UserController.class.php

<?php

class UserController extends Controller
{
    public function __construct($name, $request)
    {
        parent::__construct($name, $request);
    }

    /**
    * Process incoming request for the /user endpoint
    *
    * @return    Response
    */
    public function processRequest()
    {
        $httpMethod=$this->request->getHttpMethod();
        $uriParams=$this->request->getUriParams();

        switch ($httpMethod) {
            case 'GET':
                // If there is a uriParams, it is the /user/{id} endpoint
                if ($uriParams) {
                    return $this->getUser($uriParams[0]);
                }
                // Else, it is the /user endpoint
                return $this->getAllUsers();
                break;
            case 'PUT':
                // If there is a uriParams, it is the /user/{id} endpoint
                if ($uriParams) {
                    $body = $this->request->getData();
                    return $this->updateUser(array_merge($body, ['id'=>$uriParams[0]]));
                }
                break;
        }
        $message = json_encode(["message" => "unsupported parameters or method in users"]);
        return Response::errorResponse($message);
    }

    /**
    * Authentificate a user if he has the same id as the one in token, bypassed by admin
    *
    * @param    int    $id    id of the User
    * @return    Response
    */
    public function authUser($id){
        // Token phase
        $verifyArray = $this->request->verifyJwtToken();
        if ($verifyArray['message']!=="Valid token.") {
            $message = json_encode($verifyArray['error']);
            return Response::unauthorizedResponse($message);
        }
        // Auth phase
        $data = $verifyArray['decodedJWT']->data;
        if (($data->id != $id) && ($data->role != 2)) {
            $message = json_encode(["message" => "You don't have access to this account."]);
            return Response::unauthorizedResponse($message);
        }

        $message = json_encode(["message" => "Authentified."]);
        return Response::okResponse($message);
    }

    /**
    * GET all users in USER table
    *
    * @return    Response
    */
    protected function getAllUsers()
    {
        $users = User::getList();
        $response = Response::okResponse(json_encode($users, JSON_PRETTY_PRINT));
        return $response;
    }

    /**
    * GET a specific user in USER table based on id
    *
    * @param    int    $id    id of the User
    * @return    Response
    */
    protected function getUser($id)
    {
        $user = User::getRow($id);
        $response = Response::okResponse(json_encode($user));
        return $response;
    }

    /**
    * Update a specific user in USER table based on id
    *
    * @param    array    $array    array containing id + fields to modify
    * @return    Response
    */
    protected function updateUser($array)
    {
        // Auth with token phase
        if($this->authUser($array['id'])->getCode()!=200){
            return authError;
        }

        // Update phase
        User::updateUser($array);

        $message = json_encode(["message" => 'User succesfully updated !']);
        $response = Response::okResponse($message);

        return $response;
    }
}