flashii/misuzu
flashii/misuzu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
misuzu/public/manage/changelog.php

423 lines
16 KiB
PHP
Raw Blame History

<?php
use Misuzu\Database;
require_once __DIR__ . '/../../misuzu.php';
$changelogPerms = perms_get_user(MSZ_PERMS_CHANGELOG, $app->getUserId());
$queryOffset = (int)($_GET['o'] ?? 0);
switch ($_GET['v'] ?? null) {
default:
case 'changes':
if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_CHANGES)) {
echo render_error(403);
break;
}
$changesTake = 20;
$changesCount = (int)Database::query('
SELECT COUNT(`change_id`)
FROM `msz_changelog_changes`
')->fetchColumn();
$getChanges = Database::prepare('
SELECT
c.`change_id`, c.`change_log`, c.`change_created`,
a.`action_name`, a.`action_colour`, a.`action_class`,
u.`user_id`, u.`username`,
COALESCE(u.`user_colour`, r.`role_colour`) as `user_colour`
FROM `msz_changelog_changes` as c
LEFT JOIN `msz_changelog_actions` as a
ON a.`action_id` = c.`action_id`
LEFT JOIN `msz_users` as u
ON u.`user_id` = c.`user_id`
LEFT JOIN `msz_roles` as r
ON r.`role_id` = u.`display_role`
ORDER BY c.`change_id` DESC
LIMIT :offset, :take
');
$getChanges->bindValue('take', $changesTake);
$getChanges->bindValue('offset', $queryOffset);
$changes = $getChanges->execute() ? $getChanges->fetchAll(PDO::FETCH_ASSOC) : [];
$getTags = Database::prepare('
SELECT
t.`tag_id`, t.`tag_name`, t.`tag_description`
FROM `msz_changelog_change_tags` as ct
LEFT JOIN `msz_changelog_tags` as t
ON t.`tag_id` = ct.`tag_id`
WHERE ct.`change_id` = :change_id
');
// grab tags
for ($i = 0; $i < count($changes); $i++) {
$getTags->bindValue('change_id', $changes[$i]['change_id']);
$changes[$i]['tags'] = $getTags->execute() ? $getTags->fetchAll(PDO::FETCH_ASSOC) : [];
}
echo tpl_render('manage.changelog.changes', [
'changelog_changes' => $changes,
'changelog_changes_count' => $changesCount,
'changelog_offset' => $queryOffset,
'changelog_take' => $changesTake,
]);
break;
case 'change':
if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_CHANGES)) {
echo render_error(403);
break;
}
$changeId = (int)($_GET['c'] ?? 0);
if ($_SERVER['REQUEST_METHOD'] === 'POST' && tmp_csrf_verify($_POST['csrf'] ?? '')) {
if (!empty($_POST['change']) && is_array($_POST['change'])) {
if ($changeId > 0) {
$postChange = Database::prepare('
UPDATE `msz_changelog_changes`
SET `change_log` = :log,
`change_text` = :text,
`action_id` = :action,
`user_id` = :user,
`change_created` = :created
WHERE `change_id` = :change_id
');
$postChange->bindValue('change_id', $changeId);
} else {
$postChange = Database::prepare('
INSERT INTO `msz_changelog_changes`
(
`change_log`, `change_text`, `action_id`,
`user_id`, `change_created`
)
VALUES
(:log, :text, :action, :user, :created)
');
}
$postChange->bindValue('log', $_POST['change']['log']);
$postChange->bindValue('action', $_POST['change']['action']);
$postChange->bindValue('text', strlen($_POST['change']['text'])
? $_POST['change']['text']
: null);
$postChange->bindValue('user', is_numeric($_POST['change']['user'])
? $_POST['change']['user']
: null);
$postChange->bindValue('created', strlen($_POST['change']['created'])
? $_POST['change']['created']
: null);
$postChange->execute();
if ($changeId < 1) {
$changeId = Database::lastInsertId();
audit_log('CHANGELOG_ENTRY_CREATE', $app->getUserId(), [$changeId]);
header('Location: ?v=change&c=' . $changeId);
return;
} else {
audit_log('CHANGELOG_ENTRY_EDIT', $app->getUserId(), [$changeId]);
}
}
if (!empty($_POST['add_tag']) && is_numeric($_POST['add_tag'])) {
$addTag = Database::prepare('REPLACE INTO `msz_changelog_change_tags` VALUES (:change_id, :tag_id)');
$addTag->bindValue('change_id', $changeId);
$addTag->bindValue('tag_id', $_POST['add_tag']);
if ($addTag->execute()) {
