From 1f594c5b1b1d12ed79923432ec40b31078f4620e Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Sun, 9 Aug 2020 14:04:44 +0100
Subject: [PATCH] Add update/close ability to tickets (#38)

* Moving from old branch

* Added new terminology

Also added upload file page. Waiting for @luketainton to complete back end coding

* Fixing old issues

* :bug: Re-add favicon

Signed-off-by: Luke Tainton <luke@tainton.uk>

* :sparkles: Implement update functionality

Signed-off-by: Luke Tainton <luke@tainton.uk>

* :sparkles: Implement upload functionality

Signed-off-by: Luke Tainton <luke@tainton.uk>

Co-authored-by: Alexander Davis <alex@adcm.uk>
---
 app/public/css/custom.css |  16 +--
 app/public/existing.php   |   2 +-
 app/public/update.php     | 212 ++++++++++++++++++++++++++++++++++++
 app/public/upload.php     | 221 ++++++++++++++++++++++++++++++++++++++
 app/public/view.php       |  38 ++-----
 5 files changed, 449 insertions(+), 40 deletions(-)
 create mode 100644 app/public/update.php
 create mode 100644 app/public/upload.php

diff --git a/app/public/css/custom.css b/app/public/css/custom.css
index 30e38a9..aee9f9e 100644
--- a/app/public/css/custom.css
+++ b/app/public/css/custom.css
@@ -16,16 +16,16 @@
 main > .container {
     padding: 60px 15px 0;
 }
-
+  
 .footer {
     background-color: #f5f5f5;
 }
-
+  
 .footer > .container {
     padding-right: 15px;
     padding-left: 15px;
 }
-
+  
 code {
     font-size: 80%;
 }
@@ -42,24 +42,24 @@ code {
       padding-bottom: 6rem;
     }
   }
-
+  
   .jumbotron p:last-child {
     margin-bottom: 0;
   }
-
+  
   .jumbotron h1 {
     font-weight: 300;
   }
-
+  
   .jumbotron .container {
     max-width: 40rem;
   }
-
+  
   footer {
     padding-top: 3rem;
     padding-bottom: 3rem;
   }
-
+  
   footer p {
     margin-bottom: .25rem;
   }
diff --git a/app/public/existing.php b/app/public/existing.php
index 39cbdf0..d3a36d3 100644
--- a/app/public/existing.php
+++ b/app/public/existing.php
@@ -77,7 +77,7 @@
     </section>
 
