liquid_feedback_frontend: app/main/api/member.lua annotate

liquid_feedback_frontend

annotate app/main/api/member.lua @ 1853:9c298b5832e7

Correctly determine own voting weight

author	bsw
date	Tue Mar 22 13:52:26 2022 +0100 (2022-03-22)
parents	ddbd46a34b6a
children

rev	line source
bsw/jbe@1309	1 slot.set_layout(nil, "application/json")
bsw/jbe@1309	2
bsw/jbe@1309	3 local r = json.object{
bsw/jbe@1309	4 result = json.array()
bsw/jbe@1309	5 }
bsw/jbe@1309	6
bsw/jbe@1309	7 local selector = Member:new_selector()
bsw/jbe@1309	8 :add_where("activated NOTNULL")
bsw/jbe@1309	9 :add_order_by("id")
bsw/jbe@1309	10
bsw@1574	11 local id = param.get("id")
bsw@1574	12 if id then
bsw@1574	13 local ids = { sep = ", " }
bsw@1574	14 for match in string.gmatch(id, "[^,]+") do
bsw@1574	15 table.insert(ids, { "?", match })
bsw@1574	16 end
bsw@1574	17 selector:add_where{ "id IN ($)", ids }
bsw/jbe@1309	18 end
bsw/jbe@1309	19
bsw@1507	20 local role = param.get("role")
bsw@1507	21 if role then
bsw@1507	22 local units = Unit:new_selector()
bsw@1507	23 :add_where{ "attr->>'role' = ?", role }
bsw@1507	24 :exec()
bsw@1507	25 if #units ~= 1 then
bsw@1507	26 request.set_status("400 Bad Request")
bsw@1507	27 slot.put_into("data", json.export{
bsw@1507	28 error = "invalid_role",
bsw@1507	29 error_description = "role not available"
bsw@1507	30 })
bsw@1507	31 return
bsw@1507	32 end
bsw@1507	33 local unit = units[1]
bsw@1507	34 if unit.attr.only_visible_for_role
bsw@1507	35 and (
bsw@1507	36 not app.access_token
bsw@1507	37 or not app.access_token.member:has_role(unit.attr.only_visible_for_role)
bsw@1507	38 )
bsw@1507	39 then
bsw@1507	40 request.set_status("400 Bad Request")
bsw@1507	41 slot.put_into("data", json.export{
bsw@1507	42 error = "no_priv",
bsw@1507	43 error_description = "no privileges to access this role"
bsw@1507	44 })
bsw@1507	45 return
bsw@1507	46 end
bsw@1507	47 selector:join("privilege", nil, "privilege.member_id = member.id")
bsw@1507	48 selector:join("unit", nil, { "unit.id = privilege.unit_id AND unit.attr->>'role' = ?", role })
bsw@1507	49 end
bsw@1507	50
bsw@1537	51 local search = param.get("q")
bsw@1537	52 if app.scopes.read_identities and search then
bsw@1537	53 search = "%" .. search .. "%"
bsw@1537	54 selector:add_where{ "name ILIKE ? OR identification ILIKE ?", search, search }
bsw@1537	55 end
bsw@1537	56
bsw@1751	57 if app.scopes.read_profiles then
bsw@1751	58 local profile_lookups = false
bsw@1751	59 for i, field in ipairs(config.member_profile_fields) do
bsw@1751	60 if field.api_lookup then
bsw@1751	61 local value = param.get("profile_" .. field.id)
bsw@1751	62 if value then
bsw@1751	63 selector:add_where{ "member_profile.profile->>? = ?", field.id, value }
bsw@1751	64 profile_lookups = true
bsw@1751	65 end
bsw@1751	66 end
bsw@1751	67 end
bsw@1751	68 if profile_lookups then
bsw@1751	69 selector:join("member_profile", nil, "member_profile.member_id = member.id")
bsw@1751	70 end
bsw@1751	71 end
bsw@1751	72
bsw@1751	73
bsw/jbe@1309	74 local members = selector:exec()
bsw@1504	75 local r = json.object()
bsw@1504	76 r.result = execute.chunk{ module = "api", chunk = "_member", params = {
bsw@1504	77 members = members,
bsw@1504	78 include_unit_ids = param.get("include_unit_ids") and true or false,
bsw@1504	79 include_units = param.get("include_units") and true or false,
bsw@1504	80 include_roles = param.get("include_roles") and true or false
bsw@1504	81 } }
bsw/jbe@1309	82
bsw/jbe@1309	83
bsw/jbe@1309	84 slot.put_into("data", json.export(r))
bsw/jbe@1309	85 slot.put_into("data", "\n")