engelsystem/includes/pages/user_myshifts.php

<?php

use Engelsystem\Database\DB;
use Engelsystem\Models\User\User;

/**
 * @return string
 */
function myshifts_title()
{
    return __('My shifts');
}

/**
 * Zeigt die Schichten an, die ein Benutzer belegt
 *
 * @return string
 */
function user_myshifts()
{
    $user = auth()->user();
    $request = request();

    if (
        $request->has('id')
        && auth()->can('user_shifts_admin')
        && preg_match('/^\d{1,}$/', $request->input('id'))
        && User::find($request->input('id'))
    ) {
        $shift_entry_id = $request->input('id');
    } else {
        $shift_entry_id = $user->id;
    }

    $shifts_user = User::find($shift_entry_id);
    if ($request->has('reset')) {
        if ($request->input('reset') == 'ack') {
            User_reset_api_key($user);
            success(__('Key changed.'));
            throw_redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user->id]));
        }
        return page_with_title(__('Reset API key'), [
            error(
                __('If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports.'),
                true
            ),
            button(page_link_to('user_myshifts', ['reset' => 'ack']), __('Continue'), 'btn-danger')
        ]);
    } elseif ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) {
        $shift_entry_id = $request->input('edit');
        $shift = DB::selectOne('
                SELECT
                    `ShiftEntry`.`freeloaded`,
                    `ShiftEntry`.`freeload_comment`,
                    `ShiftEntry`.`Comment`,
                    `ShiftEntry`.`UID`,
                    `ShiftTypes`.`name`,
                    `Shifts`.*,
                    `rooms`.`name` as room_name,
                    `AngelTypes`.`name` AS `angel_type`
                FROM `ShiftEntry`
                JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)
                JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)
                JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)
                JOIN `rooms` ON (`Shifts`.`RID` = `rooms`.`id`)
                WHERE `ShiftEntry`.`id`=?
                AND `UID`=?
                LIMIT 1
            ',
            [
                $shift_entry_id,
                $shifts_user->id,
            ]
        );
        if (!empty($shift)) {
            $freeloaded = $shift['freeloaded'];
            $freeload_comment = $shift['freeload_comment'];

            if ($request->hasPostData('submit')) {
                $valid = true;
                if (auth()->can('user_shifts_admin')) {
                    $freeloaded = $request->has('freeloaded');
                    $freeload_comment = strip_request_item_nl('freeload_comment');
                    if ($freeloaded && $freeload_comment == '') {
                        $valid = false;
                        error(__('Please enter a freeload comment!'));
                    }
                }

                $comment = $shift['Comment'];
                $user_source = User::find($shift['UID']);
                if (auth()->user()->id == $user_source->id) {
                    $comment = strip_request_item_nl('comment');
                }

                if ($valid) {
                    ShiftEntry_update([
                        'id'               => $shift_entry_id,
                        'Comment'          => $comment,
                        'freeloaded'       => $freeloaded,
                        'freeload_comment' => $freeload_comment
                    ]);

                    engelsystem_log(
                        'Updated ' . User_Nick_render($user_source, true) . '\'s shift ' . $shift['name']
                        . ' from ' . date('Y-m-d H:i', $shift['start'])
                        . ' to ' . date('Y-m-d H:i', $shift['end'])
                        . ' with comment ' . $comment
                        . '. Freeloaded: ' . ($freeloaded ? 'YES Comment: ' . $freeload_comment : 'NO')
                    );
                    success(__('Shift saved.'));
                    throw_redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user->id]));
                }
            }

            return ShiftEntry_edit_view(
                $shifts_user,
                date('Y-m-d H:i', $shift['start']) . ', ' . shift_length($shift),
                $shift['room_name'],
                $shift['name'],
                $shift['angel_type'],
                $shift['Comment'],
                $shift['freeloaded'],
                $shift['freeload_comment'],
                auth()->can('user_shifts_admin')
            );
        } else {
            throw_redirect(page_link_to('user_myshifts'));
        }
    }

