/**
* @url POST profile/{userId}
* @url PUT {userId}
*/
protected function postProfile($userId, $firstname, $lastname, $nickname, $phone, $birthdate, $school, $province, $level, $purpose, $avatarId)
{
if ($userId == \TTO::getUserId()) {
$statement = '
UPDATE user SET
firstname = :firstname,
lastname = :lastname,
nickname = :nickname,
phone = :phone,
birthdate = :birthdate,
school = :school,
province = :province,
level = :level,
purpose = :purpose,
avatarId = :avatarId
WHERE userId = :userId
';
$bind = array('firstname' => $firstname, 'lastname' => $lastname, 'nickname' => $nickname, 'phone' => $phone, 'birthdate' => $birthdate, 'school' => $school, 'province' => $province, 'level' => $level, 'purpose' => $purpose, 'avatarId' => $avatarId, 'userId' => $userId);
$row_update = \Db::execute($statement, $bind);
\TTOMail::createAndSendAdmin('A user updated profile', json_encode($bind));
$response = new \stdClass();
$response->row_update = $row_update;
return $response;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST sendemailadmin/{userId}
*/
protected function postSendEmailAdmin($userId, $subject, $message)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
\TTOMail::createAndSendAdmin($subject, $message);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST {itemId}/user/{userId}
*/
protected function postUserItem($userId, $itemId, $point, $userContent)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = '
INSERT INTO user_item (itemId, userId, point, userContent)
VALUES (:itemId, :userId, :point, :userContent)
';
$bind = array('itemId' => $itemId, 'userId' => $userId, 'point' => $point, 'userContent' => $userContent);
\Db::execute($statement, $bind);
return;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url GET user/{userId}
*/
protected function getUserCourseList($userId, $categoryId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = '
SELECT C.*, UC.userId, UC.coin, UC.point
FROM user_course AS UC
INNER JOIN course AS C
ON UC.courseId = C.courseId
WHERE UC.userId = :userId
AND C.categoryId = :categoryId
';
$bind = array('userId' => $userId, 'categoryId' => $categoryId);
return \Db::getResult($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url GET {taskId}/user/{userId}
*/
protected function getUserTask($userId, $taskId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = '
SELECT T.*, TT.name AS taskTypeName, TT.theme
FROM task AS T
INNER JOIN task_type AS TT
ON TT.taskTypeId = T.taskTypeId
LEFT OUTER JOIN user_task AS UT
ON UT.taskId = T.taskId
AND UT.userId = :userId
WHERE T.taskId = :taskId
';
$bind = array('userId' => $userId, 'taskId' => $taskId);
return \Db::getRow($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url GET user/{userId}
*/
protected function getUserCategory($userId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = '
SELECT *
FROM category AS CA
WHERE EXISTS (
SELECT 1
FROM user_course AS UC
INNER JOIN course AS C
ON UC.userId = :userId
AND UC.courseId = C.courseId
WHERE C.categoryId = CA.categoryId
)
';
$bind = array('userId' => $userId);
return \Db::getResult($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST addusercourse/{userId}
*/
protected function postAddUserCourse($userId, $courseId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = 'SELECT coin FROM user WHERE userId = :userId';
$bind = array('userId' => $userId);
$userCoin = \Db::getValue($statement, $bind);
$statement = 'SELECT coin FROM course WHERE courseId = :courseId';
$bind = array('courseId' => $courseId);
$courseCoin = \Db::getValue($statement, $bind);
if ($userCoin < $courseCoin) {
throw new RestException(500, 'Coin is not enough !!!');
}
$statement = '
INSERT INTO user_course (userId, courseId, coin)
VALUES (:userId, :courseId, :courseCoin)
';
$bind = array('userId' => $userId, 'courseId' => $courseId, 'courseCoin' => $courseCoin);
\TTOMail::createAndSendAdmin('A user adding a course', json_encode($bind));
$row_insert = \Db::execute($statement, $bind);
if ($row_insert > 0) {
$statement = 'UPDATE user SET coin = coin - :courseCoin WHERE userId = :userId';
$bind = array('userId' => $userId, 'courseCoin' => $courseCoin);
