
+	<label>registration id:<input type="text" name="registrations_id"></input></label><br/>
+	<input type="submit" value="Leave"></input>
+	</form>

+	<h3>Manage mentors for the current project</h3>
+	<div class="subset">
+		<h4>Add a mentor</h4>
+		<form method="post" action="api/project/mentor/add">
+			<label>registration id:<input type="text" name="registrations_id"></input></label><br/>
+			<input type="submit" value="Submit"></input>
+		</form>
+		<h4>Remove a mentor</h4>
+		<form method="post" action="api/project/mentor/remove">
+			<label>mentor id:<input type="text" name="id"></input></label><br/>
+			<input type="submit" value="Submit"></input>
+		</form>
+		<h4>View mentors</h4>
+		<form method="post" action="api/project/mentor/view">
+			<label>registration id:<input type="text" name="registrations_id" id="viewform_registrations_id"></input></label><br/>
+			<input type="submit" value="Submit"></input>
+		</form>
+	</div>
+</div>
 <!-- ******************************************** -->
 <h2>Teacher Specific Commands</h2>
 <a href="api/scienceolympics/teams/list">Science Olympic Teams List</a><br />