Merge branch 'api-endpoint-users' into users_api

author Dan Brown <redacted>

Thu, 3 Feb 2022 11:38:55 +0000 (11:38 +0000)

committer Dan Brown <redacted>

Thu, 3 Feb 2022 11:38:55 +0000 (11:38 +0000)
author Dan Brown <redacted>
Thu, 3 Feb 2022 11:38:55 +0000 (11:38 +0000)
committer Dan Brown <redacted>
Thu, 3 Feb 2022 11:38:55 +0000 (11:38 +0000)
diff --cc app/Api/ListingResponseBuilder.php

index 02b3f680cf0a3bc1f362313468dfad88ff7401a0,06802808ef5b1757a828d7884ff474c3f9965ba2..3dbe954b8b7693bbeb0ec5c43bbfe948b2814b7f
--- 1/app/Api/ListingResponseBuilder.php
--- 2/app/Api/ListingResponseBuilder.php
+++ b/app/Api/ListingResponseBuilder.php
@@@ -41,9 -42,10 +43,10 @@@ class ListingResponseBuilde
   
           $total = $filteredQuery->count();
           $data = $this->fetchData($filteredQuery);
+         $data = $data->makeVisible($this->hiddenFields);
   
           return response()->json([
- -            'data' => $data,
+ +            'data'  => $data,
               'total' => $total,
           ]);
       }
diff --cc app/Auth/UserRepo.php

index ff2e91ee23a8ad8c7b3dfdee003ff741a04db1a4,4444c734c35077a557fcdfe8daf8664b082bfe3d..0dea4172528326eabb7240f3cc327c61a7a6e748
--- 1/app/Auth/UserRepo.php
--- 2/app/Auth/UserRepo.php
+++ b/app/Auth/UserRepo.php
@@@ -60,11 -61,18 +60,21 @@@ class UserRep
           return User::query()->with('roles', 'avatar')->orderBy('name', 'asc')->get();
       }
   
+     /**
+      * Get all users as Builder for API
+      */
+     public function getUsersBuilder(int $id = null ) : Builder
+     {
+         $query = User::query()->select(['*'])
+             ->withLastActivityAt()
+             ->with(['roles', 'avatar']);
+         return $query;
+     }
       /**
        * Get all the users with their permissions in a paginated format.
+ +     * Note: Due to the use of email search this should only be used when
+ +     * user is assumed to be trusted. (Admin users).
+ +     * Email search can be abused to extract email addresses.
        */
       public function getAllUsersPaginatedAndSorted(int $count, array $sortData): LengthAwarePaginator
       {
diff --cc app/Http/Controllers/Api/ApiController.php

index 3f049a08c8afaba8523448137624b80dc078a0d1,5eb8b1e3d286f0f82ce23b41362b1dbd557f7507..5d6f4a926c9ce4c5a186106f986f52361ef46583
--- 1/app/Http/Controllers/Api/ApiController.php
--- 2/app/Http/Controllers/Api/ApiController.php
+++ b/app/Http/Controllers/Api/ApiController.php
@@@ -9,16 -7,17 +9,17 @@@ use Illuminate\Http\JsonResponse
   
   abstract class ApiController extends Controller
   {
- -
       protected $rules = [];
+     protected $printHidden = [];
   
       /**
        * Provide a paginated listing JSON response in a standard format
        * taking into account any pagination parameters passed by the user.
        */
-     protected function apiListingResponse(Builder $query, array $fields): JsonResponse
+     protected function apiListingResponse(Builder $query, array $fields, array $protectedFieldsToPrint = []): JsonResponse
       {
-         $listing = new ListingResponseBuilder($query, request(), $fields);
+         $listing = new ListingResponseBuilder($query, request(), $fields, $protectedFieldsToPrint);
+ +
           return $listing->toResponse();
       }
   
