UserController.class.php

<?php

class UserController extends Controller
{
    public function __construct($name, $request)
    {
        parent::__construct($name, $request);
    }

    /**
    * Process incoming request for the /user endpoint
    *
    * @return    Response
    */
    public function processRequest()
    {
        $httpMethod=$this->request->getHttpMethod();
        $uriParams=$this->request->getUriParams();

        switch ($httpMethod) {
            case 'GET':
                // If there is a uriParams, it is the /user/{id} endpoint
                if ($uriParams) {
                    return $this->getUser($uriParams[0]);
                }
                // Else, it is the /user endpoint
                return $this->getAllUsers();
                break;
            case 'PUT':
                // If there is a uriParams, it is the /user/{id} endpoint
                if ($uriParams) {
                    $body = $this->request->getData();
                    return $this->updateUser(array_merge($body, ['id'=>$uriParams[0]]));
                }
                break;
            case 'POST':
                $body = $this->request->getData();
                return $this->addUser($body);
                break;
            case 'DELETE':
                if ($uriParams) {
                    return $this->deleteUser($uriParams[0]);
                }
                break;
        }
        $message = json_encode(["message" => "unsupported parameters or method in users"]);
        return Response::errorResponse($message);
    }

    /**
    * Authentificate a user if he has the same id as the one in token, bypassed by admin
    *
    * @param    int    $id    id of the User
    * @return    Response
    */
    public function authUser($id){
        // Token phase
        $verifyArray = $this->request->verifyJwtToken();
        if ($verifyArray['message']!=="Valid token.") {
            $message = json_encode($verifyArray['error']);
            return Response::unauthorizedResponse($message);
        }
        // Auth phase
        $data = $verifyArray['decodedJWT']->data;
        if (($data->id != $id) && ($data->role != 2)) {
            $message = json_encode(["message" => "You don't have access to this account."]);
            return Response::unauthorizedResponse($message);
        }

        $message = json_encode(["message" => "Authentified."]);
        return Response::okResponse($message);
    }

    /**
    * (GET) Get all users in USER table
    *
    * @return    Response
    */
    protected function getAllUsers()
    {
        $users = User::getList();
        $response = Response::okResponse(json_encode($users, JSON_PRETTY_PRINT));
        return $response;
    }

    /**
    * (GET) Get a specific user in USER table based on id
    *
    * @param    int    $id    id of the User
    * @return    Response
    */
    protected function getUser($id)
    {
        $user = User::getRow($id);
        $response = Response::okResponse(json_encode($user));
        return $response;
    }

    /**
    * (POST) Add a specific user in USER table
    *
    * @param    array    $array    array containing
    * @return    Response
    */
    protected function addUser($array)
    {
        User::addRow($array);
        $message = json_encode(["message" => 'User succesfully added!']);
        $response = Response::okResponse($message);
        return $response;
    }

    /**
    * (PUT) Update a specific user in USER table based on id
    *
    * @param    array    $array    array containing id + fields to modify
    * @return    Response
    */
    protected function updateUser($array)
    {
        // Auth with token phase
        $authResponse = $this->authUser($id);
        if($authResponse->getCode()!=200){
            return $authResponse;
        }

        // Update phase
        User::updateUser($array);

        $message = json_encode(["message" => 'User succesfully updated!']);
        $response = Response::okResponse($message);

        return $response;
    }

    /**
    * (DELETE) Delete a specific user in USER table based on id
    *
    * @param    int    $id    id of the User
    * @return    Response
    */
    protected function deleteUser($id)
    {
        // Auth with token phase
        $authResponse = $this->authUser($id);
        if($authResponse->getCode()!=200){
            return $authResponse;
        }

        // Update phase
        User::deleteRow($id);

        $message = json_encode(["message" => 'User succesfully deleted!']);
        $response = Response::okResponse($message);

        return $response;
    }
}