/**
* Get group information, create the group if it doesn't exist
* GET /api/customData/:groupId
*
* returns:
* {
* Status: OK/failed,
* data: {
* id: x,
* fields: [
* "field1",
* "field2"
* ]
* }
* }
*/
public function get($params)
{
$this->requireAuthentication();
// Get group id, if none given, default to current group
$groupId = isset($params['url'][2]) ? (int) $params['url'][2] : $this->user['area'];
$groupAccessor = new \TMT\accessor\CustomGroupData();
$areaAccessor = new \TMT\accessor\AreaAccessor();
if (!$areaAccessor->checkAreaRights($this->user['netId'], $groupId)) {
$this->error("You do not have rights to this group");
return;
}
try {
$group = $groupAccessor->get($groupId);
} catch (\TMT\exception\CustomGroupDataException $e) {
if ($e->getCode() === 2) {
// Group does not exist
try {
$groupAccessor->create(array(), $groupId);
$group = $groupAccessor->get($groupId);
} catch (\TMT\exception\CustomGroupDataException $e2) {
$this->error($e2->getMessage());
return;
}
} else {
$this->error($e->getMessage());
return;
}
}
$this->respond($group);
}
/**
* Retrieve a specific employee or search for employees based on given criteria
* GET /api/employee/:netId OR GET /api/employee?firstName=x&lastName=y&netId=z&fullTime=1&active=0&area=4
*
* If a netId is given, the get data is ignored and the employee who matches
* the given netId will be returned
* If netId is omitted a search is performed. The following parameters can be given:
* firstName string
* lastName string
* netId string
* fullTime 0/1
* active -1/0/1
* area (int)
*
* The parameters firstName, lastName and netId match any employee where the given
* fields contain the supplied search string. (i.e. firstName=m matches any employee with m in their first name)
* The parameters fullTime, active, and area must be exact matches
* (i.e. fullTime=1 will only retrieve fullTime employees)
*
* returns:
* {
* Status: OK/failed,
* data: {
* netID: "",
* active: -1/0/1,
* area: int,
* firstName: "",
* lastName: "",
* maidenName: "",
* phone: "",
* email: "",
* chqId: "",
* birthday: "",
* languages: "",
* hometown: "",
* major: "",
* mission: "",
* graduation: "",
* position: int,
* shift: "",
* supervisor: "",
* hireDate: "",
* certification: "",
* international: 0/1,
* byuId: "",
* fullTime: 0/1
* }
* }
*/
public function get($params)
{
$this->requireAuthentication();
$single = isset($params['url'][2]) ? true : false;
$employeeAccessor = new \TMT\accessor\Employee();
$areaAccessor = new \TMT\accessor\AreaAccessor();
$userAreas = $areaAccessor->getAll($this->user['netId']);
// Respond for single employee
if ($single) {
$netId = $params['url'][2];
$employeeAreas = $areaAccessor->getAll($netId);
// Determine if both employees have rights to an area in common
$overlap = false;
foreach ($employeeAreas as $eArea) {
foreach ($userAreas as $uArea) {
if ($uArea->ID === $eArea->ID) {
$overlap = true;
break;
}
}
if ($overlap) {
break;
}
}
if (!$overlap) {
$this->error("You do not have rights to see this employee's data");
return;
}
$employee = $employeeAccessor->get($netId);
$this->respond($employee);
return;
}
// Respond if it is a search
$search = $params['request'];
unset($search['url']);
$employees = $employeeAccessor->search($search);
$results = array();
// Filter results to only return employees who have access to an area in common with the user
for ($i = 0; $i < count($employees); $i++) {
$employeeAreas = $areaAccessor->getAll($employees[$i]->netID);
$overlap = false;
foreach ($employeeAreas as $eArea) {
foreach ($userAreas as $uArea) {
if ($uArea->ID === $eArea->ID) {
$overlap = true;
$results[] = $employees[$i];
break;
}
}
if ($overlap) {
break;
}
}
}
$this->respond($results);
}
/**
* Render view
*
* @param $view string The name of the view
* @param $data array The data to use in rendering in the view
*/
public function render($view, $data = array())
{