audit_log('CHANGELOG_TAG_ADD', $app->getUserId(), [
$changeId,
$_POST['add_tag']
]);
}
}
if (!empty($_POST['remove_tag']) && is_numeric($_POST['remove_tag'])) {
$removeTag = Database::prepare('
DELETE FROM `msz_changelog_change_tags`
WHERE `change_id` = :change_id
AND `tag_id` = :tag_id
');
$removeTag->bindValue('change_id', $changeId);
$removeTag->bindValue('tag_id', $_POST['remove_tag']);
if ($removeTag->execute()) {
audit_log('CHANGELOG_TAG_REMOVE', $app->getUserId(), [
$changeId,
$_POST['remove_tag']
]);
}
}
}
$actions = Database::query('
SELECT `action_id`, `action_name`
FROM `msz_changelog_actions`
')->fetchAll(PDO::FETCH_ASSOC);
tpl_var('changelog_actions', $actions);
if ($changeId > 0) {
$getChange = Database::prepare('
SELECT
`change_id`, `change_log`, `change_text`, `user_id`,
`action_id`, `change_created`
FROM `msz_changelog_changes`
WHERE `change_id` = :change_id
');
$getChange->bindValue('change_id', $changeId);
$change = $getChange->execute() ? $getChange->fetch(PDO::FETCH_ASSOC) : [];
if ($change) {
tpl_var('edit_change', $change);
$assignedTags = Database::prepare('
SELECT `tag_id`, `tag_name`
FROM `msz_changelog_tags`
WHERE `tag_id` IN (
SELECT `tag_id`
FROM `msz_changelog_change_tags`
WHERE `change_id` = :change_id
)
');
$assignedTags->bindValue('change_id', $change['change_id']);
$assignedTags = $assignedTags->execute() ? $assignedTags->fetchAll(PDO::FETCH_ASSOC) : [];
$availableTags = Database::prepare('
SELECT `tag_id`, `tag_name`
FROM `msz_changelog_tags`
WHERE `tag_archived` IS NULL
AND `tag_id` NOT IN (
SELECT `tag_id`
FROM `msz_changelog_change_tags`
WHERE `change_id` = :change_id
)
');
$availableTags->bindValue('change_id', $change['change_id']);
$availableTags = $availableTags->execute() ? $availableTags->fetchAll(PDO::FETCH_ASSOC) : [];
tpl_vars([
'edit_change_assigned_tags' => $assignedTags,
'edit_change_available_tags' => $availableTags,
]);
} else {
header('Location: ?v=changes');
return;
}
}
echo tpl_render('manage.changelog.change_edit');
break;
case 'tags':
if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_TAGS)) {
echo render_error(403);
break;
}
$tagsTake = 32;
$tagsCount = (int)Database::query('
SELECT COUNT(`tag_id`)
FROM `msz_changelog_tags`
')->fetchColumn();
$getTags = Database::prepare('
SELECT
t.`tag_id`, t.`tag_name`, t.`tag_description`, t.`tag_created`,
(
SELECT COUNT(ct.`change_id`)
FROM `msz_changelog_change_tags` as ct
WHERE ct.`tag_id` = t.`tag_id`
) as `tag_count`
FROM `msz_changelog_tags` as t
ORDER BY t.`tag_id` ASC
LIMIT :offset, :take
');
$getTags->bindValue('take', $tagsTake);
$getTags->bindValue('offset', $queryOffset);
$tags = $getTags->execute() ? $getTags->fetchAll(PDO::FETCH_ASSOC) : [];
echo tpl_render('manage.changelog.tags', [
'changelog_tags' => $tags,
'changelog_tags_count' => $tagsCount,
'changelog_take' => $tagsTake,
'changelog_offset' => $queryOffset,
]);
break;
case 'tag':
if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_TAGS)) {
echo render_error(403);
break;
}
$tagId = (int)($_GET['t'] ?? 0);
if ($_SERVER['REQUEST_METHOD'] === 'POST' && tmp_csrf_verify($_POST['csrf'] ?? '')) {
if (!empty($_POST['tag']) && is_array($_POST['tag'])) {
if ($tagId > 0) {
$updateTag = Database::prepare('
UPDATE `msz_changelog_tags`
SET `tag_name` = :name,
`tag_description` = :description,
`tag_archived` = :archived
WHERE `tag_id` = :id
');
$updateTag->bindValue('id', $tagId);
} else {
$updateTag = Database::prepare('
INSERT INTO `msz_changelog_tags`
(`tag_name`, `tag_description`, `tag_archived`)
VALUES
(:name, :description, :archived)
');
}
$updateTag->bindValue('name', $_POST['tag']['name']);
$updateTag->bindValue('description', $_POST['tag']['description']);
// this is fine, after being archived there shouldn't be any other changes being made
