liquid_feedback_frontend: app/main/api/profile.lua annotate

liquid_feedback_frontend

annotate app/main/api/profile.lua @ 1817:757a87af4c83

Added validation hook for profile updates

author	bsw
date	Mon Dec 13 11:57:35 2021 +0100 (2021-12-13)
parents	32cc544d5a5b
children

rev	line source
bsw/jbe@1309	1 slot.set_layout(nil, "application/json")
bsw/jbe@1309	2
bsw/jbe@1309	3 local r = json.object{}
bsw/jbe@1309	4
bsw/jbe@1309	5 if request.is_post() then
bsw/jbe@1309	6 if not app.scopes.update_profile then
bsw/jbe@1309	7 return util.api_error(403, "Forbidden", "insufficient_scope", "Scope update_profile required")
bsw/jbe@1309	8 end
bsw/jbe@1309	9 local profile = app.access_token.member.profile
bsw/jbe@1309	10 local fields = json.import(param.get("update"))
bsw/jbe@1309	11 if not fields then
bsw/jbe@1309	12 return util.api_error(400, "Bad Request", "profile_data_expected", "JSON object with updated profile data expected")
bsw/jbe@1309	13 end
bsw/jbe@1309	14 for i, field in ipairs(config.member_profile_fields) do
bsw/jbe@1309	15 if json.type(fields, field.id) ~= "nil" then
bsw/jbe@1309	16 local value = fields[field.id]
bsw/jbe@1309	17 if value ~= nil and (field.type == "string" or field.type == "text") and json.type(value) ~= "string" then
bsw/jbe@1309	18 return util.api_error(400, "Bad Request", "string_expected", "JSON encoded string value expected")
bsw/jbe@1309	19 end
bsw@1817	20 if field.validate_func then
bsw@1817	21 local success = field.validate_func(field, fields)
bsw@1817	22 if not success then
bsw@1817	23 return util.api_error(403, "Forbidden", "validation_failure", "Request could not be validated")
bsw@1817	24 end
bsw@1817	25 end
bsw/jbe@1309	26 profile.profile[field.id] = value
bsw/jbe@1309	27 end
bsw/jbe@1309	28 end
bsw/jbe@1309	29 profile:save()
bsw/jbe@1309	30 r.status = 'ok'
bsw/jbe@1309	31 slot.put_into("data", json.export(r))
bsw/jbe@1309	32 slot.put_into("data", "\n")
bsw/jbe@1309	33 else
bsw/jbe@1309	34 local member_id = tonumber(param.get("member_id"))
bsw/jbe@1309	35 local profile
bsw/jbe@1309	36 if member_id then
bsw/jbe@1309	37 if not app.scopes.read_profiles then
bsw/jbe@1309	38 return util.api_error(403, "Forbidden", "insufficient_scope", "Scope profile required")
bsw/jbe@1309	39 end
bsw/jbe@1309	40 local member = Member:by_id(member_id)
bsw/jbe@1309	41 if not member then
bsw/jbe@1309	42 return util.api_error(400, "Bad Request", "member_not_found", "No member with requested member_id")
bsw/jbe@1309	43 end
bsw/jbe@1309	44 profile = member.profile
bsw/jbe@1309	45 elseif app.access_token then
bsw/jbe@1309	46 if not app.scopes.profile and not app.scopes.read_profiles then
bsw/jbe@1309	47 return util.api_error(403, "Forbidden", "insufficient_scope", "Scope profile required")
bsw/jbe@1309	48 end
bsw/jbe@1309	49 profile = app.access_token.member.profile
bsw/jbe@1309	50 else
bsw/jbe@1309	51 return util.api_error(400, "Bad Request", "no_member_id", "No member_id requested")
bsw/jbe@1309	52 end
bsw/jbe@1309	53 if profile then
bsw/jbe@1309	54 r = execute.chunk{ module = "api", chunk = "_profile", params = { profile = profile } }
bsw/jbe@1309	55 end
bsw/jbe@1309	56 slot.put_into("data", json.export(json.object{ result = r }))
bsw/jbe@1309	57 slot.put_into("data", "\n")
bsw/jbe@1309	58 end
bsw/jbe@1309	59