Merge branch 'main' of http://git.pb.bib.de/PBBFA23CIV/EIANotesApp
This commit is contained in:
Felix Ivo
commit
58e0f1eafd
@ -339,3 +339,18 @@ button.danger {
|
||||
color: #6A5ACD;
|
||||
display: inline-block;
|
||||
}
|
||||
|
||||
.style_low {
|
||||
background-color: darkseagreen;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
.style_mid {
|
||||
background-color: moccasin;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
.style_high {
|
||||
background-color: lightcoral;
|
||||
font-weight: bold;
|
||||
}
|
||||
@ -50,7 +50,8 @@ class NotesController
|
||||
$note = $this->notesModel->createNote(
|
||||
$_POST['title'],
|
||||
$_POST['content'],
|
||||
$_SESSION['user_id']
|
||||
$_SESSION['user_id'],
|
||||
$_POST['priority']
|
||||
);
|
||||
|
||||
if ($note) {
|
||||
@ -75,7 +76,8 @@ class NotesController
|
||||
$noteId,
|
||||
$_POST['title'],
|
||||
$_POST['content'],
|
||||
$_SESSION['user_id']
|
||||
$_SESSION['user_id'],
|
||||
$_POST['priority']
|
||||
);
|
||||
|
||||
if ($note) {
|
||||
|
||||
@ -12,7 +12,7 @@ class NotesModel extends Database
|
||||
$erg = array();
|
||||
|
||||
// Whitelist of allowed sort columns
|
||||
$allowedSortColumns = ['id', 'title', 'owner_username', 'updated_at'];
|
||||
$allowedSortColumns = ['id', 'title', 'owner_username', 'updated_at', 'priority'];
|
||||
$allowedSortOrders = ['ASC', 'DESC'];
|
||||
|
||||
$sortBy = in_array($sortBy, $allowedSortColumns) ? $sortBy : 'updated_at';
|
||||
@ -20,15 +20,17 @@ class NotesModel extends Database
|
||||
|
||||
try {
|
||||
if ($isAdmin) {
|
||||
$sql = "SELECT n.*, u.username AS owner_username
|
||||
$sql = "SELECT n.id, n.title, n.content, n.created_at, n.updated_at, u.username AS owner_username, p.name AS priority
|
||||
FROM notes n
|
||||
JOIN priority p ON n.priority = p.id
|
||||
JOIN users u ON n.user_id = u.id
|
||||
ORDER BY {$sortBy} {$sortOrder}";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute();
|
||||
} else {
|
||||
$sql = "SELECT id, title, content, created_at, updated_at
|
||||
FROM notes
|
||||
$sql = "SELECT n.id, n.title, n.content, n.created_at, n.updated_at, p.name AS priority
|
||||
FROM notes n
|
||||
JOIN priority p ON n.priority = p.id
|
||||
WHERE user_id = :userid
|
||||
ORDER BY {$sortBy} {$sortOrder}";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
@ -93,13 +95,13 @@ class NotesModel extends Database
|
||||
}
|
||||
}
|
||||
|
||||
function createNote($title, $content, $userId) {
|
||||
function createNote($title, $content, $userId, $priority) {
|
||||
$pdo = $this->linkDB();
|
||||
if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
|
||||
if (empty(trim($title))) return ['success' => false, 'message' => 'Title is required.'];
|
||||
try {
|
||||
$stmt = $pdo->prepare("INSERT INTO notes (user_id, title, content) VALUES (?, ?, ?)");
|
||||
$stmt->execute([$userId, trim($title), $content]); // user_id is current session user
|
||||
$stmt = $pdo->prepare("INSERT INTO notes (user_id, title, content, priority) VALUES (?, ?, ?, ?)");
|
||||
$stmt->execute([$userId, trim($title), $content, $priority]); // user_id is current session user
|
||||
$noteId = $pdo->lastInsertId();
|
||||
$uploadResult = $this->uploadFiles($noteId);
|
||||
if (!$uploadResult['success']) {
|
||||
@ -112,17 +114,17 @@ class NotesModel extends Database
|
||||
}
|
||||
}
|
||||
|
||||
function editNote($noteId, $title, $content, $userId) {
|
||||
function editNote($noteId, $title, $content, $userId, $priority) {
|
||||
$pdo = $this->linkDB();
|
||||
if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
|
||||
