✨ Now working: subscriptions, request viewing permissions

Signed-off-by: Luke Tainton <luke@tainton.uk>

app/public/index.php

@@ -30,6 +30,36 @@
 
       $user_tickets_sub = 0; // Force 'no subbed tickets' msg until the code works
     }
+
+    function get_sub_ticket($db, $ticket_uuid) {
+      try {
+        $stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
+        $sql = $db->prepare($stmt);
+        $sql->bindParam(':uuid', $ticket_uuid);
+        $sql->execute();
+        $sql->setFetchMode(PDO::FETCH_ASSOC);
+        $result = $sql->fetchAll();
+        $tkt = $result[0];
+      } catch (PDOException $e) {
+        echo("Error: " . $e->getMessage());
+      }
+      return $tkt;
+    }
+
+    function get_user_name($db, $user_uuid) {
+      try {
+        $stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
+        $sql = $db->prepare($stmt);
+        $sql->bindParam(':uuid', $user_uuid);
+        $sql->execute();
+        $sql->setFetchMode(PDO::FETCH_ASSOC);
+        $result = $sql->fetchAll();
+        $usr = $result[0]['given_name'] . " " . $result[0]['family_name'];
+      } catch (PDOException $e) {
+        echo("Error: " . $e->getMessage());
+      }
+      return $usr;
+    }
 ?>
 
 
@@ -99,17 +129,19 @@
         </div>
         <ul class="list-group list-group-flush">
           <?php
-            if ($user_tickets_sub == 0) {
-            // if (count($sub_tickets_result) == 0) {
+            // if ($user_tickets_sub == 0) {
+            if (count($sub_tickets_result) == 0) {
               echo("<center><b>No subscribed tickets</b></center>");
             } else {
-              foreach($sub_tickets_result as $tkt) {
+              foreach($sub_tickets_result as $sub) {
+                $tkt = get_sub_ticket($db, $sub['ticket_uuid']);
+                $tkt_creator = get_user_name($db, $tkt['created_by']);
           ?>
           <li class="list-group-item">
             <div class="container">
               <div class="row">
                 <div class="col-10">
-                  <span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $tkt["id"]); ?> </span><span><b><?php echo($tkt['title']); ?></b></span>
+                  <span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $tkt["id"]); ?> </span><span><b><?php echo($tkt['title']); ?></b></span> <span style="display: inline;" class="text-muted"><?php echo("(Creator: " . $tkt_creator . ")"); ?></span>
                   <p class="m-0"><?php echo($tkt['description']); ?></p>
                 </div>
                 <div class="col-2">

app/public/view.php

@@ -1,20 +1,44 @@
 <?php
-    $PAGE_NAME = "Home";
+    $PAGE_NAME = "View Request";
     require_once __DIR__ . "/../includes/prereqs.php";
     require_once __DIR__ . "/../includes/header.php";
 
     if (is_signed_in()) {
+      // Get ticket
       try {
-        $user_tickets_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
-        $user_tickets_sql = $db->prepare($user_tickets_stmt);
-        $user_tickets_sql->bindParam(':uuid', $_GET['rid']);
-        $user_tickets_sql->execute();
-        $user_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
-        $user_tickets_result = $user_tickets_sql->fetchAll();
-        $request = $user_tickets_result[0];
+        $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
+        $ticket_sql = $db->prepare($ticket_stmt);
+        $ticket_sql->bindParam(':uuid', $_GET['rid']);
+        $ticket_sql->execute();
+        $ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
+        $ticket_result = $ticket_sql->fetchAll();
+        $request = $ticket_result[0];
       } catch (PDOException $e) {
         echo("Error: " . $e->getMessage());
       }
+
+      // Get authorised subscribers
+      try {
+        $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
+        $users_sql = $db->prepare($users_stmt);
+        $users_sql->bindParam(':uuid', $_GET['rid']);
+        $users_sql->execute();
+        $users_sql->setFetchMode(PDO::FETCH_ASSOC);
+        $users_result = $users_sql->fetchAll();
+      } catch (PDOException $e) {
+        echo("Error: " . $e->getMessage());
+      }
+
+      $authorised_users = array();
+      foreach($users_result as $user) {
+        array_push($authorised_users, $user['user_uuid']);
+      }
+
+      if (in_array($_SESSION['uuid'], $authorised_users)) {
+        $is_authorised = true;
+      } else {
+        $is_authorised = false;
+      }
     }
 
 ?>
@@ -24,7 +48,7 @@
 <!-- Begin page content -->
 <main role="main" class="flex-shrink-0">
 
-  <?php if (is_signed_in()) { ?>
+  <?php if (is_signed_in() && $is_authorised == true) { ?>
     <section class="jumbotron text-center">
       <div class="container">
         <h1><?php echo($request['title']); ?></h1>
@@ -35,10 +59,18 @@
         <p>
           <?php print_r($request); ?>
         </p>
+        <p>
+          <?php print_r($users_result) ?>
+        </p>
+      </div>
+    </section>
+  <?php } else if (is_signed_in() && $is_authorised == false) { ?>
+    <section class="jumbotron text-center">
+      <div class="container">
+        <h1>You are not authorised to see this page.</h1>
       </div>
     </section>
   <?php } else { ?>
-
     <section class="jumbotron text-center">
       <div class="container">
         <h1>You need to be logged in to see this page.</h1>