       <section>
-        <div class="card mx-auto" style="width: 80%;">
+        <div class="card mx-auto" style="width: 80%;;margin-bottom: 50px;">
           <div class="card-header">
             <span class="mdi mdi-ticket-outline"></span> My Closed Requests
           </div>
diff --git a/app/public/update.php b/app/public/update.php
new file mode 100644
index 0000000..30d7642
--- /dev/null
+++ b/app/public/update.php
@@ -0,0 +1,212 @@
+<?php
+    $PAGE_NAME = "Update Request";
+    require_once __DIR__ . "/../includes/header.php";
+
+    // If form submitted, save to database
+    if($_SERVER['REQUEST_METHOD'] == 'POST') {
+      try {
+        // Process ticket data
+        $stmt = "INSERT INTO ticket_updates (ticket, user, msg) VALUES (:tktuuid, :user, :msg)";
+        $sql = $db->prepare($stmt);
+        $sql->bindParam(':tktuuid', $_POST['rid']);
+        $sql->bindParam(':user', $_SESSION['uuid']);
+        $sql->bindParam(':msg', $_POST['msg']);
+        $sql->execute();
+      } catch (PDOException $e) {
+        // echo("Error: <br>" . $e->getMessage() . "<br>");
+        $new_ticket_alert = array("danger", "Failed to save update: " . $e->getMessage());
+      }
+      header('Location: /view?rid=' . $_POST['rid'], true);
+    } else { // Form not yet submitted
+      // Get ticket
+      try {
+        $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
+        $ticket_sql = $db->prepare($ticket_stmt);
+        $ticket_sql->bindParam(':uuid', $_GET['rid']);
+        $ticket_sql->execute();
+        $ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
+        $ticket_result = $ticket_sql->fetchAll();
+        $request = $ticket_result[0];
+      } catch (PDOException $e) {
+        $new_ticket_alert = array("danger", "Failed to get request: " . $e->getMessage());
+      }
+
+      // Get ticket updates
+      try {
+        $updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
+        $updates_sql = $db->prepare($updates_stmt);
+        $updates_sql->bindParam(':uuid', $_GET['rid']);
+        $updates_sql->execute();
+        $updates_sql->setFetchMode(PDO::FETCH_ASSOC);
+        $updates_result = $updates_sql->fetchAll();
+      } catch (PDOException $e) {
+        $new_ticket_alert = array("danger", "Failed to get updates: " . $e->getMessage());
+      }
+
+      // Get authorised subscribers
+      try {
+        $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
+        $users_sql = $db->prepare($users_stmt);
+        $users_sql->bindParam(':uuid', $_GET['rid']);
+        $users_sql->execute();
+        $users_sql->setFetchMode(PDO::FETCH_ASSOC);
+        $users_result = $users_sql->fetchAll();
+      } catch (PDOException $e) {
+        $new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage());
+      }
+    }
+
+
+    $authorised_users = array();
+    foreach($users_result as $user) {
+      array_push($authorised_users, $user['user_uuid']);
+    }
+
+    if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
+      $is_authorised = true;
+    } else {
+      $is_authorised = false;
+    }
+
+?>
+
+
+
+<!-- Begin page content -->
+<main role="main" class="flex-shrink-0">
+
+  <?php if (!is_signed_in()) { ?>
+    <section>
+      <div class="container">
+        <div class='alert alert-danger alert-dismissible fade show' role='alert'>
+          You need to log in to access this page.
+          <button type='button' class='close' data-dismiss='alert' aria-label='Close'>
+            <span aria-hidden='true'>&times;</span>
+          </button>
+        </div>
+      </div>
+    </section>
+  <?php } else {
+      if ($is_authorised == true) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1><?php echo($request['title']); ?></h1>
+          <p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p>
+          <p class="lead text-muted"><?php echo($request['description']); ?></p>
+          <p>
+            <a href='/update?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a>
+            <a href='/upload?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-secondary my-2'>Add attachment(s)</a>
+            <a href='/close?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-danger my-2'>Close the request</a>
+          </p>
+        </div>
+      </section>
+      <section>
+        <div class="container">
+          <div class="row">
+            <div class="col-4">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
+                <ul class="list-group list-group-flush">
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Status:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['status']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created by:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo(get_user_name($db, $request['created_by'])); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Assigned to:</b></span>
+                        <?php if ($request['assignee'] != null) {
+                          echo("<span style='display: inline; margin-left: 1%;'>" . get_user_name($db, $request['assignee']) . "</span>");
+                        } else {
+                          echo("<span class='text-muted' style='display: inline; margin-left: 1%;'>None</span>");
+                        } ?>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['created_on']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Last updated:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['last_updated']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                </ul>
+              </div>
+            </div>
+
+            <div class="col-8">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
+                <ul class="list-group list-group-flush">
+                  <?php
+                    if (count($updates_result) == 0) {
+                      echo("<center><b>No updates</b></center>");
+                    } else {
+                      foreach($updates_result as $update) {
