From 10a223b5b8e0080bfd8783577804513d5d36eb15 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Mon, 30 Sep 2024 21:27:42 +0100
Subject: [PATCH] Projects

- Add archive and unarchive ability
- Improve logic around Open > Close > Archive > Delete
- Change to new perms system
- TODO: CSRF
---
 clients.php           |  4 ++--
 post/user/project.php | 55 ++++++++++++++++++++++++++++++++++++++-----
 project_details.php   | 17 ++++++-------
 projects.php          | 49 ++++++++++++++++++++++++++++----------
 4 files changed, 96 insertions(+), 29 deletions(-)

diff --git a/clients.php b/clients.php
index 2f49b0a8..7f257b92 100644
--- a/clients.php
+++ b/clients.php
@@ -17,7 +17,7 @@ if (isset($_GET['leads'])) {
     $leads = intval($_GET['leads']);
 }
 
-if($leads == 1){
+if ($leads == 1){
     $leads_query = 1;
 } else {
     $leads_query = 0;
@@ -35,7 +35,7 @@ if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
     // Convert the sanitized tags into a comma-separated string
     $sanitizedTagsString = implode(",", $sanitizedTags);
     $tag_query = "AND tags.tag_id IN ($sanitizedTagsString)";
-} else{ 
+} else {
     $tag_query = '';    
 }
 
diff --git a/post/user/project.php b/post/user/project.php
index 2750c086..065b3b78 100644
--- a/post/user/project.php
+++ b/post/user/project.php
@@ -6,7 +6,7 @@
 
 if (isset($_POST['add_project'])) {
 
-    validateTechRole();
+    enforceUserPermission('module_support', 2);
 
     $project_name = sanitizeInput($_POST['name']);
     $project_description = sanitizeInput($_POST['description']);
@@ -78,7 +78,7 @@ if (isset($_POST['add_project'])) {
 
 if (isset($_POST['edit_project'])) {
 
-    validateTechRole();
+    enforceUserPermission('module_support', 2);
 
     $project_id = intval($_POST['project_id']);
     $project_name = sanitizeInput($_POST['name']);
@@ -99,7 +99,7 @@ if (isset($_POST['edit_project'])) {
 
 if (isset($_GET['close_project'])) {
 
-    validateTechRole();
+    enforceUserPermission('module_support', 2);
 
     $project_id = intval($_GET['close_project']);
 
@@ -119,9 +119,52 @@ if (isset($_GET['close_project'])) {
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
 
+if (isset($_GET['archive_project'])) {
+
+    enforceUserPermission('module_support', 2);
+
+    $project_id = intval($_GET['archive_project']);
+
+    // Get Client Name
+    $sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id");
+    $row = mysqli_fetch_array($sql);
+    $project_name = sanitizeInput($row['project_name']);
+
+    mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NOW() WHERE project_id = $project_id");
+
+    //Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Archive', log_description = '$session_name archived project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_id");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "Project $project_name archived";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
+if (isset($_GET['unarchive_project'])) {
+
+    enforceUserPermission('module_support', 2);
+
+    $project_id = intval($_GET['unarchive_project']);
+
+    // Get Client Name
+    $sql = mysqli_query($mysqli, "SELECT * FROM projects WHERE project_id = $project_id");
+    $row = mysqli_fetch_array($sql);
+    $project_name = sanitizeInput($row['project_name']);
+
+    mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NULL WHERE project_id = $project_id");
+
+    //Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Undo Archive', log_description = '$session_name unarchived project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $project_id");
+
+    $_SESSION['alert_message'] = "Project $project_name unarchived";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
 if (isset($_GET['delete_project'])) {
 
-    validateTechRole();
+    enforceUserPermission('module_support', 3);
 
     $project_id = intval($_GET['delete_project']);
 
@@ -134,7 +177,7 @@ if (isset($_GET['delete_project'])) {
     mysqli_query($mysqli, "DELETE FROM projects WHERE project_id = $project_id");
 
     // Logging
-    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Projects', log_action = 'Delete', log_description = '$session_name deleted project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $project_id");
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Project', log_action = 'Delete', log_description = '$session_name deleted project $project_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $project_id");
 
