Skip to content

Commit 10a223b

Browse files
author
wrongecho
committed
Projects
- Add archive and unarchive ability - Improve logic around Open > Close > Archive > Delete - Change to new perms system - TODO: CSRF
1 parent 81844ce commit 10a223b

File tree

4 files changed

+96
-29
lines changed

4 files changed

+96
-29
lines changed

clients.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
$leads = intval($_GET['leads']);
1818
}
1919

20-
if($leads == 1){
20+
if ($leads == 1){
2121
$leads_query = 1;
2222
} else {
2323
$leads_query = 0;
@@ -35,7 +35,7 @@
3535
// Convert the sanitized tags into a comma-separated string
3636
$sanitizedTagsString = implode(",", $sanitizedTags);
3737
$tag_query = "AND tags.tag_id IN ($sanitizedTagsString)";
38-
} else{
38+
} else {
3939
$tag_query = '';
4040
}
4141

post/user/project.php

Lines changed: 49 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
if (isset($_POST['add_project'])) {
88

9-
validateTechRole();
9+
enforceUserPermission('module_support', 2);
1010

1111
$project_name = sanitizeInput($_POST['name']);
1212
$project_description = sanitizeInput($_POST['description']);
@@ -78,7 +78,7 @@
7878

7979
if (isset($_POST['edit_project'])) {
8080

81-
validateTechRole();
81+
enforceUserPermission('module_support', 2);
8282

8383
$project_id = intval($_POST['project_id']);
8484
$project_name = sanitizeInput($_POST['name']);
@@ -99,7 +99,7 @@
9999

100100
if (isset($_GET['close_project'])) {
101101

102-
validateTechRole();
102+
enforceUserPermission('module_support', 2);
103103

104104
$project_id = intval($_GET['close_project']);
105105

@@ -119,9 +119,52 @@
119119
header("Location: " . $_SERVER["HTTP_REFERER"]);
120120
}
121121

122+
if (isset($_GET['archive_project'])) {
123+
124+
enforceUserPermission('module_support', 2);
125+
126+
$project_id = intval($_GET['archive_project']);
127+
128+
// Get Client Name
129+
$sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id");
130+
$row = mysqli_fetch_array($sql);
131+
$project_name = sanitizeInput($row['project_name']);
132+
133+
mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NOW() WHERE project_id = $project_id");
134+
135+
//Logging
136+
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Archive', log_description = '$session_name archived project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_id");
137+
138+
$_SESSION['alert_type'] = "error";
139+
$_SESSION['alert_message'] = "Project $project_name archived";
140+
141+
header("Location: " . $_SERVER["HTTP_REFERER"]);
142+
}
143+
144+
if (isset($_GET['unarchive_project'])) {
145+
146+
enforceUserPermission('module_support', 2);
147+
148+
$project_id = intval($_GET['unarchive_project']);
149+
150+
// Get Client Name
151+
$sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id");
152+
$row = mysqli_fetch_array($sql);
153+
$project_name = sanitizeInput($row['project_name']);
154+
155+
mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NULL WHERE project_id = $project_id");
156+
157+
//Logging
158+
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Undo Archive', log_description = '$session_name unarchived project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_id");
159+
160+
$_SESSION['alert_message'] = "Project $project_name unarchived";
161+
162+
header("Location: " . $_SERVER["HTTP_REFERER"]);
163+
}
164+
122165
if (isset($_GET['delete_project'])) {
123166

124-
validateTechRole();
167+
enforceUserPermission('module_support', 3);
125168

126169
$project_id = intval($_GET['delete_project']);
127170

@@ -134,7 +177,7 @@
134177
mysqli_query($mysqli, "DELETE FROM projects WHERE project_id = $project_id");
135178

136179
// Logging
137-
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Projects', log_action = 'Delete', log_description = '$session_name deleted project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $project_id");
180+
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Delete', log_description = '$session_name deleted project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $project_id");
138181

139182
$_SESSION['alert_type'] = "error";
140183
$_SESSION['alert_message'] = "You Deleted Project <strong>$project_name</strong>";
@@ -144,7 +187,7 @@
144187

