misuzu/public-legacy/manage/users/note.php

87 lines
2.6 KiB
PHP
Raw Permalink Normal View History

2023-07-25 14:40:31 +00:00
<?php
namespace Misuzu;
use RuntimeException;
$authInfo = $msz->getAuthInfo();
if(!$authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
Template::throwError(403);
2023-07-25 14:40:31 +00:00
$hasNoteId = filter_has_var(INPUT_GET, 'n');
$hasUserId = filter_has_var(INPUT_GET, 'u');
if((!$hasNoteId && !$hasUserId) || ($hasNoteId && $hasUserId))
Template::throwError(400);
2023-07-25 14:40:31 +00:00
2024-10-05 02:40:29 +00:00
$urls = $msz->getUrls();
$usersCtx = $msz->getUsersContext();
$modNotes = $usersCtx->getModNotes();
2023-07-25 14:40:31 +00:00
if($hasUserId) {
$isNew = true;
try {
$userInfo = $usersCtx->getUserInfo(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT));
2023-07-25 14:40:31 +00:00
} catch(RuntimeException $ex) {
Template::throwError(404);
2023-07-25 14:40:31 +00:00
}
$authorInfo = $authInfo->getUserInfo();
2023-07-25 14:40:31 +00:00
} elseif($hasNoteId) {
$isNew = false;
try {
$noteInfo = $modNotes->getNote((string)filter_input(INPUT_GET, 'n', FILTER_SANITIZE_NUMBER_INT));
} catch(RuntimeException $ex) {
Template::throwError(404);
2023-07-25 14:40:31 +00:00
}
if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) {
if(!CSRF::validateRequest())
Template::throwError(403);
$modNotes->deleteNotes($noteInfo);
$msz->createAuditLog('MOD_NOTE_DELETE', [$noteInfo->getId(), $noteInfo->getUserId()]);
2023-09-08 20:40:48 +00:00
Tools::redirect($urls->format('manage-users-notes', ['user' => $noteInfo->getUserId()]));
2023-07-25 14:40:31 +00:00
return;
}
$userInfo = $usersCtx->getUserInfo($noteInfo->getUserId());
$authorInfo = $noteInfo->hasAuthorId() ? $usersCtx->getUserInfo($noteInfo->getAuthorId()) : null;
2023-07-25 14:40:31 +00:00
}
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
$title = trim((string)filter_input(INPUT_POST, 'mn_title'));
$body = trim((string)filter_input(INPUT_POST, 'mn_body'));
if($isNew) {
$noteInfo = $modNotes->createNote($userInfo, $title, $body, $authorInfo);
} else {
if($title === $noteInfo->getTitle())
$title = null;
if($body === $noteInfo->getBody())
$body = null;
if($title !== null || $body !== null)
$modNotes->updateNote($noteInfo, $title, $body);
}
$msz->createAuditLog(
$isNew ? 'MOD_NOTE_CREATE' : 'MOD_NOTE_UPDATE',
[$noteInfo->getId(), $userInfo->getId()]
);
// this is easier
2023-09-08 20:40:48 +00:00
Tools::redirect($urls->format('manage-users-note', ['note' => $noteInfo->getId()]));
2023-07-25 14:40:31 +00:00
return;
}
Template::render('manage.users.note', [
'note_new' => $isNew,
'note_info' => $noteInfo ?? null,
'note_user' => $userInfo,
'note_user_colour' => $usersCtx->getUserColour($userInfo),
2023-07-25 14:40:31 +00:00
'note_author' => $authorInfo,
'note_author_colour' => $usersCtx->getUserColour($authorInfo),
2023-07-25 14:40:31 +00:00
]);