+                  ?>
+                    <li class="list-group-item">
+                      <div class="container">
+                        <div class="row">
+                          <span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
+                        </div>
+                        <div class="row">
+                          <span><?php echo($update['msg']); ?></span>
+                        </div>
+                      </div>
+                    </li>
+                  <?php } } ?>
+                </ul>
+              </div>
+            </div>
+
+          </div>
+        </div>
+      </section>
+      <section>
+        <div class="card mx-auto" style="width: 50%;margin-bottom: 50px;">
+          <form style="padding: 2%" action="/update" method="post" enctype="multipart/form-data">
+            <div class="form-group">
+              <input type="hidden" id="rid" name="rid" value="<?php echo($_GET['rid']); ?>">
+            </div>
+            <div class="form-group">
+              <label for="msg">Update: </label>
+              <textarea type="text" class="form-control" id="msg" name="msg" rows="3"></textarea>
+            </div>
+            <button type="submit" class="btn btn-primary">Submit</button>
+          </form>
+        </div>
+      </section>
+    <?php } else if ($is_authorised == false) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1>You are not authorised to see this page.</h1>
+        </div>
+      </section>
+    <?php } } ?>
+
+</main>
+
+<?php
+    require_once __DIR__ . "/../includes/footer.php";
+?>
diff --git a/app/public/upload.php b/app/public/upload.php
new file mode 100644
index 0000000..7840c80
--- /dev/null
+++ b/app/public/upload.php
@@ -0,0 +1,221 @@
+<?php
+    $PAGE_NAME = "Upload file";
+    require_once __DIR__ . "/../includes/header.php";
+
+    // If form submitted, save to database
+    if($_SERVER['REQUEST_METHOD'] == 'POST') {
+      // If file is uploaded, process that
+      if(isset($_FILES['file']) && $_FILES['file']['name'] != "") {
+        try {
+          $file_uuid = Uuid::uuid4()->toString();
+          $file_name = $_FILES['file']['name'];
+          $file_size = $_FILES['file']['size'];
+          $file_type = $_FILES['file']['type'];
+          $file_tmp = $_FILES['file']['tmp_name'];
+          move_uploaded_file($file_tmp,"/srv/attachments/".$file_name);
+          $stmt = "INSERT INTO ticket_uploads (id, ticket, user, filename) VALUES (:fileuuid, :ticket, :user, :name)";
+          $sql = $db->prepare($stmt);
+          $sql->bindParam(':fileuuid', $file_uuid);
+          $sql->bindParam(':ticket', $_POST['rid']);
+          $sql->bindParam(':user', $_SESSION['uuid']);
+          $sql->bindParam(':name', $file_name);
+          $sql->execute();
+        } catch (PDOException $e) {
+          // echo("Error: <br>" . $e->getMessage() . "<br>");
+          $new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage());
+        }
+      }
+      header('Location: /view?rid=' . $tkt_uuid, true);
+    } else { // Form not yet submitted
+      // Get ticket
+      try {
+        $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
+        $ticket_sql = $db->prepare($ticket_stmt);
+        $ticket_sql->bindParam(':uuid', $_GET['rid']);
+        $ticket_sql->execute();
+        $ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
+        $ticket_result = $ticket_sql->fetchAll();
+        $request = $ticket_result[0];
+      } catch (PDOException $e) {
+        echo("Error: " . $e->getMessage());
+      }
+
+      // Get ticket updates
+      try {
+        $updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
+        $updates_sql = $db->prepare($updates_stmt);
+        $updates_sql->bindParam(':uuid', $_GET['rid']);
+        $updates_sql->execute();
+        $updates_sql->setFetchMode(PDO::FETCH_ASSOC);
+        $updates_result = $updates_sql->fetchAll();
+      } catch (PDOException $e) {
+        echo("Error: " . $e->getMessage());
+      }
+
+      // Get authorised subscribers
+      try {
+        $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
+        $users_sql = $db->prepare($users_stmt);
+        $users_sql->bindParam(':uuid', $_GET['rid']);
+        $users_sql->execute();
+        $users_sql->setFetchMode(PDO::FETCH_ASSOC);
+        $users_result = $users_sql->fetchAll();
+      } catch (PDOException $e) {
+        echo("Error: " . $e->getMessage());
+      }
+    }
+
+
+    $authorised_users = array();
+    foreach($users_result as $user) {
+      array_push($authorised_users, $user['user_uuid']);
+    }
+
+    if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
+      $is_authorised = true;
+    } else {
+      $is_authorised = false;
+    }
+
+?>
+
+
+
+<!-- Begin page content -->
+<main role="main" class="flex-shrink-0">
+
+  <?php if (!is_signed_in()) { ?>
+    <section>
+      <div class="container">
+        <div class='alert alert-danger alert-dismissible fade show' role='alert'>
+          You need to log in to access this page.
+          <button type='button' class='close' data-dismiss='alert' aria-label='Close'>
+            <span aria-hidden='true'>&times;</span>
+          </button>
+        </div>
+      </div>
+    </section>
+  <?php } else {
+      if ($is_authorised == true) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1><?php echo($request['title']); ?></h1>
+          <p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p>
+          <p class="lead text-muted"><?php echo($request['description']); ?></p>
+          <p>
+            <a href='/update?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a>
+            <a href='/upload?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-secondary my-2'>Add attachment(s)</a>
+            <a href='/close?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-danger my-2'>Close the request</a>
+          </p>
+        </div>
+      </section>
+      <section>
