/**
* @url GET useremail/{userId}
*/
protected function getUserEmail($userId)
{
if (\TTO::getRole() == 'admin') {
$response = new \stdClass();
return \TTO::getUserEmail($userId);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url GET alluser
* @url GET
*/
protected function getAllUser()
{
if (\TTO::getRole() == 'admin') {
$statement = 'SELECT * FROM user';
return \Db::getResult($statement);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url GET item/{courseSectionId}
*/
protected function getItem($courseSectionId)
{
if (\TTO::getRole() == 'admin') {
$statement = '
SELECT *
FROM view_course_item AS CI
WHERE CI.courseSectionId = :courseSectionId
ORDER BY CI.courseItemId DESC
';
$bind = array('courseSectionId' => $courseSectionId);
return \Db::getResult($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST
* @url POST /user/{userId}
*/
protected function addSection($courseId, $name, $description, $seq, $userId = null)
{
if (\TTO::getRole() == 'admin') {
$statement = '
INSERT INTO section (courseId, name, description, seq)
VALUES (:courseId, :name, :description, :seq)
';
$bind = array('courseId' => $courseId, 'name' => $name, 'description' => $description, 'seq' => $seq);
\Db::execute($statement, $bind);
$sectionId = \Db::getLastInsertId();
$statement = 'SELECT * FROM section WHERE sectionId = :sectionId';
$bind = array('sectionId' => $sectionId);
return \Db::getRow($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url PUT /{itemId}
*/
protected function updateItem($itemId, $seq, $itemTypeId, $code, $content)
{
if (\TTO::getRole() == 'admin') {
$statement = '
UPDATE item
SET
seq = :seq,
itemTypeId = :itemTypeId,
code = :code,
content = :content
WHERE itemId = :itemId
';
$bind = array('itemId' => $itemId, 'seq' => $seq, 'itemTypeId' => $itemTypeId, 'code' => $code, 'content' => $content);
\Db::execute($statement, $bind);
return;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url GET user/{userId}
*/
protected function getUserCategory($userId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = '
SELECT *
FROM category AS CA
WHERE EXISTS (
SELECT 1
FROM user_course AS UC
INNER JOIN course AS C
ON UC.userId = :userId
AND UC.courseId = C.courseId
WHERE C.categoryId = CA.categoryId
)
';
$bind = array('userId' => $userId);
return \Db::getResult($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url PUT /{courseId}
* @url PUT /{courseId}/user/{userId}
*/
protected function updateCourse($courseId, $code, $categoryId, $name, $description, $coin, $status, $userId = null)
{
if (\TTO::getRole() == 'admin') {
$statement = '
UPDATE course
SET
code = :code,
categoryId = :categoryId,
name = :name,
description = :description,
coin = :coin,
status = :status
WHERE
courseId = :courseId
';
$bind = array('courseId' => $courseId, 'code' => $code, 'categoryId' => $categoryId, 'name' => $name, 'description' => $description, 'coin' => $coin, 'status' => $status);
$row_update = \Db::execute($statement, $bind);
return;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST addusercourse/{userId}
*/
protected function postAddUserCourse($userId, $courseId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = 'SELECT coin FROM user WHERE userId = :userId';
$bind = array('userId' => $userId);
$userCoin = \Db::getValue($statement, $bind);
$statement = 'SELECT coin FROM course WHERE courseId = :courseId';
$bind = array('courseId' => $courseId);
$courseCoin = \Db::getValue($statement, $bind);
if ($userCoin < $courseCoin) {
throw new RestException(500, 'Coin is not enough !!!');
}
$statement = '
INSERT INTO user_course (userId, courseId, coin)
VALUES (:userId, :courseId, :courseCoin)
';
$bind = array('userId' => $userId, 'courseId' => $courseId, 'courseCoin' => $courseCoin);
\TTOMail::createAndSendAdmin('A user adding a course', json_encode($bind));
$row_insert = \Db::execute($statement, $bind);
if ($row_insert > 0) {
$statement = 'UPDATE user SET coin = coin - :courseCoin WHERE userId = :userId';
$bind = array('userId' => $userId, 'courseCoin' => $courseCoin);
$row_update = \Db::execute($statement, $bind);
if ($row_update > 0) {
$response = new \stdClass();
$response->row_insert = $row_insert;
$response->row_update = $row_update;
return $response;
}
} else {
throw new RestException(500, 'Add a new course error !!!');
}
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST updateCourseItemLevel
*/
protected function postUpdateCourseItemLevel(array $userCourseItemList)
{
if (\TTO::getRole() == 'admin') {
foreach ($userCourseItemList as $userCourseItem) {
$statement = '
UPDATE user_course_item
SET level = :level
WHERE userCourseItemId = :userCourseItemId
';
$bind = array('level' => $courseItem['level'], 'courseItemId' => $courseItem['courseItemId']);
$row_update = \Db::execute($statement, $bind);
}
$response = new \stdClass();
$response->update_status = 'done';
return $response;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url DELETE {userId}
*/
protected function deleteAuth($userId)
{
if ($userId == \TTO::getUserId()) {
//update token to db
$statement = 'UPDATE user SET token = :token WHERE userId = :userId';
$bind = array('token' => '', 'userId' => $userId);
$count = \Db::execute($statement, $bind);
//then return token
$response = new \stdClass();
$response->count = $count;
return $response;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url GET /
*/
protected function getConvertItem()
{
if (\TTO::getRole() == 'admin') {
$response = new \stdClass();
$statement = 'SELECT itemId, code, content, itemTypeId FROM item';
//$bind = array('itemTypeId' => $itemTypeId);
$allItem = \Db::getResult($statement);
foreach ($allItem as &$item) {
$newItem = new \stdClass();
switch ($item['itemTypeId']) {
case 1:
$newItem->question = $item['content'];
$statement = 'SELECT content, isAnswer, point FROM item_radio WHERE itemId = :itemId';
$bind = array('itemId' => $item['itemId']);
$newItem->allRadio = \Db::getResult($statement, $bind);
foreach ($newItem->allRadio as &$radio) {
if ($radio['isAnswer']) {
$radio['isAnswer'] = true;
} else {
$radio['isAnswer'] = false;
}
}
break;
case 3:
$newItem->question = $item['content'];
$statement = 'SELECT content, isAnswer, point FROM item_select WHERE itemId = :itemId';
$bind = array('itemId' => $item['itemId']);
$newItem->allSelect = \Db::getResult($statement, $bind);
foreach ($newItem->allSelect as &$select) {
if ($select['isAnswer']) {
$select['isAnswer'] = true;
} else {
$select['isAnswer'] = false;
}
}
break;
case 4:
$newItem->question = $item['content'];
$statement = 'SELECT question, answer, answerType, point FROM item_input WHERE itemId = :itemId';
$bind = array('itemId' => $item['itemId']);
$newItem->allInput = \Db::getResult($statement, $bind);
break;
default:
break;
}
if ($item['itemTypeId'] == 1 || $item['itemTypeId'] == 3 || $item['itemTypeId'] == 4) {
$content2 = json_encode($newItem, JSON_UNESCAPED_UNICODE);
} else {
$content2 = $item['content'];
}
$statement = '
UPDATE item
SET content2 = :content2
WHERE itemId = :itemId
';
$bind = array('itemId' => $item['itemId'], 'content2' => $content2);
\Db::execute($statement, $bind);
$item['content2'] = $content2;
}
return $allItem;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST update-item-done
*/
protected function postUpdateItemDone($userId, $userCourseItemId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = '
UPDATE user_course_item
SET status = :status
WHERE userCourseItemId = :userCourseItemId
';
$bind = array('userCourseItemId' => $userCourseItemId, 'status' => 'done');
\Db::execute($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST
