From 10a223b5b8e0080bfd8783577804513d5d36eb15 Mon Sep 17 00:00:00 2001 From: wrongecho Date: Mon, 30 Sep 2024 21:27:42 +0100 Subject: [PATCH 1/2] Projects - Add archive and unarchive ability - Improve logic around Open > Close > Archive > Delete - Change to new perms system - TODO: CSRF --- clients.php | 4 ++-- post/user/project.php | 55 ++++++++++++++++++++++++++++++++++++++----- project_details.php | 17 ++++++------- projects.php | 49 ++++++++++++++++++++++++++++---------- 4 files changed, 96 insertions(+), 29 deletions(-) diff --git a/clients.php b/clients.php index 2f49b0a81..7f257b92a 100644 --- a/clients.php +++ b/clients.php @@ -17,7 +17,7 @@ $leads = intval($_GET['leads']); } -if($leads == 1){ +if ($leads == 1){ $leads_query = 1; } else { $leads_query = 0; @@ -35,7 +35,7 @@ // Convert the sanitized tags into a comma-separated string $sanitizedTagsString = implode(",", $sanitizedTags); $tag_query = "AND tags.tag_id IN ($sanitizedTagsString)"; -} else{ +} else { $tag_query = ''; } diff --git a/post/user/project.php b/post/user/project.php index 2750c086f..065b3b78c 100644 --- a/post/user/project.php +++ b/post/user/project.php @@ -6,7 +6,7 @@ if (isset($_POST['add_project'])) { - validateTechRole(); + enforceUserPermission('module_support', 2); $project_name = sanitizeInput($_POST['name']); $project_description = sanitizeInput($_POST['description']); @@ -78,7 +78,7 @@ if (isset($_POST['edit_project'])) { - validateTechRole(); + enforceUserPermission('module_support', 2); $project_id = intval($_POST['project_id']); $project_name = sanitizeInput($_POST['name']); @@ -99,7 +99,7 @@ if (isset($_GET['close_project'])) { - validateTechRole(); + enforceUserPermission('module_support', 2); $project_id = intval($_GET['close_project']); @@ -119,9 +119,52 @@ header("Location: " . $_SERVER["HTTP_REFERER"]); } +if (isset($_GET['archive_project'])) { + + enforceUserPermission('module_support', 2); + + $project_id = intval($_GET['archive_project']); + + // Get Client Name + $sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id"); + $row = mysqli_fetch_array($sql); + $project_name = sanitizeInput($row['project_name']); + + mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NOW() WHERE project_id = $project_id"); + + //Logging + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Archive', log_description = '$session_name archived project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_id"); + + $_SESSION['alert_type'] = "error"; + $_SESSION['alert_message'] = "Project $project_name archived"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); +} + +if (isset($_GET['unarchive_project'])) { + + enforceUserPermission('module_support', 2); + + $project_id = intval($_GET['unarchive_project']); + + // Get Client Name + $sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id"); + $row = mysqli_fetch_array($sql); + $project_name = sanitizeInput($row['project_name']); + + mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NULL WHERE project_id = $project_id"); + + //Logging + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Undo Archive', log_description = '$session_name unarchived project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_id"); + + $_SESSION['alert_message'] = "Project $project_name unarchived"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); +} + if (isset($_GET['delete_project'])) { - validateTechRole(); + enforceUserPermission('module_support', 3); $project_id = intval($_GET['delete_project']); @@ -134,7 +177,7 @@ mysqli_query($mysqli, "DELETE FROM projects WHERE project_id = $project_id"); // Logging - mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Projects', log_action = 'Delete', log_description = '$session_name deleted project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $project_id"); + mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Delete', log_description = '$session_name deleted project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $project_id"); $_SESSION['alert_type'] = "error"; $_SESSION['alert_message'] = "You Deleted Project $project_name"; @@ -144,7 +187,7 @@ if (isset($_POST['add_project_ticket'])) { - validateTechRole(); + enforceUserPermission('module_support', 2); $project_id = intval($_POST['project_id']); // Get Project Name diff --git a/project_details.php b/project_details.php index 31b665364..04fe51536 100644 --- a/project_details.php +++ b/project_details.php @@ -29,9 +29,10 @@ $project_name = nullable_htmlentities($row['project_name']); $project_description = nullable_htmlentities($row['project_description']); $project_due = nullable_htmlentities($row['project_due']); - $project_completed_at = nullable_htmlentities($row['project_completed_at']); $project_created_at = date("Y-m-d", strtotime($row['project_created_at'])); $project_updated_at = nullable_htmlentities($row['project_updated_at']); + $project_completed_at = nullable_htmlentities($row['project_completed_at']); + $project_archived_at = nullable_htmlentities($row['project_archived_at']); $client_id = intval($row['client_id']); $client_name = nullable_htmlentities($row['client_name']); @@ -70,8 +71,9 @@ $sql_closed_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = $project_id AND ticket_closed_at IS NOT NULL"); $closed_ticket_count = mysqli_num_rows($sql_closed_tickets); - - if($ticket_count) { + + $tickets_closed_percent = 100; //Default + if ($ticket_count) { $tickets_closed_percent = round(($closed_ticket_count / $ticket_count) * 100); } @@ -177,11 +179,11 @@
- + Close - + @@ -195,14 +197,13 @@ Edit -
- + = 2)) { ?> Archive - + = 3)) { ?>
Delete diff --git a/projects.php b/projects.php index 5b7939161..1eab6989d 100644 --- a/projects.php +++ b/projects.php @@ -39,9 +39,9 @@ LEFT JOIN users ON user_id = project_manager WHERE DATE(project_created_at) BETWEEN '$dtf' AND '$dtt' AND (project_name LIKE '%$q%' OR project_description LIKE '%$q%' OR user_name LIKE '%$q%') - AND project_archived_at IS NULL AND project_completed_at $status_query $project_permission_snippet + AND project_$archive_query ORDER BY $sort $order LIMIT $record_from, $record_to" ); @@ -59,6 +59,7 @@
+
@@ -72,8 +73,15 @@
- ">Open - ">Closed + ">Open + ">Closed +
+ +
+ "> + Archived +
@@ -152,11 +160,12 @@ $project_name = nullable_htmlentities($row['project_name']); $project_description = nullable_htmlentities($row['project_description']); $project_due = nullable_htmlentities($row['project_due']); - $project_completed_at = nullable_htmlentities($row['project_completed_at']); - $project_completed_at_display = date("Y-m-d", strtotime($project_completed_at)); $project_created_at = nullable_htmlentities($row['project_created_at']); $project_created_at_display = date("Y-m-d", strtotime($project_created_at)); $project_updated_at = nullable_htmlentities($row['project_updated_at']); + $project_completed_at = nullable_htmlentities($row['project_completed_at']); + $project_completed_at_display = date("Y-m-d", strtotime($project_completed_at)); + $project_archived_at = nullable_htmlentities($row['project_archived_at']); $client_id = intval($row['client_id']); $client_name = nullable_htmlentities($row['client_name']); @@ -256,15 +265,29 @@
- - - Edit - -
+ + + Edit + + + = 2)) { ?> +
+ + + Archive + + + + Unarchive + + = 3)) { ?> +
+ + Delete + + + - - Delete -
From e0b088b76b515acfced6df17e8861c00aabcfbd9 Mon Sep 17 00:00:00 2001 From: wrongecho Date: Mon, 30 Sep 2024 21:31:04 +0100 Subject: [PATCH 2/2] Projects - Add archive and unarchive ability - Improve logic around Open > Close > Archive > Delete - Change to new perms system - Tidy and formatting - TODO: CSRF --- project_details.php | 495 ++++++++++++++++++++++---------------------- 1 file changed, 248 insertions(+), 247 deletions(-) diff --git a/project_details.php b/project_details.php index 04fe51536..c80b267a6 100644 --- a/project_details.php +++ b/project_details.php @@ -22,7 +22,7 @@ } $row = mysqli_fetch_array($sql_project); - + $project_id = intval($row['project_id']); $project_prefix = nullable_htmlentities($row['project_prefix']); $project_number = intval($row['project_number']); @@ -50,7 +50,7 @@ $project_manager_display = "-"; } - if($project_completed_at) { + if ($project_completed_at) { $project_status_display = "Closed"; $project_completed_date_display = "
" . date('Y-m-d', strtotime($project_completed_at)) . "
"; } else { @@ -96,7 +96,7 @@ $completed_task_count = mysqli_num_rows($sql_tasks_completed); // Tasks Completed Percent - if($task_count) { + if ($task_count) { $tasks_completed_percent = round(($completed_task_count / $task_count) * 100); } @@ -121,290 +121,291 @@ // The user names in a comma-separated string $ticket_collaborators = nullable_htmlentities($row['user_names']); - - ?> - -
    -
  1. - Projects -
    2. -
  2. Project Details
    3. -
+ ?> - -
-
-
-
- -
-