diff --cc routes/api.php

index 7876ba6d45c0a279a67b5ecbdb1f546a3ef1fef3,063fbd72a964889a460f82fa6b8bc37040746b7f..cd8dd355a6f95629dc50abe2ee1e080314252771
--- 1/routes/api.php
--- 2/routes/api.php
+++ b/routes/api.php
@@@ -15,53 -3,47 +15,56 @@@ use Illuminate\Support\Facades\Route
   /**
    * Routes for the BookStack API.
    * Routes have a uri prefix of /api/.
- - * Controllers are all within app/Http/Controllers/Api
+ + * Controllers are all within app/Http/Controllers/Api.
    */
+ +Route::get('docs.json', [ApiDocsController::class, 'json']);
+ +
+ +Route::get('attachments', [AttachmentApiController::class, 'list']);
+ +Route::post('attachments', [AttachmentApiController::class, 'create']);
+ +Route::get('attachments/{id}', [AttachmentApiController::class, 'read']);
+ +Route::put('attachments/{id}', [AttachmentApiController::class, 'update']);
+ +Route::delete('attachments/{id}', [AttachmentApiController::class, 'delete']);
+ +
+ +Route::get('books', [BookApiController::class, 'list']);
+ +Route::post('books', [BookApiController::class, 'create']);
+ +Route::get('books/{id}', [BookApiController::class, 'read']);
+ +Route::put('books/{id}', [BookApiController::class, 'update']);
+ +Route::delete('books/{id}', [BookApiController::class, 'delete']);
+ +
+ +Route::get('books/{id}/export/html', [BookExportApiController::class, 'exportHtml']);
+ +Route::get('books/{id}/export/pdf', [BookExportApiController::class, 'exportPdf']);
+ +Route::get('books/{id}/export/plaintext', [BookExportApiController::class, 'exportPlainText']);
+ +Route::get('books/{id}/export/markdown', [BookExportApiController::class, 'exportMarkdown']);
+ +
+ +Route::get('chapters', [ChapterApiController::class, 'list']);
+ +Route::post('chapters', [ChapterApiController::class, 'create']);
+ +Route::get('chapters/{id}', [ChapterApiController::class, 'read']);
+ +Route::put('chapters/{id}', [ChapterApiController::class, 'update']);
+ +Route::delete('chapters/{id}', [ChapterApiController::class, 'delete']);
+ +
+ +Route::get('chapters/{id}/export/html', [ChapterExportApiController::class, 'exportHtml']);
+ +Route::get('chapters/{id}/export/pdf', [ChapterExportApiController::class, 'exportPdf']);
+ +Route::get('chapters/{id}/export/plaintext', [ChapterExportApiController::class, 'exportPlainText']);
+ +Route::get('chapters/{id}/export/markdown', [ChapterExportApiController::class, 'exportMarkdown']);
+ +
+ +Route::get('pages', [PageApiController::class, 'list']);
+ +Route::post('pages', [PageApiController::class, 'create']);
+ +Route::get('pages/{id}', [PageApiController::class, 'read']);
+ +Route::put('pages/{id}', [PageApiController::class, 'update']);
+ +Route::delete('pages/{id}', [PageApiController::class, 'delete']);
+ +
+ +Route::get('pages/{id}/export/html', [PageExportApiController::class, 'exportHtml']);
+ +Route::get('pages/{id}/export/pdf', [PageExportApiController::class, 'exportPdf']);
+ +Route::get('pages/{id}/export/plaintext', [PageExportApiController::class, 'exportPlainText']);
+ +Route::get('pages/{id}/export/markdown', [PageExportApiController::class, 'exportMarkDown']);
+ +
+ +Route::get('search', [SearchApiController::class, 'all']);
   
- -Route::get('docs', 'ApiDocsController@display');
- -Route::get('docs.json', 'ApiDocsController@json');
- -
- -Route::get('books', 'BookApiController@list');
- -Route::post('books', 'BookApiController@create');
- -Route::get('books/{id}', 'BookApiController@read');
- -Route::put('books/{id}', 'BookApiController@update');
- -Route::delete('books/{id}', 'BookApiController@delete');
- -
- -Route::get('books/{id}/export/html', 'BookExportApiController@exportHtml');
- -Route::get('books/{id}/export/pdf', 'BookExportApiController@exportPdf');
- -Route::get('books/{id}/export/plaintext', 'BookExportApiController@exportPlainText');
- -
- -Route::get('chapters', 'ChapterApiController@list');
- -Route::post('chapters', 'ChapterApiController@create');
- -Route::get('chapters/{id}', 'ChapterApiController@read');
- -Route::put('chapters/{id}', 'ChapterApiController@update');
- -Route::delete('chapters/{id}', 'ChapterApiController@delete');
- -
- -Route::get('chapters/{id}/export/html', 'ChapterExportApiController@exportHtml');
- -Route::get('chapters/{id}/export/pdf', 'ChapterExportApiController@exportPdf');
- -Route::get('chapters/{id}/export/plaintext', 'ChapterExportApiController@exportPlainText');
- -
- -Route::get('pages', 'PageApiController@list');
- -Route::post('pages', 'PageApiController@create');
- -Route::get('pages/{id}', 'PageApiController@read');
- -Route::put('pages/{id}', 'PageApiController@update');
- -Route::delete('pages/{id}', 'PageApiController@delete');
- -
- -Route::get('pages/{id}/export/html', 'PageExportApiController@exportHtml');
- -Route::get('pages/{id}/export/pdf', 'PageExportApiController@exportPdf');
- -Route::get('pages/{id}/export/plaintext', 'PageExportApiController@exportPlainText');
- -
- -Route::get('shelves', 'BookshelfApiController@list');
- -Route::post('shelves', 'BookshelfApiController@create');
- -Route::get('shelves/{id}', 'BookshelfApiController@read');
- -Route::put('shelves/{id}', 'BookshelfApiController@update');
- -Route::delete('shelves/{id}', 'BookshelfApiController@delete');
+ +Route::get('shelves', [BookshelfApiController::class, 'list']);
+ +Route::post('shelves', [BookshelfApiController::class, 'create']);
+ +Route::get('shelves/{id}', [BookshelfApiController::class, 'read']);
+ +Route::put('shelves/{id}', [BookshelfApiController::class, 'update']);
+ +Route::delete('shelves/{id}', [BookshelfApiController::class, 'delete']);
+ 
+ Route::get('users', 'UserApiController@list');
- -Route::get('users/{id}', 'UserApiController@read');
++Route::get('users/{id}', 'UserApiController@read');
author	Dan Brown <redacted>
	Thu, 3 Feb 2022 11:38:55 +0000 (11:38 +0000)
committer	Dan Brown <redacted>
	Thu, 3 Feb 2022 11:38:55 +0000 (11:38 +0000)
		1	2
app/Api/ListingResponseBuilder.php	patch \|	diff1 \|	diff2 \|	blob \| history
app/Auth/UserRepo.php	patch \|	diff1 \|	diff2 \|	blob \| history
app/Http/Controllers/Api/ApiController.php	patch \|	diff1 \|	diff2 \|	blob \| history
routes/api.php	patch \|	diff1 \|	diff2 \|	blob \| history