bsw/jbe@1309: slot.set_layout(nil, "application/json") bsw/jbe@1309: bsw/jbe@1309: local r = json.object{} bsw/jbe@1309: bsw/jbe@1309: if request.is_post() then bsw/jbe@1309: if not app.scopes.update_profile then bsw/jbe@1309: return util.api_error(403, "Forbidden", "insufficient_scope", "Scope update_profile required") bsw/jbe@1309: end bsw/jbe@1309: local profile = app.access_token.member.profile bsw/jbe@1309: local fields = json.import(param.get("update")) bsw/jbe@1309: if not fields then bsw/jbe@1309: return util.api_error(400, "Bad Request", "profile_data_expected", "JSON object with updated profile data expected") bsw/jbe@1309: end bsw/jbe@1309: for i, field in ipairs(config.member_profile_fields) do bsw/jbe@1309: if json.type(fields, field.id) ~= "nil" then bsw/jbe@1309: local value = fields[field.id] bsw/jbe@1309: if value ~= nil and (field.type == "string" or field.type == "text") and json.type(value) ~= "string" then bsw/jbe@1309: return util.api_error(400, "Bad Request", "string_expected", "JSON encoded string value expected") bsw/jbe@1309: end bsw/jbe@1309: profile.profile[field.id] = value bsw/jbe@1309: end bsw/jbe@1309: end bsw/jbe@1309: profile:save() bsw/jbe@1309: r.status = 'ok' bsw/jbe@1309: slot.put_into("data", json.export(r)) bsw/jbe@1309: slot.put_into("data", "\n") bsw/jbe@1309: else bsw/jbe@1309: local member_id = tonumber(param.get("member_id")) bsw/jbe@1309: local profile bsw/jbe@1309: if member_id then bsw/jbe@1309: if not app.scopes.read_profiles then bsw/jbe@1309: return util.api_error(403, "Forbidden", "insufficient_scope", "Scope profile required") bsw/jbe@1309: end bsw/jbe@1309: local member = Member:by_id(member_id) bsw/jbe@1309: if not member then bsw/jbe@1309: return util.api_error(400, "Bad Request", "member_not_found", "No member with requested member_id") bsw/jbe@1309: end bsw/jbe@1309: profile = member.profile bsw/jbe@1309: elseif app.access_token then bsw/jbe@1309: if not app.scopes.profile and not app.scopes.read_profiles then bsw/jbe@1309: return util.api_error(403, "Forbidden", "insufficient_scope", "Scope profile required") bsw/jbe@1309: end bsw/jbe@1309: profile = app.access_token.member.profile bsw/jbe@1309: else bsw/jbe@1309: return util.api_error(400, "Bad Request", "no_member_id", "No member_id requested") bsw/jbe@1309: end bsw/jbe@1309: if profile then bsw/jbe@1309: r = execute.chunk{ module = "api", chunk = "_profile", params = { profile = profile } } bsw/jbe@1309: end bsw/jbe@1309: slot.put_into("data", json.export(json.object{ result = r })) bsw/jbe@1309: slot.put_into("data", "\n") bsw/jbe@1309: end bsw/jbe@1309: