/** * @url POST profile/{userId} * @url PUT {userId} */ protected function postProfile($userId, $firstname, $lastname, $nickname, $phone, $birthdate, $school, $province, $level, $purpose, $avatarId) { if ($userId == \TTO::getUserId()) { $statement = ' UPDATE user SET firstname = :firstname, lastname = :lastname, nickname = :nickname, phone = :phone, birthdate = :birthdate, school = :school, province = :province, level = :level, purpose = :purpose, avatarId = :avatarId WHERE userId = :userId '; $bind = array('firstname' => $firstname, 'lastname' => $lastname, 'nickname' => $nickname, 'phone' => $phone, 'birthdate' => $birthdate, 'school' => $school, 'province' => $province, 'level' => $level, 'purpose' => $purpose, 'avatarId' => $avatarId, 'userId' => $userId); $row_update = \Db::execute($statement, $bind); \TTOMail::createAndSendAdmin('A user updated profile', json_encode($bind)); $response = new \stdClass(); $response->row_update = $row_update; return $response; } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url POST sendemailadmin/{userId} */ protected function postSendEmailAdmin($userId, $subject, $message) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { \TTOMail::createAndSendAdmin($subject, $message); } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url POST {itemId}/user/{userId} */ protected function postUserItem($userId, $itemId, $point, $userContent) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { $statement = ' INSERT INTO user_item (itemId, userId, point, userContent) VALUES (:itemId, :userId, :point, :userContent) '; $bind = array('itemId' => $itemId, 'userId' => $userId, 'point' => $point, 'userContent' => $userContent); \Db::execute($statement, $bind); return; } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url GET user/{userId} */ protected function getUserCourseList($userId, $categoryId) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { $statement = ' SELECT C.*, UC.userId, UC.coin, UC.point FROM user_course AS UC INNER JOIN course AS C ON UC.courseId = C.courseId WHERE UC.userId = :userId AND C.categoryId = :categoryId '; $bind = array('userId' => $userId, 'categoryId' => $categoryId); return \Db::getResult($statement, $bind); } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url GET {taskId}/user/{userId} */ protected function getUserTask($userId, $taskId) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { $statement = ' SELECT T.*, TT.name AS taskTypeName, TT.theme FROM task AS T INNER JOIN task_type AS TT ON TT.taskTypeId = T.taskTypeId LEFT OUTER JOIN user_task AS UT ON UT.taskId = T.taskId AND UT.userId = :userId WHERE T.taskId = :taskId '; $bind = array('userId' => $userId, 'taskId' => $taskId); return \Db::getRow($statement, $bind); } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url GET user/{userId} */ protected function getUserCategory($userId) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { $statement = ' SELECT * FROM category AS CA WHERE EXISTS ( SELECT 1 FROM user_course AS UC INNER JOIN course AS C ON UC.userId = :userId AND UC.courseId = C.courseId WHERE C.categoryId = CA.categoryId ) '; $bind = array('userId' => $userId); return \Db::getResult($statement, $bind); } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url POST addusercourse/{userId} */ protected function postAddUserCourse($userId, $courseId) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { $statement = 'SELECT coin FROM user WHERE userId = :userId'; $bind = array('userId' => $userId); $userCoin = \Db::getValue($statement, $bind); $statement = 'SELECT coin FROM course WHERE courseId = :courseId'; $bind = array('courseId' => $courseId); $courseCoin = \Db::getValue($statement, $bind); if ($userCoin < $courseCoin) { throw new RestException(500, 'Coin is not enough !!!'); } $statement = ' INSERT INTO user_course (userId, courseId, coin) VALUES (:userId, :courseId, :courseCoin) '; $bind = array('userId' => $userId, 'courseId' => $courseId, 'courseCoin' => $courseCoin); \TTOMail::createAndSendAdmin('A user adding a course', json_encode($bind)); $row_insert = \Db::execute($statement, $bind); if ($row_insert > 0) { $statement = 'UPDATE user SET coin = coin - :courseCoin WHERE userId = :userId'; $bind = array('userId' => $userId, 'courseCoin' => $courseCoin); $row_update = \Db::execute($statement, $bind); if ($row_update > 0) { $response = new \stdClass(); $response->row_insert = $row_insert; $response->row_update = $row_update; return $response; } } else { throw new RestException(500, 'Add a new course error !!!'); } } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url POST add-item-input */ protected function postAddItemInput($userId, $userCourseItemId, $itemDetailId, $point, $actionCount, array $allItemInput) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { // Add new user item input type foreach ($allItemInput as $itemInput) { $statement = ' INSERT INTO user_course_item_input (userCourseItemId, itemDetailId, itemInputId, userAnswer) VALUES (:userCourseItemId, :itemDetailId, :itemInputId, :userAnswer) '; $bind = array('userCourseItemId' => $userCourseItemId, 'itemDetailId' => $itemDetailId, 'itemInputId' => $itemInput['itemInputId'], 'userAnswer' => $itemInput['userAnswer']); \Db::execute($statement, $bind); } // Update item detail status $statement = ' UPDATE user_course_item_detail SET point = :point, status = :status WHERE userCourseItemId = :userCourseItemId AND itemDetailId = :itemDetailId '; $bind = array('userCourseItemId' => $userCourseItemId, 'itemDetailId' => $itemDetailId, 'status' => 'done', 'point' => $point); \Db::execute($statement, $bind); // Update number of remaining action item if ($actionCount > 0) { $status = 'start'; } else { $status = 'done'; } $statement = ' UPDATE user_course_item SET actionCount = :actionCount, point = point + :point, status = :status WHERE userCourseItemId = :userCourseItemId '; $bind = array('userCourseItemId' => $userCourseItemId, 'actionCount' => $actionCount, 'point' => $point, 'status' => $status); \Db::execute($statement, $bind); } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url GET user/{userId} */ protected function getAllUserItem($userId, $sectionId) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { $statement = ' SELECT I.*, IG.name AS itemGroup, IG.theme FROM item AS I INNER JOIN item_group AS IG ON IG.itemGroupId = I.itemGroupId WHERE I.sectionId = :sectionId '; $bind = array('sectionId' => $sectionId); return \Db::getResult($statement, $bind); } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } return \Db::getResult($statement); }
/** * @url POST updateitemdone */ protected function postUpdateItemDone($userId, $userCourseItemId) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { $statement = ' UPDATE user_course_item SET status = :status WHERE userCourseItemId = :userCourseItemId '; $bind = array('userCourseItemId' => $userCourseItemId, 'status' => 'done'); \Db::execute($statement, $bind); } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url DELETE {userId} */ protected function deleteAuth($userId) { if ($userId == \TTO::getUserId()) { //update token to db $statement = 'UPDATE user SET token = :token WHERE userId = :userId'; $bind = array('token' => '', 'userId' => $userId); $count = \Db::execute($statement, $bind); //then return token $response = new \stdClass(); $response->count = $count; return $response; } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url DELETE {orderId}/user/{userId} */ protected function deleteOrder($orderId, $userId) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { $statement = 'DELETE `order` WHERE orderId = :orderId'; $bind = array('orderId' => $orderId); $count = \Db::execute($statement, $bind); \TTOMail::createAndSendAdmin('A user cancelled order', json_encode($bind)); if ($count > 0) { return; } else { throw new RestException(500, 'Cancel Error !!!'); } } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }
/** * @url POST cancelorder/{coinOrderId} */ protected function postCancelOrder($coinOrderId, $userId) { if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') { $statement = 'DELETE coin_order WHERE coinOrderId = :coinOrderId'; $bind = array('coinOrderId' => $coinOrderId); $count = \Db::execute($statement, $bind); \TTOMail::createAndSendAdmin('A user cancelled order', json_encode($bind)); if ($count > 0) { $response = new \stdClass(); $response->cancel = $count; return $response; } else { throw new RestException(500, 'Cancel Error !!!'); } } else { throw new RestException(401, 'No Authorize or Invalid request !!!'); } }