public function __construct($objId = null, $action = null, $NotificationId = null, $autoSave = true)
{
# We call super, because there are some essential steps that need to be performed
# before we start (also this is used when retrieving an existing Object from DB)
parent::__construct($NotificationId);
# If we want to create a new Notification
if ($objId) {
$this->Controller = "notes";
$this->CreatorUserId = HTTPSession::getInstance()->GetUserID();
$this->ObjectId = $objId;
$this->ObjectType = "Note";
$this->ProjectId = HTTPSession::getInstance()->PROJECT_ID;
$this->Action = $action;
# We have just set the values above, however unless we use set methods, DataBoundObject
# won't recognize these as modified, therefore we have to add them to modified relations table
$this->arModifiedRelations['Controller'] = "1";
$this->arModifiedRelations['CreatorUserId'] = "1";
$this->arModifiedRelations['ObjectId'] = "1";
$this->arModifiedRelations['ObjectType'] = "1";
$this->arModifiedRelations['ProjectId'] = "1";
$this->arModifiedRelations['Action'] = "1";
# Save the notification
if ($autoSave) {
$this->Save();
}
}
}
public function index()
{
# Log out a user
HTTPSession::getInstance()->LogOut();
# Redirect back to home page
header('Location: ' . SITE_URL);
}
/**
* A method to check whether a user is allowed to remove a notification
* In particular, if it's the student who created the notification, only a supervisor can
* remove it from the list (it is necessary for the supervisor to see every student action)
* @param Notification $notif the notification object
*/
private function checkAuthCreatedByStudent(Notification $notif)
{
# If it's the student who created the notification, only a supervisor can
# remove it from the list (it is necessary for the supervisor to see every student action)
$creatorUserType = $this->model('User', $notif->getCreatorUserId())->getType();
if ($creatorUserType == User::USER_TYPE_STUDENT && HTTPSession::getInstance()->USER_TYPE != User::USER_TYPE_SUPERVISOR) {
header('Location: ' . SITE_URL . 'notifications');
}
}
public function index($id = null)
{
# If we have ID provided, we have to switch to a different project
if (is_numeric($id)) {
# Switch by changing PROJECT_ID session
HTTPSession::getInstance()->PROJECT_ID = $id;
}
# Redirect back to homepage
header('Location: ' . SITE_URL);
}
/**
* Checks whether an object (this can be ActionPoint, Note, ...) a user is trying to display/edit/remove
* has the same projectId associated with it as the one stored in the current logged in session
* @param $objectProjectId int the ID of the associated project
*
* @return true if user has access
*/
protected function checkAuthProjectScope($objectProjectId)
{
if ($objectProjectId != HTTPSession::getInstance()->PROJECT_ID) {
# Redirect to the warning page
header('Location: ' . SITE_URL . 'accessDenied');
# Do not continue to execute code
die;
} else {
return true;
}
}
/**
* A method to return note objects from database
* @param null $meeting filter by a specific meeting
* @param bool $agenda if it should be agenda notes returned
* @return array the note objects
*/
public static function getNotes($meeting = null, $agenda = false)
{
# Get database connection
$objPDO = PDOFactory::get();
# Get project ID from session
$projectId = HTTPSession::getInstance()->PROJECT_ID;
# Get user ID from session
$userID = HTTPSession::getInstance()->getUserId();
# If notes for specific meeting are requested
if ($meeting) {
$meeting = " AND meeting_id = " . $meeting;
} else {
$meeting = "";
}
# If notes for agenda are requested
if ($agenda) {
$agenda = " AND is_agenda = 1";
} else {
$agenda = " AND is_agenda = 0";
}
# Get all notes associated with a given project with the following condition:
# – Apart from notes that are private AND associated with a different user than logged in
$strQuery = "SELECT id FROM Note WHERE project_id = :project_id AND NOT (user_id != :user_id AND is_private = 1) AND is_deleted = 0 " . $meeting . $agenda . " ORDER BY datetime_created DESC";
$objStatement = $objPDO->prepare($strQuery);
$objStatement->bindValue(':project_id', $projectId, PDO::PARAM_INT);
$objStatement->bindValue(':user_id', $userID, PDO::PARAM_INT);
$objStatement->execute();
# Define empty array
$myArr = array();
