From d5866207c13e9f6ef33fb9f4a7835876157c1df4 Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Thu, 6 Jun 2013 17:18:55 +0200
Subject: [PATCH] Adding admin only API call: getuserworkers <id>

* Require valid token and admin access
* Grab full worker information for a user
 * Matches the Worker List on the Account page
* See Wiki for full documentation
---
 .../include/pages/api/getuserworkers.inc.php  | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 public/include/pages/api/getuserworkers.inc.php

diff --git a/public/include/pages/api/getuserworkers.inc.php b/public/include/pages/api/getuserworkers.inc.php
new file mode 100644
index 00000000..23bdcf5d
--- /dev/null
+++ b/public/include/pages/api/getuserworkers.inc.php
@@ -0,0 +1,24 @@
+<?php
+
+// Make sure we are called from index.php
+if (!defined('SECURITY'))
+die('Hacking attempt');
+
+// Check user token
+$id = $user->checkApiKey($_REQUEST['api_key']);
+
+// We have to check if that user is admin too
+if ( ! $user->isAdmin($id) ) {
+  header("HTTP/1.1 401 Unauthorized");
+  die("Access denied");
+}
+
+// Is it a username or a user ID
+ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
+
+// Output JSON format
+echo json_encode(array('getuserworkers' => $worker->getWorkers($id)));
+
+// Supress master template
+$supress_master = 1;
+?>