    throw_redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user->id]));
    return '';
}
#6, begin myshifts 2011-07-15 17:50:57 +02:00			`<?php`
clear up mvc for user list 2014-09-28 15:01:02 +02:00
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`use Engelsystem\Database\DB;`
Changed more functions :tada: 2018-10-09 21:47:31 +02:00			`use Engelsystem\Models\User\User;`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00
PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00			`/**`
			`* @return string`
			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function myshifts_title()`
			`{`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`return __('My shifts');`
basic gettext integration 2013-11-25 21:04:58 +01:00			`}`
#6 my shifts \| cancel my shifts 2011-07-19 19:12:36 +02:00
PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00			`/**`
			`* Zeigt die Schichten an, die ein Benutzer belegt`
			`*`
			`* @return string`
			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function user_myshifts()`
			`{`
Removed `User($id)` function :tada: 2018-10-10 03:10:28 +02:00			`$user = auth()->user();`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`$request = request();`
Formatting 2017-01-02 15:43:36 +01:00
			`if (`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`$request->has('id')`
Moved permission checks to Authenticator class 2018-11-12 14:41:23 +01:00			`&& auth()->can('user_shifts_admin')`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`&& preg_match('/^\d{1,}$/', $request->input('id'))`
Replaced more sql queries and old data 2018-10-14 18:24:42 +02:00			`&& User::find($request->input('id'))`
Formatting 2017-01-02 15:43:36 +01:00			`) {`
redo shift signoff and icons for delete/confirm/acknowledgment questions 2017-12-19 20:58:01 +01:00			`$shift_entry_id = $request->input('id');`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`} else {`
Removed `User($id)` function :tada: 2018-10-10 03:10:28 +02:00			`$shift_entry_id = $user->id;`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`}`
Formatting 2017-01-02 15:43:36 +01:00
Changed more functions :tada: 2018-10-09 21:47:31 +02:00			`$shifts_user = User::find($shift_entry_id);`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`if ($request->has('reset')) {`
			`if ($request->input('reset') == 'ack') {`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`User_reset_api_key($user);`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`success(__('Key changed.'));`
Renamed redirect() to throwRedirect() 2019-09-08 02:25:49 +02:00			`throw_redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user->id]));`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`}`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`return page_with_title(__('Reset API key'), [`
Formatting 2017-01-02 15:43:36 +01:00			`error(`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`__('If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports.'),`
Formatting 2017-01-02 15:43:36 +01:00			`true`
			`),`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`button(page_link_to('user_myshifts', ['reset' => 'ack']), __('Continue'), 'btn-danger')`
Formatting 2017-01-02 15:43:36 +01:00			`]);`
Bugfixes 2017-08-30 14:59:27 +02:00			`} elseif ($request->has('edit') && preg_match('/^\d+$/', $request->input('edit'))) {`
redo shift signoff and icons for delete/confirm/acknowledgment questions 2017-12-19 20:58:01 +01:00			`$shift_entry_id = $request->input('edit');`
dried code by introducing selectOne for select queries with only one result line expected 2017-07-28 20:11:09 +02:00			`$shift = DB::selectOne('`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`SELECT`
			`ShiftEntry`.`freeloaded`,
			`ShiftEntry`.`freeload_comment`,
			`ShiftEntry`.`Comment`,
			`ShiftEntry`.`UID`,
			`ShiftTypes`.`name`,
			`Shifts`.*,
Added Room model 2020-09-06 23:50:36 +02:00			`rooms`.`name` as room_name,
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`AngelTypes`.`name` AS `angel_type`
			FROM `ShiftEntry`
			JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`)
			JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)
			JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)
Added Room model 2020-09-06 23:50:36 +02:00			JOIN `rooms` ON (`Shifts`.`RID` = `rooms`.`id`)
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			WHERE `ShiftEntry`.`id`=?
			AND `UID`=?
			`LIMIT 1`
			`',`
			`[`
redo shift signoff and icons for delete/confirm/acknowledgment questions 2017-12-19 20:58:01 +01:00			`$shift_entry_id,`
Changed more functions :tada: 2018-10-09 21:47:31 +02:00			`$shifts_user->id,`
Changed from mysqli to PDO, some refactorings, faster sql queries 2017-01-21 13:58:53 +01:00			`]`
			`);`
Db::selectOne() should return null if result is empty 2018-08-29 18:08:45 +02:00			`if (!empty($shift)) {`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`$freeloaded = $shift['freeloaded'];`
			`$freeload_comment = $shift['freeload_comment'];`
Formatting 2017-01-02 15:43:36 +01:00
Require POST for sending forms * Ensure that the form is submitted with a post request * Replaced several links with forms Closes #494 (Security Vulnerability) 2018-11-20 16:02:03 +01:00			`if ($request->hasPostData('submit')) {`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`$valid = true;`
Moved permission checks to Authenticator class 2018-11-12 14:41:23 +01:00			`if (auth()->can('user_shifts_admin')) {`
Changed $_GET, $_POST and $_REQUEST to use the Request object 2017-07-18 21:38:53 +02:00			`$freeloaded = $request->has('freeloaded');`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`$freeload_comment = strip_request_item_nl('freeload_comment');`
			`if ($freeloaded && $freeload_comment == '') {`
			`$valid = false;`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`error(__('Please enter a freeload comment!'));`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`}`
			`}`
Formatting 2017-01-02 15:43:36 +01:00
Only show the shift "Comment" field for own entries 2019-06-04 20:51:26 +02:00			`$comment = $shift['Comment'];`
Changed more functions :tada: 2018-10-09 21:47:31 +02:00			`$user_source = User::find($shift['UID']);`
Only show the shift "Comment" field for own entries 2019-06-04 20:51:26 +02:00			`if (auth()->user()->id == $user_source->id) {`
			`$comment = strip_request_item_nl('comment');`
			`}`
Formatting 2017-01-02 15:43:36 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`if ($valid) {`
handle failed db queries in Db class 2017-07-23 11:46:54 +02:00			`ShiftEntry_update([`
redo shift signoff and icons for delete/confirm/acknowledgment questions 2017-12-19 20:58:01 +01:00			`'id' => $shift_entry_id,`
Formatting 2017-01-02 15:43:36 +01:00			`'Comment' => $comment,`
			`'freeloaded' => $freeloaded,`
			`'freeload_comment' => $freeload_comment`
			`]);`

