From 52687643d04c8c0dd1b0c4e65c3e469d30c8d788 Mon Sep 17 00:00:00 2001 From: Jamie P Holcomb Date: Wed, 23 Aug 2023 07:06:41 -0400 Subject: [PATCH 1/3] Leaf 2784 - comments on cancel --- LEAF_Request_Portal/ajaxIndex.php | 1 + .../api/controllers/FormController.php | 2 +- LEAF_Request_Portal/sources/Form.php | 104 ++++++++++-------- LEAF_Request_Portal/templates/form.tpl | 5 +- LEAF_Request_Portal/templates/print_form.tpl | 7 +- 5 files changed, 70 insertions(+), 49 deletions(-) diff --git a/LEAF_Request_Portal/ajaxIndex.php b/LEAF_Request_Portal/ajaxIndex.php index 1ed4bcfa7..2fc1eda34 100644 --- a/LEAF_Request_Portal/ajaxIndex.php +++ b/LEAF_Request_Portal/ajaxIndex.php @@ -216,6 +216,7 @@ function customTemplate($tpl) break; case 'cancel': + /* This endpoint has been deprecated as of 8/31/2023 */ if (is_numeric($_POST['cancel'])) { $form = new Portal\Form($db, $login); diff --git a/LEAF_Request_Portal/api/controllers/FormController.php b/LEAF_Request_Portal/api/controllers/FormController.php index 6035d4770..b39114dd4 100644 --- a/LEAF_Request_Portal/api/controllers/FormController.php +++ b/LEAF_Request_Portal/api/controllers/FormController.php @@ -248,7 +248,7 @@ public function post($act) }); $this->index['POST']->register('form/[digit]/cancel', function ($args) use ($form) { - return $form->deleteRecord((int)$args[0]); + return $form->deleteRecord((int)$args[0], $_POST['comment']); }); $this->index['POST']->register('form/[digit]/delete', function ($args) use ($form) { diff --git a/LEAF_Request_Portal/sources/Form.php b/LEAF_Request_Portal/sources/Form.php index 4c7d4b2e9..a0c8c995b 100644 --- a/LEAF_Request_Portal/sources/Form.php +++ b/LEAF_Request_Portal/sources/Form.php @@ -710,56 +710,74 @@ public function getFormJSON($recordID) return json_encode($json); } - public function deleteRecord($recordID) + public function deleteRecord($recordID, $comment = '') { - if ($_POST['CSRFToken'] != $_SESSION['CSRFToken']) - { - return 0; - } - if (!$this->hasWriteAccess($recordID)) - { - return 'Please contact your administrator to cancel this request to help avoid confusion in the process.'; - } + if ($_POST['CSRFToken'] != $_SESSION['CSRFToken']) { + $return_value = 0; + } elseif (!$this->hasWriteAccess($recordID)) { + $return_value = 'Please contact your administrator to cancel this request to help avoid confusion in the process.'; + } else { + // only allow admins to delete resolved requests + $vars = array(':recordID' => $recordID); + $sql = 'SELECT `recordID`, `submitted`, `stepID` + FROM `records` + LEFT JOIN `records_workflow_state` USING (`recordID`) + WHERE `recordID` = :recordID + AND `submitted` > 0'; - // only allow admins to delete resolved requests - $vars = array(':recordID' => $recordID); - $res = $this->db->prepared_query('SELECT recordID, submitted, stepID FROM records - LEFT JOIN records_workflow_state USING (recordID) - WHERE recordID=:recordID - AND submitted > 0', $vars); - if (isset($res[0]) - && $res[0]['stepID'] == null - && !$this->login->checkGroup(1)) - { - return 'Cannot cancel resolved request.'; - } + $res = $this->db->prepared_query($sql, $vars); - $vars = array(':recordID' => $recordID, - ':time' => time(), ); - $res = $this->db->prepared_query('UPDATE records SET - deleted=:time - WHERE recordID=:recordID', $vars); + if ( + isset($res[0]) + && $res[0]['stepID'] == null + && !$this->login->checkGroup(1) + ) { + $return_value = 'Cannot cancel resolved request.'; + } else { + $vars = array(':recordID' => $recordID, + ':time' => time()); + $sql = 'UPDATE `records` + SET `deleted` = :time + WHERE `recordID` = :recordID'; - // actionID 4 = delete - $vars = array(':recordID' => $recordID, - ':userID' => $this->login->getUserID(), - ':dependencyID' => 0, - ':actionType' => 'deleted', - ':actionTypeID' => 4, - ':time' => time(), ); - $res = $this->db->prepared_query('INSERT INTO action_history (recordID, userID, dependencyID, actionType, actionTypeID, time) - VALUES (:recordID, :userID, :dependencyID, :actionType, :actionTypeID, :time)', $vars); + $res = $this->db->prepared_query($sql, $vars); - // delete state - $vars = array(':recordID' => $recordID); - $this->db->prepared_query('DELETE