$updateTag->bindValue('archived', empty($_POST['tag']['archived']) ? null : date('Y-m-d H:i:s'));
$updateTag->execute();
if ($tagId < 1) {
$tagId = Database::lastInsertId();
audit_log('CHANGELOG_TAG_EDIT', $app->getUserId(), [$tagId]);
header('Location: ?v=tag&t=' . $tagId);
return;
} else {
audit_log('CHANGELOG_TAG_CREATE', $app->getUserId(), [$tagId]);
}
}
}
if ($tagId > 0) {
$getTag = Database::prepare('
SELECT `tag_id`, `tag_name`, `tag_description`, `tag_archived`, `tag_created`
FROM `msz_changelog_tags`
WHERE `tag_id` = :tag_id
');
$getTag->bindValue('tag_id', $tagId);
$tag = $getTag->execute() ? $getTag->fetch(PDO::FETCH_ASSOC) : [];
if ($tag) {
tpl_var('edit_tag', $tag);
} else {
header('Location: ?v=tags');
return;
}
}
echo tpl_render('manage.changelog.tag_edit');
break;
case 'actions':
if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_ACTIONS)) {
echo render_error(403);
break;
}
$actionTake = 32;
$actionCount = (int)Database::query('
SELECT COUNT(`action_id`)
FROM `msz_changelog_actions`
')->fetchColumn();
$getActions = Database::prepare('
SELECT
a.`action_id`, a.`action_name`, a.`action_colour`,
(
SELECT COUNT(c.`action_id`)
FROM `msz_changelog_changes` as c
WHERE c.`action_id` = a.`action_id`
) as `action_count`
FROM `msz_changelog_actions` as a
ORDER BY a.`action_id` ASC
LIMIT :offset, :take
');
$getActions->bindValue('take', $actionTake);
$getActions->bindValue('offset', $queryOffset);
$actions = $getActions->execute() ? $getActions->fetchAll(PDO::FETCH_ASSOC) : [];
echo tpl_render('manage.changelog.actions', [
'changelog_actions' => $actions,
'changelog_actions_count' => $actionTake,
'changelog_take' => $actionTake,
'changelog_offset' => $queryOffset,
]);
break;
case 'action':
if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_ACTIONS)) {
echo render_error(403);
break;
}
$actionId = (int)($_GET['a'] ?? 0);
if ($_SERVER['REQUEST_METHOD'] === 'POST' && tmp_csrf_verify($_POST['csrf'] ?? '')) {
if (!empty($_POST['action']) && is_array($_POST['action'])) {
if ($actionId > 0) {
$updateAction = Database::prepare('
UPDATE `msz_changelog_actions`
SET `action_name` = :name,
`action_colour` = :colour,
`action_class` = :class
WHERE `action_id` = :id
');
$updateAction->bindValue('id', $actionId);
} else {
$updateAction = Database::prepare('
INSERT INTO `msz_changelog_actions`
(`action_name`, `action_colour`, `action_class`)
VALUES
(:name, :colour, :class)
');
}
$actionColour = colour_create();
if (!empty($_POST['action']['colour']['inherit'])) {
colour_set_inherit($actionColour);
} else {
colour_set_red($actionColour, $_POST['action']['colour']['red']);
colour_set_green($actionColour, $_POST['action']['colour']['green']);
colour_set_blue($actionColour, $_POST['action']['colour']['blue']);
}
$updateAction->bindValue('name', $_POST['action']['name']);
$updateAction->bindValue('colour', $actionColour);
$updateAction->bindValue('class', $_POST['action']['class']);
$updateAction->execute();
if ($actionId < 1) {
$actionId = Database::lastInsertId();
audit_log('CHANGELOG_ACTION_CREATE', $app->getUserId(), [$actionId]);
header('Location: ?v=action&a=' . $actionId);
return;
} else {
audit_log('CHANGELOG_ACTION_EDIT', $app->getUserId(), [$actionId]);
}
}
}
if ($actionId > 0) {
$getAction = Database::prepare('
SELECT `action_id`, `action_name`, `action_colour`, `action_class`
FROM `msz_changelog_actions`
WHERE `action_id` = :action_id
');
$getAction->bindValue('action_id', $actionId);
$action = $getAction->execute() ? $getAction->fetch(PDO::FETCH_ASSOC) : [];
if ($action) {
tpl_var('edit_action', $action);
} else {
header('Location: ?v=actions');
return;
}
}
echo tpl_render('manage.changelog.action_edit');
break;
}
Reference in a new issue View git blame Copy permalink