From: Dan Brown Date: Thu, 3 Feb 2022 11:38:55 +0000 (+0000) Subject: Merge branch 'api-endpoint-users' into users_api X-Git-Tag: v22.02~1^2~18^2~6 X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/8d7febe482f92a34093127c60c6e2dda342b4223 Merge branch 'api-endpoint-users' into users_api --- 8d7febe482f92a34093127c60c6e2dda342b4223 diff --cc app/Api/ListingResponseBuilder.php index 02b3f680c,06802808e..3dbe954b8 --- a/app/Api/ListingResponseBuilder.php +++ b/app/Api/ListingResponseBuilder.php @@@ -41,9 -42,10 +43,10 @@@ class ListingResponseBuilde $total = $filteredQuery->count(); $data = $this->fetchData($filteredQuery); + $data = $data->makeVisible($this->hiddenFields); return response()->json([ - 'data' => $data, + 'data' => $data, 'total' => $total, ]); } diff --cc app/Auth/UserRepo.php index ff2e91ee2,4444c734c..0dea41725 --- a/app/Auth/UserRepo.php +++ b/app/Auth/UserRepo.php @@@ -60,11 -61,18 +60,21 @@@ class UserRep return User::query()->with('roles', 'avatar')->orderBy('name', 'asc')->get(); } + /** + * Get all users as Builder for API + */ + public function getUsersBuilder(int $id = null ) : Builder + { + $query = User::query()->select(['*']) + ->withLastActivityAt() + ->with(['roles', 'avatar']); + return $query; + } /** * Get all the users with their permissions in a paginated format. + * Note: Due to the use of email search this should only be used when + * user is assumed to be trusted. (Admin users). + * Email search can be abused to extract email addresses. */ public function getAllUsersPaginatedAndSorted(int $count, array $sortData): LengthAwarePaginator { diff --cc app/Http/Controllers/Api/ApiController.php index 3f049a08c,5eb8b1e3d..5d6f4a926 --- a/app/Http/Controllers/Api/ApiController.php +++ b/app/Http/Controllers/Api/ApiController.php @@@ -9,16 -7,17 +9,17 @@@ use Illuminate\Http\JsonResponse abstract class ApiController extends Controller { - protected $rules = []; + protected $printHidden = []; /** * Provide a paginated listing JSON response in a standard format * taking into account any pagination parameters passed by the user. */ - protected function apiListingResponse(Builder $query, array $fields): JsonResponse + protected function apiListingResponse(Builder $query, array $fields, array $protectedFieldsToPrint = []): JsonResponse { - $listing = new ListingResponseBuilder($query, request(), $fields); + $listing = new ListingResponseBuilder($query, request(), $fields, $protectedFieldsToPrint); + return $listing->toResponse(); } diff --cc routes/api.php index 7876ba6d4,063fbd72a..cd8dd355a --- a/routes/api.php +++ b/routes/api.php @@@ -15,53 -3,47 +15,56 @@@ use Illuminate\Support\Facades\Route /** * Routes for the BookStack API. * Routes have a uri prefix of /api/. - * Controllers are all within app/Http/Controllers/Api + * Controllers are all within app/Http/Controllers/Api. */ +Route::get('docs.json', [ApiDocsController::class, 'json']); + +Route::get('attachments', [AttachmentApiController::class, 'list']); +Route::post('attachments', [AttachmentApiController::class, 'create']); +Route::get('attachments/{id}', [AttachmentApiController::class, 'read']); +Route::put('attachments/{id}', [AttachmentApiController::class, 'update']); +Route::delete('attachments/{id}', [AttachmentApiController::class, 'delete']); + +Route::get('books', [BookApiController::class, 'list']); +Route::post('books', [BookApiController::class, 'create']); +Route::get('books/{id}', [BookApiController::class, 'read']); +Route::put('books/{id}', [BookApiController::class, 'update']); +Route::delete('books/{id}', [BookApiController::class, 'delete']); + +Route::get('books/{id}/export/html', [BookExportApiController::class, 'exportHtml']); +Route::get('books/{id}/export/pdf', [BookExportApiController::class, 'exportPdf']); +Route::get('books/{id}/export/plaintext', [BookExportApiController::class, 'exportPlainText']); +Route::get('books/{id}/export/markdown', [BookExportApiController::class, 