+        <div class="container">
+          <div class="row">
+            <div class="col-4">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
+                <ul class="list-group list-group-flush">
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Status:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['status']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created by:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo(get_user_name($db, $request['created_by'])); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Assigned to:</b></span>
+                        <?php if ($request['assignee'] != null) {
+                          echo("<span style='display: inline; margin-left: 1%;'>" . get_user_name($db, $request['assignee']) . "</span>");
+                        } else {
+                          echo("<span class='text-muted' style='display: inline; margin-left: 1%;'>None</span>");
+                        } ?>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['created_on']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Last updated:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['last_updated']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                </ul>
+              </div>
+            </div>
+
+            <div class="col-8">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
+                <ul class="list-group list-group-flush">
+                  <?php
+                    if (count($updates_result) == 0) {
+                      echo("<center><b>No updates</b></center>");
+                    } else {
+                      foreach($updates_result as $update) {
+                  ?>
+                    <li class="list-group-item">
+                      <div class="container">
+                        <div class="row">
+                          <span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
+                        </div>
+                        <div class="row">
+                          <span><?php echo($update['msg']); ?></span>
+                        </div>
+                      </div>
+                    </li>
+                  <?php } } ?>
+                </ul>
+              </div>
+            </div>
+
+          </div>
+        </div>
+      </section>
+      <section>
+        <div class="card mx-auto" style="width: 50%;margin-bottom: 50px;">
+          <form style="padding: 2%" action="/upload" method="post" enctype="multipart/form-data">
+            <div class="form-group">
+              <input type="hidden" id="rid" name="rid" value="<?php echo($_GET['rid']); ?>">
+            </div>
+            <div class="form-group">
+              <label for="file">Upload file(s): </label>
+              <input type="file" class="form-control-file" id="file" name="file">
+            </div>
+            <button type="submit" class="btn btn-primary">Submit</button>
+          </form>
+        </div>
+      </section>
+    <?php } else if ($is_authorised == false) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1>You are not authorised to see this page.</h1>
+        </div>
+      </section>
+    <?php } } ?>
+
+</main>
+
+<?php
+    require_once __DIR__ . "/../includes/footer.php";
+?>
diff --git a/app/public/view.php b/app/public/view.php
index 94ece07..33b912f 100644
--- a/app/public/view.php
+++ b/app/public/view.php
@@ -75,12 +75,17 @@
           <h1><?php echo($request['title']); ?></h1>
           <p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p>
           <p class="lead text-muted"><?php echo($request['description']); ?></p>
+          <p>
+            <a href='/update?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a>
+            <a href='/upload?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-secondary my-2'>Add attachment(s)</a>
+            <a href='/close?rid=<?php echo($tkt["uuid"]); ?>' class='btn btn-danger my-2'>Close the request</a>
+          </p>
         </div>
       </section>
       <section>
         <div class="container">
           <div class="row">
-            <div class="col-sm">
+            <div class="col-4">
               <div class="card mx-auto">
                 <div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
                 <ul class="list-group list-group-flush">
@@ -132,7 +137,7 @@
               </div>
             </div>
 
-            <div class="col-sm">
+            <div class="col-8">
               <div class="card mx-auto">
                 <div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
                 <ul class="list-group list-group-flush">
@@ -157,35 +162,6 @@
               </div>
             </div>
 
-            <div class="col-sm">
-              <div class="card mx-auto">
-                <div class="card-header"><span class="mdi mdi-comment-edit-outline"></span> Actions</div>
-                <ul class="list-group list-group-flush">
-                    <li class="list-group-item">
-                      <div class="container">
-                        <div class="row">
-                          <span style="display: inline;">Send an update</span>
-                        </div>
-                      </div>
-                    </li>
-                    <li class="list-group-item">
-                      <div class="container">
-                        <div class="row">
-                          <span style="display: inline;">Upload file(s)</span>
-                        </div>
-                      </div>
-                    </li>
-                    <li class="list-group-item">
-                      <div class="container">
-                        <div class="row">
-                          <span style="display: inline;">Add/Remove request subscribers</span>
-                        </div>
-                      </div>
-                    </li>
-                </ul>
-              </div>
-            </div>
-
           </div>
         </div>
       </section>