145188
if (isset($_POST['add_project_ticket'])) {
146189

147-
validateTechRole();
190+
enforceUserPermission('module_support', 2);
148191
$project_id = intval($_POST['project_id']);
149192

150193
// Get Project Name

project_details.php

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -29,9 +29,10 @@
2929
$project_name = nullable_htmlentities($row['project_name']);
3030
$project_description = nullable_htmlentities($row['project_description']);
3131
$project_due = nullable_htmlentities($row['project_due']);
32-
$project_completed_at = nullable_htmlentities($row['project_completed_at']);
3332
$project_created_at = date("Y-m-d", strtotime($row['project_created_at']));
3433
$project_updated_at = nullable_htmlentities($row['project_updated_at']);
34+
$project_completed_at = nullable_htmlentities($row['project_completed_at']);
35+
$project_archived_at = nullable_htmlentities($row['project_archived_at']);
3536

3637
$client_id = intval($row['client_id']);
3738
$client_name = nullable_htmlentities($row['client_name']);
@@ -70,8 +71,9 @@
7071
$sql_closed_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = $project_id AND ticket_closed_at IS NOT NULL");
7172

7273
$closed_ticket_count = mysqli_num_rows($sql_closed_tickets);
73-
74-
if($ticket_count) {
74+
75+
$tickets_closed_percent = 100; //Default
76+
if ($ticket_count) {
7577
$tickets_closed_percent = round(($closed_ticket_count / $ticket_count) * 100);
7678
}
7779

@@ -177,11 +179,11 @@
177179

178180
<div class="col-sm-3">
179181
<div class="btn-group float-right d-print-none">
180-
<?php if($tickets_closed_percent == 100 && empty($project_completed_at)) { ?>
182+
<?php if ($tickets_closed_percent == 100 && empty($project_completed_at)) { ?>
181183
<a class="btn btn-primary btn-sm confirm-link" href="post.php?close_project=<?php echo $project_id; ?>">
182184
<i class="fas fa-fw fa-check mr-2"></i>Close
183185
</a>
184-
<?php } else { ?>
186+
<?php } if (empty($project_completed_at)) { ?>
185187
<button type="button" class="btn btn-primary btn-sm" href="#" data-toggle="modal" data-target="#addProjectTicketModal">
186188
<i class="fas fa-fw fa-plus mr-2"></i>Add Ticket
187189
</button>
@@ -195,14 +197,13 @@
195197
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectModal<?php echo $project_id; ?>">
196198
<i class="fas fa-fw fa-edit mr-2"></i>Edit
197199
</a>
198-
<div class="dropdown-divider"></div>
199200
<?php } ?>
200-
<?php if ($session_user_role == 3) { ?>
201+
<?php if (!empty($project_completed_at) && empty($project_archived_at) && lookupUserPermission("module_support" >= 2)) { ?>
201202
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?archive_project=<?php echo $project_id; ?>">
202203
<i class="fas fa-fw fa-archive mr-2"></i>Archive
203204
</a>
204205
<?php } ?>
205-
<?php if ($session_user_role == 3) { ?>
206+
<?php if (!empty($project_archived_at) && lookupUserPermission("module_support" >= 3)) { ?>
206207
<div class="dropdown-divider"></div>
207208
<a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
208209
<i class="fas fa-fw fa-trash mr-2"></i>Delete

projects.php

Lines changed: 36 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -39,9 +39,9 @@
3939
LEFT JOIN users ON user_id = project_manager
4040
WHERE DATE(project_created_at) BETWEEN '$dtf' AND '$dtt'
4141
AND (project_name LIKE '%$q%' OR project_description LIKE '%$q%' OR user_name LIKE '%$q%')
42-
AND project_archived_at IS NULL
4342
AND project_completed_at $status_query
4443
$project_permission_snippet
44+
AND project_$archive_query
4545
ORDER BY $sort $order LIMIT $record_from, $record_to"
4646
);
4747

