diff --git a/server/web_app/src/Controller/ItemController.php b/server/web_app/src/Controller/ItemController.php
index cb5feb7846493d72ad8bf392d59afa06058a2cdd..19583fc1ff8da07214a89f5e87bb4afc97d41042 100644
--- a/server/web_app/src/Controller/ItemController.php
+++ b/server/web_app/src/Controller/ItemController.php
@@ -85,7 +85,8 @@ final class ItemController extends AbstractController
'max' => $max,
'sortBy' => $sortBy,
'sort' => $sort,
- 'onlyBought' => $onlyBought
+ 'onlyBought' => $onlyBought,
+ 'path' => 'src/Controller/ItemController.php',
]);
}
diff --git a/server/web_app/src/Controller/UserController.php b/server/web_app/src/Controller/UserController.php
index 2226a94e2f282b50eab134ae31c0a55f694938b2..2cca27f8b8df67f622635e42a7fc186b2701ce9a 100644
--- a/server/web_app/src/Controller/UserController.php
+++ b/server/web_app/src/Controller/UserController.php
@@ -95,13 +95,63 @@ final class UserController extends AbstractController implements UserControllerI
}
#[Route('', methods: ['GET'])]
- public function getAllUsers(): JsonResponse
+ public function getAllUsers(Request $req): JsonResponse
{
- $users = $this->userRepository->findAllUsers();
- $userArray = array_map(fn($user) => ['id' => $user->getId(), 'username' => $user->getUserName(), 'mail' => $user->getEmail(), 'createdAt' => $user->getCreatedAt()], $users);
+ // Validate and sanitize query parameters
+ $roleParam = $req->query->get('userRole', null);
+ $userRole = null;
+
+ // Convert string to enum if valid
+ if ($roleParam !== null && in_array($roleParam, UserRole::getValues(), true)) {
+ $userRole = UserRole::from($roleParam);
+ }
+
+ $isBlocked = filter_var($req->query->get('isBlocked', null), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+
+ // Validate "sortBy" to allow only 'createdAt' or 'username'
+ $allowedSortBy = ['createdAt', 'username'];
+ $sortBy = $req->query->get('sortBy', 'createdAt');
+ if (!in_array($sortBy, $allowedSortBy, true)) {
+ $sortBy = 'createdAt';
+ }
+
+ // Validate "sort" to allow only 'asc' or 'desc'
+ $allowedSort = ['asc', 'desc'];
+ $sort = strtolower($req->query->get('sort', 'asc'));
+ if (!in_array($sort, $allowedSort, true)) {
+ $sort = 'asc';
+ }
+
+ // Validate "max" as a positive integer (default: 10)
+ $max = filter_var($req->query->get('max', 10), FILTER_VALIDATE_INT, ["options" => ["min_range" => 1]]) ?: 10;
+
+ // Validate "page" as a positive integer (default: 1)
+ $page = filter_var($req->query->get('page', 1), FILTER_VALIDATE_INT, ["options" => ["min_range" => 1]]) ?: 1;
+
+ // Fetch users from repository with filters
+ $users = $this->userRepository->findAllUsersFiltered($userRole, $isBlocked, $sortBy, $sort, $max, $page);
+
+ if (!$users) {
+ return new JsonResponse(['error' => 'No users found'], Response::HTTP_NOT_FOUND);
+ }
+
+ $userArray = array_map(fn($user) => [
+ 'id' => $user->getId(),
+ 'username' => $user->getUserName(),
+ 'mail' => $user->getEmail(),
+ 'role' => $user->getRoles(),
+ 'isBlocked' => $user->isBlocked(),
+ 'createdAt' => $user->getCreatedAt()
+ ], $users);
return $this->json([
'users' => $userArray,
+ 'page' => $page,
+ 'max' => $max,
+ 'sortBy' => $sortBy,
+ 'sort' => $sort,
+ 'userRole' => $userRole,
+ 'isBlocked' => $isBlocked,
'path' => 'src/Controller/UserController.php',
]);
}
diff --git a/server/web_app/src/Interface/UserControllerInterface.php b/server/web_app/src/Interface/UserControllerInterface.php
index a8dbe3ba8c91f3d05bb2740da3b133a3824f6e39..92a41838ddc07c2083948d10982a3d3160436dbb 100644
--- a/server/web_app/src/Interface/UserControllerInterface.php
+++ b/server/web_app/src/Interface/UserControllerInterface.php
@@ -8,7 +8,7 @@ interface UserControllerInterface
{
public function createUser(Request $req): Response;
- public function getAllUsers(): Response;
+ public function getAllUsers(Request $req): Response;
public function getUserById(int $userId): Response;
diff --git a/server/web_app/src/Repository/UserRepository.php b/server/web_app/src/Repository/UserRepository.php
index af2a91ad9abc667742333c8af803aaa7f830a86a..332c0f0879a166693702777f3c574e2d71e6ec92 100644
--- a/server/web_app/src/Repository/UserRepository.php
+++ b/server/web_app/src/Repository/UserRepository.php
@@ -54,29 +54,27 @@ class UserRepository extends ServiceEntityRepository
->getResult();
}
+ public function findAllUsersFiltered(?UserRole $userRole, ?bool $isBlocked, string $sortBy, string $sort, int $max, int $page)
+ {
+ $queryBuilder = $this->createQueryBuilder('u');
+
+ // Filter by userRole if provided
+ if ($userRole) {
+ $queryBuilder->andWhere('u.role LIKE :role')
+ ->setParameter('role', $userRole->value);
+ }
- // /**
- // * @return User[] Returns an array of User objects
- // */
- // public function findByExampleField($value): array
- // {
- // return $this->createQueryBuilder('u')
- // ->andWhere('u.exampleField = :val')
- // ->setParameter('val', $value)
- // ->orderBy('u.id', 'ASC')
- // ->setMaxResults(10)
- // ->getQuery()
- // ->getResult()
- // ;
- // }
+ // Filter by isBlocked if provided
+ if (!is_null($isBlocked)) {
+ $queryBuilder->andWhere('u.isBlocked = :isBlocked')
+ ->setParameter('isBlocked', $isBlocked);
+ }
- // public function findOneBySomeField($value): ?User
- // {
- // return $this->createQueryBuilder('u')
- // ->andWhere('u.exampleField = :val')
- // ->setParameter('val', $value)
- // ->getQuery()
- // ->getOneOrNullResult()
- // ;
- // }
+ // Apply sorting
+ $queryBuilder->orderBy("u.$sortBy", $sort)
+ ->setMaxResults($max)
+ ->setFirstResult(($page - 1) * $max);
+
+ return $queryBuilder->getQuery()->getResult();
+ }
}