liquid_feedback_frontend

view app/main/api/member.lua @ 1858:3d1f0464a3ea

find changesets by author, revision, files, or words in the commit message
Handle missing ldap.member.allowed function
author bsw
date Tue Sep 20 17:35:29 2022 +0200 (20 months ago)
parents ddbd46a34b6a
children
line source
1 slot.set_layout(nil, "application/json")
2
3 local r = json.object{
4 result = json.array()
5 }
6
7 local selector = Member:new_selector()
8 :add_where("activated NOTNULL")
9 :add_order_by("id")
10
11 local id = param.get("id")
12 if id then
13 local ids = { sep = ", " }
14 for match in string.gmatch(id, "[^,]+") do
15 table.insert(ids, { "?", match })
16 end
17 selector:add_where{ "id IN ($)", ids }
18 end
19
20 local role = param.get("role")
21 if role then
22 local units = Unit:new_selector()
23 :add_where{ "attr->>'role' = ?", role }
24 :exec()
25 if #units ~= 1 then
26 request.set_status("400 Bad Request")
27 slot.put_into("data", json.export{
28 error = "invalid_role",
29 error_description = "role not available"
30 })
31 return
32 end
33 local unit = units[1]
34 if unit.attr.only_visible_for_role
35 and (
36 not app.access_token
37 or not app.access_token.member:has_role(unit.attr.only_visible_for_role)
38 )
39 then
40 request.set_status("400 Bad Request")
41 slot.put_into("data", json.export{
42 error = "no_priv",
43 error_description = "no privileges to access this role"
44 })
45 return
46 end
47 selector:join("privilege", nil, "privilege.member_id = member.id")
48 selector:join("unit", nil, { "unit.id = privilege.unit_id AND unit.attr->>'role' = ?", role })
49 end
50
51 local search = param.get("q")
52 if app.scopes.read_identities and search then
53 search = "%" .. search .. "%"
54 selector:add_where{ "name ILIKE ? OR identification ILIKE ?", search, search }
55 end
56
57 if app.scopes.read_profiles then
58 local profile_lookups = false
59 for i, field in ipairs(config.member_profile_fields) do
60 if field.api_lookup then
61 local value = param.get("profile_" .. field.id)
62 if value then
63 selector:add_where{ "member_profile.profile->>? = ?", field.id, value }
64 profile_lookups = true
65 end
66 end
67 end
68 if profile_lookups then
69 selector:join("member_profile", nil, "member_profile.member_id = member.id")
70 end
71 end
72
73
74 local members = selector:exec()
75 local r = json.object()
76 r.result = execute.chunk{ module = "api", chunk = "_member", params = {
77 members = members,
78 include_unit_ids = param.get("include_unit_ids") and true or false,
79 include_units = param.get("include_units") and true or false,
80 include_roles = param.get("include_roles") and true or false
81 } }
82
83
84 slot.put_into("data", json.export(r))
85 slot.put_into("data", "\n")

Impressum / About Us