AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Projects 

- Add archive and unarchive ability
- Improve logic around Open > Close > Archive > Delete
- Change to new perms system
- TODO: CSRF
This commit is contained in:
wrongecho 2024-09-30 21:27:42 +01:00
parent 81844cea2e
commit 10a223b5b8
4 changed files with 96 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
clients.php
View File

@ -17,7 +17,7 @@ if (isset($_GET['leads'])) {
$leads = intval($_GET['leads']);
}
if($leads == 1){
if ($leads == 1){
$leads_query = 1;
} else {
$leads_query = 0;
@ -35,7 +35,7 @@ if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
// Convert the sanitized tags into a comma-separated string
$sanitizedTagsString = implode(",", $sanitizedTags);
$tag_query = "AND tags.tag_id IN ($sanitizedTagsString)";
} else{
} else {
$tag_query = '';
}

55
post/user/project.php
View File

@ -6,7 +6,7 @@
if (isset($_POST['add_project'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$project_name = sanitizeInput($_POST['name']);
$project_description = sanitizeInput($_POST['description']);
@ -78,7 +78,7 @@ if (isset($_POST['add_project'])) {
if (isset($_POST['edit_project'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$project_id = intval($_POST['project_id']);
$project_name = sanitizeInput($_POST['name']);
@ -99,7 +99,7 @@ if (isset($_POST['edit_project'])) {
if (isset($_GET['close_project'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$project_id = intval($_GET['close_project']);
@ -119,9 +119,52 @@ if (isset($_GET['close_project'])) {
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['archive_project'])) {
enforceUserPermission('module_support', 2);
$project_id = intval($_GET['archive_project']);
// Get Client Name
$sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id");
$row = mysqli_fetch_array($sql);
$project_name = sanitizeInput($row['project_name']);
mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NOW() WHERE project_id = $project_id");
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Archive', log_description = '$session_name archived project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Project $project_name archived";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['unarchive_project'])) {
enforceUserPermission('module_support', 2);
$project_id = intval($_GET['unarchive_project']);
// Get Client Name
$sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id");
$row = mysqli_fetch_array($sql);
$project_name = sanitizeInput($row['project_name']);
mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NULL WHERE project_id = $project_id");
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Undo Archive', log_description = '$session_name unarchived project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_id");
$_SESSION['alert_message'] = "Project $project_name unarchived";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['delete_project'])) {
validateTechRole();
enforceUserPermission('module_support', 3);
$project_id = intval($_GET['delete_project']);
@ -134,7 +177,7 @@ if (isset($_GET['delete_project'])) {
mysqli_query($mysqli, "DELETE FROM projects WHERE project_id = $project_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Projects', log_action = 'Delete', log_description = '$session_name deleted project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $project_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Delete', log_description = '$session_name deleted project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $project_id");
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "You Deleted Project <strong>$project_name</strong>";
@ -144,7 +187,7 @@ if (isset($_GET['delete_project'])) {
if (isset($_POST['add_project_ticket'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$project_id = intval($_POST['project_id']);
// Get Project Name

17
project_details.php
View File

@ -29,9 +29,10 @@ if (isset($_GET['project_id'])) {
$project_name = nullable_htmlentities($row['project_name']);
$project_description = nullable_htmlentities($row['project_description']);
$project_due = nullable_htmlentities($row['project_due']);
$project_completed_at = nullable_htmlentities($row['project_completed_at']);
$project_created_at = date("Y-m-d", strtotime($row['project_created_at']));
$project_updated_at = nullable_htmlentities($row['project_updated_at']);
$project_completed_at = nullable_htmlentities($row['project_completed_at']);
$project_archived_at = nullable_htmlentities($row['project_archived_at']);
$client_id = intval($row['client_id']);
$client_name = nullable_htmlentities($row['client_name']);
@ -70,8 +71,9 @@ if (isset($_GET['project_id'])) {
$sql_closed_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = $project_id AND ticket_closed_at IS NOT NULL");
$closed_ticket_count = mysqli_num_rows($sql_closed_tickets);
if($ticket_count) {
$tickets_closed_percent = 100; //Default
if ($ticket_count) {
$tickets_closed_percent = round(($closed_ticket_count / $ticket_count) * 100);
}
@ -177,11 +179,11 @@ if (isset($_GET['project_id'])) {
<div class="col-sm-3">
<div class="btn-group float-right d-print-none">
<?php if($tickets_closed_percent == 100 && empty($project_completed_at)) { ?>
<?php if ($tickets_closed_percent == 100 && empty($project_completed_at)) { ?>
<a class="btn btn-primary btn-sm confirm-link" href="post.php?close_project=<?php echo $project_id; ?>">
<i class="fas fa-fw fa-check mr-2"></i>Close
</a>
<?php } else { ?>
<?php } if (empty($project_completed_at)) { ?>
<button type="button" class="btn btn-primary btn-sm" href="#" data-toggle="modal" data-target="#addProjectTicketModal">
<i class="fas fa-fw fa-plus mr-2"></i>Add Ticket
</button>
@ -195,14 +197,13 @@ if (isset($_GET['project_id'])) {
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectModal<?php echo $project_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<div class="dropdown-divider"></div>
<?php } ?>
<?php if ($session_user_role == 3) { ?>
<?php if (!empty($project_completed_at) && empty($project_archived_at) && lookupUserPermission("module_support" >= 2)) { ?>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?archive_project=<?php echo $project_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<?php } ?>
<?php if ($session_user_role == 3) { ?>
<?php if (!empty($project_archived_at) && lookupUserPermission("module_support" >= 3)) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete

