misuzu/public-legacy/manage/users/warning.php

55 lines
1.5 KiB
PHP
Raw Normal View History

2023-07-26 22:43:50 +00:00
<?php
namespace Misuzu;
use RuntimeException;
use Misuzu\Users\User;
if(!User::hasCurrent() || !perms_check_user(MSZ_PERMS_USER, User::getCurrent()->getId(), MSZ_PERM_USER_MANAGE_WARNINGS)) {
echo render_error(403);
return;
}
$warns = $msz->getWarnings();
if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) {
if(CSRF::validateRequest()) {
try {
$warnInfo = $warns->getWarning((string)filter_input(INPUT_GET, 'w'));
} catch(RuntimeException $ex) {
echo render_error(404);
return;
}
$warns->deleteWarnings($warnInfo);
$msz->createAuditLog('WARN_DELETE', [$warnInfo->getId(), $warnInfo->getUserId()]);
url_redirect('manage-users-warnings', ['user' => $warnInfo->getUserId()]);
} else render_error(403);
return;
}
try {
$userInfo = User::byId((int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT));
} catch(RuntimeException $ex) {
echo render_error(404);
return;
}
$modInfo = User::getCurrent();
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
$body = trim((string)filter_input(INPUT_POST, 'uw_body'));
Template::set('warn_value_body', $body);
$warnInfo = $warns->createWarning(
$userInfo, $body, modInfo: $modInfo
);
$msz->createAuditLog('WARN_CREATE', [$warnInfo->getId(), $userInfo->getId()]);
url_redirect('manage-users-warnings', ['user' => $userInfo->getId()]);
return;
}
Template::render('manage.users.warning', [
'warn_user' => $userInfo,
]);