From f22dfb3c93169f765259e752185215ab95e3f23f Mon Sep 17 00:00:00 2001 From: jacob Date: Mon, 21 Feb 2011 19:42:13 +0000 Subject: [PATCH] Added project mentor management to the api, and functions for testing it --- api.php | 79 +++++++++++++++++--- register_participants.inc.php | 136 ++++++++++++++++++++++++++++++++++ testapi.php | 51 +++++++++---- 3 files changed, 239 insertions(+), 27 deletions(-) diff --git a/api.php b/api.php index 9ed2709..5811d6b 100644 --- a/api.php +++ b/api.php @@ -989,27 +989,82 @@ switch($request[0]) { case 'mentor': switch($request[2]){ /* APIDOC: project/mentor/add - description(add a project mentor - not yet implemented) + post(registrations_id integer) + description(add a project mentor) */ case 'add': - $ret['status'] = "error"; - $ret['error'] = $_GET['request'] . " functionality not yet implemented"; + if(!array_key_exists('registrations_id', $_POST)){ + $ret['status'] = "error"; + $ret['error'] = 'registrations_id parameter required'; + break; + } + + $result = addMentor($_POST['registrations_id']); + if(is_array($result)){ + $ret['status'] = 'ok'; + $ret['mentor'] = $result; + }else{ + $ret['status'] = 'error'; + $ret['error'] = $result; + } break; - /* APIDOC: project/mentor/add - description(remove a project mentor - not yet implemented) + /* APIDOC: project/mentor/edit + post(mentor object) + description(edit a project mentor) + */ + case 'edit': + if(!array_key_exists('mentor', $_POST)){ + $ret['status'] = "error"; + $ret['error'] = "mentor object parameter required"; + break; + } + $result = saveMentorData(json_decode($_POST['mentor'])); + if($result == 'ok'){ + $ret['status'] = 'ok'; + }else{ + $ret['status'] = 'error'; + $ret['error'] = $result; + } + break; + + /* APIDOC: project/mentor/remove + post(id integer) + description(remove a project mentor with the specified id) */ case 'remove': - $ret['status'] = "error"; - $ret['error'] = $_GET['request'] . " functionality not yet implemented"; + if(!array_key_exists('id', $_POST)){ + $ret['status'] = "error"; + $ret['error'] = "mentor id parameter required"; + break; + } + $result = removeMentor($_POST['id']); + if($result == 'ok'){ + $ret['status'] = 'ok'; + }else{ + $ret['status'] = 'error'; + $ret['error'] = $result; + } break; - /* APIDOC: project/mentor/add - description(list project mentors - not yet implemented) + /* APIDOC: project/mentor/view + post(registrations_id integer) + description(list project mentors) */ - case 'list': - $ret['status'] = "error"; - $ret['error'] = $_GET['request'] . " functionality not yet implemented"; + case 'view': + if(!array_key_exists('registrations_id', $_POST)){ + $ret['status'] = "error"; + $ret['error'] = 'registrations_id parameter required'; + break; + } + $result = getMentors($_POST['registrations_id']); + if(is_array($result)){ + $ret['status'] = 'ok'; + $ret['mentors'] = $result; + }else{ + $ret['status'] = "error"; + $ret['error'] = $result; + } break; default: diff --git a/register_participants.inc.php b/register_participants.inc.php index 0ff7469..0d430ce 100644 --- a/register_participants.inc.php +++ b/register_participants.inc.php @@ -516,6 +516,9 @@ function computeRegistrationFee($regid) New functionality split off for API purposes ******************************************************************************/ +/** Hmm - perhaps these sholud be split into separate files ... +This section is for project/registration related functions **/ + function saveProjectData($data){ global $conference, $config; $requiredFields = array('project_id', 'summary', 'title', 'projectdivisions_id', 'language', 'req_table', 'req_electricity', 'summary'); @@ -812,4 +815,137 @@ function removeProject($registrations_id){ return 'ok'; } +/******** +More functions split off for API purposes - these ones for managing mentors +*******/ + +/** create a mentor that is tied to a particular registration **/ +function addMentor($registrations_id){ + global $conference; + //verify that the registrations id is a valid one: + $registrations_id = mysql_real_escape_string($registrations_id); + //echo "query = SELECT COUNT(*) AS tally FROM users WHERE id = " . $_SESSION['users_id'] . " AND registrations_id = " . $registrations_id . "
