isLoggedIn() || !perms_check_user(MSZ_PERMS_NEWS, $msz->getActiveUser()->getId(), MSZ_PERM_NEWS_MANAGE_CATEGORIES)) { echo render_error(403); return; } $news = $msz->getNews(); $categoryId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT); $loadCategoryInfo = fn() => $news->getCategory(categoryId: $categoryId); if(empty($categoryId)) $isNew = true; else try { $isNew = false; $categoryInfo = $loadCategoryInfo(); } catch(RuntimeException $ex) { echo render_error(404); return; } if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) { if(CSRF::validateRequest()) { $news->deleteCategory($categoryInfo); $msz->createAuditLog('NEWS_CATEGORY_DELETE', [$categoryInfo->getId()]); url_redirect('manage-news-categories'); } else render_error(403); return; } while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { $name = trim((string)filter_input(INPUT_POST, 'nc_name')); $description = trim((string)filter_input(INPUT_POST, 'nc_desc')); $hidden = !empty($_POST['nc_hidden']); if($isNew) { $categoryInfo = $news->createCategory($name, $description, $hidden); } else { if($name === $categoryInfo->getName()) $name = null; if($description === $categoryInfo->getDescription()) $description = null; if($hidden === $categoryInfo->isHidden()) $hidden = null; if($name !== null || $description !== null || $hidden !== null) $news->updateCategory($categoryInfo, $name, $description, $hidden); } $msz->createAuditLog( $isNew ? 'NEWS_CATEGORY_CREATE' : 'NEWS_CATEGORY_EDIT', [$categoryInfo->getId()] ); if($isNew) { url_redirect('manage-news-category', ['category' => $categoryInfo->getId()]); return; } else $categoryInfo = $loadCategoryInfo(); break; } Template::render('manage.news.category', [ 'category_new' => $isNew, 'category_info' => $categoryInfo ?? null, ]);