misuzu/public-legacy/manage/users/note.php

82 lines
2.6 KiB
PHP
Raw Normal View History

2023-07-25 14:40:31 +00:00
<?php
namespace Misuzu;
use RuntimeException;
if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
Template::throwError(403);
2023-07-25 14:40:31 +00:00
$hasNoteId = filter_has_var(INPUT_GET, 'n');
$hasUserId = filter_has_var(INPUT_GET, 'u');
if((!$hasNoteId && !$hasUserId) || ($hasNoteId && $hasUserId))
Template::throwError(400);
2023-07-25 14:40:31 +00:00
if($hasUserId) {
$isNew = true;
try {
$userInfo = $msz->usersCtx->getUserInfo(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT));
2023-07-25 14:40:31 +00:00
} catch(RuntimeException $ex) {
Template::throwError(404);
2023-07-25 14:40:31 +00:00
}
$authorInfo = $msz->authInfo->userInfo;
2023-07-25 14:40:31 +00:00
} elseif($hasNoteId) {
$isNew = false;
try {
$noteInfo = $msz->usersCtx->modNotes->getNote((string)filter_input(INPUT_GET, 'n', FILTER_SANITIZE_NUMBER_INT));
2023-07-25 14:40:31 +00:00
} catch(RuntimeException $ex) {
Template::throwError(404);
2023-07-25 14:40:31 +00:00
}
if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) {
if(!CSRF::validateRequest())
Template::throwError(403);
$msz->usersCtx->modNotes->deleteNotes($noteInfo);
$msz->createAuditLog('MOD_NOTE_DELETE', [$noteInfo->id, $noteInfo->userId]);
Tools::redirect($msz->urls->format('manage-users-notes', ['user' => $noteInfo->userId]));
2023-07-25 14:40:31 +00:00
return;
}
$userInfo = $msz->usersCtx->getUserInfo($noteInfo->userId);
$authorInfo = $noteInfo->authorId !== null ? $msz->usersCtx->getUserInfo($noteInfo->authorId) : null;
2023-07-25 14:40:31 +00:00
}
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
$title = trim((string)filter_input(INPUT_POST, 'mn_title'));
$body = trim((string)filter_input(INPUT_POST, 'mn_body'));
if($isNew) {
$noteInfo = $msz->usersCtx->modNotes->createNote($userInfo, $title, $body, $authorInfo);
2023-07-25 14:40:31 +00:00
} else {
if($title === $noteInfo->title)
2023-07-25 14:40:31 +00:00
$title = null;
if($body === $noteInfo->body)
2023-07-25 14:40:31 +00:00
$body = null;
if($title !== null || $body !== null)
$msz->usersCtx->modNotes->updateNote($noteInfo, $title, $body);
2023-07-25 14:40:31 +00:00
}
$msz->createAuditLog(
$isNew ? 'MOD_NOTE_CREATE' : 'MOD_NOTE_UPDATE',
[$noteInfo->id, $userInfo->getId()]
2023-07-25 14:40:31 +00:00
);
// this is easier
Tools::redirect($msz->urls->format('manage-users-note', ['note' => $noteInfo->id]));
2023-07-25 14:40:31 +00:00
return;
}
Template::render('manage.users.note', [
'note_new' => $isNew,
'note_info' => $noteInfo ?? null,
'note_user' => $userInfo,
'note_user_colour' => $msz->usersCtx->getUserColour($userInfo),
2023-07-25 14:40:31 +00:00
'note_author' => $authorInfo,
'note_author_colour' => $msz->usersCtx->getUserColour($authorInfo),
2023-07-25 14:40:31 +00:00
]);