Extend /users API endpoint

* add /users/{id} to get a single user * add variable to print fields that are otherwise hidden (e.g. email)
2025-07-28 17:02:04 +03:00 · 2021-05-06 11:10:49 +02:00
parent 07626669da
commit 4cbd1a9eb5
5 changed files with 35 additions and 9 deletions
--- a/app/Http/Controllers/Api/ApiController.php
+++ b/app/Http/Controllers/Api/ApiController.php
@ -9,14 +9,15 @@ abstract class ApiController extends Controller
 {

    protected $rules = [];
+    protected $printHidden = [];

    /**
     * Provide a paginated listing JSON response in a standard format
     * taking into account any pagination parameters passed by the user.
     */
-    protected function apiListingResponse(Builder $query, array $fields): JsonResponse
+    protected function apiListingResponse(Builder $query, array $fields, array $protectedFieldsToPrint = []): JsonResponse
    {
-        $listing = new ListingResponseBuilder($query, request(), $fields);
+        $listing = new ListingResponseBuilder($query, request(), $fields, $protectedFieldsToPrint);
        return $listing->toResponse();
    }

--- a/app/Http/Controllers/Api/UserApiController.php
+++ b/app/Http/Controllers/Api/UserApiController.php
@ -13,6 +13,10 @@ class UserApiController extends ApiController
    protected $user;
    protected $userRepo;

+    protected $printHidden = [
+        'email', 'created_at', 'updated_at', 'last_activity_at'
+    ];
+
 # TBD: Endpoints to create / update users
 #     protected $rules = [
 #         'create' => [
@ -28,15 +32,30 @@ class UserApiController extends ApiController
    }

    /**
-     * Get a listing of pages visible to the user.
+     * Get a listing of users
     */
    public function list()
    {
+        $this->checkPermission('users-manage');
+
        $users = $this->userRepo->getUsersBuilder();

        return $this->apiListingResponse($users, [
-            'id', 'name', 'slug',
-            'email', 'created_at', 'updated_at',
-        ]);
+            'id', 'name', 'slug', 'email',
+            'created_at', 'updated_at', 'last_activity_at',
+        ], $this->printHidden);
+    }
+
+    /**
+     * View the details of a single user
+     */
+    public function read(string $id)
+    {
+        $this->checkPermission('users-manage');
+
+        $singleUser = $this->userRepo->getById($id);
+        $singleUser = $singleUser->makeVisible($this->printHidden);
+
+        return response()->json($singleUser);
    }
 }