if (empty(trim($title))) return ['success' => false, 'message' => 'Title is required.'];
|
||||
try {
|
||||
if ($this->isAdmin()) { // Admin can update any note, user_id for record not changed
|
||||
$stmt = $pdo->prepare("UPDATE notes SET title = ?, content = ? WHERE id = ?");
|
||||
$params = [trim($title), $content, $noteId];
|
||||
$stmt = $pdo->prepare("UPDATE notes SET title = ?, content = ?, priority = ? WHERE id = ?");
|
||||
$params = [trim($title), $content, $priority, $noteId];
|
||||
} else { // User can only update their own note
|
||||
$stmt = $pdo->prepare("UPDATE notes SET title = ?, content = ? WHERE id = ? AND user_id = ?");
|
||||
$params = [trim($title), $content, $noteId, $userId];
|
||||
$stmt = $pdo->prepare("UPDATE notes SET title = ?, content = ?, priority = ? WHERE id = ? AND user_id = ?");
|
||||
$params = [trim($title), $content, $priority, $noteId, $userId];
|
||||
}
|
||||
$stmt->execute($params);
|
||||
|
||||
|
||||
@ -61,6 +61,14 @@ function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
|
||||
Start typing or drop a file to see preview...
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label>Priorität:</label>
|
||||
<select name="priority" id="priority">
|
||||
<option value="1">LOW</option>
|
||||
<option value="2">MID</option>
|
||||
<option value="3">HIGH</option>
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label for="attachments">Attach Files:</label>
|
||||
|
||||
@ -56,6 +56,14 @@ function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
|
||||
<?php if($note && !empty($note['content'])) echo $parsedown->text(sanitize($note['content'])); else echo "Start typing or drop a file to see preview..."; ?>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label>Priorität:</label>
|
||||
<select name="priority" id="priority">
|
||||
<option value="1">LOW</option>
|
||||
<option value="2">MID</option>
|
||||
<option value="3">HIGH</option>
|
||||
</select>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="attachments">Attach additional Files:</label>
|
||||
<input type="file" id="attachments" name="attachments[]" multiple>
|
||||
@ -78,5 +86,4 @@ function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
|
||||
<input type="hidden" name="controller" value="Notes">
|
||||
<input type="hidden" name="do" value="editNote">
|
||||
</form>
|
||||
|
||||
</div>
|
||||
|
||||
@ -39,6 +39,7 @@
|
||||
<?php endif; ?>
|
||||
<th>Content (Preview)</th>
|
||||
<th data-sort="updated_at">Last Edited <span class="sort-icon"><?php if($sortBy === 'updated_at') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
|
||||
<th data-sort="priority">Priority<span class="sort-icon"><?php if($sortBy === 'priority') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
|
||||
<th>Actions</th>
|
||||
</tr>
|
||||
</thead>
|
||||
@ -58,6 +59,13 @@
|
||||
?>
|
||||
</td>
|
||||
<td><?php echo date("d.m.Y H:i", strtotime($note['updated_at'])); ?></td>
|
||||
<?php
|
||||
if($note['priority'] === 'LOW') echo ('<td class="style_low";>');
|
||||
elseif($note['priority'] === 'MID') echo ('<td class="style_mid";>');
|
||||
elseif($note['priority'] === 'HIGH') echo ('<td class="style_high";>');
|
||||
echo sanitize($note['priority']);
|
||||
echo ('</td>')
|
||||
?>
|
||||
<td class="actions-cell">
|
||||
<a href="?controller=Notes&do=editNote&id=<?php echo $note['id']; ?>" class="button">Edit</a>
|
||||
<form method="POST" action="?controller=Notes&do=deleteNote" onsubmit="return confirm('Are you sure you want to delete this note?');" style="display: inline;">
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user