"; + $q = mysql_fetch_assoc(mysql_query("SELECT COUNT(*) AS tally FROM users WHERE id = " . $_SESSION['users_id'] . " AND registrations_id = " . $registrations_id)); + if($q['tally'] != 1){ + return "register_participants.inc.php::addMentor -> invalid registrations id"; + } + + // ok, let's go ahead and create a mentor + mysql_query("INSERT INTO mentors (registrations_id, conferences_id) VALUES($registrations_id, {$conference['id']})"); + if(mysql_error()){ + return "register_participants.inc.php::addMentor -> " . mysql_error(); + } + + // and now we can return an array that is the empty record for the mentor + $fields = 'id, registrations_id, firstname, lastname, email, phone, organization, position, description, conferences_id'; + $mentorId = mysql_insert_id(); + $q = mysql_query("SELECT $fields FROM mentors WHERE id = $mentorId"); + if(mysql_error()){ + return "register_participants.inc.php::addMentor -> " . mysql_error(); + } + + return mysql_fetch_array($q); +} + +// find out if the specified user is allowed to edit the specified mentor. returns a boolean answer +function userCanEditMentor($userId, $mentorId){ + // All necessary fields are there, now let's see if the record exists. + $row = mysql_fetch_assoc(mysql_query("SELECT registrations_id FROM mentors WHERE id = $mentorId")); + if(!$row){ + return false; + } + $regId = $row['registrations_id']; + + // Is this user connected to the same registration as this mentor? + $row = mysql_fetch_assoc(mysql_query("SELECT registrations_id FROM users WHERE id = $userId")); + if($row['registrations_id'] != $regId){ + return false; + } + return true; +} + +// return a list of fields that should be included in the mentor array +function getMentorFields(){ + return array( + 'id', 'registrations_id', + 'firstname', 'lastname', + 'email', 'phone', + 'organization', 'position', + 'description', + ); +} + +// take the passed array of data and save it to the corresponding record in the mentors table +function saveMentorData($data){ + // Make sure all of the required fields have been included. + $missingFields = array(); + $fields = getMentorFields(); + foreach($fields as $key){ + if(array_key_exists($key, $data)){ + // might as well make 'em sql safe while we're here + $data[$key] = mysql_real_escape_string($data[$key]); + }else{ + $missingFields[] = $key; + } + } + if(count($missingFields) != 0){ + return "register_participants.inc.php::saveMentorData -> mentor object missing fields: " . implode(', ', $missingFields); + } + + if(!userCanEditMentor($_SESSION['users_id'], $data['id'])){ + return "register_participants.inc.php::saveMentorData -> current user not associated with the specified mentor"; + } + + // Ok, everything checks out. Let's go ahead and update the record. + $query = "UPDATE mentors SET "; + $queryParts = array(); + foreach($fields as $key){ + if($key == 'id') continue; + $queryParts[] = "`$key` = '{$data[$key]}' "; + } + $query .= implode(',', $queryParts); + $query .= "WHERE id = " . $data['id']; + mysql_query($query); + + if(mysql_error()){ + return "register_participants.inc.php::saveMentorData -> " . mysql_error(); + } + + return 'ok'; +} + +// delete the mentor whith the specified id +function removeMentor($mentorId){ + $mentorId = intval($mentorId); + if(!userCanEditMentor($_SESSION['users_id'], $mentorId)){ + return "register_participants.inc.php::removeMentor -> current user not associated with the specified mentor"; + } + + mysql_query("DELETE FROM mentors WHERE id = $mentorId"); + if(mysql_error()){ + return "register_participants.inc.php::removeMentor -> " . mysql_error(); + } + + return 'ok'; +} + +// get a list of all mentors associated with the specified registration +function getMentors($registrations_id){ + // Is this user connected to the same registration as this mentor? + $row = mysql_fetch_assoc(mysql_query("SELECT registrations_id FROM users WHERE id = " . $_SESSION['users_id'])); + if($row['registrations_id'] != $registrations_id){ + return "register_participants.inc.php::getMentors -> current user not associated with the specified registration id"; + } + + $fields = getMentorFields(); + $query = mysql_query("SELECT `" . implode('`,`', $fields) . "` FROM mentors WHERE registrations_id = $registrations_id"); + if(mysql_error()){ + return "register_participants.inc.php::getMentors -> " . mysql_error(); + } + $returnval = array(); + while($row = mysql_fetch_assoc($query)){ + $returnval[] = $row; + } + return $returnval; +} ?> diff --git a/testapi.php b/testapi.php index c4ffe31..336a97c 100644 --- a/testapi.php +++ b/testapi.php @@ -55,7 +55,9 @@ include "common.inc.php"; return false; } - + @@ -110,23 +112,42 @@ email address:

Project related commands

+
-

Start a new project

-start a new project
+

Start a new project

+ start a new project
+

Join a project

+
+
+
+ +
-

Join a project

-
-
-
- -
- -

Leave a project

-
-
- -
+

Leave a project

+
+
+ +
+

Manage mentors for the current project

+
+

Add a mentor

+
+
+ +
+

Remove a mentor

+
+
+ +
+

View mentors

+
+
+ +
+
+

Teacher Specific Commands

Science Olympic Teams List