liquid_feedback_frontend: app/main/api/profile.lua annotate

liquid_feedback_frontend

annotate app/main/api/profile.lua @ 1309:32cc544d5a5b

Cumulative patch for upcoming frontend version 4

author	bsw/jbe
date	Sun Jul 15 14:07:29 2018 +0200 (2018-07-15)
parents
children	757a87af4c83

rev	line source
bsw/jbe@1309	1 slot.set_layout(nil, "application/json")
bsw/jbe@1309	2
bsw/jbe@1309	3 local r = json.object{}
bsw/jbe@1309	4
bsw/jbe@1309	5 if request.is_post() then
bsw/jbe@1309	6 if not app.scopes.update_profile then
bsw/jbe@1309	7 return util.api_error(403, "Forbidden", "insufficient_scope", "Scope update_profile required")
bsw/jbe@1309	8 end
bsw/jbe@1309	9 local profile = app.access_token.member.profile
bsw/jbe@1309	10 local fields = json.import(param.get("update"))
bsw/jbe@1309	11 if not fields then
bsw/jbe@1309	12 return util.api_error(400, "Bad Request", "profile_data_expected", "JSON object with updated profile data expected")
bsw/jbe@1309	13 end
bsw/jbe@1309	14 for i, field in ipairs(config.member_profile_fields) do
bsw/jbe@1309	15 if json.type(fields, field.id) ~= "nil" then
bsw/jbe@1309	16 local value = fields[field.id]
bsw/jbe@1309	17 if value ~= nil and (field.type == "string" or field.type == "text") and json.type(value) ~= "string" then
bsw/jbe@1309	18 return util.api_error(400, "Bad Request", "string_expected", "JSON encoded string value expected")
bsw/jbe@1309	19 end
bsw/jbe@1309	20 profile.profile[field.id] = value
bsw/jbe@1309	21 end
bsw/jbe@1309	22 end
bsw/jbe@1309	23 profile:save()
bsw/jbe@1309	24 r.status = 'ok'
bsw/jbe@1309	25 slot.put_into("data", json.export(r))
bsw/jbe@1309	26 slot.put_into("data", "\n")
bsw/jbe@1309	27 else
bsw/jbe@1309	28 local member_id = tonumber(param.get("member_id"))
bsw/jbe@1309	29 local profile
bsw/jbe@1309	30 if member_id then
bsw/jbe@1309	31 if not app.scopes.read_profiles then
bsw/jbe@1309	32 return util.api_error(403, "Forbidden", "insufficient_scope", "Scope profile required")
bsw/jbe@1309	33 end
bsw/jbe@1309	34 local member = Member:by_id(member_id)
bsw/jbe@1309	35 if not member then
bsw/jbe@1309	36 return util.api_error(400, "Bad Request", "member_not_found", "No member with requested member_id")
bsw/jbe@1309	37 end
bsw/jbe@1309	38 profile = member.profile
bsw/jbe@1309	39 elseif app.access_token then
bsw/jbe@1309	40 if not app.scopes.profile and not app.scopes.read_profiles then
bsw/jbe@1309	41 return util.api_error(403, "Forbidden", "insufficient_scope", "Scope profile required")
bsw/jbe@1309	42 end
bsw/jbe@1309	43 profile = app.access_token.member.profile
bsw/jbe@1309	44 else
bsw/jbe@1309	45 return util.api_error(400, "Bad Request", "no_member_id", "No member_id requested")
bsw/jbe@1309	46 end
bsw/jbe@1309	47 if profile then
bsw/jbe@1309	48 r = execute.chunk{ module = "api", chunk = "_profile", params = { profile = profile } }
bsw/jbe@1309	49 end
bsw/jbe@1309	50 slot.put_into("data", json.export(json.object{ result = r }))
bsw/jbe@1309	51 slot.put_into("data", "\n")
bsw/jbe@1309	52 end
bsw/jbe@1309	53