liquid_feedback_frontend
changeset 1507:103ed34037ed
Added search by role to member API endpoint
| author | bsw | 
|---|---|
| date | Fri Jul 31 12:26:37 2020 +0200 (2020-07-31) | 
| parents | a79ffcdc49eb | 
| children | 64b0e610fe8e | 
| files | app/main/api/member.lua | 
   line diff
1.1 --- a/app/main/api/member.lua Fri Jul 31 12:14:20 2020 +0200 1.2 +++ b/app/main/api/member.lua Fri Jul 31 12:26:37 2020 +0200 1.3 @@ -12,6 +12,37 @@ 1.4 selector:add_where{ "id = ?", param.get("id") } 1.5 end 1.6 1.7 +local role = param.get("role") 1.8 +if role then 1.9 + local units = Unit:new_selector() 1.10 + :add_where{ "attr->>'role' = ?", role } 1.11 + :exec() 1.12 + if #units ~= 1 then 1.13 + request.set_status("400 Bad Request") 1.14 + slot.put_into("data", json.export{ 1.15 + error = "invalid_role", 1.16 + error_description = "role not available" 1.17 + }) 1.18 + return 1.19 + end 1.20 + local unit = units[1] 1.21 + if unit.attr.only_visible_for_role 1.22 + and ( 1.23 + not app.access_token 1.24 + or not app.access_token.member:has_role(unit.attr.only_visible_for_role) 1.25 + ) 1.26 + then 1.27 + request.set_status("400 Bad Request") 1.28 + slot.put_into("data", json.export{ 1.29 + error = "no_priv", 1.30 + error_description = "no privileges to access this role" 1.31 + }) 1.32 + return 1.33 + end 1.34 + selector:join("privilege", nil, "privilege.member_id = member.id") 1.35 + selector:join("unit", nil, { "unit.id = privilege.unit_id AND unit.attr->>'role' = ?", role }) 1.36 +end 1.37 + 1.38 local members = selector:exec() 1.39 local r = json.object() 1.40 r.result = execute.chunk{ module = "api", chunk = "_member", params = {