$row_update = \Db::execute($statement, $bind);
if ($row_update > 0) {
$response = new \stdClass();
$response->row_insert = $row_insert;
$response->row_update = $row_update;
return $response;
}
} else {
throw new RestException(500, 'Add a new course error !!!');
}
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST add-item-input
*/
protected function postAddItemInput($userId, $userCourseItemId, $itemDetailId, $point, $actionCount, array $allItemInput)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
// Add new user item input type
foreach ($allItemInput as $itemInput) {
$statement = '
INSERT INTO user_course_item_input (userCourseItemId, itemDetailId, itemInputId, userAnswer)
VALUES (:userCourseItemId, :itemDetailId, :itemInputId, :userAnswer)
';
$bind = array('userCourseItemId' => $userCourseItemId, 'itemDetailId' => $itemDetailId, 'itemInputId' => $itemInput['itemInputId'], 'userAnswer' => $itemInput['userAnswer']);
\Db::execute($statement, $bind);
}
// Update item detail status
$statement = '
UPDATE user_course_item_detail
SET point = :point,
status = :status
WHERE userCourseItemId = :userCourseItemId
AND itemDetailId = :itemDetailId
';
$bind = array('userCourseItemId' => $userCourseItemId, 'itemDetailId' => $itemDetailId, 'status' => 'done', 'point' => $point);
\Db::execute($statement, $bind);
// Update number of remaining action item
if ($actionCount > 0) {
$status = 'start';
} else {
$status = 'done';
}
$statement = '
UPDATE user_course_item
SET actionCount = :actionCount,
point = point + :point,
status = :status
WHERE userCourseItemId = :userCourseItemId
';
$bind = array('userCourseItemId' => $userCourseItemId, 'actionCount' => $actionCount, 'point' => $point, 'status' => $status);
\Db::execute($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url GET user/{userId}
*/
protected function getAllUserItem($userId, $sectionId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = '
SELECT I.*, IG.name AS itemGroup, IG.theme
FROM item AS I
INNER JOIN item_group AS IG
ON IG.itemGroupId = I.itemGroupId
WHERE I.sectionId = :sectionId
';
$bind = array('sectionId' => $sectionId);
return \Db::getResult($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
return \Db::getResult($statement);
}
/**
* @url POST updateitemdone
*/
protected function postUpdateItemDone($userId, $userCourseItemId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = '
UPDATE user_course_item
SET status = :status
WHERE userCourseItemId = :userCourseItemId
';
$bind = array('userCourseItemId' => $userCourseItemId, 'status' => 'done');
\Db::execute($statement, $bind);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url DELETE {userId}
*/
protected function deleteAuth($userId)
{
if ($userId == \TTO::getUserId()) {
//update token to db
$statement = 'UPDATE user SET token = :token WHERE userId = :userId';
$bind = array('token' => '', 'userId' => $userId);
$count = \Db::execute($statement, $bind);
//then return token
$response = new \stdClass();
$response->count = $count;
return $response;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url DELETE {orderId}/user/{userId}
*/
protected function deleteOrder($orderId, $userId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = 'DELETE `order` WHERE orderId = :orderId';
$bind = array('orderId' => $orderId);
$count = \Db::execute($statement, $bind);
\TTOMail::createAndSendAdmin('A user cancelled order', json_encode($bind));
if ($count > 0) {
return;
} else {
throw new RestException(500, 'Cancel Error !!!');
}
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST cancelorder/{coinOrderId}
*/
protected function postCancelOrder($coinOrderId, $userId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = 'DELETE coin_order WHERE coinOrderId = :coinOrderId';
$bind = array('coinOrderId' => $coinOrderId);
$count = \Db::execute($statement, $bind);
\TTOMail::createAndSendAdmin('A user cancelled order', json_encode($bind));
if ($count > 0) {
$response = new \stdClass();
$response->cancel = $count;
return $response;
} else {
throw new RestException(500, 'Cancel Error !!!');
}
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