     $_SESSION['alert_type'] = "error";
     $_SESSION['alert_message'] = "You Deleted Project <strong>$project_name</strong>";
@@ -144,7 +187,7 @@ if (isset($_GET['delete_project'])) {
 
 if (isset($_POST['add_project_ticket'])) {
 
-    validateTechRole();
+    enforceUserPermission('module_support', 2);
     $project_id = intval($_POST['project_id']);
 
     // Get Project Name
diff --git a/project_details.php b/project_details.php
index 31b66536..04fe5153 100644
--- a/project_details.php
+++ b/project_details.php
@@ -29,9 +29,10 @@ if (isset($_GET['project_id'])) {
     $project_name = nullable_htmlentities($row['project_name']);
     $project_description = nullable_htmlentities($row['project_description']);
     $project_due = nullable_htmlentities($row['project_due']);
-    $project_completed_at = nullable_htmlentities($row['project_completed_at']);
     $project_created_at = date("Y-m-d", strtotime($row['project_created_at']));
     $project_updated_at = nullable_htmlentities($row['project_updated_at']);
+    $project_completed_at = nullable_htmlentities($row['project_completed_at']);
+    $project_archived_at = nullable_htmlentities($row['project_archived_at']);
 
     $client_id = intval($row['client_id']);
     $client_name = nullable_htmlentities($row['client_name']);
@@ -70,8 +71,9 @@ if (isset($_GET['project_id'])) {
     $sql_closed_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = $project_id AND ticket_closed_at IS NOT NULL");
 
     $closed_ticket_count = mysqli_num_rows($sql_closed_tickets);
-    
-    if($ticket_count) {
+
+    $tickets_closed_percent = 100; //Default
+    if ($ticket_count) {
         $tickets_closed_percent = round(($closed_ticket_count / $ticket_count) * 100);
     }
 
@@ -177,11 +179,11 @@ if (isset($_GET['project_id'])) {
         
         <div class="col-sm-3">
             <div class="btn-group float-right d-print-none">
-                <?php if($tickets_closed_percent == 100 && empty($project_completed_at)) { ?>
+                <?php if ($tickets_closed_percent == 100 && empty($project_completed_at)) { ?>
                 <a class="btn btn-primary btn-sm confirm-link" href="post.php?close_project=<?php echo $project_id; ?>">
                     <i class="fas fa-fw fa-check mr-2"></i>Close
                 </a>
-                <?php } else { ?>
+                <?php } if (empty($project_completed_at)) { ?>
                 <button type="button" class="btn btn-primary btn-sm" href="#" data-toggle="modal" data-target="#addProjectTicketModal">
                     <i class="fas fa-fw fa-plus mr-2"></i>Add Ticket
                 </button>
@@ -195,14 +197,13 @@ if (isset($_GET['project_id'])) {
                         <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectModal<?php echo $project_id; ?>">
                             <i class="fas fa-fw fa-edit mr-2"></i>Edit
                         </a>
-                        <div class="dropdown-divider"></div>
                         <?php } ?>
-                        <?php if ($session_user_role == 3) { ?>
+                        <?php if (!empty($project_completed_at) && empty($project_archived_at) && lookupUserPermission("module_support" >= 2)) { ?>
                             <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?archive_project=<?php echo $project_id; ?>">
                                 <i class="fas fa-fw fa-archive mr-2"></i>Archive
                             </a>
                         <?php } ?>
-                        <?php if ($session_user_role == 3) { ?>
+                        <?php if (!empty($project_archived_at) && lookupUserPermission("module_support" >= 3)) { ?>
                             <div class="dropdown-divider"></div>
                             <a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
                                 <i class="fas fa-fw fa-trash mr-2"></i>Delete
diff --git a/projects.php b/projects.php
index 5b793916..1eab6989 100644
--- a/projects.php
+++ b/projects.php
@@ -39,9 +39,9 @@ $sql_projects = mysqli_query(
     LEFT JOIN users ON user_id = project_manager
     WHERE DATE(project_created_at) BETWEEN '$dtf' AND '$dtt'
     AND (project_name LIKE '%$q%' OR project_description LIKE '%$q%' OR user_name LIKE '%$q%')
-    AND project_archived_at IS NULL
     AND project_completed_at $status_query
     $project_permission_snippet
+    AND project_$archive_query
     ORDER BY $sort $order LIMIT $record_from, $record_to"
 );
 
