PBBFA23CIV/EIANotesApp
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added create and eedit note functionality (flawed)

Browse Source
This commit is contained in:
Felix Ivo
2025-06-27 09:56:46 +02:00
parent 1e9705aa13
commit 24c8f38c4d
4 changed files with 50 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Model/NotesModel.php
View File

@@ -81,7 +81,7 @@ class NotesModel extends Database
if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
if (empty(trim($title))) return ['success' => false, 'message' => 'Title is required.'];
try {
if (isAdmin()) { // Admin can update any note, user_id for record not changed
if ($this->isAdmin()) { // Admin can update any note, user_id for record not changed
$stmt = $pdo->prepare("UPDATE notes SET title = ?, content = ? WHERE id = ?");
$params = [trim($title), $content, $noteId];
} else { // User can only update their own note
@@ -94,8 +94,8 @@ class NotesModel extends Database
return ['success' => true, 'message' => 'Note updated successfully.'];
}
// Check if note exists if rowCount is 0
$checkStmt = isAdmin() ? $pdo->prepare("SELECT id FROM notes WHERE id=?") : $pdo->prepare("SELECT id FROM notes WHERE id=? AND user_id=?");
$checkParams = isAdmin() ? [$noteId] : [$noteId, $userId];
$checkStmt = $this->isAdmin() ? $pdo->prepare("SELECT id FROM notes WHERE id=?") : $pdo->prepare("SELECT id FROM notes WHERE id=? AND user_id=?");
$checkParams = $this->isAdmin() ? [$noteId] : [$noteId, $userId];
$checkStmt->execute($checkParams);
if ($checkStmt->fetch()) {
return ['success' => true, 'message' => 'No changes made to the note.']; // Or false if you prefer
@@ -111,7 +111,7 @@ class NotesModel extends Database
$pdo = $this->linkDB();
if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
try {
if (isAdmin()) { // Admin can delete any note
if ($this->isAdmin()) { // Admin can delete any note
$stmt = $pdo->prepare("DELETE FROM notes WHERE id = ?");
$params = [$noteId];
} else { // User can only delete their own note
@@ -129,4 +129,12 @@ class NotesModel extends Database
return ['success' => false, 'message' => 'Failed to delete note.'];
}
}
function isLoggedIn() {
return isset($_SESSION['user_id']);
}
function isAdmin() {
return $this->isLoggedIn() && isset($_SESSION['role']) && $_SESSION['role'] === 'admin';
}
}