$project_name"; ?>

-
+ +
    +
  1. + Projects +
    2. +
  2. Project Details
    3. +
+ + +
+
+
+
+ +
+

$project_name"; ?>

+
+
-
-
-
-
-
-
- - -
- Total time worked: +
+
+
+
+
+ + +
+ Total time worked: +
+
- -
-
- -
- -
/
-
- - -
- -
/
-
- - -
- -
- -
- -
-
- - - Close - - - +
+ +
+ +
/
+
+ + +
+ +
/
+
-
- -
- - - Edit + +
+ +
+ +
+ +
+
+ + + Close - - = 2)) { ?> - - Archive - - - = 3)) { ?> -
- - Delete - - + + + + +
+ +
+ + + Edit + + + = 2)) { ?> + + Archive + + + = 3)) { ?> +
+ + Delete + + +
-
- -
-
- - - 0) { ?> -
- -
Project Tickets
-
- - - - - - - - - - - - - Never

"; +
+
+ + + 0) { ?> +
+ +
Project Tickets
+
+
TicketPriorityStatusAssignedLast ResponseClient
+ + + + + + + + + + + + Never

"; + } else { + $ticket_updated_at_display = "

Never

"; + } + } else { + $ticket_updated_at_display = "$ticket_updated_at_time_ago
$ticket_updated_at"; + } + $ticket_closed_at = nullable_htmlentities($row['ticket_closed_at']); + + if ($ticket_priority == "High") { + $ticket_priority_display = "$ticket_priority"; + } elseif ($ticket_priority == "Medium") { + $ticket_priority_display = "$ticket_priority"; + } elseif ($ticket_priority == "Low") { + $ticket_priority_display = "$ticket_priority"; + } else{ + $ticket_priority_display = "-"; + } + + $ticket_assigned_to = intval($row['ticket_assigned_to']); + if (empty($ticket_assigned_to)) { + if ($ticket_status == 5) { + $ticket_assigned_to_display = "

Not Assigned

"; + } else { + $ticket_assigned_to_display = "

Not Assigned

"; + } + } else { + $ticket_assigned_to_display = nullable_htmlentities($row['user_name']); + } + + $project_id = intval($row['ticket_project_id']); + + $client_id = intval($row['client_id']); + $client_name = nullable_htmlentities($row['client_name']); + + $contact_name = nullable_htmlentities($row['contact_name']); + $contact_email = nullable_htmlentities($row['contact_email']); + $contact_archived_at = nullable_htmlentities($row['contact_archived_at']); + if (empty($contact_archived_at)) { + $contact_archived_display = ""; } else { - $ticket_updated_at_display = "

