PBBFA23CIV/EIANotesApp
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
EIANotesApp/Model/NotesModel.php
Felix Ivo b06536baf6 added note detail view
2025-06-16 15:11:33 +02:00

64 lines
2.3 KiB
PHP
Raw Blame History

<?php
namespace ppa\Model;
use ppa\Model\ParticipantModel;
use PDOException;
class NotesModel extends Database
{
public function selectNotesForUser($userid, $isAdmin = false, $sortBy = 'updated_at', $sortOrder = 'DESC')
{
$pdo = $this->linkDB();
$erg = array();
// Whitelist of allowed sort columns
$allowedSortColumns = ['id', 'title', 'owner_username', 'updated_at'];
$allowedSortOrders = ['ASC', 'DESC'];
$sortBy = in_array($sortBy, $allowedSortColumns) ? $sortBy : 'updated_at';
$sortOrder = in_array(strtoupper($sortOrder), $allowedSortOrders) ? strtoupper($sortOrder) : 'DESC';
try {
if ($isAdmin) {
$sql = "SELECT n.*, u.username AS owner_username
FROM notes n
JOIN users u ON n.user_id = u.id
ORDER BY {$sortBy} {$sortOrder}";
$stmt = $pdo->prepare($sql);
$stmt->execute();
} else {
$sql = "SELECT id, title, content, created_at, updated_at
FROM notes
WHERE user_id = :userid
ORDER BY {$sortBy} {$sortOrder}";
$stmt = $pdo->prepare($sql);
$stmt->execute(['userid' => $userid]);
}
$erg = $stmt->fetchAll(\PDO::FETCH_ASSOC);
return $erg;
} catch (PDOException $e) {
error_log("Database Error in selectNotesForUser: " . $e->getMessage());
return false;
}
}
function getNoteById($noteId) {
$pdo = $this->linkDB();
if (!$pdo) return null;
try {
if ($_SESSION['role'] === 'admin') { // Admin can fetch any note
$stmt = $pdo->prepare("SELECT n.*, u.username as owner_username FROM notes n JOIN users u ON n.user_id = u.id WHERE n.id = ?");
$stmt->execute([$noteId]);
} else { // Regular user can only fetch their own notes
$stmt = $pdo->prepare("SELECT * FROM notes WHERE id = ? AND user_id = ?");
$stmt->execute([$noteId, $_SESSION['user_id']]);
}
return $stmt->fetch();
} catch (PDOException $e) {
error_log("Get Note Error: " . $e->getMessage());
return null;
}
}
}
Reference in New Issue View Git Blame Copy Permalink