# Add all notes to an array
if ($result = $objStatement->fetchAll(PDO::FETCH_ASSOC)) {
foreach ($result as $row) {
$myArr[$row["id"]] = new Note($row["id"]);
}
}
# Return the note objects
return $myArr;
}
/**
* A method to process POST request for logging in
* @param null $post the $_POST array
*/
public function loginPost($post)
{
# Get the values
$user = $post['user'];
$pass = $post['pass'];
# Try to log in the user with provided values
$loggedIn = HTTPSession::getInstance()->Login($user, $pass);
# If successfully logged in, set following variables and redirect to the index
if ($loggedIn) {
# Get user
$user = HTTPSession::getInstance()->GetUserObject();
# Set project id session
HTTPSession::getInstance()->PROJECT_ID = $user->getProjectId();
# Set user type session (authorization purposes)
HTTPSession::getInstance()->USER_TYPE = $user->getType();
# Set username session
HTTPSession::getInstance()->USERNAME = $user->getUsername();
# Redirect to index
header('Location: ' . SITE_URL);
} else {
header('Location: ' . SITE_URL . 'login/error');
}
die;
}
><label for="checkbox0">Should this meeting repeat?</label>
</div>
<div class="large-12 columns">
<label>Choose repeat until date:
<input name="repeatUntil" placeholder="Choose date" type="text" id="dp2" value="<?php
echo $data['id']->getIsRepeating() ? $data['datetime']['dateRepeatUntil'] : "";
?>
">
</label>
</div>
<hr>-->
<?php
if (HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_SUPERVISOR) {
?>
<!-- If we're logged in as a supervisor -->
<!--<div class="large-12 columns">
<input name="isApproved" id="checkbox1" type="checkbox" <?php
echo $data['id']->getIsApproved() ? "checked" : "";
?>
><label for="checkbox1">Is this meeting approved?</label>
</div>-->
<!-- Display only if the meeting was in the past -->
<?php
$thisMeetingDatetime = DateTime::createFromFormat('Y-m-d H:i:s', $data['id']->getDatetime());
$timeNow = new DateTime();
?>
<?php
/**
* Check ID against the logged in user if the user is authorized to view/edit the Note
* - only user that created the note can edit it
* - private notes are visible only to user who creates them
* - notes are visible only within a scope of a project
* @param $noteUserId
* @param $noteProjectId
*/
private function checkAuth($noteUserId, $noteProjectId)
{
if ($noteUserId != HTTPSession::getInstance()->GetUserID() || $noteProjectId != HTTPSession::getInstance()->PROJECT_ID) {
# Redirect back to notes if user is not authorized
header('Location: ' . SITE_URL . 'notes');
# Do not continue to execute code
die;
}
}
/**
* A method to return the email associated with the google account
* @return String the user email
*/
public function getUserEmail()
{
# Get ID token from session
$idToken = json_decode(HTTPSession::getInstance()->ACCESS_TOKEN)->{'id_token'};
# Get user payload
$payload = $this->client->verifyIdToken($idToken)->getAttributes()['payload'];
# And email from it
$email = $payload['email'];
return $email;
}
protected function checkAuthStudentAfterApproval($actionPointSentForApproval)
{
# If it has been sent for approval and a user is a student, then the student
# is not able to access it
if ($actionPointSentForApproval && HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_STUDENT) {
header('Location: ' . SITE_URL . 'actionpoints');
# Do not execute code any longer
die;
} else {
return true;
}
}
</div>
<div class="large-4 columns right">
<!-- Display options based on action that has been done on the object -->
<?php
switch ($notification->getAction()) {
case NotificationMeeting::ADDED:
case NotificationMeeting::CANCELLED:
?>
<!-- Display Edit and Approve only if the meeting is not cancelled and removed -->
<?php
if (!$notification->getObject()->getIsCancelled() && !$notification->getObject()->getIsDeleted()) {
?>
<!-- Display the options only for a supervisor -->
<?php
if (!HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_STUDENT) {
?>
<!-- Display edit and approve only if it hasn't been approved -->
<?php
if (!$notification->getObject()->getIsApproved()) {
?>
<a href="<?php
echo SITE_URL . $notification->getController() . "/edit/" . $notification->getObjectId();
?>
" class="button small top-10 right">Edit</a>
<a href="<?php
echo SITE_URL . $notification->getController() . "/approve/" . $notification->getObjectId();
?>
" class="button success small top-10 right">Approve</a>
