aboutsummaryrefslogtreecommitdiff
path: root/lib/classes/JsonApi/Routes/Institutes/InstituteMembershipsIndex.php
blob: 9184fd94d99f29de3579e7abd61e92987badbdc4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

<?php

namespace JsonApi\Routes\Institutes;

use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
use JsonApi\Errors\AuthorizationFailedException;
use JsonApi\Errors\BadRequestException;
use JsonApi\Errors\RecordNotFoundException;
use JsonApi\JsonApiController;
use JsonApi\Schemas\InstituteMember;

/**
 * Returns all institute-memberships of the institute.
 */
class InstituteMembershipsIndex extends JsonApiController
{
    protected $allowedFilteringParameters = ['permission'];

    protected $allowedIncludePaths = [InstituteMember::REL_INSTITUTE, InstituteMember::REL_USER];

    protected $allowedPagingParameters = ['offset', 'limit'];

    /**
     * @SuppressWarnings(PHPMD.UnusedFormalParameters)
     */
    public function __invoke(Request $request, Response $response, $args)
    {
        $institute = \Institute::find($args['id']);
        if (!$institute) {
            throw new RecordNotFoundException();
        }

        $this->validateFilters();

        $user = $this->getUser($request);
        $memberships = $this->getMemberships($institute, $user, $this->getFilters());

        list($offset, $limit) = $this->getOffsetAndLimit();

        return $this->getPaginatedContentResponse($memberships->limit($offset, $limit), count($memberships));
    }

    private function getMemberships(\Institute $institute, \User $user, array $filters)
    {
        $memberships = $institute->members;

        $visibleMemberships = Authority::canEditInstitute($user, $institute)
            ? $memberships
            : $memberships->filter(function ($membership) use ($user) {
                return $membership->user_id === $user->id || get_visibility_by_id($membership->user_id);
            });

        return isset($filters['permission'])
            ? $visibleMemberships->filter(function ($membership) use ($filters) {
                return $membership->inst_perms === $filters['permission'];
            })
            : $visibleMemberships;
    }

    private function validateFilters()
    {
        $filtering = $this->getQueryParameters()->getFilteringParameters() ?? [];

        if (array_key_exists('permission', $filtering)) {
            if (!in_array($filtering['permission'], ['user', 'autor', 'tutor', 'dozent', 'admin'])) {
                throw new BadRequestException('Filter `permission` must be one of `user`, `autor`, `tutor`, `dozent`, `admin`.');
            }
        }
    }

    private function getFilters()
    {
        $filtering = $this->getQueryParameters()->getFilteringParameters() ?? [];

        $filters['permission'] = $filtering['permission'] ?? null;

        return $filters;
    }
}
generated by cgit v1.0 at 2026-05-29 16:12:21 +0000