From 0e0db8c8774a6d4c89bea97e46097a93759b0da1 Mon Sep 17 00:00:00 2001
From: Alexander Davis <alex@adcm.uk>
Date: Mon, 10 Aug 2020 17:56:22 +0100
Subject: [PATCH 1/6] Creation of button and SQL

---
 app/public/actions/reopen.php | 27 +++++++++++++++++++++++++++
 app/public/view.php           |  4 +++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 app/public/actions/reopen.php

diff --git a/app/public/actions/reopen.php b/app/public/actions/reopen.php
new file mode 100644
index 0000000..ee79f47
--- /dev/null
+++ b/app/public/actions/reopen.php
@@ -0,0 +1,27 @@
+<?php
+    $PAGE_NAME = "Close request";
+    require_once __DIR__ . "/../../includes/prereqs.php";
+
+    $request = get_request($db, $_GET['rid']);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    // Close request
+    if ($is_authorised == true) {
+      try {
+          $stmt = "UPDATE tickets SET status='Reopened' WHERE uuid=:uuid";
+          $sql = $db->prepare($stmt);
+          $sql->bindParam(':uuid', $_GET['rid']);
+          $sql->execute();
+      } catch (PDOException $e) {
+          $alert = array("danger", "Failed to reopen request: " . $e->getMessage());
+      }
+      $newURL = "/";
+      echo("<script>window.location = '$newURL'</script>");
+    } else {
+        $alert = array("danger", "You are not authorised to close this request.");
+        $newURL = "/view?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    }
+
+?>
diff --git a/app/public/view.php b/app/public/view.php
index 1224e54..a2919a1 100644
--- a/app/public/view.php
+++ b/app/public/view.php
@@ -53,7 +53,9 @@
             <p>
               <?php if ($_SESSION['uuid'] == $request['created_by']) { ?>
                 <a href='/editsub?rid=<?php echo($request["uuid"]); ?>' class='btn btn-secondary my-2'>Manage subscribers</a>
-              <?php } ?>
+                <?php if ($request['status'] == 'Closed') { ?>
+                <a href='/editsub?rid=<?php echo($request["uuid"]); ?>' class='btn btn-success my-2'>Reopen request</a>
+              <?php }} ?>
               <?php if ($request['status'] != 'Closed') { ?>
                 <a href='/update?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a>
                 <a href='/upload?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Add attachment(s)</a>
-- 
2.49.1


From 25874c2803066be6fc04fd298fb3ed6773988151 Mon Sep 17 00:00:00 2001
From: Alexander Davis <alex@adcm.uk>
Date: Mon, 10 Aug 2020 18:06:02 +0100
Subject: [PATCH 2/6] Movement of buttons

---
 app/public/actions/reopen.php |  2 +-
 app/public/view.php           | 54 +++++++++++++++++------------------
 2 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/app/public/actions/reopen.php b/app/public/actions/reopen.php
index ee79f47..6a43860 100644
--- a/app/public/actions/reopen.php
+++ b/app/public/actions/reopen.php
@@ -1,5 +1,5 @@
 <?php
-    $PAGE_NAME = "Close request";
+    $PAGE_NAME = "Reopen request";
     require_once __DIR__ . "/../../includes/prereqs.php";
 
     $request = get_request($db, $_GET['rid']);
diff --git a/app/public/view.php b/app/public/view.php
index a2919a1..a594055 100644
--- a/app/public/view.php
+++ b/app/public/view.php
@@ -51,39 +51,39 @@
           <p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p>
           <p class="lead text-muted"><?php echo($request['description']); ?></p>
             <p>
-              <?php if ($_SESSION['uuid'] == $request['created_by']) { ?>
-                <a href='/editsub?rid=<?php echo($request["uuid"]); ?>' class='btn btn-secondary my-2'>Manage subscribers</a>
-                <?php if ($request['status'] == 'Closed') { ?>
-                <a href='/editsub?rid=<?php echo($request["uuid"]); ?>' class='btn btn-success my-2'>Reopen request</a>
-              <?php }} ?>
               <?php if ($request['status'] != 'Closed') { ?>
                 <a href='/update?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a>
                 <a href='/upload?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Add attachment(s)</a>
-                <button type="button" class="btn btn-danger" data-toggle="modal" data-target="#closeModal">Close the request</button>
+                <?php if ($_SESSION['uuid'] == $request['created_by']) { ?>
+                  <a href='/editsub?rid=<?php echo($request["uuid"]); ?>' class='btn btn-secondary my-2'>Manage subscribers</a>
+                  <button type="button" class="btn btn-danger" data-toggle="modal" data-target="#closeModal">Close the request</button>
+                  <div class="modal fade" id="closeModal" tabindex="-1" aria-labelledby="closeModalLabel" aria-hidden="true">
+                    <div class="modal-dialog">
+                      <div class="modal-content">
+                        <div class="modal-header">
+                          <h5 class="modal-title" id="closeModalLabel">Close the request?</h5>
+                          <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+                            <span aria-hidden="true">&times;</span>
+                          </button>
+                        </div>
+                        <div class="modal-body">
+                          Are you sure you want to close request <b><?php echo($request['title']); ?></b>? This action is irreversible.
+                        </div>
+                        <div class="modal-footer">
+                          <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
+                          <a href='/actions/close?rid=<?php echo($request["uuid"]); ?>' class='btn btn-danger'>Close request</a>
+                        </div>
+                      </div>
+                    </div>
+                  </div>
+                <?php } ?>
               <?php } ?>
+              <?php if ($_SESSION['uuid'] == $request['created_by']) { ?>
+                <?php if ($request['status'] == 'Closed') { ?>
+                  <a href='/reopen?rid=<?php echo($request["uuid"]); ?>' class='btn btn-success my-2'>Reopen request</a>
+                <?php }} ?>
             </p>
         </div>
-
-        <div class="modal fade" id="closeModal" tabindex="-1" aria-labelledby="closeModalLabel" aria-hidden="true">
-          <div class="modal-dialog">
-            <div class="modal-content">
-              <div class="modal-header">
-                <h5 class="modal-title" id="closeModalLabel">Close the request?</h5>
-                <button type="button" class="close" data-dismiss="modal" aria-label="Close">
-                  <span aria-hidden="true">&times;</span>
-                </button>
-              </div>
-              <div class="modal-body">
-                Are you sure you want to close request <b><?php echo($request['title']); ?></b>? This action is irreversible.
-              </div>
-              <div class="modal-footer">
-                <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
-                <a href='/actions/close?rid=<?php echo($request["uuid"]); ?>' class='btn btn-danger'>Close request</a>
-              </div>
-            </div>
-          </div>
-        </div>
-
       </section>
       <section>
         <div class="container-fluid">
-- 
2.49.1