* @url POST user/{userId}
*/
protected function addTask($sectionId, $code, $content, $seq, $taskTypeId, $userId = null)
{
if (\TTO::getRole() == 'admin') {
$statement = '
INSERT INTO task (sectionId, code, content, seq, taskTypeId)
VALUES (:sectionId, :code, :content, :seq, :taskTypeId)
';
$bind = array('sectionId' => $sectionId, 'code' => $code, 'content' => $content, 'seq' => $seq, 'taskTypeId' => $taskTypeId);
\Db::execute($statement, $bind);
$taskId = \Db::getLastInsertId();
$statement = 'SELECT * FROM task WHERE taskId = :taskId';
$bind = array('taskId' => $taskId);
return \Db::getRow($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST updateiteminput
*/
protected function postUpdateItemInput($itemInputId, $question, $answer, $answerType, $point)
{
if (\TTO::getRole() == 'admin') {
$statement = '
UPDATE item_input
SET question = :question,
answer = :answer,
answerType = :answerType,
point = :point
WHERE itemInputId = :itemInputId
';
$bind = array('itemInputId' => $itemInputId, 'question' => $question, 'answer' => $answer, 'answerType' => $answerType, 'point' => $point);
$row_update = \Db::execute($statement, $bind);
$response = new \stdClass();
$response->row_update = $row_update;
return $response;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url PUT {orderId}
*/
protected function postApproveOrder($orderId)
{
if (\TTO::getRole() == 'admin') {
$statement = 'UPDATE `order` SET status = :status WHERE orderId = :orderId';
$bind = array('orderId' => $orderId, 'status' => 'approve');
$count = \Db::execute($statement, $bind);
\TTOMail::createAndSendAdmin('Admin approved an order', json_encode($bind));
\TTOMail::createAndSend(ADMINEMAIL, \TTO::getUserEmail($userId), 'Admin have approved your order', 'Please check on the system');
if ($count > 0) {
$statement = 'SELECT coin + bonus FROM `order` WHERE orderId = :orderId';
$bind = array('orderId' => $orderId);
$coin = \Db::getValue($statement, $bind);
$statement = 'UPDATE user SET coin = coin + :coin WHERE userId = :userId';
$bind = array('userId' => $userId, 'coin' => $coin);
$count = \Db::execute($statement, $bind);
} else {
throw new RestException(500, 'Approve Error !!!');
}
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST add-item-input
*/
protected function postAddItemInput($userId, $userCourseItemId, $itemDetailId, $point, $actionCount, array $allItemInput)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
// Add new user item input type
foreach ($allItemInput as $itemInput) {
$statement = '
INSERT INTO user_course_item_input (userCourseItemId, itemDetailId, itemInputId, userAnswer)
VALUES (:userCourseItemId, :itemDetailId, :itemInputId, :userAnswer)
';
$bind = array('userCourseItemId' => $userCourseItemId, 'itemDetailId' => $itemDetailId, 'itemInputId' => $itemInput['itemInputId'], 'userAnswer' => $itemInput['userAnswer']);
\Db::execute($statement, $bind);
}
// Update item detail status
$statement = '
UPDATE user_course_item_detail
SET point = :point,
status = :status
WHERE userCourseItemId = :userCourseItemId
AND itemDetailId = :itemDetailId
';
$bind = array('userCourseItemId' => $userCourseItemId, 'itemDetailId' => $itemDetailId, 'status' => 'done', 'point' => $point);
\Db::execute($statement, $bind);
// Update number of remaining action item
if ($actionCount > 0) {
$status = 'start';
} else {
$status = 'done';
}
$statement = '
UPDATE user_course_item
SET actionCount = :actionCount,
point = point + :point,
status = :status
WHERE userCourseItemId = :userCourseItemId
';
$bind = array('userCourseItemId' => $userCourseItemId, 'actionCount' => $actionCount, 'point' => $point, 'status' => $status);
\Db::execute($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
public static function setStatus($status)
{
self::$status = $status;
}