<!-- Otherwise display only edit if it was approved -->
<?php
# Define site URL constant, which is further used in controllers
define('SITE_URL', $config->{'site_url'});
# Set time zone
date_default_timezone_set($config->{'timezone'});
# Include essential classes
require_once 'core/DatetimeConverter.php';
require_once 'core/App.php';
require_once 'core/Controller.php';
require_once 'core/GoogleAuth.php';
require_once 'models/DataBoundObject.php';
require_once 'models/ProjectFactory.php';
require_once 'models/HTTPSession.php';
require_once 'models/Notification.php';
require_once 'models/NotificationAP.php';
require_once 'models/NotificationMeeting.php';
require_once 'models/NotificationNote.php';
# Start a more secure session
$objSession = HTTPSession::getInstance();
# Update the inactivity time on every reload of the page
$objSession->Impress();
# Start up a GoogleAuth
# TODO: This must be commented out for ssms.emilc.cz, because there's wrong redirect_uri
GoogleAuth::getInstance();
# Check if user is NOT logged in
if (!$objSession->IsLoggedIn()) {
# Redirect to login page only if we're not already on login page
# otherwise we would get a redirect loop
if (isset($_GET['url']) && !(strpos($_GET['url'], 'login') !== false)) {
header("Location: " . SITE_URL . "login");
}
}
<?php
}
?>
</ul>
</li>
<?php
}
?>
<li><a data-dropdown="drop-project" data-options="align:right" aria-controls="drop-project" aria-expanded="false"><i class="fa fa-info-circle"></i></a></li>
<?php
}
?>
</ul>
<?php
if (HTTPSession::getInstance()->IsLoggedIn()) {
?>
<div id="drop-project" data-dropdown-content class="f-dropdown content small" aria-hidden="true" tabindex="-1">
<h5>Project information</h5>
<h6><?php
echo $data['project']->getName();
?>
</h6>
<p><?php
echo $data['project']->getDescription();
?>
</p>
<hr>
<h5>Participants</h5>
<?php
foreach ($data['projectUsers'] as $user) {
if (HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_SUPERVISOR && !$data['id']->getIsApproved() && $data['id']->getIsDone()) {
?>
<div class="large-12 columns">
<input name="isDone" id="checkbox1" type="checkbox" <?php
if ($data['id']->getIsDone()) {
echo "checked";
}
?>
><label for="checkbox1">Is this action point done?</label>
</div>
<?php
}
?>
<?php
if (HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_SUPERVISOR && !$data['id']->getIsApproved()) {
?>
<!-- If we're logged in as a supervisor and the changes hasn't been approved yet
TODO: Do I need this? It will be approved automatically since it's the supervisor who's approving it -->
<!--<div class="large-12 columns">
<input name="isApproved" id="checkboxApproved" type="checkbox" <?php
if ($data['id']->getIsApproved()) {
echo "checked";
}
?>
><label for="checkboxApproved">Approve changes</label>
</div>-->
<?php
}
?>
<div class="large-12 columns top-10">
/**
* A method to check if user is allowed to perform certain actions on meeting
* No access if:
* 1. User is a student and a meeting has been approved
* 2. Meeting has taken place
* @param Meeting $meeting the meeting object
* @return bool true if allowed
*/
protected function checkAuthIsApproved($meeting)
{
# No access if:
# 1. User is a student and a meeting has been approved
# 2. Meeting has taken place
if ($meeting->getIsApproved() && HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_STUDENT || $meeting->getTakenPlace()) {
header('Location: ' . SITE_URL . 'meetings');
# Do not execute code any longer
die;
} else {
return true;
}
}
<span class="label alert round">deleted</span>
<?php
}
?>
</div>
<div class="large-4 columns right">
<!-- Display options based on action that has been done on the object -->
<?php
switch ($notification->getAction()) {
case NotificationAP::SENT_FOR_APPROVAL:
case NotificationAP::DONE:
?>
<?php
if ((!$notification->getObject()->getIsApproved() || $notification->getObject()->getIsApproved() && !$notification->getObject()->getIsDone()) && HTTPSession::getInstance()->USER_TYPE == User::USER_TYPE_SUPERVISOR) {
?>
<?php
if (!$notification->getObject()->getIsApproved()) {
?>
<a href="<?php
echo SITE_URL . $notification->getController() . "/approve/" . $notification->getObjectId();
?>
" class="button success small top-10 right">Approve</a>
<?php
}
?>
<a href="<?php