49
projects.php
View File

@ -39,9 +39,9 @@ $sql_projects = mysqli_query(
LEFT JOIN users ON user_id = project_manager
WHERE DATE(project_created_at) BETWEEN '$dtf' AND '$dtt'
AND (project_name LIKE '%$q%' OR project_description LIKE '%$q%' OR user_name LIKE '%$q%')
AND project_archived_at IS NULL
AND project_completed_at $status_query
$project_permission_snippet
AND project_$archive_query
ORDER BY $sort $order LIMIT $record_from, $record_to"
);
@ -59,6 +59,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card-body">
<form class="mb-4" autocomplete="off">
<input type="hidden" name="archived" value="<?php echo $archived; ?>">
<div class="row">
<div class="col-sm-4">
<div class="input-group">
@ -72,8 +73,15 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-sm-8">
<div class="btn-toolbar float-right">
<div class="btn-group mr-2">
<a href="?status=0" class="btn btn-<?php if($status == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-open mr-2"></i>Open</a>
<a href="?status=1" class="btn btn-<?php if($status == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-closed mr-2"></i>Closed</a>
<a href="?status=0" class="btn btn-<?php if ($status == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-open mr-2"></i>Open</a>
<a href="?status=1" class="btn btn-<?php if ($status == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-closed mr-2"></i>Closed</a>
</div>
<div class="btn-group mr-2">
<a href="?<?php echo $url_query_strings_sort ?>&archived=<?php if($archived == 1){ echo 0; } else { echo 1; } ?>"
class="btn btn-<?php if ($archived == 1) { echo "primary"; } else { echo "default"; } ?>">
<i class="fa fa-fw fa-archive mr-2"></i>Archived
</a>
</div>
</div>
@ -152,11 +160,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$project_name = nullable_htmlentities($row['project_name']);
$project_description = nullable_htmlentities($row['project_description']);
$project_due = nullable_htmlentities($row['project_due']);
$project_completed_at = nullable_htmlentities($row['project_completed_at']);
$project_completed_at_display = date("Y-m-d", strtotime($project_completed_at));
$project_created_at = nullable_htmlentities($row['project_created_at']);
$project_created_at_display = date("Y-m-d", strtotime($project_created_at));
$project_updated_at = nullable_htmlentities($row['project_updated_at']);
$project_completed_at = nullable_htmlentities($row['project_completed_at']);
$project_completed_at_display = date("Y-m-d", strtotime($project_completed_at));
$project_archived_at = nullable_htmlentities($row['project_archived_at']);
$client_id = intval($row['client_id']);
$client_name = nullable_htmlentities($row['client_name']);
@ -256,15 +265,29 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<?php if(empty($project_completed_at)) { ?>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectModal<?php echo $project_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<div class="dropdown-divider"></div>
<?php if (empty($project_completed_at)) { ?>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectModal<?php echo $project_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php } ?>
<?php if (!empty($project_completed_at) && lookupUserPermission("module_support" >= 2)) { ?>
<div class="dropdown-divider"></div>
<?php if (empty($project_archived_at)) { ?>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_project=<?php echo $project_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<?php } else { ?>
<a class="dropdown-item text-info confirm-link" href="post.php?unarchive_project=<?php echo $project_id; ?>">
<i class="fas fa-fw fa-redo mr-2"></i>Unarchive
</a>
<?php if (lookupUserPermission("module_support" >= 3)) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Delete
</a>
<?php } ?>
<?php } ?>
<?php } ?>
<a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Delete
</a>
</div>
</div>
</td>