From 98cd714a1b04770af8d66dd253c924b8267166d5 Mon Sep 17 00:00:00 2001
From: Alexander Davis <alex@adcm.uk>
Date: Mon, 10 Aug 2020 18:07:13 +0100
Subject: [PATCH 3/6] Changes to authorisation requirements

---
 app/public/actions/close.php  | 6 +++++-
 app/public/actions/reopen.php | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/app/public/actions/close.php b/app/public/actions/close.php
index eb71ade..2ccbddf 100644
--- a/app/public/actions/close.php
+++ b/app/public/actions/close.php
@@ -4,7 +4,11 @@
 
     $request = get_request($db, $_GET['rid']);
     $authorised_users = get_subscribers($db, $request);
-    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+    if ($_SESSION['uuid'] == $request['created_by']) {
+      $is_authorised = true;
+    } else {
+      $is_authorised = false;
+    };
 
     // Close request
     if ($is_authorised == true) {
diff --git a/app/public/actions/reopen.php b/app/public/actions/reopen.php
index 6a43860..90d3d99 100644
--- a/app/public/actions/reopen.php
+++ b/app/public/actions/reopen.php
@@ -4,7 +4,11 @@
 
     $request = get_request($db, $_GET['rid']);
     $authorised_users = get_subscribers($db, $request);
-    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+    if ($_SESSION['uuid'] == $request['created_by']) {
+      $is_authorised = true;
+    } else {
+      $is_authorised = false;
+    };
 
     // Close request
     if ($is_authorised == true) {
-- 
2.49.1


From 710737431f604007318c675cf0c00710d25be764 Mon Sep 17 00:00:00 2001
From: Alexander Davis <alex@adcm.uk>
Date: Mon, 10 Aug 2020 18:10:12 +0100
Subject: [PATCH 4/6] Update to errors

---
 app/public/actions/reopen.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/public/actions/reopen.php b/app/public/actions/reopen.php
index 90d3d99..1f81c3e 100644
--- a/app/public/actions/reopen.php
+++ b/app/public/actions/reopen.php
@@ -23,7 +23,7 @@
       $newURL = "/";
       echo("<script>window.location = '$newURL'</script>");
     } else {
-        $alert = array("danger", "You are not authorised to close this request.");
+        $alert = array("danger", "You are not authorised to reopen this request.");
         $newURL = "/view?rid=" . $request['uuid'];
         echo("<script>window.location = '$newURL'</script>");
     }
-- 
2.49.1


From ba24cb54278a0b2a3947b00dc05b2b17c9a497e8 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Mon, 10 Aug 2020 18:15:00 +0100
Subject: [PATCH 5/6] :art: Tidy up a little

Signed-off-by: Luke Tainton <luke@tainton.uk>
---
 app/public/view.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/app/public/view.php b/app/public/view.php
index a594055..b026de4 100644
--- a/app/public/view.php
+++ b/app/public/view.php
@@ -77,11 +77,10 @@
                     </div>
                   </div>
                 <?php } ?>
-              <?php } ?>
-              <?php if ($_SESSION['uuid'] == $request['created_by']) { ?>
-                <?php if ($request['status'] == 'Closed') { ?>
+              <?php } elseif ($request['status'] == 'Closed') { ?>
+                <?php if ($_SESSION['uuid'] == $request['created_by']) { ?>
                   <a href='/reopen?rid=<?php echo($request["uuid"]); ?>' class='btn btn-success my-2'>Reopen request</a>
-                <?php }} ?>
+                <?php } } ?>
             </p>
         </div>
       </section>
-- 
2.49.1


From 1f069a387a8ed8cfb7a31d9880a5c63cb018e0ec Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Mon, 10 Aug 2020 18:16:01 +0100
Subject: [PATCH 6/6] :art: Fix comment

Signed-off-by: Luke Tainton <luke@tainton.uk>
---
 app/public/actions/reopen.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/public/actions/reopen.php b/app/public/actions/reopen.php
index 1f81c3e..3aee5f5 100644
--- a/app/public/actions/reopen.php
+++ b/app/public/actions/reopen.php
@@ -10,7 +10,7 @@
       $is_authorised = false;
     };
 
-    // Close request
+    // Reopen request
     if ($is_authorised == true) {
       try {
           $stmt = "UPDATE tickets SET status='Reopened' WHERE uuid=:uuid";
-- 
2.49.1