'exportMarkdown']); + +Route::get('chapters', [ChapterApiController::class, 'list']); +Route::post('chapters', [ChapterApiController::class, 'create']); +Route::get('chapters/{id}', [ChapterApiController::class, 'read']); +Route::put('chapters/{id}', [ChapterApiController::class, 'update']); +Route::delete('chapters/{id}', [ChapterApiController::class, 'delete']); + +Route::get('chapters/{id}/export/html', [ChapterExportApiController::class, 'exportHtml']); +Route::get('chapters/{id}/export/pdf', [ChapterExportApiController::class, 'exportPdf']); +Route::get('chapters/{id}/export/plaintext', [ChapterExportApiController::class, 'exportPlainText']); +Route::get('chapters/{id}/export/markdown', [ChapterExportApiController::class, 'exportMarkdown']); + +Route::get('pages', [PageApiController::class, 'list']); +Route::post('pages', [PageApiController::class, 'create']); +Route::get('pages/{id}', [PageApiController::class, 'read']); +Route::put('pages/{id}', [PageApiController::class, 'update']); +Route::delete('pages/{id}', [PageApiController::class, 'delete']); + +Route::get('pages/{id}/export/html', [PageExportApiController::class, 'exportHtml']); +Route::get('pages/{id}/export/pdf', [PageExportApiController::class, 'exportPdf']); +Route::get('pages/{id}/export/plaintext', [PageExportApiController::class, 'exportPlainText']); +Route::get('pages/{id}/export/markdown', [PageExportApiController::class, 'exportMarkDown']); + +Route::get('search', [SearchApiController::class, 'all']); -Route::get('docs', 'ApiDocsController@display'); -Route::get('docs.json', 'ApiDocsController@json'); - -Route::get('books', 'BookApiController@list'); -Route::post('books', 'BookApiController@create'); -Route::get('books/{id}', 'BookApiController@read'); -Route::put('books/{id}', 'BookApiController@update'); -Route::delete('books/{id}', 'BookApiController@delete'); - -Route::get('books/{id}/export/html', 'BookExportApiController@exportHtml'); -Route::get('books/{id}/export/pdf', 'BookExportApiController@exportPdf'); -Route::get('books/{id}/export/plaintext', 'BookExportApiController@exportPlainText'); - -Route::get('chapters', 'ChapterApiController@list'); -Route::post('chapters', 'ChapterApiController@create'); -Route::get('chapters/{id}', 'ChapterApiController@read'); -Route::put('chapters/{id}', 'ChapterApiController@update'); -Route::delete('chapters/{id}', 'ChapterApiController@delete'); - -Route::get('chapters/{id}/export/html', 'ChapterExportApiController@exportHtml'); -Route::get('chapters/{id}/export/pdf', 'ChapterExportApiController@exportPdf'); -Route::get('chapters/{id}/export/plaintext', 'ChapterExportApiController@exportPlainText'); - -Route::get('pages', 'PageApiController@list'); -Route::post('pages', 'PageApiController@create'); -Route::get('pages/{id}', 'PageApiController@read'); -Route::put('pages/{id}', 'PageApiController@update'); -Route::delete('pages/{id}', 'PageApiController@delete'); - -Route::get('pages/{id}/export/html', 'PageExportApiController@exportHtml'); -Route::get('pages/{id}/export/pdf', 'PageExportApiController@exportPdf'); -Route::get('pages/{id}/export/plaintext', 'PageExportApiController@exportPlainText'); - -Route::get('shelves', 'BookshelfApiController@list'); -Route::post('shelves', 'BookshelfApiController@create'); -Route::get('shelves/{id}', 'BookshelfApiController@read'); -Route::put('shelves/{id}', 'BookshelfApiController@update'); -Route::delete('shelves/{id}', 'BookshelfApiController@delete'); +Route::get('shelves', [BookshelfApiController::class, 'list']); +Route::post('shelves', [BookshelfApiController::class, 'create']); +Route::get('shelves/{id}', [BookshelfApiController::class, 'read']); +Route::put('shelves/{id}', [BookshelfApiController::class, 'update']); +Route::delete('shelves/{id}', [BookshelfApiController::class, 'delete']); + + Route::get('users', 'UserApiController@list'); -Route::get('users/{id}', 'UserApiController@read'); ++Route::get('users/{id}', 'UserApiController@read');