Compare commits
2 Commits
ba6edc6d6b
...
2d133598e8
| Author | SHA1 | Date | |
|---|---|---|---|
|
2d133598e8 | ||
|
|
67d32fcc96 |
@ -20,9 +20,11 @@ class NotesController
|
|||||||
{
|
{
|
||||||
$sortBy = $_GET['sort_by'] ?? 'updated_at';
|
$sortBy = $_GET['sort_by'] ?? 'updated_at';
|
||||||
$sortOrder = strtoupper($_GET['sort_order'] ?? 'DESC');
|
$sortOrder = strtoupper($_GET['sort_order'] ?? 'DESC');
|
||||||
|
$isAdmin = false;
|
||||||
|
$userid = 2; //$_SESSION['user_id'];
|
||||||
|
|
||||||
$this->view->setVars([
|
$this->view->setVars([
|
||||||
"notes" => $this->notesModel->selectNotesForUser(2, $sortBy, $sortOrder) //$_SESSION['user_id']
|
"notes" => $this->notesModel->selectNotesForUser($userid, $isAdmin, $sortBy, $sortOrder)
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -2,36 +2,45 @@
|
|||||||
|
|
||||||
namespace ppa\Model;
|
namespace ppa\Model;
|
||||||
use ppa\Model\ParticipantModel;
|
use ppa\Model\ParticipantModel;
|
||||||
use ppb\Library\Msg;
|
|
||||||
use PDOException;
|
use PDOException;
|
||||||
|
|
||||||
class NotesModel extends Database
|
class NotesModel extends Database
|
||||||
{
|
{
|
||||||
public function selectNotesForUser($userid, $sortBy = 'updated_at', $sortOrder = 'DESC')
|
public function selectNotesForUser($userid, $isAdmin = false, $sortBy = 'updated_at', $sortOrder = 'DESC')
|
||||||
{
|
{
|
||||||
$pdo = $this->linkDB();
|
$pdo = $this->linkDB();
|
||||||
|
$erg = array();
|
||||||
|
|
||||||
$erg=array();
|
// Whitelist of allowed sort columns
|
||||||
$params=array();
|
$allowedSortColumns = ['id', 'title', 'owner_username', 'updated_at'];
|
||||||
|
$allowedSortOrders = ['ASC', 'DESC'];
|
||||||
|
|
||||||
$sql = "SELECT n.*, u.username AS owner_username
|
$sortBy = in_array($sortBy, $allowedSortColumns) ? $sortBy : 'updated_at';
|
||||||
FROM notes n
|
$sortOrder = in_array(strtoupper($sortOrder), $allowedSortOrders) ? strtoupper($sortOrder) : 'DESC';
|
||||||
JOIN users u ON n.user_id = u.id
|
|
||||||
ORDER BY :sortBy :sortOrder";
|
|
||||||
|
|
||||||
$params[':sortBy']=$sortBy;
|
|
||||||
$params[':sortOrder']=$sortOrder;
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$stmt=$pdo->prepare($sql);
|
if ($isAdmin) {
|
||||||
$stmt->execute($params);
|
$sql = "SELECT n.*, u.username AS owner_username
|
||||||
} catch (PDOException $e) {
|
FROM notes n
|
||||||
new Msg(true, null, $e);
|
JOIN users u ON n.user_id = u.id
|
||||||
return false;
|
ORDER BY {$sortBy} {$sortOrder}";
|
||||||
}
|
$stmt = $pdo->prepare($sql);
|
||||||
|
$stmt->execute();
|
||||||
|
} else {
|
||||||
|
$sql = "SELECT id, title, content, created_at, updated_at
|
||||||
|
FROM notes
|
||||||
|
WHERE user_id = :userid
|
||||||
|
ORDER BY {$sortBy} {$sortOrder}";
|
||||||
|
$stmt = $pdo->prepare($sql);
|
||||||
|
$stmt->execute(['userid' => $userid]);
|
||||||
|
}
|
||||||
|
|
||||||
$erg=$stmt->fetchAll(\PDO::FETCH_ASSOC);
|
$erg = $stmt->fetchAll(\PDO::FETCH_ASSOC);
|
||||||
|
return $erg;
|
||||||
|
|
||||||
return $erg;
|
} catch (PDOException $e) {
|
||||||
|
error_log("Database Error in selectNotesForUser: " . $e->getMessage());
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -13,7 +13,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
function isAdmin() {
|
function isAdmin() {
|
||||||
return isLoggedIn() && isset($_SESSION['role']) && $_SESSION['role'] === 'admin';
|
return false;// isLoggedIn() && isset($_SESSION['role']) && $_SESSION['role'] === 'admin';
|
||||||
}
|
}
|
||||||
function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
|
function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
|
||||||
return htmlspecialchars((string)$data, $flags, $encoding);
|
return htmlspecialchars((string)$data, $flags, $encoding);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user