From 9cd4eb3226018bc32b5a00c580faaa9a8a6124ad Mon Sep 17 00:00:00 2001
From: marko <marko@cana>
Date: Mon, 1 Jan 2024 10:07:48 +0100
Subject: [PATCH] added trainees endpoint

---
 homepage/participo/api/inc/bootstrap.php | 21 +++++++++++++
 homepage/participo/api/trainees.php      | 38 ++++++++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 homepage/participo/api/trainees.php

diff --git a/homepage/participo/api/inc/bootstrap.php b/homepage/participo/api/inc/bootstrap.php
index 3ce6c3c..9836fb3 100644
--- a/homepage/participo/api/inc/bootstrap.php
+++ b/homepage/participo/api/inc/bootstrap.php
@@ -22,6 +22,27 @@ require_once("local/cwsvJudo.php");
 /// - since this is a rest api implementation we can assume each endpoint needs dbAccess
 require_once("participoLib/dbConnector.php");
 
+function authorize()
+{
+    if (array_key_exists("HTTP_AUTHORIZATION", $_SERVER)) {
+        if (!empty($_SERVER["HTTP_AUTHORIZATION"])) {
+            $auth = explode(" ", $_SERVER["HTTP_AUTHORIZATION"]);
+            if ($auth[0] = "Basic") {
+                $allowKey = ApiKey::loadFromDb($auth[1]);
+            }
+        }
+    }
+
+    if (!$allowKey || !$allowKey->isValidFor("api")) {
+        die(
+            json_encode([
+                "success" => false,
+                "reason" => "apiKey not sufficient or no api key provided",
+            ])
+        );
+    }
+}
+
 /// - initialize the database connection
 dbConnector::connect(
     $cwsvJudoConfig["db"]["host"],
diff --git a/homepage/participo/api/trainees.php b/homepage/participo/api/trainees.php
new file mode 100644
index 0000000..358fde3
--- /dev/null
+++ b/homepage/participo/api/trainees.php
@@ -0,0 +1,38 @@
+<?php
+require_once("inc/bootstrap.php");
+
+require_once 'participoLib/apiKey.php';
+
+function get()
+{
+    $wkSqlQuery =
+        "SELECT DISTINCT" .
+        "  `wkParticipo_Users`.* " .
+        " FROM `wkParticipo_Users`" .
+        " JOIN `wkParticipo_user<=>userAttributes`" .
+        "   ON `wkParticipo_user<=>userAttributes`.`userId` = `wkParticipo_Users`.`id`" .
+        " WHERE `wkParticipo_user<=>userAttributes`.`attributeId` = 4". 
+        " ORDER BY `wkParticipo_Users`.`id` ASC;";
+
+    $wkSqlResponse = dbConnector::query($wkSqlQuery);
+
+    // Postprocessing
+    // - convert the comma separated list into an array
+    foreach ($wkSqlResponse as &$user) {
+        $user["eMail"] = explode(",", $user["eMail"]);
+        foreach ($user["eMail"] as &$email) {
+            $email = trim($email);
+        }
+    }
+    return $wkSqlResponse;
+}
+
+
+authorize();
+$wkSqlResponse = get();
+
+// Sending Response
+// - setting header
+header("Content-Type: application/json");
+// - sending body payload
+echo json_encode($wkSqlResponse);