diff --git a/modules/api/php/endpoints/candidate/visit/instrument/flags.class.inc b/modules/api/php/endpoints/candidate/visit/instrument/flags.class.inc index 54997a4037b..93b30f1a08b 100644 --- a/modules/api/php/endpoints/candidate/visit/instrument/flags.class.inc +++ b/modules/api/php/endpoints/candidate/visit/instrument/flags.class.inc @@ -95,9 +95,10 @@ class Flags extends Endpoint implements \LORIS\Middleware\ETagCalculator return $this->_handleGET($request); case 'PUT': + return $this->_handlePUT($request); + case 'PATCH': - // TODO :: I don`t think this was working in v0.0.3 - return new \LORIS\Http\Response\JSON\NotImplemented(); + return $this->_handlePATCH($request); case 'OPTIONS': return (new \LORIS\Http\Response()) @@ -127,6 +128,120 @@ class Flags extends Endpoint implements \LORIS\Middleware\ETagCalculator ); } + /** + * Handles a PUT request. + * Creates or updates all statuses for a given instrument with new values. + * + * @param ServerRequestInterface $request The incoming PSR7 request + * + * @return ResponseInterface The outgoing PSR7 response + */ + private function _handlePUT(ServerRequestInterface $request) : ResponseInterface + { + $user = $request->getAttribute('user'); + if (!$user->_hasPermission('data_entry')) { + return new \LORIS\Http\Response\JSON\Forbidden( + 'This user does not have data_entry permission' + ); + } + + $this->_instrumentStatus = new \NDB_BVL_InstrumentStatus(); + $this->_instrumentStatus->select($this->_instrument->commentID); + + $data = json_decode((string) $request->getBody(), true); + + try { + + $requiredfields = [ + 'Data_entry', + 'Administration', + 'Validity', + ]; + + $diff = array_diff($requiredfields, array_keys($data['Flags'])); + if (!empty($diff)) { + return new \LORIS\Http\Response\JSON\BadRequest( + 'Field(s) missing in Flags: ' . implode(', ', $diff) + ); + } + $this->_instrumentStatus->setDataEntryStatus( + $data['Flags']['Data_entry'] + ); + $this->_instrumentStatus->setAdministrationStatus( + $data['Flags']['Administration'] + ); + $this->_instrumentStatus->setValidityStatus( + $data['Flags']['Validity'] + ); + + } catch (\Throwable $e) { + error_log($e->getMessage()); + return new \LORIS\Http\Response\JSON\InternalServerError(); + } + return (new \LORIS\Http\Response()) + ->withStatus(204); + } + + /** + * Handles a PATCH request. + * Creates or updates some or all statuses for a given instrument. If all + * statuses are requested to be changed, this method is equivalent to handlePUT. + * + * @param ServerRequestInterface $request The incoming PSR7 request + * + * @return ResponseInterface The outgoing PSR7 response + */ + private function _handlePATCH(ServerRequestInterface $request): ResponseInterface + { + $user = $request->getAttribute('user'); + if (!$this->_instrument->_hasAccess($user)) { + return new \LORIS\Http\Response\JSON\Forbidden( + 'This user can not update this instrument' + ); + } + + $this->_instrumentStatus = new \NDB_BVL_InstrumentStatus(); + $this->_instrumentStatus->select($this->_instrument->commentID); + + if (!$this->_instrument->determineDataEntryAllowed()) { + return new \LORIS\Http\Response\JSON\Forbidden( + 'Can not update instruments that are flagged as complete.' + ); + } + + $data = json_decode((string) $request->getBody(), true); + + if (!$this->_instrument->validate($data)) { + return new \LORIS\Http\Response\JSON\Forbidden( + 'Could not update.' + ); + } + + try { + if (array_key_exists('Data_entry', $data['Flags'])) { + $this->_instrumentStatus->setDataEntryStatus( + $data['Flags']['Data_entry'] + ); + } + if (array_key_exists('Administration', $data['Flags'])) { + $this->_instrumentStatus->setAdministrationStatus( + $data['Flags']['Administration'] + ); + } + if (array_key_exists('Validity', $data['Flags'])) { + $this->_instrumentStatus->setValidityStatus( + $data['Flags']['Validity'] + ); + } + } catch (\Throwable $e) { + error_log($e->getMessage()); + return new \LORIS\Http\Response\JSON\InternalServerError(); + } + return (new \LORIS\Http\Response()) + ->withStatus(204); + } + + /** * Implements the ETagCalculator interface * diff --git a/modules/api/php/endpoints/candidate/visit/instrument/instrument.class.inc b/modules/api/php/endpoints/candidate/visit/instrument/instrument.class.inc index a44ac87017f..f716af8630b 100644 --- a/modules/api/php/endpoints/candidate/visit/instrument/instrument.class.inc +++ b/modules/api/php/endpoints/candidate/visit/instrument/instrument.class.inc @@ -92,6 +92,13 @@ class Instrument extends Endpoint implements \LORIS\Middleware\ETagCalculator { $pathparts = $request->getAttribute('pathparts'); $flags = array_search('flags', $pathparts) !== false; + $user = $request->getAttribute('user'); + + if (!$this->_instrument->_hasAccess($user)) { + return new \LORIS\Http\Response\JSON\Forbidden( + 'This user can not update this instrument' + ); + } if ($flags) { // Delegate to sub-endpoints @@ -150,8 +157,6 @@ class Instrument extends Endpoint implements \LORIS\Middleware\ETagCalculator */ private function _handlePUT(ServerRequestInterface $request) : ResponseInterface { - // TODO :: Check permissions. How?? - if (!$this->_instrument->determineDataEntryAllowed()) { return new \LORIS\Http\Response\JSON\Forbidden( 'Can not update instruments that are flagged as complete.' @@ -190,8 +195,6 @@ class Instrument extends Endpoint implements \LORIS\Middleware\ETagCalculator */ private function _handlePATCH(ServerRequestInterface $request): ResponseInterface { - // TODO :: Check permissions. How?? - if (!$this->_instrument->determineDataEntryAllowed()) { return new \LORIS\Http\Response\JSON\Forbidden( 'Can not update instruments that are flagged as complete.'