// Retrieve data necessary for properly rendering header and footer, and
// add that data to the template data
$areaAcc = new \TMT\accessor\AreaAccessor();
$employeeAcc = new \TMT\accessor\Employee();
$linkAcc = new \TMT\accessor\Links();
// Determine if user is admin or superuser
$admin = $this->isAdmin();
$su = $this->isSuperuser();
// Get user and area information
$user = $employeeAcc->get($this->user['netId']);
$areaArray = $areaAcc->getAll($this->user['netId']);
$areas = array();
if (isset($this->user['area'])) {
foreach ($areaArray as $area) {
$areas[] = array('id' => $area->ID, 'name' => $area->longName);
}
// Retrieve link tree
$links = $linkAcc->getTree($this->user['area']);
$this->cleanLinkTree($links, $admin, $su);
}
// Check environment
$environment = $this->getEnvironment();
// Get quicklinks
$quicklinks = $this->getAccessor("Quicklinks")->getByUser($this->user['netId']);
$notificationsUrl = getenv("NOTIFICATIONSURL");
// Add data necessary for the main header and footer to load properly
$data['templateData'] = array("area" => isset($this->user['area']) ? $this->user['area'] : null, "areaName" => isset($this->user['area']) ? $areaAcc->get($this->user['area'])->longName : null, "areaGuid" => isset($this->user['areaGuid']) ? $this->user['areaGuid'] : null, "areas" => $areas, "authenticated" => $this->authenticated, "canSU" => $this->canBeSuperuser(), "environment" => $environment, "firstName" => $user->firstName, "isSU" => $su, "jwt" => $this->createJWT(), "lastName" => $user->lastName, "links" => isset($links) ? $links : null, "netId" => $this->user['netId'], "notificationsUrl" => $notificationsUrl, "quicklinks" => $quicklinks, "server" => $_SERVER['SERVER_NAME']);
// load twig
$twigLoader = new \Twig_Loader_Filesystem(self::VIEWS_PATH);
$twig = new \Twig_Environment($twigLoader);
// to avoid conflicts with angularjs use of {{ }}
$lexer = new \Twig_Lexer($twig, array('tag_comment' => array('[#', '#]'), 'tag_block' => array('[%', '%]'), 'tag_variable' => array('[[', ']]'), 'interpolation' => array('#[', ']')));
$twig->setLexer($lexer);
// render a view
echo $twig->render($view . self::VIEW_FILE_TYPE, $data);
}
/**
* Removes a user from a group
* This should be used in conjunction with
* revoking a user's access to an area, it
* will remove all data for this user for
* this group.
*
* NOTE: This will delete the embedded document
* for the given user that holds the group
* information, but if the api is called to
* get the same user with the same group,
* it will be recreated with empty data,
* unless the user's rights to the group
* have been revoked.
*
* DELETE /api/userGroupData/:netId/:group
*
* returns:
* {
* status: OK,
* data: success
* }
*/
public function delete($params)
{
$this->requireAuthentication();
$this->forcePermission("update", "1450ff35-82a7-45ed-adcf-ffa254ebafa2");
$userAccessor = new \TMT\accessor\UserGroupData();
$areaAccessor = new \TMT\accessor\AreaAccessor();
$netId = isset($params['url'][2]) ? $params['url'][2] : null;
$group = isset($params['url'][3]) ? (int) $params['url'][3] : null;
if ($netId == null || $group == null) {
$this->error("Invalid netId or group");
return;
}
// Ensure both user and employee have rights to access the group
if (!$areaAccessor->checkAreaRights($this->user['netId'], $group)) {
$this->error("You do not have rights to access this employee's data");
return;
}
$userAccessor->removeGroup($netId, $group);
$this->respond("success");
}
/**
* Retrieve all employees from the given area
* GET /api/employee/area/:area?active=x&defaultOnly=true&areas[]=1
*
* The main route is /api/employee/area. The rest is optional, although
* if all options are omitted, it won't be very useful
*
* Either :area or areas[] get data must be set, both can be used in the
* same request and it will be processed as if it were all passed in
* through an array in the get data.