			`engelsystem_log(`
Log messages without inline HTML 2019-05-31 04:03:19 +02:00			`'Updated ' . User_Nick_render($user_source, true) . '\'s shift ' . $shift['name']`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`. ' from ' . date('Y-m-d H:i', $shift['start'])`
			`. ' to ' . date('Y-m-d H:i', $shift['end'])`
			`. ' with comment ' . $comment`
			`. '. Freeloaded: ' . ($freeloaded ? 'YES Comment: ' . $freeload_comment : 'NO')`
Formatting 2017-01-02 15:43:36 +01:00			`);`
Replaced gettext translation `_()` with `__()` that uses the Translator class 2018-08-29 21:55:32 +02:00			`success(__('Shift saved.'));`
Renamed redirect() to throwRedirect() 2019-09-08 02:25:49 +02:00			`throw_redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user->id]));`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`}`
			`}`
Formatting 2017-01-02 15:43:36 +01:00
			`return ShiftEntry_edit_view(`
Only show the shift "Comment" field for own entries 2019-06-04 20:51:26 +02:00			`$shifts_user,`
Replaced " with ' 2017-01-03 14:12:17 +01:00			`date('Y-m-d H:i', $shift['start']) . ', ' . shift_length($shift),`
Added Room model 2020-09-06 23:50:36 +02:00			`$shift['room_name'],`
Formatting 2017-01-02 15:43:36 +01:00			`$shift['name'],`
			`$shift['angel_type'],`
			`$shift['Comment'],`
			`$shift['freeloaded'],`
			`$shift['freeload_comment'],`
Moved permission checks to Authenticator class 2018-11-12 14:41:23 +01:00			`auth()->can('user_shifts_admin')`
Formatting 2017-01-02 15:43:36 +01:00			`);`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`} else {`
Renamed redirect() to throwRedirect() 2019-09-08 02:25:49 +02:00			`throw_redirect(page_link_to('user_myshifts'));`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`}`
prohibit inline control structures on pages 2016-09-29 10:53:17 +02:00			`}`
Formatting 2017-01-02 15:43:36 +01:00
Renamed redirect() to throwRedirect() 2019-09-08 02:25:49 +02:00			`throw_redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user->id]));`
PPHDoc, formatting, fixes, cleanup 2017-01-03 03:22:48 +01:00			`return '';`
#6 my shifts \| cancel my shifts 2011-07-19 19:12:36 +02:00			`}`