liquid_feedback_frontend
diff app/main/api/profile.lua @ 1309:32cc544d5a5b
Cumulative patch for upcoming frontend version 4
author | bsw/jbe |
---|---|
date | Sun Jul 15 14:07:29 2018 +0200 (2018-07-15) |
parents | |
children | 757a87af4c83 |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/app/main/api/profile.lua Sun Jul 15 14:07:29 2018 +0200 1.3 @@ -0,0 +1,53 @@ 1.4 +slot.set_layout(nil, "application/json") 1.5 + 1.6 +local r = json.object{} 1.7 + 1.8 +if request.is_post() then 1.9 + if not app.scopes.update_profile then 1.10 + return util.api_error(403, "Forbidden", "insufficient_scope", "Scope update_profile required") 1.11 + end 1.12 + local profile = app.access_token.member.profile 1.13 + local fields = json.import(param.get("update")) 1.14 + if not fields then 1.15 + return util.api_error(400, "Bad Request", "profile_data_expected", "JSON object with updated profile data expected") 1.16 + end 1.17 + for i, field in ipairs(config.member_profile_fields) do 1.18 + if json.type(fields, field.id) ~= "nil" then 1.19 + local value = fields[field.id] 1.20 + if value ~= nil and (field.type == "string" or field.type == "text") and json.type(value) ~= "string" then 1.21 + return util.api_error(400, "Bad Request", "string_expected", "JSON encoded string value expected") 1.22 + end 1.23 + profile.profile[field.id] = value 1.24 + end 1.25 + end 1.26 + profile:save() 1.27 + r.status = 'ok' 1.28 + slot.put_into("data", json.export(r)) 1.29 + slot.put_into("data", "\n") 1.30 +else 1.31 + local member_id = tonumber(param.get("member_id")) 1.32 + local profile 1.33 + if member_id then 1.34 + if not app.scopes.read_profiles then 1.35 + return util.api_error(403, "Forbidden", "insufficient_scope", "Scope profile required") 1.36 + end 1.37 + local member = Member:by_id(member_id) 1.38 + if not member then 1.39 + return util.api_error(400, "Bad Request", "member_not_found", "No member with requested member_id") 1.40 + end 1.41 + profile = member.profile 1.42 + elseif app.access_token then 1.43 + if not app.scopes.profile and not app.scopes.read_profiles then 1.44 + return util.api_error(403, "Forbidden", "insufficient_scope", "Scope profile required") 1.45 + end 1.46 + profile = app.access_token.member.profile 1.47 + else 1.48 + return util.api_error(400, "Bad Request", "no_member_id", "No member_id requested") 1.49 + end 1.50 + if profile then 1.51 + r = execute.chunk{ module = "api", chunk = "_profile", params = { profile = profile } } 1.52 + end 1.53 + slot.put_into("data", json.export(json.object{ result = r })) 1.54 + slot.put_into("data", "\n") 1.55 +end 1.56 +