archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity

Add subscription management

Browse Source 
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit is contained in:
Luke Tainton
2020-08-10 16:00:27 +01:00
parent f7c7d7e3ee
commit 48d5b2ee73
4 changed files with 121 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/includes/app_functions.php
View File

@@ -1,4 +1,17 @@
<?php <?php
function get_all_users($db) {
try {
$stmt = "SELECT * FROM users";
$sql = $db->prepare($stmt);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $result;
}
function get_user_name($db, $user_uuid) { function get_user_name($db, $user_uuid) {
try { try {
$stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid"; $stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";

30
app/public/actions/addsub.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
$PAGE_NAME = "Add subscriber";
require_once __DIR__ . "/../../includes/prereqs.php";
$request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
// Add subscriber
if ($is_authorised == true) {
if($_SERVER['REQUEST_METHOD'] == 'POST') {
try {
$stmt = "INSERT INTO ticket_subscribers (ticket_uuid, user_uuid) VALUES (:tktuuid, :usruuid)";
$sql = $db->prepare($stmt);
$sql->bindParam(':tktuuid', $request['uuid']);
$sql->bindParam(':usruuid', $POST['addSubSelector']);
$sql->execute();
} catch (PDOException $e) {
$alert = array("danger", "Failed to add subscriber: " . $e->getMessage());
}
}
$newURL = "/managesub?rid=" . $request['uuid'];
echo("<script>window.location = '$newURL'</script>");
} else {
$alert = array("danger", "You are not authorised to manage subscribers on this request.");
$newURL = "/managesub?rid=" . $request['uuid'];
echo("<script>window.location = '$newURL'</script>");
}
?>

30
app/public/actions/delsub.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
$PAGE_NAME = "Delete subscribers";
require_once __DIR__ . "/../../includes/prereqs.php";
$request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
// Add subscriber
if ($is_authorised == true) {
if($_SERVER['REQUEST_METHOD'] == 'POST') {
try {
$stmt = "DELETE FROM ticket_subscribers WHERE ticket_uuid=:tktuuid AND user_uuid=:usruuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':tktuuid', $request['uuid']);
$sql->bindParam(':usruuid', $POST['addSubSelector']);
$sql->execute();
} catch (PDOException $e) {
$alert = array("danger", "Failed to remove subscriber(s): " . $e->getMessage());
}
}
$newURL = "/managesub?rid=" . $request['uuid'];
echo("<script>window.location = '$newURL'</script>");
} else {
$alert = array("danger", "You are not authorised to manage subscribers on this request.");
$newURL = "/managesub?rid=" . $request['uuid'];
echo("<script>window.location = '$newURL'</script>");
}
?>

90
app/public/managesub.php
View File

@@ -1,11 +1,12 @@
<?php <?php
$PAGE_NAME = "Upload file"; $PAGE_NAME = "Manage request subscribers";
require_once __DIR__ . "/../includes/header.php"; require_once __DIR__ . "/../includes/header.php";
$request = get_request($db, $_GET['rid']); $request = get_request($db, $_GET['rid']);
$updates = get_updates($db, $request);
$authorised_users = get_subscribers($db, $request); $authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request); $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
$all_users = get_all_users($db);
?> ?>
@@ -38,7 +39,9 @@
<div class="row"> <div class="row">
<div class="col-4"> <div class="col-4">
<div class="card mx-auto"> <div class="card mx-auto">
<div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div> <div class="card-header"><span class="mdi mdi-information-outline">
</span> Information
</div>
<ul class="list-group list-group-flush"> <ul class="list-group list-group-flush">
<li class="list-group-item"> <li class="list-group-item">
<div class="container"> <div class="container">
@@ -89,64 +92,55 @@
</div> </div>
<div class="col-8"> <div class="col-8">
<div class="card mx-auto">
<div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
<ul class="list-group list-group-flush">
<?php
if (count($updates) == 0) {
echo("<center><b>No updates</b></center>");
} else {
foreach($updates as $update) {
?>
<li class="list-group-item">
<div class="container">
<div class="row">
<span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
</div>
<div class="row">
<span><?php echo($update['msg']); ?></span>
</div>
</div>
</li>
<?php } } ?>
</ul>
</div>
</div>
</div>
</div>
</section>
<section style="margin-top: 2%;">
<div class="col-sm">
<div class="card mx-auto"> <div class="card mx-auto">
<div class="card-header"> <div class="card-header">
<span class="mdi mdi-rss"></span> Request Subscribers <span class="mdi mdi-rss"></span> Manage Subscribers
</div> </div>
<ul class="list-group list-group-flush"> <ul class="list-group list-group-flush">
<?php
if (count($subscribers) == 0) {
echo("<center><b>No subscribers</b></center>");
} else {
foreach($subscribers as $sub) { ?>
<li class="list-group-item"> <li class="list-group-item">
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<div class="col-10"> <form method="post" action="/actions/delsub">
<span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $sub["id"]); ?> </span><span><b><?php echo($sub['title']); ?></b></span> <span style="display: inline;" class="text-muted"><?php echo("(Creator: " . get_user_name($db, $sub['created_by']) . ")"); ?></span> <div class="form-group">
<p class="m-0"><?php echo($sub['description']); ?></p> <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
</div> <label for="delSubSelector">Remove subscribers:</label>
<div class="col-2"> <select multiple class="form-control" id="delSubSelector" name="delSubSelector">
<a class="btn btn-success float-right" href="view?rid=<?php echo($sub["uuid"]); ?>" role="button">Edit</a> <?php foreach($authorised_users as $usr) {
<a class="btn btn-success float-right" href="view?rid=<?php echo($sub["uuid"]); ?>" role="button">Delete</a> $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
} ?>
</select>
</div> </div>
<button type="submit" class="btn btn-danger">Submit</button>
</form>
</div>
</div>
</li>
<li class="list-group-item">
<div class="container">
<div class="row">
<form method="post" action="/actions/addsub">
<div class="form-group">
<input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
<label for="addSubSelector">Add subscriber:</label>
<select class="form-control" id="addSubSelector" name="addSubSelector">
<?php foreach($all_users as $usr) {
if (!in_array($usr['uuid'], $authorised_users)) {
$usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
}
} ?>
</select>
</div>
<button type="submit" class="btn btn-primary">Submit</button>
</form>
</div> </div>
</div> </div>
</li> </li>
<?php } } ?>
</ul> </ul>
</div> </div>
</section> </div>
</div>
</div> </div>
</section> </section>