Never

"; + $contact_archived_display = "Archived - "; } - } else { - $ticket_updated_at_display = "$ticket_updated_at_time_ago
$ticket_updated_at"; - } - $ticket_closed_at = nullable_htmlentities($row['ticket_closed_at']); - - if ($ticket_priority == "High") { - $ticket_priority_display = "$ticket_priority"; - } elseif ($ticket_priority == "Medium") { - $ticket_priority_display = "$ticket_priority"; - } elseif ($ticket_priority == "Low") { - $ticket_priority_display = "$ticket_priority"; - } else{ - $ticket_priority_display = "-"; - } - - $ticket_assigned_to = intval($row['ticket_assigned_to']); - if (empty($ticket_assigned_to)) { - if ($ticket_status == 5) { - $ticket_assigned_to_display = "

Not Assigned

"; + if (empty($contact_name)) { + $contact_display = "-"; } else { - $ticket_assigned_to_display = "

Not Assigned

"; + $contact_display = "$contact_archived_display$contact_name
$contact_email"; } - } else { - $ticket_assigned_to_display = nullable_htmlentities($row['user_name']); - } - - $project_id = intval($row['ticket_project_id']); - - $client_id = intval($row['client_id']); - $client_name = nullable_htmlentities($row['client_name']); - - $contact_name = nullable_htmlentities($row['contact_name']); - $contact_email = nullable_htmlentities($row['contact_email']); - $contact_archived_at = nullable_htmlentities($row['contact_archived_at']); - if (empty($contact_archived_at)) { - $contact_archived_display = ""; - } else { - $contact_archived_display = "Archived - "; - } - if (empty($contact_name)) { - $contact_display = "-"; - } else { - $contact_display = "$contact_archived_display$contact_name
$contact_email"; - } - - // Get who last updated the ticket - to be shown in the last Response column - $ticket_reply_type = "Client"; // Default to client for unreplied tickets - $ticket_reply_by_display = ""; // Default none - $sql_ticket_reply = mysqli_query($mysqli, "SELECT ticket_reply_type, contact_name, user_name FROM ticket_replies + + // Get who last updated the ticket - to be shown in the last Response column + $ticket_reply_type = "Client"; // Default to client for unreplied tickets + $ticket_reply_by_display = ""; // Default none + $sql_ticket_reply = mysqli_query($mysqli, "SELECT ticket_reply_type, contact_name, user_name FROM ticket_replies LEFT JOIN users ON ticket_reply_by = user_id LEFT JOIN contacts ON ticket_reply_by = contact_id WHERE ticket_reply_ticket_id = $ticket_id AND ticket_reply_archived_at IS NULL ORDER BY ticket_reply_id DESC LIMIT 1" - ); - $row = mysqli_fetch_array($sql_ticket_reply); - - if ($row) { - $ticket_reply_type = nullable_htmlentities($row['ticket_reply_type']); - if ($ticket_reply_type == "Client") { - $ticket_reply_by_display = nullable_htmlentities($row['contact_name']); - } else { - $ticket_reply_by_display = nullable_htmlentities($row['user_name']); + ); + $row = mysqli_fetch_array($sql_ticket_reply); + + if ($row) { + $ticket_reply_type = nullable_htmlentities($row['ticket_reply_type']); + if ($ticket_reply_type == "Client") { + $ticket_reply_by_display = nullable_htmlentities($row['contact_name']); + } else { + $ticket_reply_by_display = nullable_htmlentities($row['user_name']); + } } - } - ?> + ?> - + - - - - + + + + - - + + - - + + - + + + + + + + + + +
TicketPriorityStatusAssignedLast ResponseClient
- - - - - + + + + + - - + + +
+
+
+
+
+ +
+ +
+ + + 0) { ?> +
+
All Tasks
+ + + - - - - -
-
-
+ + + + + + + +
-
- -
- -
- - - 0) { ?> -
-
All Tasks
- - - - - - -
- - - - - - - - -
-
- - + + -
+
-
+
-