From cf61b081c0efc5f30b9f499d1c12fdeeb251a824 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Mon, 10 Aug 2020 16:12:57 +0100
Subject: [PATCH] [WIP] Subscription management (#63)

* Basic UI

@luketainton please edit lines 120-140 on the editsub and managesub files

* :sparkles: Add subscription management

Signed-off-by: Luke Tainton <luke@tainton.uk>

* :sparkles: Add subscription management

Signed-off-by: Luke Tainton <luke@tainton.uk>

* :bug: Fix incorrect POST variable and add foreach()

Signed-off-by: Luke Tainton <luke@tainton.uk>

* :art: Fix file names and add link on view.php

Signed-off-by: Luke Tainton <luke@tainton.uk>

Co-authored-by: Alexander Davis <alex@adcm.uk>
---
 app/includes/app_functions.php |  13 +++
 app/public/actions/addsub.php  |  30 +++++++
 app/public/actions/delsub.php  |  32 +++++++
 app/public/editsub.php         | 159 +++++++++++++++++++++++++++++++++
 app/public/editsub.php.old     | 154 +++++++++++++++++++++++++++++++
 app/public/view.php            |   5 +-
 6 files changed, 391 insertions(+), 2 deletions(-)
 create mode 100644 app/public/actions/addsub.php
 create mode 100644 app/public/actions/delsub.php
 create mode 100644 app/public/editsub.php
 create mode 100644 app/public/editsub.php.old