echo SITE_URL . $notification->getController() . "/edit/" . $notification->getObjectId();
?>
" class="button small top-10 right">Edit</a>
/**
* A method to return action points' counts for RAG algorithm purposes
* @param int $factor what kind of count should be returned
* @return int the count
*/
public static function getActionPointsCount($factor)
{
# Get database connection
$objPDO = PDOFactory::get();
# Get project ID from session
$projectId = HTTPSession::getInstance()->PROJECT_ID;
# Beginning of the select statement
$select = "COUNT(id) AS ap_count";
# Decide what count to get from DB
switch ($factor) {
case RedAmberGreen::TO_BE_DONE:
$factor = " AND is_done = 0";
break;
case RedAmberGreen::RUNNING_OVER_DEADLINE:
$factor = " AND is_done = 0 AND deadline < NOW()";
break;
case RedAmberGreen::FINISHED:
$factor = " AND is_done = 1";
break;
case RedAmberGreen::FINISHED_AFTER_DEADLINE:
$factor = " AND is_done = 1 AND deadline < datetime_done";
break;
case RedAmberGreen::AVG_GRADE:
$factor = " AND is_done = 1 AND grade <> 0";
$select = "TRUNCATE(AVG(grade),1) AS ap_count";
break;
default:
$factor = "";
}
# Get a certain number of action points
$strQuery = "SELECT " . $select . " FROM ActionPoint WHERE project_id = :project_id AND is_approved = 1" . $factor . " AND is_deleted = 0";
$objStatement = $objPDO->prepare($strQuery);
$objStatement->bindValue(':project_id', $projectId, PDO::PARAM_INT);
$objStatement->execute();
# Return the value
$result = $objStatement->fetch()['ap_count'];
# Return the count
if ($result) {
return $result;
} else {
return 0;
}
}
<div class="note-wrapper large-12 columns">
<!-- If it's agenda, we want to go back to agenda, not to notes -->
<?php
$agenda = $data['note']->getIsAgenda() ? "agenda" : "notes";
?>
<a href="<?php
echo SITE_URL;
echo $agenda;
?>
" class="button small info">←</a>
<?php
if (HTTPSession::getInstance()->GetUserID() == $data['note']->getUserId()) {
?>
<!-- Display option for editing and removing only for the creator of the note -->
<!-- If it's agenda, we have to add /agenda to the url -->
<?php
$agenda = $data['note']->getIsAgenda() ? "/agenda" : "";
?>
<a href="<?php
echo SITE_URL;
?>
notes/edit/<?php
echo $data['note']->getID();
echo $agenda;
?>
" class="fa fa-edit button small"></a>
<a href="<?php
echo SITE_URL;
/**
* A method to logout a user
* @return bool
*/
public function LogOut()
{
# If user is logged in
if ($this->logged_in == true) {
# Update the session accordingly
$strQuery = "UPDATE http_session SET logged_in = 0, user_id = 0 WHERE id = " . $this->native_session_id;
$objStatement = $this->objPDO->prepare($strQuery);
$objStatement->execute();
# In case it was a google sign in
if (!empty(GoogleAuth::$auth)) {
# Unset access token
HTTPSession::getInstance()->ACCESS_TOKEN = null;
}
# Update instance variables
$this->logged_in = false;
$this->user_id = 0;
return true;
} else {
return false;
}
}
/**
* A method to return meetings' counts for RAG algorithm purposes
* @param int $factor what kind of count should be returned
* @return int the count
*/
public static function getMeetingsCount($factor)
{
# Get database connection
$objPDO = PDOFactory::get();
# Get project ID from session
$projectId = HTTPSession::getInstance()->PROJECT_ID;
$select = "COUNT(id) AS m_count";
# Decide what count to get from DB
switch ($factor) {
case RedAmberGreen::TAKEN_PLACE:
$factor = " AND taken_place = 1";
break;
case RedAmberGreen::STUDENT_ARRIVED_ON_TIME:
$factor = " AND taken_place = 1 AND arrived_on_time = 1";
break;
case RedAmberGreen::CANCELLED:
$factor = " AND is_cancelled = 1";
break;
case RedAmberGreen::NO_SHOW:
$factor = " AND datetime < NOW() AND taken_place = 0 AND is_cancelled = 0";
break;
# Cancelled can be in the future and we want to include it in the total
# Cancelled can be in the future and we want to include it in the total
case RedAmberGreen::M_TOTAL:
$factor = " AND (datetime < NOW() OR is_cancelled = 1)";
break;
default:
$factor = "";
}
# Get a certain number of meetings
$strQuery = "SELECT " . $select . " FROM Meeting WHERE project_id = :project_id AND is_approved = 1" . $factor . " AND is_deleted = 0";
$objStatement = $objPDO->prepare($strQuery);
$objStatement->bindValue(':project_id', $projectId, PDO::PARAM_INT);
$objStatement->execute();
# Return the value
return $objStatement->fetch()['m_count'];
}