@@ -59,6 +59,7 @@
5959

6060
<div class="card-body">
6161
<form class="mb-4" autocomplete="off">
62+
<input type="hidden" name="archived" value="<?php echo $archived; ?>">
6263
<div class="row">
6364
<div class="col-sm-4">
6465
<div class="input-group">
@@ -72,8 +73,15 @@
7273
<div class="col-sm-8">
7374
<div class="btn-toolbar float-right">
7475
<div class="btn-group mr-2">
75-
<a href="?status=0" class="btn btn-<?php if($status == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-open mr-2"></i>Open</a>
76-
<a href="?status=1" class="btn btn-<?php if($status == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-closed mr-2"></i>Closed</a>
76+
<a href="?status=0" class="btn btn-<?php if ($status == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-open mr-2"></i>Open</a>
77+
<a href="?status=1" class="btn btn-<?php if ($status == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-closed mr-2"></i>Closed</a>
78+
</div>
79+
80+
<div class="btn-group mr-2">
81+
<a href="?<?php echo $url_query_strings_sort ?>&archived=<?php if($archived == 1){ echo 0; } else { echo 1; } ?>"
82+
class="btn btn-<?php if ($archived == 1) { echo "primary"; } else { echo "default"; } ?>">
83+
<i class="fa fa-fw fa-archive mr-2"></i>Archived
84+
</a>
7785
</div>
7886

7987
</div>
@@ -152,11 +160,12 @@
152160
$project_name = nullable_htmlentities($row['project_name']);
153161
$project_description = nullable_htmlentities($row['project_description']);
154162
$project_due = nullable_htmlentities($row['project_due']);
155-
$project_completed_at = nullable_htmlentities($row['project_completed_at']);
156-
$project_completed_at_display = date("Y-m-d", strtotime($project_completed_at));
157163
$project_created_at = nullable_htmlentities($row['project_created_at']);
158164
$project_created_at_display = date("Y-m-d", strtotime($project_created_at));
159165
$project_updated_at = nullable_htmlentities($row['project_updated_at']);
166+
$project_completed_at = nullable_htmlentities($row['project_completed_at']);
167+
$project_completed_at_display = date("Y-m-d", strtotime($project_completed_at));
168+
$project_archived_at = nullable_htmlentities($row['project_archived_at']);
160169

161170
$client_id = intval($row['client_id']);
162171
$client_name = nullable_htmlentities($row['client_name']);
@@ -256,15 +265,29 @@
256265
<i class="fas fa-ellipsis-h"></i>
257266
</button>
258267
<div class="dropdown-menu">
259-
<?php if(empty($project_completed_at)) { ?>
260-
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectModal<?php echo $project_id; ?>">
261-
<i class="fas fa-fw fa-edit mr-2"></i>Edit
262-
</a>
263-
<div class="dropdown-divider"></div>
268+
<?php if (empty($project_completed_at)) { ?>
269+
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectModal<?php echo $project_id; ?>">
270+
<i class="fas fa-fw fa-edit mr-2"></i>Edit
271+
</a>
272+
<?php } ?>
273+
<?php if (!empty($project_completed_at) && lookupUserPermission("module_support" >= 2)) { ?>
274+
<div class="dropdown-divider"></div>
275+
<?php if (empty($project_archived_at)) { ?>
276+
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_project=<?php echo $project_id; ?>">
277+
<i class="fas fa-fw fa-archive mr-2"></i>Archive
278+
</a>
279+
<?php } else { ?>
280+
<a class="dropdown-item text-info confirm-link" href="post.php?unarchive_project=<?php echo $project_id; ?>">
281+
<i class="fas fa-fw fa-redo mr-2"></i>Unarchive
282+
</a>
283+
<?php if (lookupUserPermission("module_support" >= 3)) { ?>
284+
<div class="dropdown-divider"></div>
285+
<a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
286+
<i class="fas fa-fw fa-archive mr-2"></i>Delete
287+
</a>
288+
<?php } ?>
289+
<?php } ?>
264290
<?php } ?>
265-
<a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
266-
<i class="fas fa-fw fa-archive mr-2"></i>Delete
267-
</a>
268291
</div>
269292
</div>
270293
</td>

0 commit comments

Comments
 (0)