@@ -59,6 +59,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
         <div class="card-body">
             <form class="mb-4" autocomplete="off">
+                <input type="hidden" name="archived" value="<?php echo $archived; ?>">
                 <div class="row">
                     <div class="col-sm-4">
                         <div class="input-group">
@@ -72,8 +73,15 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     <div class="col-sm-8">
                         <div class="btn-toolbar float-right">
                             <div class="btn-group mr-2">
-                                <a href="?status=0" class="btn btn-<?php if($status == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-open mr-2"></i>Open</a>
-                                <a href="?status=1" class="btn btn-<?php if($status == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-closed mr-2"></i>Closed</a>
+                                <a href="?status=0" class="btn btn-<?php if ($status == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-open mr-2"></i>Open</a>
+                                <a href="?status=1" class="btn btn-<?php if ($status == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-door-closed mr-2"></i>Closed</a>
+                            </div>
+
+                            <div class="btn-group mr-2">
+                                <a href="?<?php echo $url_query_strings_sort ?>&archived=<?php if($archived == 1){ echo 0; } else { echo 1; } ?>"
+                                   class="btn btn-<?php if ($archived == 1) { echo "primary"; } else { echo "default"; } ?>">
+                                    <i class="fa fa-fw fa-archive mr-2"></i>Archived
+                                </a>
                             </div>
                            
                         </div>
@@ -152,11 +160,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                         $project_name = nullable_htmlentities($row['project_name']);
                         $project_description = nullable_htmlentities($row['project_description']);
                         $project_due = nullable_htmlentities($row['project_due']);
-                        $project_completed_at = nullable_htmlentities($row['project_completed_at']);
-                        $project_completed_at_display = date("Y-m-d", strtotime($project_completed_at));
                         $project_created_at = nullable_htmlentities($row['project_created_at']);
                         $project_created_at_display = date("Y-m-d", strtotime($project_created_at));
                         $project_updated_at = nullable_htmlentities($row['project_updated_at']);
+                        $project_completed_at = nullable_htmlentities($row['project_completed_at']);
+                        $project_completed_at_display = date("Y-m-d", strtotime($project_completed_at));
+                        $project_archived_at = nullable_htmlentities($row['project_archived_at']);
 
                         $client_id = intval($row['client_id']);
                         $client_name = nullable_htmlentities($row['client_name']);
@@ -256,15 +265,29 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                         <i class="fas fa-ellipsis-h"></i>
                                     </button>
                                     <div class="dropdown-menu">
-                                        <?php if(empty($project_completed_at)) { ?>
-                                        <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectModal<?php echo $project_id; ?>">
-                                            <i class="fas fa-fw fa-edit mr-2"></i>Edit
-                                        </a>
-                                        <div class="dropdown-divider"></div>
+                                        <?php if (empty($project_completed_at)) { ?>
+                                            <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editProjectModal<?php echo $project_id; ?>">
+                                                <i class="fas fa-fw fa-edit mr-2"></i>Edit
+                                            </a>
+                                        <?php } ?>
+                                        <?php if (!empty($project_completed_at) && lookupUserPermission("module_support" >= 2)) { ?>
+                                            <div class="dropdown-divider"></div>
+                                            <?php if (empty($project_archived_at)) { ?>
+                                                <a class="dropdown-item text-danger confirm-link" href="post.php?archive_project=<?php echo $project_id; ?>">
+                                                    <i class="fas fa-fw fa-archive mr-2"></i>Archive
+                                                </a>
+                                            <?php } else { ?>
+                                                <a class="dropdown-item text-info confirm-link" href="post.php?unarchive_project=<?php echo $project_id; ?>">
+                                                    <i class="fas fa-fw fa-redo mr-2"></i>Unarchive
+                                                </a>
+                                                <?php if (lookupUserPermission("module_support" >= 3)) { ?>
+                                                    <div class="dropdown-divider"></div>
+                                                    <a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
+                                                        <i class="fas fa-fw fa-archive mr-2"></i>Delete
+                                                    </a>
+                                                <?php } ?>
+                                            <?php } ?>
                                         <?php } ?>
-                                        <a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
-                                            <i class="fas fa-fw fa-archive mr-2"></i>Delete
-                                        </a>
                                     </div>
                                 </div>
                             </td>