diff --git a/app/includes/app_functions.php b/app/includes/app_functions.php
index 4011194..6d7bf28 100644
--- a/app/includes/app_functions.php
+++ b/app/includes/app_functions.php
@@ -1,4 +1,17 @@
 <?php
+  function get_all_users($db) {
+    try {
+      $stmt = "SELECT * FROM users";
+      $sql = $db->prepare($stmt);
+      $sql->execute();
+      $sql->setFetchMode(PDO::FETCH_ASSOC);
+      $result = $sql->fetchAll();
+    } catch (PDOException $e) {
+      echo("Error: " . $e->getMessage());
+    }
+    return $result;
+  }
+
   function get_user_name($db, $user_uuid) {
     try {
       $stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
diff --git a/app/public/actions/addsub.php b/app/public/actions/addsub.php
new file mode 100644
index 0000000..6a18db0
--- /dev/null
+++ b/app/public/actions/addsub.php
@@ -0,0 +1,30 @@
+<?php
+    $PAGE_NAME = "Add subscriber";
+    require_once __DIR__ . "/../../includes/prereqs.php";
+
+    $request = get_request($db, $_POST['rid']);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    // Add subscriber
+    if ($is_authorised == true) {
+        if($_SERVER['REQUEST_METHOD'] == 'POST') {
+          try {
+              $stmt = "INSERT INTO ticket_subscribers (ticket_uuid, user_uuid) VALUES (:tktuuid, :usruuid)";
+              $sql = $db->prepare($stmt);
+              $sql->bindParam(':tktuuid', $request['uuid']);
+              $sql->bindParam(':usruuid', $POST['addSubSelector']);
+              $sql->execute();
+          } catch (PDOException $e) {
+              $alert = array("danger", "Failed to add subscriber: " . $e->getMessage());
+          }
+        }
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    } else {
+        $alert = array("danger", "You are not authorised to manage subscribers on this request.");
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    }
+
+?>
diff --git a/app/public/actions/delsub.php b/app/public/actions/delsub.php
new file mode 100644
index 0000000..917e59a
--- /dev/null
+++ b/app/public/actions/delsub.php
@@ -0,0 +1,32 @@
+<?php
+    $PAGE_NAME = "Delete subscribers";
+    require_once __DIR__ . "/../../includes/prereqs.php";
+
+    $request = get_request($db, $_POST['rid']);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    // Add subscriber
+    if ($is_authorised == true) {
+        if($_SERVER['REQUEST_METHOD'] == 'POST') {
+          foreach ($_POST['addSubSelector'] as $sub) {
+            try {
+                $stmt = "DELETE FROM ticket_subscribers WHERE ticket_uuid=:tktuuid AND user_uuid=:usruuid";
+                $sql = $db->prepare($stmt);
+                $sql->bindParam(':tktuuid', $request['uuid']);
+                $sql->bindParam(':usruuid', $sub);
+                $sql->execute();
+            } catch (PDOException $e) {
+                $alert = array("danger", "Failed to remove subscriber(s): " . $e->getMessage());
+            }
+          }
+        }
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    } else {
+        $alert = array("danger", "You are not authorised to manage subscribers on this request.");
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    }
+
+?>
diff --git a/app/public/editsub.php b/app/public/editsub.php
new file mode 100644
index 0000000..e403603
--- /dev/null
+++ b/app/public/editsub.php
@@ -0,0 +1,159 @@
+<?php
+    $PAGE_NAME = "Manage request subscribers";
+    require_once __DIR__ . "/../includes/header.php";
+
+    $request = get_request($db, $_GET['rid']);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    $all_users = get_all_users($db);
+?>
+
+
+
+<!-- Begin page content -->
+<main role="main" class="flex-shrink-0">
+
+  <?php if (!is_signed_in()) { ?>
+    <section>
+      <div class="container">
+        <div class='alert alert-danger alert-dismissible fade show' role='alert'>
+          You need to log in to access this page.
+          <button type='button' class='close' data-dismiss='alert' aria-label='Close'>
+            <span aria-hidden='true'>&times;</span>
+          </button>
+        </div>
+      </div>
+    </section>
+  <?php } else {
+      if ($is_authorised == true) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1><?php echo($request['title']); ?></h1>
+          <p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p>
+          <p class="lead text-muted"><?php echo($request['description']); ?></p>
+        </div>
+      </section>
+      <section>
+        <div class="container">
+          <div class="row">
+            <div class="col-4">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-information-outline">
+                  </span> Information
+                </div>
+                <ul class="list-group list-group-flush">
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Status:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['status']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created by:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo(get_user_name($db, $request['created_by'])); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Assigned to:</b></span>
+                        <?php if ($request['assignee'] != null) {
+                          echo("<span style='display: inline; margin-left: 1%;'>" . get_user_name($db, $request['assignee']) . "</span>");
+                        } else {
+                          echo("<span class='text-muted' style='display: inline; margin-left: 1%;'>None</span>");
+                        } ?>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['created_on']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Last updated:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['last_updated']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                </ul>
+              </div>
+            </div>
+
+            <div class="col-8">
+              <div class="card mx-auto">
+                <div class="card-header">
+                  <span class="mdi mdi-rss"></span> Manage Subscribers
+                </div>
+                <ul class="list-group list-group-flush">
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <form method="post" action="/actions/delsub">
+                          <div class="form-group">
+                            <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                            <label for="delSubSelector">Remove subscribers:</label>
+                            <select multiple class="form-control" id="delSubSelector" name="delSubSelector">
+                              <?php foreach($authorised_users as $usr) {
+                                  $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
+                                  echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
+                                } ?>
+                            </select>
+                          </div>
+                          <button type="submit" class="btn btn-danger">Submit</button>
+                        </form>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <form method="post" action="/actions/addsub">
+                          <div class="form-group">
