archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity

Now working: subscriptions, request viewing permissions

Browse Source 
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit is contained in:
Luke Tainton
2020-08-04 15:03:36 +01:00
parent 53d5a6695c
commit c81c38367b
2 changed files with 78 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
app/public/index.php
View File

@@ -30,6 +30,36 @@
$user_tickets_sub = 0; // Force 'no subbed tickets' msg until the code works $user_tickets_sub = 0; // Force 'no subbed tickets' msg until the code works
} }
function get_sub_ticket($db, $ticket_uuid) {
try {
$stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $ticket_uuid);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
$tkt = $result[0];
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $tkt;
}
function get_user_name($db, $user_uuid) {
try {
$stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $user_uuid);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
$usr = $result[0]['given_name'] . " " . $result[0]['family_name'];
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $usr;
}
?> ?>
@@ -99,17 +129,19 @@
</div> </div>
<ul class="list-group list-group-flush"> <ul class="list-group list-group-flush">
<?php <?php
if ($user_tickets_sub == 0) { // if ($user_tickets_sub == 0) {
// if (count($sub_tickets_result) == 0) { if (count($sub_tickets_result) == 0) {
echo("<center><b>No subscribed tickets</b></center>"); echo("<center><b>No subscribed tickets</b></center>");
} else { } else {
foreach($sub_tickets_result as $tkt) { foreach($sub_tickets_result as $sub) {
$tkt = get_sub_ticket($db, $sub['ticket_uuid']);
$tkt_creator = get_user_name($db, $tkt['created_by']);
?> ?>
<li class="list-group-item"> <li class="list-group-item">
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<div class="col-10"> <div class="col-10">
<span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $tkt["id"]); ?> </span><span><b><?php echo($tkt['title']); ?></b></span> <span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $tkt["id"]); ?> </span><span><b><?php echo($tkt['title']); ?></b></span> <span style="display: inline;" class="text-muted"><?php echo("(Creator: " . $tkt_creator . ")"); ?></span>
<p class="m-0"><?php echo($tkt['description']); ?></p> <p class="m-0"><?php echo($tkt['description']); ?></p>
</div> </div>
<div class="col-2"> <div class="col-2">

52
app/public/view.php
View File

@@ -1,20 +1,44 @@
<?php <?php
$PAGE_NAME = "Home"; $PAGE_NAME = "View Request";
require_once __DIR__ . "/../includes/prereqs.php"; require_once __DIR__ . "/../includes/prereqs.php";
require_once __DIR__ . "/../includes/header.php"; require_once __DIR__ . "/../includes/header.php";
if (is_signed_in()) { if (is_signed_in()) {
// Get ticket
try { try {
$user_tickets_stmt = "SELECT * FROM tickets WHERE uuid=:uuid"; $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$user_tickets_sql = $db->prepare($user_tickets_stmt); $ticket_sql = $db->prepare($ticket_stmt);
$user_tickets_sql->bindParam(':uuid', $_GET['rid']); $ticket_sql->bindParam(':uuid', $_GET['rid']);
$user_tickets_sql->execute(); $ticket_sql->execute();
$user_tickets_sql->setFetchMode(PDO::FETCH_ASSOC); $ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$user_tickets_result = $user_tickets_sql->fetchAll(); $ticket_result = $ticket_sql->fetchAll();
$request = $user_tickets_result[0]; $request = $ticket_result[0];
} catch (PDOException $e) { } catch (PDOException $e) {
echo("Error: " . $e->getMessage()); echo("Error: " . $e->getMessage());
} }
// Get authorised subscribers
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $_GET['rid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
$authorised_users = array();
foreach($users_result as $user) {
array_push($authorised_users, $user['user_uuid']);
}
if (in_array($_SESSION['uuid'], $authorised_users)) {
$is_authorised = true;
} else {
$is_authorised = false;
}
} }
?> ?>
@@ -24,7 +48,7 @@
<!-- Begin page content --> <!-- Begin page content -->
<main role="main" class="flex-shrink-0"> <main role="main" class="flex-shrink-0">
<?php if (is_signed_in()) { ?> <?php if (is_signed_in() && $is_authorised == true) { ?>
<section class="jumbotron text-center"> <section class="jumbotron text-center">
<div class="container"> <div class="container">
<h1><?php echo($request['title']); ?></h1> <h1><?php echo($request['title']); ?></h1>
@@ -35,10 +59,18 @@
<p> <p>
<?php print_r($request); ?> <?php print_r($request); ?>
</p> </p>
<p>
<?php print_r($users_result) ?>
</p>
</div>
</section>
<?php } else if (is_signed_in() && $is_authorised == false) { ?>
<section class="jumbotron text-center">
<div class="container">
<h1>You are not authorised to see this page.</h1>
</div> </div>
</section> </section>
<?php } else { ?> <?php } else { ?>
<section class="jumbotron text-center"> <section class="jumbotron text-center">
<div class="container"> <div class="container">
<h1>You need to be logged in to see this page.</h1> <h1>You need to be logged in to see this page.</h1>