FROM records_workflow_state - WHERE recordID=:recordID', $vars); + // actionID 4 = delete + $vars = array(':recordID' => $recordID, + ':userID' => $this->login->getUserID(), + ':dependencyID' => 0, + ':actionType' => 'deleted', + ':actionTypeID' => 4, + ':time' => time(), + ':comment' => \Leaf\XSSHelpers::xscrub($comment)); + $sql = 'INSERT INTO `action_history` + (`recordID`, `userID`, `dependencyID`, `actionType`, `actionTypeID`, `time`, `comment`) + VALUES + (:recordID, :userID, :dependencyID, :actionType, :actionTypeID, :time, :comment)'; - // delete tags - $vars = array(':recordID' => $recordID); - $res = $this->db->prepared_query('DELETE FROM tags WHERE recordID=:recordID', $vars); + $res = $this->db->prepared_query($sql, $vars); - return 1; + // delete state + $vars = array(':recordID' => $recordID); + $sql = 'DELETE + FROM `records_workflow_state` + WHERE `recordID` = :recordID'; + + $this->db->prepared_query($sql, $vars); + + // delete tags + $vars = array(':recordID' => $recordID); + $sql = 'DELETE + FROM `tags` + WHERE `recordID` = :recordID'; + + $res = $this->db->prepared_query($sql, $vars); + } + + $return_value = 1; + } + + return $return_value; } public function restoreRecord($recordID) diff --git a/LEAF_Request_Portal/templates/form.tpl b/LEAF_Request_Portal/templates/form.tpl index b2cb60429..28cfcd23d 100644 --- a/LEAF_Request_Portal/templates/form.tpl +++ b/LEAF_Request_Portal/templates/form.tpl @@ -149,9 +149,8 @@ function cancelRequest() { dialog_confirm.setSaveHandler(function() { $.ajax({ type: 'POST', - url: 'ajaxIndex.php?a=cancel', - data: {cancel: , - CSRFToken: ''}, + url: './api/form//cancel', + data: {CSRFToken: ''}, success: function(response) { if(response > 0) { window.location.href="index.php?a=cancelled_request&cancelled="; diff --git a/LEAF_Request_Portal/templates/print_form.tpl b/LEAF_Request_Portal/templates/print_form.tpl index 5b989f540..7c83def81 100644 --- a/LEAF_Request_Portal/templates/print_form.tpl +++ b/LEAF_Request_Portal/templates/print_form.tpl @@ -662,14 +662,17 @@ function doSubmit(recordID) { function cancelRequest() { dialog_confirm.setContent( - 'Cancel Request Are you sure you want to cancel this request?' + 'Cancel Request Are you sure you want to cancel this request?
' ); dialog_confirm.setSaveHandler(function() { + let comment = $('#cancel_comment').val(); + $.ajax({ type: 'POST', url: 'api/form//cancel', - data: {CSRFToken: ''}, + data: {CSRFToken: '', + comment: comment}, success: function(response) { if (response == 1) { window.location.href="index.php?a=cancelled_request&cancelled="; From ae7b067fbdc12d01fc40e002d9fdf62ad90620ab Mon Sep 17 00:00:00 2001 From: Jamie P Holcomb Date: Thu, 24 Aug 2023 14:16:02 -0400 Subject: [PATCH 2/3] Leaf 2784 PR updates --- LEAF_Request_Portal/sources/Form.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/LEAF_Request_Portal/sources/Form.php b/LEAF_Request_Portal/sources/Form.php index a0c8c995b..39a2e410a 100644 --- a/LEAF_Request_Portal/sources/Form.php +++ b/LEAF_Request_Portal/sources/Form.php @@ -710,7 +710,15 @@ public function getFormJSON($recordID) return json_encode($json); } - public function deleteRecord($recordID, $comment = '') + /** + * @param int $recordID + * @param string $comment + * + * @return int|string + * + * Created at: 8/24/2023, 2:15:39 PM (America/New_York) + */ + public function deleteRecord(int $recordID, string $comment = ''): int|string { if ($_POST['CSRFToken'] != $_SESSION['CSRFToken']) { $return_value = 0; From ecdd9d14722297df67791b49981f8ddf799985ee Mon Sep 17 00:00:00 2001 From: Jamie P Holcomb Date: Mon, 28 Aug 2023 14:33:45 -0400 Subject: [PATCH 3/3] Leaf 2784 - focus on textarea --- LEAF_Request_Portal/templates/print_form.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/LEAF_Request_Portal/templates/print_form.tpl b/LEAF_Request_Portal/templates/print_form.tpl index 7c83def81..77b636837 100644 --- a/LEAF_Request_Portal/templates/print_form.tpl +++ b/LEAF_Request_Portal/templates/print_form.tpl @@ -685,6 +685,7 @@ function doSubmit(recordID) { }); }); dialog_confirm.show(); + $('#cancel_comment').focus(); } function changeTitle() {