+                            <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                            <label for="addSubSelector">Add subscriber:</label>
+                            <select class="form-control" id="addSubSelector" name="addSubSelector">
+                              <?php foreach($all_users as $usr) {
+                                if (!in_array($usr['uuid'], $authorised_users)) {
+                                  $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
+                                  echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
+                                }
+                              } ?>
+                            </select>
+                          </div>
+                          <button type="submit" class="btn btn-primary">Submit</button>
+                        </form>
+                      </div>
+                    </div>
+                  </li>
+                </ul>
+              </div>
+            </div>
+          </div>
+        </div>
+      </section>
+
+    <?php } else if ($is_authorised == false) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1>You are not authorised to see this page.</h1>
+        </div>
+      </section>
+    <?php } } ?>
+
+</main>
+
+<?php
+    require_once __DIR__ . "/../includes/footer.php";
+?>
diff --git a/app/public/editsub.php.old b/app/public/editsub.php.old
new file mode 100644
index 0000000..127379c
--- /dev/null
+++ b/app/public/editsub.php.old
@@ -0,0 +1,154 @@
+<?php
+    $PAGE_NAME = "Upload file";
+    require_once __DIR__ . "/../includes/header.php";
+
+    $request = get_request($db, $_GET['rid']);
+    $updates = get_updates($db, $request);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+?>
+
+
+
+<!-- Begin page content -->
+<main role="main" class="flex-shrink-0">
+
+  <?php if (!is_signed_in()) { ?>
+    <section>
+      <div class="container">
+        <div class='alert alert-danger alert-dismissible fade show' role='alert'>
+          You need to log in to access this page.
+          <button type='button' class='close' data-dismiss='alert' aria-label='Close'>
+            <span aria-hidden='true'>&times;</span>
+          </button>
+        </div>
+      </div>
+    </section>
+  <?php } else {
+      if ($is_authorised == true) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1><?php echo($request['title']); ?></h1>
+          <p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p>
+          <p class="lead text-muted"><?php echo($request['description']); ?></p>
+        </div>
+      </section>
+      <section>
+        <div class="container">
+          <div class="row">
+            <div class="col-4">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
+                <ul class="list-group list-group-flush">
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Status:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['status']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created by:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo(get_user_name($db, $request['created_by'])); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Assigned to:</b></span>
+                        <?php if ($request['assignee'] != null) {
+                          echo("<span style='display: inline; margin-left: 1%;'>" . get_user_name($db, $request['assignee']) . "</span>");
+                        } else {
+                          echo("<span class='text-muted' style='display: inline; margin-left: 1%;'>None</span>");
+                        } ?>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['created_on']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Last updated:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['last_updated']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                </ul>
+              </div>
+            </div>
+
+            <div class="col-8">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
+                <ul class="list-group list-group-flush">
+                  <?php
+                    if (count($updates) == 0) {
+                      echo("<center><b>No updates</b></center>");
+                    } else {
+                      foreach($updates as $update) {
+                  ?>
+                    <li class="list-group-item">
+                      <div class="container">
+                        <div class="row">
+                          <span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
+                        </div>
+                        <div class="row">
+                          <span><?php echo($update['msg']); ?></span>
+                        </div>
+                      </div>
+                    </li>
+                  <?php } } ?>
+                </ul>
+              </div>
+            </div>
+
+          </div>
+        </div>
+      </section>
+
+      <section style="margin-top: 2%;">
+        <div class="container">
+          <div class="row">
+            <div class="col-12">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-send-outline"></span> Edit Subscriber</div>
+                  <form action="/actions/update" method="post" enctype="multipart/form-data">
+                    <div class="form-group">
+                      <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                    </div>
+                    <div class="form-group" style="margin: 2%;">
+                      <textarea type="text" class="form-control" id="msg" name="msg" rows="3"></textarea>
+                      <button type="submit" class="btn btn-primary" style="margin-top: 2%;">Submit</button>
+                      <a href="/view?rid=<?php echo($_GET['rid']); ?>" class="btn btn-danger" style="margin-top: 2%;">Cancel</a>
+                    </div>
+                  </form>
+              </div>
+            </div>
+          </div>
+        </div>
+      </section>
+
+    <?php } else if ($is_authorised == false) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1>You are not authorised to see this page.</h1>
+        </div>
+      </section>
+    <?php } } ?>
+
+</main>
+
+<?php
+    require_once __DIR__ . "/../includes/footer.php";
+?>
diff --git a/app/public/view.php b/app/public/view.php
index 65bb1e6..6d58f22 100644
--- a/app/public/view.php
+++ b/app/public/view.php
@@ -53,8 +53,9 @@
           <?php if ($request['status'] != 'Closed') { ?>
             <p>
               <a href='/update?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a>
-              <a href='/upload?rid=<?php echo($request["uuid"]); ?>' class='btn btn-secondary my-2'>Add attachment(s)</a>
-              <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#closeModal">Close the request</button>
+              <a href='/upload?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Add attachment(s)</a>
+              <a href='/editsub?rid=<?php echo($request["uuid"]); ?>' class='btn btn-secondary my-2'>Manage subscribers</a>
+              <button type="button" class="btn btn-danger" data-toggle="modal" data-target="#closeModal">Close the request</button>
             </p>
           <?php } ?>
         </div>