#439 Add /admin/user endpoint

api/admin/ticket-template/index.php

@@ -21,9 +21,6 @@ if ($request_method == 'GET') {
     try {
         get_user_for_token($token, $hesk_settings);
     } catch (AccessException $e) {
-        if ($e->getCode() == 422) {
-            print_error($e->getMessage(), $e->getMessage());
-        }
         return http_response_code($e->getCode());
     }
 

api/admin/user/index.php

@@ -0,0 +1,39 @@
+<?php
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../../../');
+define('API_PATH', '../../');
+require_once(HESK_PATH . 'hesk_settings.inc.php');
+require_once(HESK_PATH . 'inc/common.inc.php');
+require_once(API_PATH . 'core/headers.php');
+require_once(API_PATH . 'core/output.php');
+require_once(API_PATH . 'dao/user_dao.php');
+require_once(API_PATH . 'businesslogic/security_retriever.php');
+
+hesk_load_api_database_functions();
+hesk_dbConnect();
+
+// Routing
+$request_method = $_SERVER['REQUEST_METHOD'];
+
+if ($request_method == 'GET') {
+    $token = get_header('X-Auth-Token');
+
+    try {
+        get_user_for_token($token, $hesk_settings);
+    } catch (AccessException $e) {
+        return http_response_code($e->getCode());
+    }
+
+    if (isset($_GET['id'])) {
+        $results = get_user($hesk_settings, $_GET['id']);
+    } else {
+        $results = get_user($hesk_settings);
+    }
+
+    if ($results == NULL) {
+        return http_response_code(404);
+    }
+    return output($results);
+}
+
+return http_response_code(405);

api/dao/user_dao.php

@@ -0,0 +1,58 @@
+<?php
+
+function get_user($hesk_settings, $id = NULL) {
+    $sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ";
+
+    if ($id != NULL) {
+        $sql .= "WHERE `id` = " . intval($id);
+    }
+
+    $response = hesk_dbQuery($sql);
+
+    if (hesk_dbNumRows($response) == 0) {
+        return NULL;
+    }
+
+    $results = [];
+    while ($row = hesk_dbFetchAssoc($response)) {
+        // Never send back a user's password, even if it is hashed.
+        unset($row['pass']);
+        unset($row['permission_template']);
+
+        $row['id'] = intval($row['id']);
+        $row['isadmin'] = get_boolean($row['isadmin']);
+        $row['signature'] = hesk_html_entity_decode($row['signature']);
+        $row['afterreply'] = intval($row['afterreply']);
+        $row['autostart'] = get_boolean($row['autostart']);
+        $row['notify_customer_new'] = get_boolean($row['notify_customer_new']);
+        $row['notify_customer_reply'] = get_boolean($row['notify_customer_reply']);
+        $row['show_suggested'] = get_boolean($row['show_suggested']);
+        $row['notify_new_unassigned'] = get_boolean($row['notify_new_unassigned']);
+        $row['notify_new_my'] = get_boolean($row['notify_new_my']);
+        $row['notify_reply_unassigned'] = get_boolean($row['notify_reply_unassigned']);
+        $row['notify_reply_my'] = get_boolean($row['notify_reply_my']);
+        $row['notify_assigned'] = get_boolean($row['notify_assigned']);
+        $row['notify_pm'] = get_boolean($row['notify_pm']);
+        $row['notify_note'] = get_boolean($row['notify_note']);
+        $row['notify_note_unassigned'] = get_boolean($row['notify_note_unassigned']);
+        $row['autoassign'] = get_boolean($row['autoassign']);
+        $row['ratingneg'] = intval($row['ratingneg']);
+        $row['ratingpos'] = intval($row['ratingpos']);
+        $row['autorefresh'] = intval($row['autorefresh']);
+        $row['active'] = get_boolean($row['active']);
+
+
+        // TODO: Remove this once GitHub #346 is complete
+        $row['categories'] = explode(',', $row['categories']);
+        $row['heskprivileges'] = explode(',', $row['heskprivileges']);
+
+
+        $results[] = $row;
+    }
+
+    return $id == NULL ? $results : $results[0];
+}
+
+function get_boolean($value, $truthy_value = true) {
+    return $value == $truthy_value;
+}