misuzu/public/manage/news/category.php

73 lines
2.2 KiB
PHP

<?php
namespace Misuzu;
use RuntimeException;
use Misuzu\AuditLog;
use Misuzu\Users\User;
require_once '../../../misuzu.php';
if(!User::hasCurrent() || !perms_check_user(MSZ_PERMS_NEWS, User::getCurrent()->getId(), MSZ_PERM_NEWS_MANAGE_CATEGORIES)) {
echo render_error(403);
return;
}
$news = $msz->getNews();
$categoryId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT);
$loadCategoryInfo = fn() => $news->getCategoryById($categoryId);
if(empty($categoryId))
$isNew = true;
else
try {
$isNew = false;
$categoryInfo = $loadCategoryInfo();
} catch(RuntimeException $ex) {
echo render_error(404);
return;
}
if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
if(CSRF::validateRequest()) {
$news->deleteCategory($categoryInfo);
AuditLog::create(AuditLog::NEWS_CATEGORY_DELETE, [$categoryInfo->getId()]);
url_redirect('manage-news-categories');
} else render_error(403);
return;
}
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
$name = trim((string)filter_input(INPUT_POST, 'nc_name'));
$description = trim((string)filter_input(INPUT_POST, 'nc_desc'));
$hidden = !empty($_POST['nc_hidden']);
if($isNew) {
$categoryInfo = $news->createCategory($name, $description, $hidden);
} else {
if($name === $categoryInfo->getName())
$name = null;
if($description === $categoryInfo->getDescription())
$description = null;
if($hidden === $categoryInfo->isHidden())
$hidden = null;
if($name !== null || $description !== null || $hidden !== null)
$news->updateCategory($categoryInfo, $name, $description, $hidden);
}
AuditLog::create(
$isNew ? AuditLog::NEWS_CATEGORY_CREATE : AuditLog::NEWS_CATEGORY_EDIT,
[$categoryInfo->getId()]
);
if($isNew) {
url_redirect('manage-news-category', ['category' => $categoryInfo->getId()]);
return;
} else $categoryInfo = $loadCategoryInfo();
break;
}
Template::render('manage.news.category', [
'category_new' => $isNew,
'category_info' => $categoryInfo ?? null,
]);