From b93f9d35e04d2b8854b0401287570a2b9dda1c69 Mon Sep 17 00:00:00 2001 From: Alexander Davis Date: Sun, 9 Aug 2020 18:20:18 +0100 Subject: [PATCH 1/3] Creation of File list @luketainton needs to look at line 123 to work out what should be displayed and how to click to download the file. This should be done in view.php Creation of get_files script in prereqs.php --- app/includes/prereqs.php | 10 ++++++++++ app/public/view.php | 41 ++++++++++++++++++++++++++++------------ 2 files changed, 39 insertions(+), 12 deletions(-) diff --git a/app/includes/prereqs.php b/app/includes/prereqs.php index f8d49ad..f2badaa 100644 --- a/app/includes/prereqs.php +++ b/app/includes/prereqs.php @@ -126,6 +126,16 @@ function get_updates($db, $request) { return $updates_result; } +function get_files($db, $request) { + $updates_stmt = "SELECT * FROM ticket_uploads WHERE ticket=:uuid"; + $updates_sql = $db->prepare($updates_stmt); + $updates_sql->bindParam(':uuid', $request['uuid']); + $updates_sql->execute(); + $updates_sql->setFetchMode(PDO::FETCH_ASSOC); + $updates_result = $updates_sql->fetchAll(); + return $updates_result; +} + function get_subscribers($db, $request) { $subs = array(); $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid"; diff --git a/app/public/view.php b/app/public/view.php index 4fc208d..b02bae3 100644 --- a/app/public/view.php +++ b/app/public/view.php @@ -4,6 +4,7 @@ $request = get_request($db, $_GET['rid']); $updates = get_updates($db, $request); + $files = get_files($db, $request); $authorised_users = get_subscribers($db, $request); $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request); ?> @@ -60,14 +61,14 @@
-
+
Information
  • Status: - + New
    • @@ -75,7 +76,7 @@
    Created by: - + Luke Tainton
    @@ -83,19 +84,14 @@
    Assigned to: - " . get_user_name($db, $request['assignee']) . ""); - } else { - echo("None"); - } ?> -
    + None
  • Created: - + 2020-08-04 13:26:22
    • @@ -103,13 +99,34 @@
    Last updated: - + 2020-08-04 13:26:22
    -
    +
    +
    Uploaded files
    +
      + No files uploaded"); + } else { + foreach($files as $file) { + ?> +
    • +
      +
      + +
      +
      + +
      +
      +
      • + +
    +
    -- 2.49.1 From 718d8b53b4e6a63ee20c877f41ae817a55ab0d09 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Sun, 9 Aug 2020 20:16:13 +0100 Subject: [PATCH 2/3] :sparkles: Implement file download function Signed-off-by: Luke Tainton --- app/includes/app_functions.php | 106 ++++++++++++++++++++++++++++++++ app/includes/prereqs.php | 103 +------------------------------ app/public/actions/download.php | 46 ++++++++++++++ app/public/actions/upload.php | 2 +- app/public/view.php | 67 ++++++++++---------- 5 files changed, 192 insertions(+), 132 deletions(-) create mode 100644 app/includes/app_functions.php create mode 100644 app/public/actions/download.php diff --git a/app/includes/app_functions.php b/app/includes/app_functions.php new file mode 100644 index 0000000..52ca0fb --- /dev/null +++ b/app/includes/app_functions.php @@ -0,0 +1,106 @@ +prepare($stmt); + $sql->bindParam(':uuid', $user_uuid); + $sql->execute(); + $sql->setFetchMode(PDO::FETCH_ASSOC); + $result = $sql->fetchAll(); + $usr = $result[0]['given_name'] . " " . $result[0]['family_name']; + } catch (PDOException $e) { + echo("Error: " . $e->getMessage()); + } + return $usr; + } + + function get_my_requests($db) { + $ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid"; + $ticket_sql = $db->prepare($ticket_stmt); + $ticket_sql->bindParam(':uuid', $_SESSION['uuid']); + $ticket_sql->execute(); + $ticket_sql->setFetchMode(PDO::FETCH_ASSOC); + $ticket_result = $ticket_sql->fetchAll(); + return $ticket_result; + } + + function get_subscribed_requests($db) { + $requests = array(); + $sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid"; + $sub_tickets_sql = $db->prepare($sub_tickets_stmt); + $sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']); + $sub_tickets_sql->execute(); + $sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC); + $sub_tickets_result = $sub_tickets_sql->fetchAll(); + foreach ($sub_tickets_result as $tkt) { + $stmt = "SELECT * FROM tickets WHERE uuid=:uuid"; + $sql = $db->prepare($stmt); + $sql->bindParam(':uuid', $tkt['ticket_uuid']); + $sql->execute(); + $sql->setFetchMode(PDO::FETCH_ASSOC); + $result = $sql->fetchAll(); + array_push($requests, $result[0]); + } + return $requests; + } + + function get_request($db, $uuid) { + $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid"; + $ticket_sql = $db->prepare($ticket_stmt); + $ticket_sql->bindParam(':uuid', $uuid); + $ticket_sql->execute(); + $ticket_sql->setFetchMode(PDO::FETCH_ASSOC); + $ticket_result = $ticket_sql->fetchAll(); + $request = $ticket_result[0]; + return $request; + } + + + function get_updates($db, $request) { + $updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid"; + $updates_sql = $db->prepare($updates_stmt); + $updates_sql->bindParam(':uuid', $request['uuid']); + $updates_sql->execute(); + $updates_sql->setFetchMode(PDO::FETCH_ASSOC); + $updates_result = $updates_sql->fetchAll(); + return $updates_result; + } + + function get_files($db, $request) { + $stmt = "SELECT * FROM ticket_uploads WHERE ticket=:uuid"; + $sql = $db->prepare($stmt); + $sql->bindParam(':uuid', $request['uuid']); + $sql->execute(); + $sql->setFetchMode(PDO::FETCH_ASSOC); + $result = $sql->fetchAll(); + return $result; + } + + function get_single_file($db, $file) { + $stmt = "SELECT * FROM ticket_uploads WHERE id=:fileid"; + $sql = $db->prepare($stmt); + $sql->bindParam(':fileid', $file['id']); + $sql->execute(); + $sql->setFetchMode(PDO::FETCH_ASSOC); + $result = $sql->fetchAll(); + $file = $result[0]; + return $file; + } + + function get_subscribers($db, $request) { + $subs = array(); + $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid"; + $users_sql = $db->prepare($users_stmt); + $users_sql->bindParam(':uuid', $request['uuid']); + $users_sql->execute(); + $users_sql->setFetchMode(PDO::FETCH_ASSOC); + $users_result = $users_sql->fetchAll(); + foreach ($users_result as $u) { + array_push($subs, $u['user_uuid']); + } + return $subs; + } + + function isAuthorised($user, $authorised_users, $request) { + if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; } + } diff --git a/app/includes/prereqs.php b/app/includes/prereqs.php index f2badaa..148df35 100644 --- a/app/includes/prereqs.php +++ b/app/includes/prereqs.php @@ -37,6 +37,9 @@ if ($_ENV['OIDC_DISABLE_SSL'] == "true") { // Custom functions + +require_once __DIR__ . "/app_functions.php"; + function oidc_set_vars($sub, $uid, $fname, $lname, $email) { $_SESSION['uuid'] = $sub; $_SESSION['username'] = $uid; @@ -53,103 +56,3 @@ function is_signed_in() { return false; } } - -function create_alert($type, $msg) { - $thisAlert = array($type, $msg); - array_push($_SESSION['alerts'], $thisAlert); -} - -function get_user_name($db, $user_uuid) { - try { - $stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid"; - $sql = $db->prepare($stmt); - $sql->bindParam(':uuid', $user_uuid); - $sql->execute(); - $sql->setFetchMode(PDO::FETCH_ASSOC); - $result = $sql->fetchAll(); - $usr = $result[0]['given_name'] . " " . $result[0]['family_name']; - } catch (PDOException $e) { - echo("Error: " . $e->getMessage()); - } - return $usr; -} - -function get_my_requests($db) { - $ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid"; - $ticket_sql = $db->prepare($ticket_stmt); - $ticket_sql->bindParam(':uuid', $_SESSION['uuid']); - $ticket_sql->execute(); - $ticket_sql->setFetchMode(PDO::FETCH_ASSOC); - $ticket_result = $ticket_sql->fetchAll(); - return $ticket_result; -} - -function get_subscribed_requests($db) { - $requests = array(); - $sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid"; - $sub_tickets_sql = $db->prepare($sub_tickets_stmt); - $sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']); - $sub_tickets_sql->execute(); - $sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC); - $sub_tickets_result = $sub_tickets_sql->fetchAll(); - foreach ($sub_tickets_result as $tkt) { - $stmt = "SELECT * FROM tickets WHERE uuid=:uuid"; - $sql = $db->prepare($stmt); - $sql->bindParam(':uuid', $tkt['ticket_uuid']); - $sql->execute(); - $sql->setFetchMode(PDO::FETCH_ASSOC); - $result = $sql->fetchAll(); - array_push($requests, $result[0]); - } - return $requests; -} - -function get_request($db, $uuid) { - $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid"; - $ticket_sql = $db->prepare($ticket_stmt); - $ticket_sql->bindParam(':uuid', $uuid); - $ticket_sql->execute(); - $ticket_sql->setFetchMode(PDO::FETCH_ASSOC); - $ticket_result = $ticket_sql->fetchAll(); - $request = $ticket_result[0]; - return $request; -} - - -function get_updates($db, $request) { - $updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid"; - $updates_sql = $db->prepare($updates_stmt); - $updates_sql->bindParam(':uuid', $request['uuid']); - $updates_sql->execute(); - $updates_sql->setFetchMode(PDO::FETCH_ASSOC); - $updates_result = $updates_sql->fetchAll(); - return $updates_result; -} - -function get_files($db, $request) { - $updates_stmt = "SELECT * FROM ticket_uploads WHERE ticket=:uuid"; - $updates_sql = $db->prepare($updates_stmt); - $updates_sql->bindParam(':uuid', $request['uuid']); - $updates_sql->execute(); - $updates_sql->setFetchMode(PDO::FETCH_ASSOC); - $updates_result = $updates_sql->fetchAll(); - return $updates_result; -} - -function get_subscribers($db, $request) { - $subs = array(); - $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid"; - $users_sql = $db->prepare($users_stmt); - $users_sql->bindParam(':uuid', $request['uuid']); - $users_sql->execute(); - $users_sql->setFetchMode(PDO::FETCH_ASSOC); - $users_result = $users_sql->fetchAll(); - foreach ($users_result as $u) { - array_push($subs, $u['user_uuid']); - } - return $subs; -} - -function isAuthorised($user, $authorised_users, $request) { - if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; } -} diff --git a/app/public/actions/download.php b/app/public/actions/download.php new file mode 100644 index 0000000..953fcd1 --- /dev/null +++ b/app/public/actions/download.php @@ -0,0 +1,46 @@ +window.location = '$newURL'"); + +?> diff --git a/app/public/actions/upload.php b/app/public/actions/upload.php index 2bd4690..1e16db0 100644 --- a/app/public/actions/upload.php +++ b/app/public/actions/upload.php @@ -17,7 +17,7 @@ $file_size = $_FILES['file']['size']; $file_type = $_FILES['file']['type']; $file_tmp = $_FILES['file']['tmp_name']; - move_uploaded_file($file_tmp,"/srv/attachments/".$file_name); + move_uploaded_file($file_tmp,$_ENV['ATTACHMENTS_PATH']."/".$file_uuid); $stmt = "INSERT INTO ticket_uploads (id, ticket, user, filename) VALUES (:fileuuid, :ticket, :user, :name)"; $sql = $db->prepare($stmt); $sql->bindParam(':fileuuid', $file_uuid); diff --git a/app/public/view.php b/app/public/view.php index b02bae3..3f7b613 100644 --- a/app/public/view.php +++ b/app/public/view.php @@ -58,17 +58,17 @@
    -
    +
    -
    -
    +
    +
    Information
    • Status: - New +
      • @@ -76,7 +76,7 @@
      Created by: - Luke Tainton +
      @@ -84,14 +84,15 @@
      Assigned to: - None
      + +
  • Created: - 2020-08-04 13:26:22 +
    • @@ -99,36 +100,40 @@
    Last updated: - 2020-08-04 13:26:22 +
    -
    -
    Uploaded files
    -
      - No files uploaded"); - } else { - foreach($files as $file) { - ?> -
    • -
      -
      - -
      -
      - -
      -
      -
      • - -
    -
    +
    -
    +
    +
    +
    Files
    +
      + No files uploaded"); + } else { + foreach($files as $file) { + ?> +
    • +
      +
      + +
      +
      + +
      +
      +
      • + +
    +
    +
    + +
    Updates
      -- 2.49.1 From 9b4c9ea9ef124d94f7201296187e10d6ec56d8d7 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Sun, 9 Aug 2020 20:21:04 +0100 Subject: [PATCH 3/3] :bug: Fix assignee bug on view.php Signed-off-by: Luke Tainton --- app/public/view.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/public/view.php b/app/public/view.php index 3f7b613..2369e82 100644 --- a/app/public/view.php +++ b/app/public/view.php @@ -84,7 +84,11 @@
      Assigned to: - + " . get_user_name($db, $request['assignee']) . ""); + } else { + echo("None"); + } ?>
      -- 2.49.1