* active = -1/0/1 for terminated/inactive/active to filter out
* search results by activity status
* defaultOnly = true/false true to get only employees defaulted to the given area
* or false to get all employees with access to the given area(s). Defaults to true.
* customData = true/false true to get the custom data fields for the area (note, this
* is only allowed if one area is specified. (Defaults to false)
*
* Examples:
* GET /api/employee/area/3
* Retrieve all employees in area 3
*
* GET /api/employee/area?areas[]=3&areas[]=4 OR GET /api/employee/area/3?areas[]=4
* Retrieve all employees defaulted to area 3 or 4
*
* GET /api/employee/area?areas[]=2&defaultOnly=false
* Retrieve all employees who have access to group 2
*
* GET /api/employee/area?areas[]=2&areas[]=3&defaultOnly=false&active=1
* Retrieve all active employees who have access to groups 2 or 3
*
* GET /api/employee/area/1?customData=true
* Retrieve all employees from group 1 with their custom data for group 1
*
* returns:
* {
* status: OK/ERROR,
* data: [
* {
* netID: "",
* active: -1/0/1,
* area: int,
* firstName: "",
* lastName: "",
* maidenName: "",
* phone: "",
* email: "",
* chqId: "",
* birthday: "",
* languages: "",
* hometown: "",
* major: "",
* mission: "",
* graduation: "",
* position: int,
* shift: "",
* supervisor: "",
* hireDate: "",
* certification: "",
* international: 0/1,
* byuId: "",
* fullTime: 0/1
* }
* ]
* }
*/
public function get($params)
{
$this->requireAuthentication();
// Parse areas
$area = isset($params['url'][3]) ? $params['url'][3] : null;
$areas = isset($params['request']['areas']) ? $params['request']['areas'] : null;
if ($area === null && $areas === null) {
$areas = array($this->user['area']);
} else {
if ($area !== null && $areas !== null) {
$areas[] = $area;
$areas = \array_unique($areas);
} else {
if ($area !== null && $areas === null) {
$areas = array($area);
}
}
}
// Parse active and defaultOnly
$active = isset($params['request']['active']) ? (int) $params['request']['active'] : null;
$defaultOnly = isset($params['request']['defaultOnly']) ? \filter_var($params['request']['defaultOnly'], \FILTER_VALIDATE_BOOLEAN) : true;
$customData = isset($params['request']['customData']) ? \filter_var($params['request']['customData'], \FILTER_VALIDATE_BOOLEAN) : false;
$employeeAccessor = new \TMT\accessor\Employee();
$areaAccessor = new \TMT\accessor\AreaAccessor();
$employees = $employeeAccessor->getByArea($areas, $defaultOnly, $active);
$userAreas = $areaAccessor->getAll($this->user['netId']);
$results = array();
for ($i = 0; $i < count($employees); $i++) {
$employeeAreas = $areaAccessor->getAll($employees[$i]->netID);
$overlap = false;
foreach ($employeeAreas as $eArea) {
foreach ($userAreas as $uArea) {
if ($uArea->ID == $eArea->ID) {
$overlap = true;
$results[] = $employees[$i];
break;
}
}
if ($overlap) {
break;
}
}
}
// If there is only one area specified and customData is true, add the fields to the employee
if ($customData && count($areas) == 1) {
for ($i = 0; $i < count($results); $i++) {
$data = $this->getCustomDataFields($results[$i]->netID, $areas[0]);
foreach ($data as $field => $value) {
$results[$i]->{$field} = $value;
}
}
}
$this->respond($results);
}
