liquid_feedback_frontend

view app/main/api/profile.lua @ 1858:3d1f0464a3ea

find changesets by author, revision, files, or words in the commit message
Handle missing ldap.member.allowed function
author bsw
date Tue Sep 20 17:35:29 2022 +0200 (20 months ago)
parents 757a87af4c83
children
line source
1 slot.set_layout(nil, "application/json")
2
3 local r = json.object{}
4
5 if request.is_post() then
6 if not app.scopes.update_profile then
7 return util.api_error(403, "Forbidden", "insufficient_scope", "Scope update_profile required")
8 end
9 local profile = app.access_token.member.profile
10 local fields = json.import(param.get("update"))
11 if not fields then
12 return util.api_error(400, "Bad Request", "profile_data_expected", "JSON object with updated profile data expected")
13 end
14 for i, field in ipairs(config.member_profile_fields) do
15 if json.type(fields, field.id) ~= "nil" then
16 local value = fields[field.id]
17 if value ~= nil and (field.type == "string" or field.type == "text") and json.type(value) ~= "string" then
18 return util.api_error(400, "Bad Request", "string_expected", "JSON encoded string value expected")
19 end
20 if field.validate_func then
21 local success = field.validate_func(field, fields)
22 if not success then
23 return util.api_error(403, "Forbidden", "validation_failure", "Request could not be validated")
24 end
25 end
26 profile.profile[field.id] = value
27 end
28 end
29 profile:save()
30 r.status = 'ok'
31 slot.put_into("data", json.export(r))
32 slot.put_into("data", "\n")
33 else
34 local member_id = tonumber(param.get("member_id"))
35 local profile
36 if member_id then
37 if not app.scopes.read_profiles then
38 return util.api_error(403, "Forbidden", "insufficient_scope", "Scope profile required")
39 end
40 local member = Member:by_id(member_id)
41 if not member then
42 return util.api_error(400, "Bad Request", "member_not_found", "No member with requested member_id")
43 end
44 profile = member.profile
45 elseif app.access_token then
46 if not app.scopes.profile and not app.scopes.read_profiles then
47 return util.api_error(403, "Forbidden", "insufficient_scope", "Scope profile required")
48 end
49 profile = app.access_token.member.profile
50 else
51 return util.api_error(400, "Bad Request", "no_member_id", "No member_id requested")
52 end
53 if profile then
54 r = execute.chunk{ module = "api", chunk = "_profile", params = { profile = profile } }
55 end
56 slot.put_into("data", json.export(json.object{ result = r }))
57 slot.put_into("data", "\n")
58 end
59

Impressum / About Us